summaryrefslogtreecommitdiffstats
path: root/integrations/oauth_test.go
diff options
context:
space:
mode:
authorJonas Franz <info@jonasfranz.software>2019-03-08 17:42:50 +0100
committertechknowlogick <matti@mdranta.net>2019-03-08 11:42:50 -0500
commite777c6bdc6f12f9152335f8bfd66b956aedc9957 (patch)
treeb79c9bc2d4f9402dcd15d993b088840e2fad8a54 /integrations/oauth_test.go
parent9d3732dfd512273992855097bba1e909f098db23 (diff)
downloadgitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.tar.gz
gitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.zip
Integrate OAuth2 Provider (#5378)
Diffstat (limited to 'integrations/oauth_test.go')
-rw-r--r--integrations/oauth_test.go138
1 files changed, 138 insertions, 0 deletions
diff --git a/integrations/oauth_test.go b/integrations/oauth_test.go
new file mode 100644
index 0000000000..53b83bb01a
--- /dev/null
+++ b/integrations/oauth_test.go
@@ -0,0 +1,138 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+ "encoding/json"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+const defaultAuthorize = "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=a&response_type=code&state=thestate"
+
+func TestNoClientID(t *testing.T) {
+ prepareTestEnv(t)
+ req := NewRequest(t, "GET", "/login/oauth/authorize")
+ ctx := loginUser(t, "user2")
+ ctx.MakeRequest(t, req, 400)
+}
+
+func TestLoginRedirect(t *testing.T) {
+ prepareTestEnv(t)
+ req := NewRequest(t, "GET", "/login/oauth/authorize")
+ assert.Contains(t, MakeRequest(t, req, 302).Body.String(), "/user/login")
+}
+
+func TestShowAuthorize(t *testing.T) {
+ prepareTestEnv(t)
+ req := NewRequest(t, "GET", defaultAuthorize)
+ ctx := loginUser(t, "user4")
+ resp := ctx.MakeRequest(t, req, 200)
+
+ htmlDoc := NewHTMLParser(t, resp.Body)
+ htmlDoc.AssertElement(t, "#authorize-app", true)
+ htmlDoc.GetCSRF()
+}
+
+func TestRedirectWithExistingGrant(t *testing.T) {
+ prepareTestEnv(t)
+ req := NewRequest(t, "GET", defaultAuthorize)
+ ctx := loginUser(t, "user1")
+ resp := ctx.MakeRequest(t, req, 302)
+ u, err := resp.Result().Location()
+ assert.NoError(t, err)
+ assert.Equal(t, "thestate", u.Query().Get("state"))
+ assert.Truef(t, len(u.Query().Get("code")) > 30, "authorization code '%s' should be longer then 30", u.Query().Get("code"))
+}
+
+func TestAccessTokenExchange(t *testing.T) {
+ prepareTestEnv(t)
+ req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+ "grant_type": "authorization_code",
+ "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
+ "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+ "redirect_uri": "a",
+ "code": "authcode",
+ "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally
+ })
+ resp := MakeRequest(t, req, 200)
+ type response struct {
+ AccessToken string `json:"access_token"`
+ TokenType string `json:"token_type"`
+ ExpiresIn int64 `json:"expires_in"`
+ RefreshToken string `json:"refresh_token"`
+ }
+ parsed := new(response)
+ assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
+ assert.True(t, len(parsed.AccessToken) > 10)
+ assert.True(t, len(parsed.RefreshToken) > 10)
+}
+
+func TestAccessTokenExchangeWithoutPKCE(t *testing.T) {
+ prepareTestEnv(t)
+ req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+ "grant_type": "authorization_code",
+ "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
+ "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+ "redirect_uri": "a",
+ "code": "authcode",
+ })
+ MakeRequest(t, req, 400)
+}
+
+func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
+ prepareTestEnv(t)
+ // invalid client id
+ req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+ "grant_type": "authorization_code",
+ "client_id": "???",
+ "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+ "redirect_uri": "a",
+ "code": "authcode",
+ "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally
+ })
+ MakeRequest(t, req, 400)
+ // invalid client secret
+ req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+ "grant_type": "authorization_code",
+ "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
+ "client_secret": "???",
+ "redirect_uri": "a",
+ "code": "authcode",
+ "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally
+ })
+ MakeRequest(t, req, 400)
+ // invalid redirect uri
+ req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+ "grant_type": "authorization_code",
+ "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
+ "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+ "redirect_uri": "???",
+ "code": "authcode",
+ "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally
+ })
+ MakeRequest(t, req, 400)
+ // invalid authorization code
+ req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+ "grant_type": "authorization_code",
+ "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
+ "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+ "redirect_uri": "a",
+ "code": "???",
+ "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally
+ })
+ MakeRequest(t, req, 400)
+ // invalid grant_type
+ req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+ "grant_type": "???",
+ "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
+ "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+ "redirect_uri": "a",
+ "code": "authcode",
+ "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally
+ })
+ MakeRequest(t, req, 400)
+}