auth
112:da2a0954e8d3 Browse Files
Flesh out auth code grant (in)validation. Flesh out our tests for functions that do the validation and invalidation of the authorization code grant type's authorization codes. Basically, make sure that the auth code's are being checked right and that marking them as used after they're used works.
1.1 --- a/authcode_test.go Mon Jan 05 22:26:26 2015 -0500 1.2 +++ b/authcode_test.go Sat Jan 10 01:52:01 2015 -0500 1.3 @@ -156,23 +156,226 @@ 1.4 if err != nil { 1.5 t.Fatal("Can't add auth code:", err) 1.6 } 1.7 + code2 := code 1.8 + code2.Code = "otherauthcode" 1.9 + code2.ClientID = client.ID 1.10 + err = testContext.SaveAuthorizationCode(code2) 1.11 + if err != nil { 1.12 + t.Fatal("Can't add second auth code:", err) 1.13 + } 1.14 req, err := http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.15 if err != nil { 1.16 t.Fatal("Can't build request:", err) 1.17 } 1.18 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.19 w := httptest.NewRecorder() 1.20 params := url.Values{} 1.21 body := bytes.NewBufferString(params.Encode()) 1.22 req.Body = ioutil.NopCloser(body) 1.23 scope, profileID, valid := authCodeGrantValidate(w, req, testContext) 1.24 if valid { 1.25 - t.Fatal("Expected invalid auth code, got scope `%s` and profileID `%s`.", scope, profileID) 1.26 + t.Fatalf("Expected invalid auth code, got scope `%s` and profileID `%s`.", scope, profileID) 1.27 } 1.28 if w.Code != http.StatusBadRequest { 1.29 t.Errorf("Expected status %d, got %d", http.StatusBadRequest, w.Code) 1.30 } 1.31 - expectation := `{"error":"invalid_request"}` 1.32 - if strings.TrimSpace(w.Body.String()) != expectation { 1.33 - t.Errorf("Expected body of `%s`, got `%s`", expectation, strings.TrimSpace(w.Body.String())) 1.34 + expectedBody := `{"error":"invalid_request"}` 1.35 + if strings.TrimSpace(w.Body.String()) != expectedBody { 1.36 + t.Errorf("Expected body of `%s`, got `%s`", expectedBody, strings.TrimSpace(w.Body.String())) 1.37 + } 1.38 + 1.39 + req, err = http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.40 + if err != nil { 1.41 + t.Fatal("Can't build request:", err) 1.42 + } 1.43 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.44 + w = httptest.NewRecorder() 1.45 + params = url.Values{} 1.46 + params.Set("code", "notmycode") 1.47 + body = bytes.NewBufferString(params.Encode()) 1.48 + req.Body = ioutil.NopCloser(body) 1.49 + err = req.ParseForm() 1.50 + if err != nil { 1.51 + t.Log(err) 1.52 + } 1.53 + scope, profileID, valid = authCodeGrantValidate(w, req, testContext) 1.54 + if valid { 1.55 + t.Fatalf("Expected invalid auth code, got scope `%s` and profileID `%s`.", scope, profileID) 1.56 + } 1.57 + if w.Code != http.StatusUnauthorized { 1.58 + t.Errorf("Expected status %d, got %d", http.StatusUnauthorized, w.Code) 1.59 + } 1.60 + expectedBody = `{"error":"invalid_client"}` 1.61 + if expectedBody != strings.TrimSpace(w.Body.String()) { 1.62 + t.Errorf("Expected body of `%s`, got `%s`", expectedBody, strings.TrimSpace(w.Body.String())) 1.63 + } 1.64 + 1.65 + req, err = http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.66 + if err != nil { 1.67 + t.Fatal("Can't build request:", err) 1.68 + } 1.69 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.70 + req.SetBasicAuth(client.ID.String(), client.Secret) 1.71 + w = httptest.NewRecorder() 1.72 + params = url.Values{} 1.73 + params.Set("code", "notmycode") 1.74 + body = bytes.NewBufferString(params.Encode()) 1.75 + req.Body = ioutil.NopCloser(body) 1.76 + err = req.ParseForm() 1.77 + if err != nil { 1.78 + t.Log(err) 1.79 + } 1.80 + scope, profileID, valid = authCodeGrantValidate(w, req, testContext) 1.81 + if valid { 1.82 + t.Fatalf("Expected invalid auth code, got scope `%s` and profileID `%s`.", scope, profileID) 1.83 + } 1.84 + if w.Code != http.StatusBadRequest { 1.85 + t.Errorf("Expected status %d, got %d", http.StatusUnauthorized, w.Code) 1.86 + } 1.87 + expectedBody = `{"error":"invalid_grant"}` 1.88 + if expectedBody != strings.TrimSpace(w.Body.String()) { 1.89 + t.Errorf("Expected body of `%s`, got `%s`", expectedBody, strings.TrimSpace(w.Body.String())) 1.90 + } 1.91 + 1.92 + req, err = http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.93 + if err != nil { 1.94 + t.Fatal("Can't build request:", err) 1.95 + } 1.96 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.97 + req.SetBasicAuth(client.ID.String(), client.Secret) 1.98 + w = httptest.NewRecorder() 1.99 + params = url.Values{} 1.100 + params.Set("code", code.Code) 1.101 + params.Set("redirect_uri", "not my redirectURI") 1.102 + body = bytes.NewBufferString(params.Encode()) 1.103 + req.Body = ioutil.NopCloser(body) 1.104 + err = req.ParseForm() 1.105 + if err != nil { 1.106 + t.Log(err) 1.107 + } 1.108 + scope, profileID, valid = authCodeGrantValidate(w, req, testContext) 