mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
793 Commits
17 Branches
Tree: 8c266f2df5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8c266f2df5'
${ noResults }
gitea/modules/oauth2/oauth2_test.go

oauth2_test.go 4.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 
  1. // Copyright 2014 Google Inc. All Rights Reserved.

  2. //

  3. // Licensed under the Apache License, Version 2.0 (the "License");

  4. // you may not use this file except in compliance with the License.

  5. // You may obtain a copy of the License at

  6. //

  7. //      http://www.apache.org/licenses/LICENSE-2.0

  8. //

  9. // Unless required by applicable law or agreed to in writing, software

  10. // distributed under the License is distributed on an "AS IS" BASIS,

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. // See the License for the specific language governing permissions and

  13. // limitations under the License.

  14. 

  15. package oauth2

  16. 

  17. import (

  18. 	"net/http"

  19. 	"net/http/httptest"

  20. 	"testing"

  21. 

  22. 	"github.com/go-martini/martini"

  23. 	"github.com/martini-contrib/sessions"

  24. )

  25. 

  26. func Test_LoginRedirect(t *testing.T) {

  27. 	recorder := httptest.NewRecorder()

  28. 	m := martini.New()

  29. 	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))

  30. 	m.Use(Google(&Options{

  31. 		ClientId:     "client_id",

  32. 		ClientSecret: "client_secret",

  33. 		RedirectURL:  "refresh_url",

  34. 		Scopes:       []string{"x", "y"},

  35. 	}))

  36. 

  37. 	r, _ := http.NewRequest("GET", "/login", nil)

  38. 	m.ServeHTTP(recorder, r)

  39. 

  40. 	location := recorder.HeaderMap["Location"][0]

  41. 	if recorder.Code != 302 {

  42. 		t.Errorf("Not being redirected to the auth page.")

  43. 	}

  44. 	if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" {

  45. 		t.Errorf("Not being redirected to the right page, %v found", location)

  46. 	}

  47. }

  48. 

  49. func Test_LoginRedirectAfterLoginRequired(t *testing.T) {

  50. 	recorder := httptest.NewRecorder()

  51. 	m := martini.Classic()

  52. 	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))

  53. 	m.Use(Google(&Options{

  54. 		ClientId:     "client_id",

  55. 		ClientSecret: "client_secret",

  56. 		RedirectURL:  "refresh_url",

  57. 		Scopes:       []string{"x", "y"},

  58. 	}))

  59. 

  60. 	m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) {

  61. 		return 200, tokens.Access()

  62. 	})

  63. 

  64. 	r, _ := http.NewRequest("GET", "/login-required?key=value", nil)

  65. 	m.ServeHTTP(recorder, r)

  66. 

  67. 	location := recorder.HeaderMap["Location"][0]

  68. 	if recorder.Code != 302 {

  69. 		t.Errorf("Not being redirected to the auth page.")

  70. 	}

  71. 	if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {

  72. 		t.Errorf("Not being redirected to the right page, %v found", location)

  73. 	}

  74. }

  75. 

  76. func Test_Logout(t *testing.T) {

  77. 	recorder := httptest.NewRecorder()

  78. 	s := sessions.NewCookieStore([]byte("secret123"))

  79. 

  80. 	m := martini.Classic()

  81. 	m.Use(sessions.Sessions("my_session", s))

  82. 	m.Use(Google(&Options{

  83. 	// no need to configure

  84. 	}))

  85. 

  86. 	m.Get("/", func(s sessions.Session) {

  87. 		s.Set(keyToken, "dummy token")

  88. 	})

  89. 

  90. 	m.Get("/get", func(s sessions.Session) {

  91. 		if s.Get(keyToken) != nil {

  92. 			t.Errorf("User credentials are still kept in the session.")

  93. 		}

  94. 	})

  95. 

  96. 	logout, _ := http.NewRequest("GET", "/logout", nil)

  97. 	index, _ := http.NewRequest("GET", "/", nil)

  98. 

  99. 	m.ServeHTTP(httptest.NewRecorder(), index)

  100. 	m.ServeHTTP(recorder, logout)

  101. 

  102. 	if recorder.Code != 302 {

  103. 		t.Errorf("Not being redirected to the next page.")

  104. 	}

  105. }

  106. 

  107. func Test_LogoutOnAccessTokenExpiration(t *testing.T) {

  108. 	recorder := httptest.NewRecorder()

  109. 	s := sessions.NewCookieStore([]byte("secret123"))

  110. 

  111. 	m := martini.Classic()

  112. 	m.Use(sessions.Sessions("my_session", s))

  113. 	m.Use(Google(&Options{

  114. 	// no need to configure

  115. 	}))

  116. 

  117. 	m.Get("/addtoken", func(s sessions.Session) {

  118. 		s.Set(keyToken, "dummy token")

  119. 	})

  120. 

  121. 	m.Get("/", func(s sessions.Session) {

  122. 		if s.Get(keyToken) != nil {

  123. 			t.Errorf("User not logged out although access token is expired.")

  124. 		}

  125. 	})

  126. 

  127. 	addtoken, _ := http.NewRequest("GET", "/addtoken", nil)

  128. 	index, _ := http.NewRequest("GET", "/", nil)

  129. 	m.ServeHTTP(recorder, addtoken)

  130. 	m.ServeHTTP(recorder, index)

  131. }

  132. 

  133. func Test_InjectedTokens(t *testing.T) {

  134. 	recorder := httptest.NewRecorder()

  135. 	m := martini.Classic()

  136. 	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))

  137. 	m.Use(Google(&Options{

  138. 	// no need to configure

  139. 	}))

  140. 	m.Get("/", func(tokens Tokens) string {

  141. 		return "Hello world!"

  142. 	})

  143. 	r, _ := http.NewRequest("GET", "/", nil)

  144. 	m.ServeHTTP(recorder, r)

  145. }

  146. 

  147. func Test_LoginRequired(t *testing.T) {

  148. 	recorder := httptest.NewRecorder()

  149. 	m := martini.Classic()

  150. 	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))

  151. 	m.Use(Google(&Options{

  152. 	// no need to configure

  153. 	}))

  154. 	m.Get("/", LoginRequired, func(tokens Tokens) string {

  155. 		return "Hello world!"

  156. 	})

  157. 	r, _ := http.NewRequest("GET", "/", nil)

  158. 	m.ServeHTTP(recorder, r)

  159. 	if recorder.Code != 302 {

  160. 		t.Errorf("Not being redirected to the auth page although user is not logged in.")

  161. 	}

  162. }