github.com/lologarithm/mattermost-server@v5.3.2-0.20181002060438-c82a84ed765b+incompatible/app/oauth_test.go

github.com/lologarithm/mattermost-server@v5.3.2-0.20181002060438-c82a84ed765b+incompatible/app/oauth_test.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package app
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/mattermost/mattermost-server/model"
    10  	"github.com/stretchr/testify/assert"
    11  	"github.com/stretchr/testify/require"
    12  )
    13  
    14  func TestGetOAuthAccessTokenForImplicitFlow(t *testing.T) {
    15  	th := Setup().InitBasic()
    16  	defer th.TearDown()
    17  
    18  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true })
    19  
    20  	oapp := &model.OAuthApp{
    21  		Name:         "fakeoauthapp" + model.NewRandomString(10),
    22  		CreatorId:    th.BasicUser2.Id,
    23  		Homepage:     "https://nowhere.com",
    24  		Description:  "test",
    25  		CallbackUrls: []string{"https://nowhere.com"},
    26  	}
    27  
    28  	oapp, err := th.App.CreateOAuthApp(oapp)
    29  	require.Nil(t, err)
    30  
    31  	authRequest := &model.AuthorizeRequest{
    32  		ResponseType: model.IMPLICIT_RESPONSE_TYPE,
    33  		ClientId:     oapp.Id,
    34  		RedirectUri:  oapp.CallbackUrls[0],
    35  		Scope:        "",
    36  		State:        "123",
    37  	}
    38  
    39  	session, err := th.App.GetOAuthAccessTokenForImplicitFlow(th.BasicUser.Id, authRequest)
    40  	assert.Nil(t, err)
    41  	assert.NotNil(t, session)
    42  
    43  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false })
    44  
    45  	session, err = th.App.GetOAuthAccessTokenForImplicitFlow(th.BasicUser.Id, authRequest)
    46  	assert.NotNil(t, err, "should fail - oauth2 disabled")
    47  	assert.Nil(t, session)
    48  
    49  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true })
    50  	authRequest.ClientId = "junk"
    51  
    52  	session, err = th.App.GetOAuthAccessTokenForImplicitFlow(th.BasicUser.Id, authRequest)
    53  	assert.NotNil(t, err, "should fail - bad client id")
    54  	assert.Nil(t, session)
    55  
    56  	authRequest.ClientId = oapp.Id
    57  
    58  	session, err = th.App.GetOAuthAccessTokenForImplicitFlow("junk", authRequest)
    59  	assert.NotNil(t, err, "should fail - bad user id")
    60  	assert.Nil(t, session)
    61  }
    62  
    63  func TestOAuthRevokeAccessToken(t *testing.T) {
    64  	th := Setup()
    65  	defer th.TearDown()
    66  
    67  	if err := th.App.RevokeAccessToken(model.NewRandomString(16)); err == nil {
    68  		t.Fatal("Should have failed bad token")
    69  	}
    70  
    71  	session := &model.Session{}
    72  	session.CreateAt = model.GetMillis()
    73  	session.UserId = model.NewId()
    74  	session.Token = model.NewId()
    75  	session.Roles = model.SYSTEM_USER_ROLE_ID
    76  	session.SetExpireInDays(1)
    77  
    78  	session, _ = th.App.CreateSession(session)
    79  	if err := th.App.RevokeAccessToken(session.Token); err == nil {
    80  		t.Fatal("Should have failed does not have an access token")
    81  	}
    82  
    83  	accessData := &model.AccessData{}
    84  	accessData.Token = session.Token
    85  	accessData.UserId = session.UserId
    86  	accessData.RedirectUri = "http://example.com"
    87  	accessData.ClientId = model.NewId()
    88  	accessData.ExpiresAt = session.ExpiresAt
    89  
    90  	if result := <-th.App.Srv.Store.OAuth().SaveAccessData(accessData); result.Err != nil {
    91  		t.Fatal(result.Err)
    92  	}
    93  
    94  	if err := th.App.RevokeAccessToken(accessData.Token); err != nil {
    95  		t.Fatal(err)
    96  	}
    97  }
    98  
    99  func TestOAuthDeleteApp(t *testing.T) {
   100  	th := Setup()
   101  	defer th.TearDown()
   102  
   103  	th.App.Config().ServiceSettings.EnableOAuthServiceProvider = true
   104  
   105  	a1 := &model.OAuthApp{}
   106  	a1.CreatorId = model.NewId()
   107  	a1.Name = "TestApp" + model.NewId()
   108  	a1.CallbackUrls = []string{"https://nowhere.com"}
   109  	a1.Homepage = "https://nowhere.com"
   110  
   111  	var err *model.AppError
   112  	a1, err = th.App.CreateOAuthApp(a1)
   113  	if err != nil {
   114  		t.Fatal(err)
   115  	}
   116  
   117  	session := &model.Session{}
   118  	session.CreateAt = model.GetMillis()
   119  	session.UserId = model.NewId()
   120  	session.Token = model.NewId()
   121  	session.Roles = model.SYSTEM_USER_ROLE_ID
   122  	session.IsOAuth = true
   123  	session.SetExpireInDays(1)
   124  
   125  	session, _ = th.App.CreateSession(session)
   126  
   127  	accessData := &model.AccessData{}
   128  	accessData.Token = session.Token
   129  	accessData.UserId = session.UserId
   130  	accessData.RedirectUri = "http://example.com"
   131  	accessData.ClientId = a1.Id
   132  	accessData.ExpiresAt = session.ExpiresAt
   133  
   134  	if result := <-th.App.Srv.Store.OAuth().SaveAccessData(accessData); result.Err != nil {
   135  		t.Fatal(result.Err)
   136  	}
   137  
   138  	if err := th.App.DeleteOAuthApp(a1.Id); err != nil {
   139  		t.Fatal(err)
   140  	}
   141  
   142  	if _, err := th.App.GetSession(session.Token); err == nil {
   143  		t.Fatal("should not get session from cache or db")
   144  	}
   145  }