github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/oauth_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "io/ioutil" 8 "net/http" 9 "testing" 10 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/require" 13 14 "github.com/masterhung0112/hk_server/v5/model" 15 ) 16 17 func TestCreateOAuthApp(t *testing.T) { 18 th := Setup(t) 19 defer th.TearDown() 20 Client := th.Client 21 AdminClient := th.SystemAdminClient 22 23 defaultRolePermissions := th.SaveDefaultRolePermissions() 24 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 25 defer func() { 26 th.RestoreDefaultRolePermissions(defaultRolePermissions) 27 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 28 }() 29 30 // Grant permission to regular users. 31 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 32 33 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 34 35 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}, IsTrusted: true} 36 37 rapp, resp := AdminClient.CreateOAuthApp(oapp) 38 CheckNoError(t, resp) 39 CheckCreatedStatus(t, resp) 40 assert.Equal(t, oapp.Name, rapp.Name, "names did not match") 41 assert.Equal(t, oapp.IsTrusted, rapp.IsTrusted, "trusted did no match") 42 43 // Revoke permission from regular users. 44 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 45 46 _, resp = Client.CreateOAuthApp(oapp) 47 CheckForbiddenStatus(t, resp) 48 // Grant permission to regular users. 49 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 50 51 rapp, resp = Client.CreateOAuthApp(oapp) 52 CheckNoError(t, resp) 53 CheckCreatedStatus(t, resp) 54 55 assert.False(t, rapp.IsTrusted, "trusted should be false - created by non admin") 56 57 oapp.Name = "" 58 _, resp = AdminClient.CreateOAuthApp(oapp) 59 CheckBadRequestStatus(t, resp) 60 61 r, err := Client.DoApiPost("/oauth/apps", "garbage") 62 require.NotNil(t, err, "expected error from garbage post") 63 assert.Equal(t, http.StatusBadRequest, r.StatusCode) 64 65 Client.Logout() 66 _, resp = Client.CreateOAuthApp(oapp) 67 CheckUnauthorizedStatus(t, resp) 68 69 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 70 oapp.Name = GenerateTestAppName() 71 _, resp = AdminClient.CreateOAuthApp(oapp) 72 CheckNotImplementedStatus(t, resp) 73 } 74 75 func TestUpdateOAuthApp(t *testing.T) { 76 th := Setup(t).InitBasic() 77 defer th.TearDown() 78 Client := th.Client 79 AdminClient := th.SystemAdminClient 80 81 defaultRolePermissions := th.SaveDefaultRolePermissions() 82 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 83 defer func() { 84 th.RestoreDefaultRolePermissions(defaultRolePermissions) 85 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 86 }() 87 88 // Grant permission to regular users. 89 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 90 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 91 92 oapp := &model.OAuthApp{ 93 Name: "oapp", 94 IsTrusted: false, 95 IconURL: "https://nowhere.com/img", 96 Homepage: "https://nowhere.com", 97 Description: "test", 98 CallbackUrls: []string{"https://callback.com"}, 99 } 100 101 oapp, _ = AdminClient.CreateOAuthApp(oapp) 102 103 oapp.Name = "oapp_update" 104 oapp.IsTrusted = true 105 oapp.IconURL = "https://nowhere.com/img_update" 106 oapp.Homepage = "https://nowhere_update.com" 107 oapp.Description = "test_update" 108 oapp.CallbackUrls = []string{"https://callback_update.com", "https://another_callback.com"} 109 110 updatedApp, resp := AdminClient.UpdateOAuthApp(oapp) 111 CheckNoError(t, resp) 112 assert.Equal(t, oapp.Id, updatedApp.Id, "Id should have not updated") 113 assert.Equal(t, oapp.CreatorId, updatedApp.CreatorId, "CreatorId should have not updated") 114 assert.Equal(t, oapp.CreateAt, updatedApp.CreateAt, "CreateAt should have not updated") 115 assert.NotEqual(t, oapp.UpdateAt, updatedApp.UpdateAt, "UpdateAt should have updated") 116 assert.Equal(t, oapp.ClientSecret, updatedApp.ClientSecret, "ClientSecret