github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/api4/oauth_test.go (about) 1 // Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "net/url" 9 "strconv" 10 "testing" 11 12 "github.com/mattermost/mattermost-server/model" 13 ) 14 15 func TestCreateOAuthApp(t *testing.T) { 16 th := Setup().InitBasic().InitSystemAdmin() 17 defer th.TearDown() 18 Client := th.Client 19 AdminClient := th.SystemAdminClient 20 21 defaultRolePermissions := th.SaveDefaultRolePermissions() 22 defer func() { 23 th.RestoreDefaultRolePermissions(defaultRolePermissions) 24 }() 25 26 // Grant permission to regular users. 27 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 28 29 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 30 31 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}, IsTrusted: true} 32 33 rapp, resp := AdminClient.CreateOAuthApp(oapp) 34 CheckNoError(t, resp) 35 CheckCreatedStatus(t, resp) 36 37 if rapp.Name != oapp.Name { 38 t.Fatal("names did not match") 39 } 40 41 if rapp.IsTrusted != oapp.IsTrusted { 42 t.Fatal("trusted did no match") 43 } 44 45 // Revoke permission from regular users. 46 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 47 48 _, resp = Client.CreateOAuthApp(oapp) 49 CheckForbiddenStatus(t, resp) 50 51 // Grant permission to regular users. 52 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 53 54 rapp, resp = Client.CreateOAuthApp(oapp) 55 CheckNoError(t, resp) 56 CheckCreatedStatus(t, resp) 57 58 if rapp.IsTrusted { 59 t.Fatal("trusted should be false - created by non admin") 60 } 61 62 oapp.Name = "" 63 _, resp = AdminClient.CreateOAuthApp(oapp) 64 CheckBadRequestStatus(t, resp) 65 66 if r, err := Client.DoApiPost("/oauth/apps", "garbage"); err == nil { 67 t.Fatal("should have failed") 68 } else { 69 if r.StatusCode != http.StatusBadRequest { 70 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 71 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 72 t.Fatal("wrong status code") 73 } 74 } 75 76 Client.Logout() 77 _, resp = Client.CreateOAuthApp(oapp) 78 CheckUnauthorizedStatus(t, resp) 79 80 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 81 oapp.Name = GenerateTestAppName() 82 _, resp = AdminClient.CreateOAuthApp(oapp) 83 CheckNotImplementedStatus(t, resp) 84 } 85 86 func TestUpdateOAuthApp(t *testing.T) { 87 th := Setup().InitBasic().InitSystemAdmin() 88 defer th.TearDown() 89 Client := th.Client 90 AdminClient := th.SystemAdminClient 91 92 defaultRolePermissions := th.SaveDefaultRolePermissions() 93 defer func() { 94 th.RestoreDefaultRolePermissions(defaultRolePermissions) 95 }() 96 97 // Grant permission to regular users. 98 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 99 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 100 101 oapp := &model.OAuthApp{ 102 Name: "oapp", 103 IsTrusted: false, 104 IconURL: "https://nowhere.com/img", 105 Homepage: "https://nowhere.com", 106 Description: "test", 107 CallbackUrls: []string{"https://callback.com"}, 108 } 109 110 oapp, _ = AdminClient.CreateOAuthApp(oapp) 111 112 oapp.Name = "oapp_update" 113 oapp.IsTrusted = true 114 oapp.IconURL = "https://nowhere.com/img_update" 115 oapp.Homepage = "https://nowhere_update.com" 116 oapp.Description = "test_update" 117 oapp.CallbackUrls = []string{"https://callback_update.com", "https://another_callback.com"} 118 119 updatedApp, resp := AdminClient.UpdateOAuthApp(oapp) 