1.109 + if valid { 1.110 + t.Fatalf("Expected invalid auth code, got scope `%s` and profileID `%s`.", scope, profileID) 1.111 + } 1.112 + if w.Code != http.StatusBadRequest { 1.113 + t.Errorf("Expected status %d, got %d", http.StatusUnauthorized, w.Code) 1.114 + } 1.115 + expectedBody = `{"error":"invalid_grant"}` 1.116 + if expectedBody != strings.TrimSpace(w.Body.String()) { 1.117 + t.Errorf("Expected body of `%s`, got `%s`", expectedBody, strings.TrimSpace(w.Body.String())) 1.118 + } 1.119 + 1.120 + req, err = http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.121 + if err != nil { 1.122 + t.Fatal("Can't build request:", err) 1.123 + } 1.124 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.125 + req.SetBasicAuth(client.ID.String(), client.Secret) 1.126 + w = httptest.NewRecorder() 1.127 + params = url.Values{} 1.128 + params.Set("code", code.Code) 1.129 + params.Set("redirect_uri", code.RedirectURI) 1.130 + body = bytes.NewBufferString(params.Encode()) 1.131 + req.Body = ioutil.NopCloser(body) 1.132 + err = req.ParseForm() 1.133 + if err != nil { 1.134 + t.Log(err) 1.135 + } 1.136 + scope, profileID, valid = authCodeGrantValidate(w, req, testContext) 1.137 + if valid { 1.138 + t.Fatalf("Expected invalid auth code, got scope `%s` and profileID `%s`.", scope, profileID) 1.139 + } 1.140 + if w.Code != http.StatusBadRequest { 1.141 + t.Errorf("Expected status %d, got %d", http.StatusUnauthorized, w.Code) 1.142 + } 1.143 + expectedBody = `{"error":"invalid_grant"}` 1.144 + if expectedBody != strings.TrimSpace(w.Body.String()) { 1.145 + t.Errorf("Expected body of `%s`, got `%s`", expectedBody, strings.TrimSpace(w.Body.String())) 1.146 + } 1.147 + 1.148 + req, err = http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.149 + if err != nil { 1.150 + t.Fatal("Can't build request:", err) 1.151 + } 1.152 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.153 + req.SetBasicAuth(client.ID.String(), client.Secret) 1.154 + w = httptest.NewRecorder() 1.155 + params = url.Values{} 1.156 + params.Set("code", code2.Code) 1.157 + params.Set("redirect_uri", code2.RedirectURI) 1.158 + body = bytes.NewBufferString(params.Encode()) 1.159 + req.Body = ioutil.NopCloser(body) 1.160 + err = req.ParseForm() 1.161 + if err != nil { 1.162 + t.Log(err) 1.163 + } 1.164 + scope, profileID, valid = authCodeGrantValidate(w, req, testContext) 1.165 + if !valid { 1.166 + t.Fatalf("Expected valid auth code, was not valid.") 1.167 } 1.168 } 1.169 + 1.170 +func TestAuthCodeGrantInvalidate(t *testing.T) { 1.171 + t.Parallel() 1.172 + store := NewMemstore() 1.173 + testContext := Context{ 1.174 + clients: store, 1.175 + authCodes: store, 1.176 + profiles: store, 1.177 + tokens: store, 1.178 + sessions: store, 1.179 + } 1.180 + code := AuthorizationCode{ 1.181 + Code: "myauthcode", 1.182 + Created: time.Now(), 1.183 + ExpiresIn: 180, 1.184 + ClientID: uuid.NewID(), 1.185 + Scope: "scope", 1.186 + RedirectURI: "redirectURI", 1.187 + State: "state", 1.188 + } 1.189 + err := testContext.SaveAuthorizationCode(code) 1.190 + if err != nil { 1.191 + t.Fatal("Can't add auth code:", err) 1.192 + } 1.193 + req, err := http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.194 + if err != nil { 1.195 + t.Fatal("Can't build request:", err) 1.196 + } 1.197 + err = authCodeGrantInvalidate(req, testContext) 1.198 + if err != ErrAuthorizationCodeNotFound { 1.199 + t.Errorf("Expected `%s`, got `%+v`", ErrAuthorizationCodeNotFound, err) 1.200 + } 1.201 + req, err = http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.202 + if err != nil { 1.203 + t.Fatal("Can't build request:", err) 1.204 + } 1.205 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.206 + params := url.Values{} 1.207 + params.Set("code", "notmycode") 1.208 + body := bytes.NewBufferString(params.Encode()) 1.209 + req.Body = ioutil.NopCloser(body) 1.210 + err = authCodeGrantInvalidate(req, testContext) 1.211 + if err != ErrAuthorizationCodeNotFound { 1.212 + t.Errorf("Expected `%s`, got `%+v`", ErrAuthorizationCodeNotFound, err) 1.213 + } 1.214 + req, err = http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil) 1.215 + if err != nil { 1.216 + t.Fatal("Can't build request:", err) 1.217 + } 1.218 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.219 + params.Set("code", code.Code) 1.220 + body = bytes.NewBufferString(params.Encode()) 1.221 + req.Body = ioutil.NopCloser(body) 1.222 + err = authCodeGrantInvalidate(req, testContext) 1.223 + if err != nil { 1.224 + t.Error("Error invalidating auth code:", err) 1.225 + } 1.226 + authCode, err := testContext.GetAuthorizationCode(code.Code) 1.227 + if err != nil { 1.228 + t.Error("Error retrieving auth code:", err) 1.229 + } 1.230 + if !authCode.Used { 1.231 + t.Error("Expected auth code to be used, was not.") 1.232 + } 1.233 +}