should have not updated") 117 assert.Equal(t, oapp.Name, updatedApp.Name, "Name should have updated") 118 assert.Equal(t, oapp.Description, updatedApp.Description, "Description should have updated") 119 assert.Equal(t, oapp.IconURL, updatedApp.IconURL, "IconURL should have updated") 120 121 if len(updatedApp.CallbackUrls) == len(oapp.CallbackUrls) { 122 for i, callbackUrl := range updatedApp.CallbackUrls { 123 assert.Equal(t, oapp.CallbackUrls[i], callbackUrl, "Description should have updated") 124 } 125 } 126 assert.Equal(t, oapp.Homepage, updatedApp.Homepage, "Homepage should have updated") 127 assert.Equal(t, oapp.IsTrusted, updatedApp.IsTrusted, "IsTrusted should have updated") 128 129 th.LoginBasic2() 130 updatedApp.CreatorId = th.BasicUser2.Id 131 _, resp = Client.UpdateOAuthApp(oapp) 132 CheckForbiddenStatus(t, resp) 133 134 th.LoginBasic() 135 136 // Revoke permission from regular users. 137 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 138 139 _, resp = Client.UpdateOAuthApp(oapp) 140 CheckForbiddenStatus(t, resp) 141 142 oapp.Id = "zhk9d1ggatrqz236c7h87im7bc" 143 _, resp = AdminClient.UpdateOAuthApp(oapp) 144 CheckNotFoundStatus(t, resp) 145 146 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 147 148 _, resp = AdminClient.UpdateOAuthApp(oapp) 149 CheckNotImplementedStatus(t, resp) 150 151 Client.Logout() 152 _, resp = Client.UpdateOAuthApp(oapp) 153 CheckUnauthorizedStatus(t, resp) 154 155 oapp.Id = "junk" 156 _, resp = AdminClient.UpdateOAuthApp(oapp) 157 CheckBadRequestStatus(t, resp) 158 159 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 160 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 161 th.LoginBasic() 162 163 userOapp := &model.OAuthApp{ 164 Name: "useroapp", 165 IsTrusted: false, 166 IconURL: "https://nowhere.com/img", 167 Homepage: "https://nowhere.com", 168 Description: "test", 169 CallbackUrls: []string{"https://callback.com"}, 170 } 171 172 userOapp, resp = Client.CreateOAuthApp(userOapp) 173 CheckNoError(t, resp) 174 175 userOapp.IsTrusted = true 176 userOapp, resp = Client.UpdateOAuthApp(userOapp) 177 CheckNoError(t, resp) 178 assert.False(t, userOapp.IsTrusted) 179 180 userOapp.IsTrusted = true 181 userOapp, resp = AdminClient.UpdateOAuthApp(userOapp) 182 CheckNoError(t, resp) 183 assert.True(t, userOapp.IsTrusted) 184 185 userOapp.IsTrusted = false 186 userOapp, resp = Client.UpdateOAuthApp(userOapp) 187 CheckNoError(t, resp) 188 assert.True(t, userOapp.IsTrusted) 189 } 190 191 func TestGetOAuthApps(t *testing.T) { 192 th := Setup(t) 193 defer th.TearDown() 194 Client := th.Client 195 AdminClient := th.SystemAdminClient 196 197 defaultRolePermissions := th.SaveDefaultRolePermissions() 198 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 199 defer func() { 200 th.RestoreDefaultRolePermissions(defaultRolePermissions) 201 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 202 }() 203 204 // Grant permission to regular users. 205 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 206 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 207 208 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 209 210 rapp, resp := AdminClient.CreateOAuthApp(oapp) 211 CheckNoError(t, resp) 212 213 oapp.Name = GenerateTestAppName() 214 rapp2, resp := Client.CreateOAuthApp(oapp) 215 CheckNoError(t, resp) 216 217 apps, resp := AdminClient.GetOAuthApps(0, 1000) 218 CheckNoError(t, resp) 219 220 found1 := false 221 found2 := false 222 for _, a := range apps { 223 if a.Id == rapp.Id { 224 found1 = true 225 } 226 if a.Id == rapp2.Id { 227 found2 = true 228 } 229 } 230 assert.Truef(t, found1, "missing oauth app %v", rapp.Id) 231 assert.Truef(t, found2, "missing oauth app %v", rapp2.Id) 232 233 apps, resp = AdminClient.GetOAuthApps(1, 1) 234 CheckNoError(t, resp) 235 require.Equal(t, 1, len(apps), "paging failed") 236 237 apps, resp = Client.GetOAuthApps(0, 1000) 238 CheckNoError(t, resp) 239 require.True(t, len(apps) == 1 || apps[0].Id == rapp2.Id, "wrong apps returned") 240 241 // Revoke permission from regular users. 