120 CheckNoError(t, resp) 121 122 if updatedApp.Id != oapp.Id { 123 t.Fatal("Id should have not updated") 124 } 125 126 if updatedApp.CreatorId != oapp.CreatorId { 127 t.Fatal("CreatorId should have not updated") 128 } 129 130 if updatedApp.CreateAt != oapp.CreateAt { 131 t.Fatal("CreateAt should have not updated") 132 } 133 134 if updatedApp.UpdateAt == oapp.UpdateAt { 135 t.Fatal("UpdateAt should have updated") 136 } 137 138 if updatedApp.ClientSecret != oapp.ClientSecret { 139 t.Fatal("ClientSecret should have not updated") 140 } 141 142 if updatedApp.Name != oapp.Name { 143 t.Fatal("Name should have updated") 144 } 145 146 if updatedApp.Description != oapp.Description { 147 t.Fatal("Description should have updated") 148 } 149 150 if updatedApp.IconURL != oapp.IconURL { 151 t.Fatal("IconURL should have updated") 152 } 153 154 if len(updatedApp.CallbackUrls) == len(oapp.CallbackUrls) { 155 for i, callbackUrl := range updatedApp.CallbackUrls { 156 if callbackUrl != oapp.CallbackUrls[i] { 157 t.Fatal("Description should have updated") 158 } 159 } 160 } 161 162 if updatedApp.Homepage != oapp.Homepage { 163 t.Fatal("Homepage should have updated") 164 } 165 166 if updatedApp.IsTrusted != oapp.IsTrusted { 167 t.Fatal("IsTrusted should have updated") 168 } 169 170 th.LoginBasic2() 171 updatedApp.CreatorId = th.BasicUser2.Id 172 _, resp = Client.UpdateOAuthApp(oapp) 173 CheckForbiddenStatus(t, resp) 174 175 th.LoginBasic() 176 177 // Revoke permission from regular users. 178 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 179 180 _, resp = Client.UpdateOAuthApp(oapp) 181 CheckForbiddenStatus(t, resp) 182 183 oapp.Id = "zhk9d1ggatrqz236c7h87im7bc" 184 _, resp = AdminClient.UpdateOAuthApp(oapp) 185 CheckNotFoundStatus(t, resp) 186 187 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 188 189 _, resp = AdminClient.UpdateOAuthApp(oapp) 190 CheckNotImplementedStatus(t, resp) 191 192 Client.Logout() 193 _, resp = Client.UpdateOAuthApp(oapp) 194 CheckUnauthorizedStatus(t, resp) 195 196 oapp.Id = "junk" 197 _, resp = AdminClient.UpdateOAuthApp(oapp) 198 CheckBadRequestStatus(t, resp) 199 } 200 201 func TestGetOAuthApps(t *testing.T) { 202 th := Setup().InitBasic().InitSystemAdmin() 203 defer th.TearDown() 204 Client := th.Client 205 AdminClient := th.SystemAdminClient 206 207 defaultRolePermissions := th.SaveDefaultRolePermissions() 208 defer func() { 209 th.RestoreDefaultRolePermissions(defaultRolePermissions) 210 }() 211 212 // Grant permission to regular users. 213 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 214 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 215 216 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 217 218 rapp, resp := AdminClient.CreateOAuthApp(oapp) 219 CheckNoError(t, resp) 220 221 oapp.Name = GenerateTestAppName() 222 rapp2, resp := Client.CreateOAuthApp(oapp) 223 CheckNoError(t, resp) 224 225 apps, resp := AdminClient.GetOAuthApps(0, 1000) 226 CheckNoError(t, resp) 227 228 found1 := false 229 found2 := false 230 for _, a := range apps { 231 if a.Id == rapp.Id { 232 found1 = true 233 } 234 if a.Id == rapp2.Id { 235 found2 = true 236 } 237 } 238 239 if !found1 || !found2 { 240 t.Fatal("missing oauth app") 241 } 242 243 apps, resp = AdminClient.GetOAuthApps(1, 1) 244 CheckNoError(t, resp) 245 246 if len(apps) != 1 { 247 t.Fatal("paging failed") 248 } 249 250 apps, resp = Client.GetOAuthApps(0, 1000) 251 CheckNoError(t, resp) 252 253 if len(apps) != 1 && apps[0].Id != rapp2.Id { 254 t.Fatal("wrong apps returned") 255 } 256 257 // Revoke permission from regular users. 