diff options
author | Jonas Franz <info@jonasfranz.software> | 2019-03-11 03:54:59 +0100 |
---|---|---|
committer | Lunny Xiao <xiaolunwen@gmail.com> | 2019-03-11 10:54:59 +0800 |
commit | 2315019fefb07dfe08e4ecefa199fd947c0c79b8 (patch) | |
tree | 0246eb30168f6b47ee18aff12b90ee94db4ffc48 /integrations/oauth_test.go | |
parent | e0eb6514d2e6e19759dcd4b2ef9b231e98921a6b (diff) | |
download | gitea-2315019fefb07dfe08e4ecefa199fd947c0c79b8.tar.gz gitea-2315019fefb07dfe08e4ecefa199fd947c0c79b8.zip |
Add support for client basic auth for exchanging access tokens (#6293)
* Add support for client basic auth for exchanging access tokens
* Improve error messages
* Fix tests
Diffstat (limited to 'integrations/oauth_test.go')
-rw-r--r-- | integrations/oauth_test.go | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/integrations/oauth_test.go b/integrations/oauth_test.go index 53b83bb01a..9674146f8b 100644 --- a/integrations/oauth_test.go +++ b/integrations/oauth_test.go @@ -136,3 +136,44 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { }) MakeRequest(t, req, 400) } + +func TestAccessTokenExchangeWithBasicAuth(t *testing.T) { + prepareTestEnv(t) + req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9") + resp := MakeRequest(t, req, 200) + type response struct { + AccessToken string `json:"access_token"` + TokenType string `json:"token_type"` + ExpiresIn int64 `json:"expires_in"` + RefreshToken string `json:"refresh_token"` + } + parsed := new(response) + assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed)) + assert.True(t, len(parsed.AccessToken) > 10) + assert.True(t, len(parsed.RefreshToken) > 10) + + // use wrong client_secret + req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OmJsYWJsYQ==") + resp = MakeRequest(t, req, 400) + + // missing header + req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + resp = MakeRequest(t, req, 400) +} |