242 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 243 244 _, resp = Client.GetOAuthApps(0, 1000) 245 CheckForbiddenStatus(t, resp) 246 247 Client.Logout() 248 249 _, resp = Client.GetOAuthApps(0, 1000) 250 CheckUnauthorizedStatus(t, resp) 251 252 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 253 _, resp = AdminClient.GetOAuthApps(0, 1000) 254 CheckNotImplementedStatus(t, resp) 255 } 256 257 func TestGetOAuthApp(t *testing.T) { 258 th := Setup(t) 259 defer th.TearDown() 260 Client := th.Client 261 AdminClient := th.SystemAdminClient 262 263 defaultRolePermissions := th.SaveDefaultRolePermissions() 264 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 265 defer func() { 266 th.RestoreDefaultRolePermissions(defaultRolePermissions) 267 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 268 }() 269 270 // Grant permission to regular users. 271 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 272 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 273 274 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 275 276 rapp, resp := AdminClient.CreateOAuthApp(oapp) 277 CheckNoError(t, resp) 278 279 oapp.Name = GenerateTestAppName() 280 rapp2, resp := Client.CreateOAuthApp(oapp) 281 CheckNoError(t, resp) 282 283 rrapp, resp := AdminClient.GetOAuthApp(rapp.Id) 284 CheckNoError(t, resp) 285 assert.Equal(t, rapp.Id, rrapp.Id, "wrong app") 286 assert.NotEqual(t, "", rrapp.ClientSecret, "should not be sanitized") 287 288 rrapp2, resp := AdminClient.GetOAuthApp(rapp2.Id) 289 CheckNoError(t, resp) 290 assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app") 291 assert.NotEqual(t, "", rrapp2.ClientSecret, "should not be sanitized") 292 293 _, resp = Client.GetOAuthApp(rapp2.Id) 294 CheckNoError(t, resp) 295 296 _, resp = Client.GetOAuthApp(rapp.Id) 297 CheckForbiddenStatus(t, resp) 298 299 // Revoke permission from regular users. 300 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 301 302 _, resp = Client.GetOAuthApp(rapp2.Id) 303 CheckForbiddenStatus(t, resp) 304 305 Client.Logout() 306 307 _, resp = Client.GetOAuthApp(rapp2.Id) 308 CheckUnauthorizedStatus(t, resp) 309 310 _, resp = AdminClient.GetOAuthApp("junk") 311 CheckBadRequestStatus(t, resp) 312 313 _, resp = AdminClient.GetOAuthApp(model.NewId()) 314 CheckNotFoundStatus(t, resp) 315 316 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 317 _, resp = AdminClient.GetOAuthApp(rapp.Id) 318 CheckNotImplementedStatus(t, resp) 319 } 320 321 func TestGetOAuthAppInfo(t *testing.T) { 322 th := Setup(t) 323 defer th.TearDown() 324 Client := th.Client 325 AdminClient := th.SystemAdminClient 326 327 defaultRolePermissions := th.SaveDefaultRolePermissions() 328 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 329 defer func() { 330 th.RestoreDefaultRolePermissions(defaultRolePermissions) 331 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 332 }() 333 334 // Grant permission to regular users. 335 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 336 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 337 338 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 339 340 rapp, resp := AdminClient.CreateOAuthApp(oapp) 341 CheckNoError(t, resp) 342 343 oapp.Name = GenerateTestAppName() 344 rapp2, resp := Client.CreateOAuthApp(oapp) 345 CheckNoError(t, resp) 346 347 rrapp, resp := AdminClient.GetOAuthAppInfo(rapp.Id) 348 CheckNoError(t, resp) 349 assert.Equal(t, rapp.Id, rrapp.Id, "wrong app") 350 assert.Equal(t, "", rrapp.ClientSecret, "should be sanitized") 351 352 rrapp2, resp := AdminClient.GetOAuthAppInfo(rapp2.Id) 353 CheckNoError(t, resp) 354 assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app") 355 assert.Equal(t, "", rrapp2.ClientSecret, "should be sanitized") 356 357 _, resp = Client.GetOAuthAppInfo(rapp2.Id) 358 CheckNoError(t, resp) 359 360 _, resp = Client.GetOAuthAppInfo(rapp.Id) 361 CheckNoError(t, resp) 362 363 // Revoke permission from regular users. 