258 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 259 260 _, resp = Client.GetOAuthApps(0, 1000) 261 CheckForbiddenStatus(t, resp) 262 263 Client.Logout() 264 265 _, resp = Client.GetOAuthApps(0, 1000) 266 CheckUnauthorizedStatus(t, resp) 267 268 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 269 _, resp = AdminClient.GetOAuthApps(0, 1000) 270 CheckNotImplementedStatus(t, resp) 271 } 272 273 func TestGetOAuthApp(t *testing.T) { 274 th := Setup().InitBasic().InitSystemAdmin() 275 defer th.TearDown() 276 Client := th.Client 277 AdminClient := th.SystemAdminClient 278 279 defaultRolePermissions := th.SaveDefaultRolePermissions() 280 defer func() { 281 th.RestoreDefaultRolePermissions(defaultRolePermissions) 282 }() 283 284 // Grant permission to regular users. 285 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 286 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 287 288 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 289 290 rapp, resp := AdminClient.CreateOAuthApp(oapp) 291 CheckNoError(t, resp) 292 293 oapp.Name = GenerateTestAppName() 294 rapp2, resp := Client.CreateOAuthApp(oapp) 295 CheckNoError(t, resp) 296 297 rrapp, resp := AdminClient.GetOAuthApp(rapp.Id) 298 CheckNoError(t, resp) 299 300 if rapp.Id != rrapp.Id { 301 t.Fatal("wrong app") 302 } 303 304 if rrapp.ClientSecret == "" { 305 t.Fatal("should not be sanitized") 306 } 307 308 rrapp2, resp := AdminClient.GetOAuthApp(rapp2.Id) 309 CheckNoError(t, resp) 310 311 if rapp2.Id != rrapp2.Id { 312 t.Fatal("wrong app") 313 } 314 315 if rrapp2.ClientSecret == "" { 316 t.Fatal("should not be sanitized") 317 } 318 319 _, resp = Client.GetOAuthApp(rapp2.Id) 320 CheckNoError(t, resp) 321 322 _, resp = Client.GetOAuthApp(rapp.Id) 323 CheckForbiddenStatus(t, resp) 324 325 // Revoke permission from regular users. 326 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 327 328 _, resp = Client.GetOAuthApp(rapp2.Id) 329 CheckForbiddenStatus(t, resp) 330 331 Client.Logout() 332 333 _, resp = Client.GetOAuthApp(rapp2.Id) 334 CheckUnauthorizedStatus(t, resp) 335 336 _, resp = AdminClient.GetOAuthApp("junk") 337 CheckBadRequestStatus(t, resp) 338 339 _, resp = AdminClient.GetOAuthApp(model.NewId()) 340 CheckNotFoundStatus(t, resp) 341 342 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 343 _, resp = AdminClient.GetOAuthApp(rapp.Id) 344 CheckNotImplementedStatus(t, resp) 345 } 346 347 func TestGetOAuthAppInfo(t *testing.T) { 348 th := Setup().InitBasic().InitSystemAdmin() 349 defer th.TearDown() 350 Client := th.Client 351 AdminClient := th.SystemAdminClient 352 353 defaultRolePermissions := th.SaveDefaultRolePermissions() 354 defer func() { 355 th.RestoreDefaultRolePermissions(defaultRolePermissions) 356 }() 357 358 // Grant permission to regular users. 