diff options
| author | Jonas Franz <info@jonasfranz.software> | 2019-03-08 17:42:50 +0100 |
|---|---|---|
| committer | techknowlogick <matti@mdranta.net> | 2019-03-08 11:42:50 -0500 |
| commit | e777c6bdc6f12f9152335f8bfd66b956aedc9957 (patch) | |
| tree | b79c9bc2d4f9402dcd15d993b088840e2fad8a54 /integrations/oauth_test.go | |
| parent | 9d3732dfd512273992855097bba1e909f098db23 (diff) | |
| download | gitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.tar.gz gitea-e777c6bdc6f12f9152335f8bfd66b956aedc9957.zip | |
Integrate OAuth2 Provider (#5378)
Diffstat (limited to 'integrations/oauth_test.go')
| -rw-r--r-- | integrations/oauth_test.go | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/integrations/oauth_test.go b/integrations/oauth_test.go new file mode 100644 index 0000000000..53b83bb01a --- /dev/null +++ b/integrations/oauth_test.go @@ -0,0 +1,138 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package integrations + +import ( + "encoding/json" + "testing" + + "github.com/stretchr/testify/assert" +) + +const defaultAuthorize = "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=a&response_type=code&state=thestate" + +func TestNoClientID(t *testing.T) { + prepareTestEnv(t) + req := NewRequest(t, "GET", "/login/oauth/authorize") + ctx := loginUser(t, "user2") + ctx.MakeRequest(t, req, 400) +} + +func TestLoginRedirect(t *testing.T) { + prepareTestEnv(t) + req := NewRequest(t, "GET", "/login/oauth/authorize") + assert.Contains(t, MakeRequest(t, req, 302).Body.String(), "/user/login") +} + +func TestShowAuthorize(t *testing.T) { + prepareTestEnv(t) + req := NewRequest(t, "GET", defaultAuthorize) + ctx := loginUser(t, "user4") + resp := ctx.MakeRequest(t, req, 200) + + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, "#authorize-app", true) + htmlDoc.GetCSRF() +} + +func TestRedirectWithExistingGrant(t *testing.T) { + prepareTestEnv(t) + req := NewRequest(t, "GET", defaultAuthorize) + ctx := loginUser(t, "user1") + resp := ctx.MakeRequest(t, req, 302) + u, err := resp.Result().Location() + assert.NoError(t, err) + assert.Equal(t, "thestate", u.Query().Get("state")) + assert.Truef(t, len(u.Query().Get("code")) > 30, "authorization code '%s' should be longer then 30", u.Query().Get("code")) +} + +func TestAccessTokenExchange(t *testing.T) { + prepareTestEnv(t) + req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + resp := MakeRequest(t, req, 200) + type response struct { + AccessToken string `json:"access_token"` + TokenType string `json:"token_type"` + ExpiresIn int64 `json:"expires_in"` + RefreshToken string `json:"refresh_token"` + } + parsed := new(response) + assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed)) + assert.True(t, len(parsed.AccessToken) > 10) + assert.True(t, len(parsed.RefreshToken) > 10) +} + +func TestAccessTokenExchangeWithoutPKCE(t *testing.T) { + prepareTestEnv(t) + req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "a", + "code": "authcode", + }) + MakeRequest(t, req, 400) +} + +func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { + prepareTestEnv(t) + // invalid client id + req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "client_id": "???", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + MakeRequest(t, req, 400) + // invalid client secret + req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "???", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + MakeRequest(t, req, 400) + // invalid redirect uri + req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "???", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + MakeRequest(t, req, 400) + // invalid authorization code + req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "a", + "code": "???", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + MakeRequest(t, req, 400) + // invalid grant_type + req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "???", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + MakeRequest(t, req, 400) +} |