code.gitea.io/gitea@v1.22.3/tests/integration/api_oauth2_apps_test.go (about)

     1  // Copyright 2020 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package integration
     5  
     6  import (
     7  	"fmt"
     8  	"net/http"
     9  	"testing"
    10  
    11  	auth_model "code.gitea.io/gitea/models/auth"
    12  	"code.gitea.io/gitea/models/unittest"
    13  	user_model "code.gitea.io/gitea/models/user"
    14  	api "code.gitea.io/gitea/modules/structs"
    15  	"code.gitea.io/gitea/tests"
    16  
    17  	"github.com/stretchr/testify/assert"
    18  )
    19  
    20  func TestOAuth2Application(t *testing.T) {
    21  	defer tests.PrepareTestEnv(t)()
    22  	testAPICreateOAuth2Application(t)
    23  	testAPIListOAuth2Applications(t)
    24  	testAPIGetOAuth2Application(t)
    25  	testAPIUpdateOAuth2Application(t)
    26  	testAPIDeleteOAuth2Application(t)
    27  }
    28  
    29  func testAPICreateOAuth2Application(t *testing.T) {
    30  	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
    31  	appBody := api.CreateOAuth2ApplicationOptions{
    32  		Name: "test-app-1",
    33  		RedirectURIs: []string{
    34  			"http://www.google.com",
    35  		},
    36  		ConfidentialClient: true,
    37  	}
    38  
    39  	req := NewRequestWithJSON(t, "POST", "/api/v1/user/applications/oauth2", &appBody).
    40  		AddBasicAuth(user.Name)
    41  	resp := MakeRequest(t, req, http.StatusCreated)
    42  
    43  	var createdApp *api.OAuth2Application
    44  	DecodeJSON(t, resp, &createdApp)
    45  
    46  	assert.EqualValues(t, appBody.Name, createdApp.Name)
    47  	assert.Len(t, createdApp.ClientSecret, 56)
    48  	assert.Len(t, createdApp.ClientID, 36)
    49  	assert.True(t, createdApp.ConfidentialClient)
    50  	assert.NotEmpty(t, createdApp.Created)
    51  	assert.EqualValues(t, appBody.RedirectURIs[0], createdApp.RedirectURIs[0])
    52  	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{UID: user.ID, Name: createdApp.Name})
    53  }
    54  
    55  func testAPIListOAuth2Applications(t *testing.T) {
    56  	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
    57  	session := loginUser(t, user.Name)
    58  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
    59  
    60  	existApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{
    61  		UID:  user.ID,
    62  		Name: "test-app-1",
    63  		RedirectURIs: []string{
    64  			"http://www.google.com",
    65  		},
    66  		ConfidentialClient: true,
    67  	})
    68  
    69  	req := NewRequest(t, "GET", "/api/v1/user/applications/oauth2").
    70  		AddTokenAuth(token)
    71  	resp := MakeRequest(t, req, http.StatusOK)
    72  
    73  	var appList api.OAuth2ApplicationList
    74  	DecodeJSON(t, resp, &appList)
    75  	expectedApp := appList[0]
    76  
    77  	assert.EqualValues(t, existApp.Name, expectedApp.Name)
    78  	assert.EqualValues(t, existApp.ClientID, expectedApp.ClientID)
    79  	assert.Equal(t, existApp.ConfidentialClient, expectedApp.ConfidentialClient)
    80  	assert.Len(t, expectedApp.ClientID, 36)
    81  	assert.Empty(t, expectedApp.ClientSecret)
    82  	assert.EqualValues(t, existApp.RedirectURIs[0], expectedApp.RedirectURIs[0])
    83  	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})
    84  }
    85  
    86  func testAPIDeleteOAuth2Application(t *testing.T) {
    87  	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
    88  	session := loginUser(t, user.Name)
    89  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
    90  
    91  	oldApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{
    92  		UID:  user.ID,
    93  		Name: "test-app-1",
    94  	})
    95  
    96  	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d", oldApp.ID)
    97  	req := NewRequest(t, "DELETE", urlStr).
    98  		AddTokenAuth(token)
    99  	MakeRequest(t, req, http.StatusNoContent)
   100  
   101  	unittest.AssertNotExistsBean(t, &auth_model.OAuth2Application{UID: oldApp.UID, Name: oldApp.Name})
   102  
   103  	// Delete again will return not found
   104  	req = NewRequest(t, "DELETE", urlStr).
   105  		AddTokenAuth(token)
   106  	MakeRequest(t, req, http.StatusNotFound)
   107  }
   108  
   109  func testAPIGetOAuth2Application(t *testing.T) {
   110  	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
   111  	session := loginUser(t, user.Name)
   112  	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
   113  
   114  	existApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{
   115  		UID:  user.ID,
   116  		Name: "test-app-1",
   117  		RedirectURIs: []string{
   118  			"http://www.google.com",
   119  		},
   120  		ConfidentialClient: true,
   121  	})
   122  
   123  	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/applications/oauth2/%d", existApp.ID)).
   124  		AddTokenAuth(token)
   125  	resp := MakeRequest(t, req, http.StatusOK)
   126  
   127  	var app api.OAuth2Application
   128  	DecodeJSON(t, resp, &app)
   129  	expectedApp := app
   130  
   131  	assert.EqualValues(t, existApp.Name, expectedApp.Name)
   132  	assert.EqualValues(t, existApp.ClientID, expectedApp.ClientID)
   133  	assert.Equal(t, existApp.ConfidentialClient, expectedApp.ConfidentialClient)
   134  	assert.Len(t, expectedApp.ClientID, 36)
   135  	assert.Empty(t, expectedApp.ClientSecret)
   136  	assert.Len(t, expectedApp.RedirectURIs, 1)
   137  	assert.EqualValues(t, existApp.RedirectURIs[0], expectedApp.RedirectURIs[0])
   138  	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})
   139  }
   140  
   141  func testAPIUpdateOAuth2Application(t *testing.T) {
   142  	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
   143  
   144  	existApp := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{
   145  		UID:  user.ID,
   146  		Name: "test-app-1",
   147  		RedirectURIs: []string{
   148  			"http://www.google.com",
   149  		},
   150  	})
   151  
   152  	appBody := api.CreateOAuth2ApplicationOptions{
   153  		Name: "test-app-1",
   154  		RedirectURIs: []string{
   155  			"http://www.google.com/",
   156  			"http://www.github.com/",
   157  		},
   158  		ConfidentialClient: true,
   159  	}
   160  
   161  	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d", existApp.ID)
   162  	req := NewRequestWithJSON(t, "PATCH", urlStr, &appBody).
   163  		AddBasicAuth(user.Name)
   164  	resp := MakeRequest(t, req, http.StatusOK)
   165  
   166  	var app api.OAuth2Application
   167  	DecodeJSON(t, resp, &app)
   168  	expectedApp := app
   169  
   170  	assert.Len(t, expectedApp.RedirectURIs, 2)
   171  	assert.EqualValues(t, expectedApp.RedirectURIs[0], appBody.RedirectURIs[0])
   172  	assert.EqualValues(t, expectedApp.RedirectURIs[1], appBody.RedirectURIs[1])
   173  	assert.Equal(t, expectedApp.ConfidentialClient, appBody.ConfidentialClient)
   174  	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})
   175  }