359 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 360 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 361 362 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 363 364 rapp, resp := AdminClient.CreateOAuthApp(oapp) 365 CheckNoError(t, resp) 366 367 oapp.Name = GenerateTestAppName() 368 rapp2, resp := Client.CreateOAuthApp(oapp) 369 CheckNoError(t, resp) 370 371 rrapp, resp := AdminClient.GetOAuthAppInfo(rapp.Id) 372 CheckNoError(t, resp) 373 374 if rapp.Id != rrapp.Id { 375 t.Fatal("wrong app") 376 } 377 378 if rrapp.ClientSecret != "" { 379 t.Fatal("should be sanitized") 380 } 381 382 rrapp2, resp := AdminClient.GetOAuthAppInfo(rapp2.Id) 383 CheckNoError(t, resp) 384 385 if rapp2.Id != rrapp2.Id { 386 t.Fatal("wrong app") 387 } 388 389 if rrapp2.ClientSecret != "" { 390 t.Fatal("should be sanitized") 391 } 392 393 _, resp = Client.GetOAuthAppInfo(rapp2.Id) 394 CheckNoError(t, resp) 395 396 _, resp = Client.GetOAuthAppInfo(rapp.Id) 397 CheckNoError(t, resp) 398 399 // Revoke permission from regular users. 400 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 401 402 _, resp = Client.GetOAuthAppInfo(rapp2.Id) 403 CheckNoError(t, resp) 404 405 Client.Logout() 406 407 _, resp = Client.GetOAuthAppInfo(rapp2.Id) 408 CheckUnauthorizedStatus(t, resp) 409 410 _, resp = AdminClient.GetOAuthAppInfo("junk") 411 CheckBadRequestStatus(t, resp) 412 413 _, resp = AdminClient.GetOAuthAppInfo(model.NewId()) 414 CheckNotFoundStatus(t, resp) 415 416 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 417 _, resp = AdminClient.GetOAuthAppInfo(rapp.Id) 418 CheckNotImplementedStatus(t, resp) 419 } 420 421 func TestDeleteOAuthApp(t *testing.T) { 422 th := Setup().InitBasic().InitSystemAdmin() 423 defer th.TearDown() 424 Client := th.Client 425 AdminClient := th.SystemAdminClient 426 427 defaultRolePermissions := th.SaveDefaultRolePermissions() 428 defer func() { 429 th.RestoreDefaultRolePermissions(defaultRolePermissions) 430 }() 431 432 // Grant permission to regular users. 433 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 434 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 435 436 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 437 438 rapp, resp := AdminClient.CreateOAuthApp(oapp) 439 CheckNoError(t, resp) 440 441 oapp.Name = GenerateTestAppName() 442 rapp2, resp := Client.CreateOAuthApp(oapp) 443 CheckNoError(t, resp) 444 445 pass, resp := AdminClient.DeleteOAuthApp(rapp.Id) 446 CheckNoError(t, resp) 447 448 if !pass { 449 t.Fatal("should have passed") 450 } 451 452 _, resp = AdminClient.DeleteOAuthApp(rapp2.Id) 453 CheckNoError(t, resp) 454 455 rapp, resp = AdminClient.CreateOAuthApp(oapp) 456 CheckNoError(t, resp) 457 458 oapp.Name = GenerateTestAppName() 459 rapp2, resp = Client.CreateOAuthApp(oapp) 460 CheckNoError(t, resp) 461 462 _, resp = Client.DeleteOAuthApp(rapp.Id) 463 CheckForbiddenStatus(t, resp) 464 465 _, resp = Client.DeleteOAuthApp(rapp2.Id) 466 CheckNoError(t, resp) 467 468 // Revoke permission from regular users. 469 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 470 471 _, resp = Client.DeleteOAuthApp(rapp.Id) 472 CheckForbiddenStatus(t, resp) 473 474 Client.Logout() 475 _, resp = Client.DeleteOAuthApp(rapp.Id) 476 CheckUnauthorizedStatus(t, resp) 477 478 _, resp = AdminClient.DeleteOAuthApp("junk") 479 CheckBadRequestStatus(t, resp) 480 481 _, resp = AdminClient.DeleteOAuthApp(model.NewId()) 482 CheckNotFoundStatus(t, resp) 483 484 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 485 _, resp = AdminClient.DeleteOAuthApp(rapp.Id) 486 CheckNotImplementedStatus(t, resp) 487 } 488 489 func TestRegenerateOAuthAppSecret(t *testing.T) { 490 th := Setup().InitBasic().InitSystemAdmin() 491 defer th.TearDown() 492 Client := th.Client 493 AdminClient := th.SystemAdminClient 494 495 defaultRolePermissions := th.SaveDefaultRolePermissions() 496 defer func() { 497 th.RestoreDefaultRolePermissions(defaultRolePermissions) 498 }() 499 500 // Grant permission to regular users. 