diff options
| author | Jonas Franz <info@jonasfranz.software> | 2019-04-12 09:50:21 +0200 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2019-04-12 15:50:21 +0800 |
| commit | 783cd649276c472aa3af97dd311eb4766ff3adfb (patch) | |
| tree | b5751426ada7ac3c41d2a65d2b023148b751ec08 /integrations | |
| parent | 3ff0a126e12109b6c3aceaa229dd1bf229b6ad4b (diff) | |
| download | gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.tar.gz gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.zip | |
Add option to disable refresh token invalidation (#6584)
* Add option to disable refresh token invalidation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add integration tests and remove wrong todos
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix typo
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix tests and add documentation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
Diffstat (limited to 'integrations')
| -rw-r--r-- | integrations/oauth_test.go | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/integrations/oauth_test.go b/integrations/oauth_test.go index 9674146f8b..2b5839dd71 100644 --- a/integrations/oauth_test.go +++ b/integrations/oauth_test.go @@ -8,6 +8,8 @@ import ( "encoding/json" "testing" + "code.gitea.io/gitea/modules/setting" + "github.com/stretchr/testify/assert" ) @@ -177,3 +179,42 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) { }) resp = MakeRequest(t, req, 400) } + +func TestRefreshTokenInvalidation(t *testing.T) { + prepareTestEnv(t) + req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "authorization_code", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "a", + "code": "authcode", + "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally + }) + resp := MakeRequest(t, req, 200) + type response struct { + AccessToken string `json:"access_token"` + TokenType string `json:"token_type"` + ExpiresIn int64 `json:"expires_in"` + RefreshToken string `json:"refresh_token"` + } + parsed := new(response) + assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed)) + + // test without invalidation + setting.OAuth2.InvalidateRefreshTokens = false + + refreshReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ + "grant_type": "refresh_token", + "client_id": "da7da3ba-9a13-4167-856f-3899de0b0138", + "client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=", + "redirect_uri": "a", + "refresh_token": parsed.RefreshToken, + }) + MakeRequest(t, refreshReq, 200) + MakeRequest(t, refreshReq, 200) + + // test with invalidation + setting.OAuth2.InvalidateRefreshTokens = true + MakeRequest(t, refreshReq, 200) + MakeRequest(t, refreshReq, 400) +} |