mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16727 Commits
17 Branches
Tree: 2360c7ec6c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2360c7ec6c'
${ noResults }
gitea/tests/integration/api_oauth2_apps_test.go

api_oauth2_apps_test.go 5.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. // Copyright 2020 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"testing"

  10. 

  11. 	auth_model "code.gitea.io/gitea/models/auth"

  12. 	"code.gitea.io/gitea/models/unittest"

  13. 	user_model "code.gitea.io/gitea/models/user"

  14. 	api "code.gitea.io/gitea/modules/structs"

  15. 	"code.gitea.io/gitea/tests"

  16. 

  17. 	"github.com/stretchr/testify/assert"

  18. )

  19. 

  20. func TestOAuth2Application(t *testing.T) {

  21. 	defer tests.PrepareTestEnv(t)()

  22. 	testAPICreateOAuth2Application(t)

  23. 	testAPIListOAuth2Applications(t)

  24. 	testAPIGetOAuth2Application(t)

  25. 	testAPIUpdateOAuth2Application(t)

  26. 	testAPIDeleteOAuth2Application(t)

  27. }

  28. 

  29. func testAPICreateOAuth2Application(t *testing.T) {

  30. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  31. 	appBody := api.CreateOAuth2ApplicationOptions{

  32. 		Name: "test-app-1",

  33. 		RedirectURIs: []string{

  34. 			"http://www.google.com",

  35. 		},

  36. 		ConfidentialClient: true,

  37. 	}

  38. 

  39. 	req := NewRequestWithJSON(t, "POST", "/api/v1/user/applications/oauth2", &appBody)

  40. 	req = AddBasicAuthHeader(req, user.Name)

  41. 	resp := MakeRequest(t, req, http.StatusCreated)

  42. 

  43. 	var createdApp *api.OAuth2Application

  44. 	DecodeJSON(t, resp, &createdApp)

  45. 

  46. 	assert.EqualValues(t, appBody.Name, createdApp.Name)

  47. 	assert.Len(t, createdApp.ClientSecret, 56)

  48. 	assert.Len(t, createdApp.ClientID, 36)

  49. 	assert.True(t, createdApp.ConfidentialClient)

  50. 	assert.NotEmpty(t, createdApp.Created)

  51. 	assert.EqualValues(t, appBody.RedirectURIs[0], createdApp.RedirectURIs[0])

  52. 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{UID: user.ID, Name: createdApp.Name})

  53. }

  54. 

  55. func testAPIListOAuth2Applications(t *testing.T) {

  56. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  57. 	session := loginUser(t, user.Name)

  58. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)

  59. 

  60. 	existApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{

  61. 		UID:  user.ID,

  62. 		Name: "test-app-1",

  63. 		RedirectURIs: []string{

  64. 			"http://www.google.com",

  65. 		},

  66. 		ConfidentialClient: true,

  67. 	})

  68. 

  69. 	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2?token=%s", token)

  70. 	req := NewRequest(t, "GET", urlStr)

  71. 	resp := MakeRequest(t, req, http.StatusOK)

  72. 

  73. 	var appList api.OAuth2ApplicationList

  74. 	DecodeJSON(t, resp, &appList)

  75. 	expectedApp := appList[0]

  76. 

  77. 	assert.EqualValues(t, existApp.Name, expectedApp.Name)

  78. 	assert.EqualValues(t, existApp.ClientID, expectedApp.ClientID)

  79. 	assert.Equal(t, existApp.ConfidentialClient, expectedApp.ConfidentialClient)

  80. 	assert.Len(t, expectedApp.ClientID, 36)

  81. 	assert.Empty(t, expectedApp.ClientSecret)

  82. 	assert.EqualValues(t, existApp.RedirectURIs[0], expectedApp.RedirectURIs[0])

  83. 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})

  84. }

  85. 

  86. func testAPIDeleteOAuth2Application(t *testing.T) {

  87. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  88. 	session := loginUser(t, user.Name)

  89. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)

  90. 

  91. 	oldApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{

  92. 		UID:  user.ID,

  93. 		Name: "test-app-1",

  94. 	})

  95. 

  96. 	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d?token=%s", oldApp.ID, token)

  97. 	req := NewRequest(t, "DELETE", urlStr)

  98. 	MakeRequest(t, req, http.StatusNoContent)

  99. 

  100. 	unittest.AssertNotExistsBean(t, &auth_model.OAuth2Application{UID: oldApp.UID, Name: oldApp.Name})

  101. 

  102. 	// Delete again will return not found

  103. 	req = NewRequest(t, "DELETE", urlStr)

  104. 	MakeRequest(t, req, http.StatusNotFound)

  105. }

  106. 

  107. func testAPIGetOAuth2Application(t *testing.T) {

  108. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  109. 	session := loginUser(t, user.Name)

  110. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)

  111. 

  112. 	existApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{

  113. 		UID:  user.ID,

  114. 		Name: "test-app-1",

  115. 		RedirectURIs: []string{

  116. 			"http://www.google.com",

  117. 		},

  118. 		ConfidentialClient: true,

  119. 	})

  120. 

  121. 	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d?token=%s", existApp.ID, token)

  122. 	req := NewRequest(t, "GET", urlStr)

  123. 	resp := MakeRequest(t, req, http.StatusOK)

  124. 

  125. 	var app api.OAuth2Application

  126. 	DecodeJSON(t, resp, &app)

  127. 	expectedApp := app

  128. 

  129. 	assert.EqualValues(t, existApp.Name, expectedApp.Name)

  130. 	assert.EqualValues(t, existApp.ClientID, expectedApp.ClientID)

  131. 	assert.Equal(t, existApp.ConfidentialClient, expectedApp.ConfidentialClient)

  132. 	assert.Len(t, expectedApp.ClientID, 36)

  133. 	assert.Empty(t, expectedApp.ClientSecret)

  134. 	assert.Len(t, expectedApp.RedirectURIs, 1)

  135. 	assert.EqualValues(t, existApp.RedirectURIs[0], expectedApp.RedirectURIs[0])

  136. 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})

  137. }

  138. 

  139. func testAPIUpdateOAuth2Application(t *testing.T) {

  140. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  141. 

  142. 	existApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{

  143. 		UID:  user.ID,

  144. 		Name: "test-app-1",

  145. 		RedirectURIs: []string{

  146. 			"http://www.google.com",

  147. 		},

  148. 	})

  149. 

  150. 	appBody := api.CreateOAuth2ApplicationOptions{

  151. 		Name: "test-app-1",

  152. 		RedirectURIs: []string{

  153. 			"http://www.google.com/",

  154. 			"http://www.github.com/",

  155. 		},

  156. 		ConfidentialClient: true,

  157. 	}

  158. 

  159. 	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d", existApp.ID)

  160. 	req := NewRequestWithJSON(t, "PATCH", urlStr, &appBody)

  161. 	req = AddBasicAuthHeader(req, user.Name)

  162. 	resp := MakeRequest(t, req, http.StatusOK)

  163. 

  164. 	var app api.OAuth2Application

  165. 	DecodeJSON(t, resp, &app)

  166. 	expectedApp := app

  167. 

  168. 	assert.Len(t, expectedApp.RedirectURIs, 2)

  169. 	assert.EqualValues(t, expectedApp.RedirectURIs[0], appBody.RedirectURIs[0])

  170. 	assert.EqualValues(t, expectedApp.RedirectURIs[1], appBody.RedirectURIs[1])

  171. 	assert.Equal(t, expectedApp.ConfidentialClient, appBody.ConfidentialClient)

  172. 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})

  173. }