501 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 502 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 503 504 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 505 506 rapp, resp := AdminClient.CreateOAuthApp(oapp) 507 CheckNoError(t, resp) 508 509 oapp.Name = GenerateTestAppName() 510 rapp2, resp := Client.CreateOAuthApp(oapp) 511 CheckNoError(t, resp) 512 513 rrapp, resp := AdminClient.RegenerateOAuthAppSecret(rapp.Id) 514 CheckNoError(t, resp) 515 516 if rrapp.Id != rapp.Id { 517 t.Fatal("wrong app") 518 } 519 520 if rrapp.ClientSecret == rapp.ClientSecret { 521 t.Fatal("secret didn't change") 522 } 523 524 _, resp = AdminClient.RegenerateOAuthAppSecret(rapp2.Id) 525 CheckNoError(t, resp) 526 527 rapp, resp = AdminClient.CreateOAuthApp(oapp) 528 CheckNoError(t, resp) 529 530 oapp.Name = GenerateTestAppName() 531 rapp2, resp = Client.CreateOAuthApp(oapp) 532 CheckNoError(t, resp) 533 534 _, resp = Client.RegenerateOAuthAppSecret(rapp.Id) 535 CheckForbiddenStatus(t, resp) 536 537 _, resp = Client.RegenerateOAuthAppSecret(rapp2.Id) 538 CheckNoError(t, resp) 539 540 // Revoke permission from regular users. 541 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 542 543 _, resp = Client.RegenerateOAuthAppSecret(rapp.Id) 544 CheckForbiddenStatus(t, resp) 545 546 Client.Logout() 547 _, resp = Client.RegenerateOAuthAppSecret(rapp.Id) 548 CheckUnauthorizedStatus(t, resp) 549 550 _, resp = AdminClient.RegenerateOAuthAppSecret("junk") 551 CheckBadRequestStatus(t, resp) 552 553 _, resp = AdminClient.RegenerateOAuthAppSecret(model.NewId()) 554 CheckNotFoundStatus(t, resp) 555 556 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 557 _, resp = AdminClient.RegenerateOAuthAppSecret(rapp.Id) 558 CheckNotImplementedStatus(t, resp) 559 } 560 561 func TestGetAuthorizedOAuthAppsForUser(t *testing.T) { 562 th := Setup().InitBasic().InitSystemAdmin() 563 defer th.TearDown() 564 Client := th.Client 565 AdminClient := th.SystemAdminClient 566 567 enableOAuth := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 568 defer func() { 569 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth }) 570 }() 571 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 572 573 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 574 575 rapp, resp := AdminClient.CreateOAuthApp(oapp) 576 CheckNoError(t, resp) 577 578 authRequest := &model.AuthorizeRequest{ 579 ResponseType: model.AUTHCODE_RESPONSE_TYPE, 580 ClientId: rapp.Id, 581 RedirectUri: rapp.CallbackUrls[0], 582 Scope: "", 583 State: "123", 584 } 585 586 _, resp = Client.AuthorizeOAuthApp(authRequest) 587 CheckNoError(t, resp) 588 589 apps, resp := Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 590 CheckNoError(t, resp) 591 592 found := false 593 for _, a := range apps { 594 if a.Id == rapp.Id { 595 found = true 596 } 597 598 if a.ClientSecret != "" { 599 t.Fatal("not sanitized") 600 } 601 } 602 603 if !found { 604 t.Fatal("missing app") 605 } 606 607 _, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser2.Id, 0, 1000) 608 CheckForbiddenStatus(t, resp) 609 610 _, resp = Client.GetAuthorizedOAuthAppsForUser("junk", 0, 1000) 611 CheckBadRequestStatus(t, resp) 612 613 Client.Logout() 614 _, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 615 CheckUnauthorizedStatus(t, resp) 616 617 _, resp = AdminClient.