summaryrefslogtreecommitdiffstats
path: root/modules/oauth2/oauth2_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/oauth2/oauth2_test.go')
-rw-r--r--modules/oauth2/oauth2_test.go162
1 files changed, 162 insertions, 0 deletions
diff --git a/modules/oauth2/oauth2_test.go b/modules/oauth2/oauth2_test.go
new file mode 100644
index 0000000000..71443030a4
--- /dev/null
+++ b/modules/oauth2/oauth2_test.go
@@ -0,0 +1,162 @@
+// Copyright 2014 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package oauth2
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-martini/martini"
+ "github.com/martini-contrib/sessions"
+)
+
+func Test_LoginRedirect(t *testing.T) {
+ recorder := httptest.NewRecorder()
+ m := martini.New()
+ m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
+ m.Use(Google(&Options{
+ ClientId: "client_id",
+ ClientSecret: "client_secret",
+ RedirectURL: "refresh_url",
+ Scopes: []string{"x", "y"},
+ }))
+
+ r, _ := http.NewRequest("GET", "/login", nil)
+ m.ServeHTTP(recorder, r)
+
+ location := recorder.HeaderMap["Location"][0]
+ if recorder.Code != 302 {
+ t.Errorf("Not being redirected to the auth page.")
+ }
+ if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" {
+ t.Errorf("Not being redirected to the right page, %v found", location)
+ }
+}
+
+func Test_LoginRedirectAfterLoginRequired(t *testing.T) {
+ recorder := httptest.NewRecorder()
+ m := martini.Classic()
+ m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
+ m.Use(Google(&Options{
+ ClientId: "client_id",
+ ClientSecret: "client_secret",
+ RedirectURL: "refresh_url",
+ Scopes: []string{"x", "y"},
+ }))
+
+ m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) {
+ return 200, tokens.Access()
+ })
+
+ r, _ := http.NewRequest("GET", "/login-required?key=value", nil)
+ m.ServeHTTP(recorder, r)
+
+ location := recorder.HeaderMap["Location"][0]
+ if recorder.Code != 302 {
+ t.Errorf("Not being redirected to the auth page.")
+ }
+ if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {
+ t.Errorf("Not being redirected to the right page, %v found", location)
+ }
+}
+
+func Test_Logout(t *testing.T) {
+ recorder := httptest.NewRecorder()
+ s := sessions.NewCookieStore([]byte("secret123"))
+
+ m := martini.Classic()
+ m.Use(sessions.Sessions("my_session", s))
+ m.Use(Google(&Options{
+ // no need to configure
+ }))
+
+ m.Get("/", func(s sessions.Session) {
+ s.Set(keyToken, "dummy token")
+ })
+
+ m.Get("/get", func(s sessions.Session) {
+ if s.Get(keyToken) != nil {
+ t.Errorf("User credentials are still kept in the session.")
+ }
+ })
+
+ logout, _ := http.NewRequest("GET", "/logout", nil)
+ index, _ := http.NewRequest("GET", "/", nil)
+
+ m.ServeHTTP(httptest.NewRecorder(), index)
+ m.ServeHTTP(recorder, logout)
+
+ if recorder.Code != 302 {
+ t.Errorf("Not being redirected to the next page.")
+ }
+}
+
+func Test_LogoutOnAccessTokenExpiration(t *testing.T) {
+ recorder := httptest.NewRecorder()
+ s := sessions.NewCookieStore([]byte("secret123"))
+
+ m := martini.Classic()
+ m.Use(sessions.Sessions("my_session", s))
+ m.Use(Google(&Options{
+ // no need to configure
+ }))
+
+ m.Get("/addtoken", func(s sessions.Session) {
+ s.Set(keyToken, "dummy token")
+ })
+
+ m.Get("/", func(s sessions.Session) {
+ if s.Get(keyToken) != nil {
+ t.Errorf("User not logged out although access token is expired.")
+ }
+ })
+
+ addtoken, _ := http.NewRequest("GET", "/addtoken", nil)
+ index, _ := http.NewRequest("GET", "/", nil)
+ m.ServeHTTP(recorder, addtoken)
+ m.ServeHTTP(recorder, index)
+}
+
+func Test_InjectedTokens(t *testing.T) {
+ recorder := httptest.NewRecorder()
+ m := martini.Classic()
+ m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
+ m.Use(Google(&Options{
+ // no need to configure
+ }))
+ m.Get("/", func(tokens Tokens) string {
+ return "Hello world!"
+ })
+ r, _ := http.NewRequest("GET", "/", nil)
+ m.ServeHTTP(recorder, r)
+}
+
+func Test_LoginRequired(t *testing.T) {
+ recorder := httptest.NewRecorder()
+ m := martini.Classic()
+ m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
+ m.Use(Google(&Options{
+ // no need to configure
+ }))
+ m.Get("/", LoginRequired, func(tokens Tokens) string {
+ return "Hello world!"
+ })
+ r, _ := http.NewRequest("GET", "/", nil)
+ m.ServeHTTP(recorder, r)
+ if recorder.Code != 302 {
+ t.Errorf("Not being redirected to the auth page although user is not logged in.")
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 18:59:50 +0000