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 618 CheckNoError(t, resp) 619 } 620 621 func TestAuthorizeOAuthApp(t *testing.T) { 622 th := Setup().InitBasic().InitSystemAdmin() 623 defer th.TearDown() 624 Client := th.Client 625 AdminClient := th.SystemAdminClient 626 627 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 628 629 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 630 631 rapp, resp := AdminClient.CreateOAuthApp(oapp) 632 CheckNoError(t, resp) 633 634 authRequest := &model.AuthorizeRequest{ 635 ResponseType: model.AUTHCODE_RESPONSE_TYPE, 636 ClientId: rapp.Id, 637 RedirectUri: rapp.CallbackUrls[0], 638 Scope: "", 639 State: "123", 640 } 641 642 ruri, resp := Client.AuthorizeOAuthApp(authRequest) 643 CheckNoError(t, resp) 644 645 if len(ruri) == 0 { 646 t.Fatal("redirect url should be set") 647 } 648 649 ru, _ := url.Parse(ruri) 650 if ru == nil { 651 t.Fatal("redirect url unparseable") 652 } else { 653 if len(ru.Query().Get("code")) == 0 { 654 t.Fatal("authorization code not returned") 655 } 656 if ru.Query().Get("state") != authRequest.State { 657 t.Fatal("returned state doesn't match") 658 } 659 } 660 661 authRequest.RedirectUri = "" 662 _, resp = Client.AuthorizeOAuthApp(authRequest) 663 CheckBadRequestStatus(t, resp) 664 665 authRequest.RedirectUri = "http://somewhereelse.com" 666 _, resp = Client.AuthorizeOAuthApp(authRequest) 667 CheckBadRequestStatus(t, resp) 668 669 authRequest.RedirectUri = rapp.CallbackUrls[0] 670 authRequest.ResponseType = "" 671 _, resp = Client.AuthorizeOAuthApp(authRequest) 672 CheckBadRequestStatus(t, resp) 673 674 authRequest.ResponseType = model.AUTHCODE_RESPONSE_TYPE 675 authRequest.ClientId = "" 676 _, resp = Client.AuthorizeOAuthApp(authRequest) 677 CheckBadRequestStatus(t, resp) 678 679 authRequest.ClientId = model.NewId() 680 _, resp = Client.AuthorizeOAuthApp(authRequest) 681 CheckNotFoundStatus(t, resp) 682 } 683 684 func TestDeauthorizeOAuthApp(t *testing.T) { 685 th := Setup().InitBasic().InitSystemAdmin() 686 defer th.TearDown() 687 Client := th.Client 688 AdminClient := th.SystemAdminClient 689 690 enableOAuth := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 691 defer func() { 692 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth }) 693 }() 694 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 695 696 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 697 698 rapp, resp := AdminClient.CreateOAuthApp(oapp) 699 CheckNoError(t, resp) 700 701 authRequest := &model.AuthorizeRequest{ 702 ResponseType: model.AUTHCODE_RESPONSE_TYPE, 703 ClientId: rapp.Id, 704 RedirectUri: rapp.CallbackUrls[0], 705 Scope: "", 706 State: "123", 707 } 708 709 _, resp = Client.AuthorizeOAuthApp(authRequest) 710 CheckNoError(t, resp) 711 712 pass, resp := Client.DeauthorizeOAuthApp(rapp.Id) 713 CheckNoError(t, resp) 714 715 if !pass { 716 t.Fatal("should have passed") 717 } 718 719 _, resp = Client.DeauthorizeOAuthApp("junk") 720 CheckBadRequestStatus(t, resp) 721 722 _, resp = Client.DeauthorizeOAuthApp(model.NewId()) 723 CheckNoError(t, resp) 724 725 Client.Logout() 726 _, resp = Client.DeauthorizeOAuthApp(rapp.Id) 727 CheckUnauthorizedStatus(t, resp) 728 }