364 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 365 366 _, resp = Client.GetOAuthAppInfo(rapp2.Id) 367 CheckNoError(t, resp) 368 369 Client.Logout() 370 371 _, resp = Client.GetOAuthAppInfo(rapp2.Id) 372 CheckUnauthorizedStatus(t, resp) 373 374 _, resp = AdminClient.GetOAuthAppInfo("junk") 375 CheckBadRequestStatus(t, resp) 376 377 _, resp = AdminClient.GetOAuthAppInfo(model.NewId()) 378 CheckNotFoundStatus(t, resp) 379 380 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 381 _, resp = AdminClient.GetOAuthAppInfo(rapp.Id) 382 CheckNotImplementedStatus(t, resp) 383 } 384 385 func TestDeleteOAuthApp(t *testing.T) { 386 th := Setup(t) 387 defer th.TearDown() 388 Client := th.Client 389 AdminClient := th.SystemAdminClient 390 391 defaultRolePermissions := th.SaveDefaultRolePermissions() 392 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 393 defer func() { 394 th.RestoreDefaultRolePermissions(defaultRolePermissions) 395 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 396 }() 397 398 // Grant permission to regular users. 399 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 400 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 401 402 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 403 404 rapp, resp := AdminClient.CreateOAuthApp(oapp) 405 CheckNoError(t, resp) 406 407 oapp.Name = GenerateTestAppName() 408 rapp2, resp := Client.CreateOAuthApp(oapp) 409 CheckNoError(t, resp) 410 411 pass, resp := AdminClient.DeleteOAuthApp(rapp.Id) 412 CheckNoError(t, resp) 413 assert.True(t, pass, "should have passed") 414 415 _, resp = AdminClient.DeleteOAuthApp(rapp2.Id) 416 CheckNoError(t, resp) 417 418 rapp, resp = AdminClient.CreateOAuthApp(oapp) 419 CheckNoError(t, resp) 420 421 oapp.Name = GenerateTestAppName() 422 rapp2, resp = Client.CreateOAuthApp(oapp) 423 CheckNoError(t, resp) 424 425 _, resp = Client.DeleteOAuthApp(rapp.Id) 426 CheckForbiddenStatus(t, resp) 427 428 _, resp = Client.DeleteOAuthApp(rapp2.Id) 429 CheckNoError(t, resp) 430 431 // Revoke permission from regular users. 432 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 433 434 _, resp = Client.DeleteOAuthApp(rapp.Id) 435 CheckForbiddenStatus(t, resp) 436 437 Client.Logout() 438 _, resp = Client.DeleteOAuthApp(rapp.Id) 439 CheckUnauthorizedStatus(t, resp) 440 441 _, resp = AdminClient.DeleteOAuthApp("junk") 442 CheckBadRequestStatus(t, resp) 443 444 _, resp = AdminClient.DeleteOAuthApp(model.NewId()) 445 CheckNotFoundStatus(t, resp) 446 447 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 448 _, resp = AdminClient.DeleteOAuthApp(rapp.Id) 449 CheckNotImplementedStatus(t, resp) 450 } 451 452 func TestRegenerateOAuthAppSecret(t *testing.T) { 453 th := Setup(t) 454 defer th.TearDown() 455 Client := th.Client 456 AdminClient := th.SystemAdminClient 457 458 defaultRolePermissions := th.SaveDefaultRolePermissions() 459 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 460 defer func() { 461 th.RestoreDefaultRolePermissions(defaultRolePermissions) 462 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 463 }() 464 465 // Grant permission to regular users. 466 th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 467 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 468 469 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 470 471 rapp, resp := AdminClient.CreateOAuthApp(oapp) 472 CheckNoError(t, resp) 473 474 oapp.Name = GenerateTestAppName() 475 rapp2, resp := Client.CreateOAuthApp(oapp) 476 CheckNoError(t, resp) 477 478 rrapp, resp := AdminClient.RegenerateOAuthAppSecret(rapp.Id) 479 CheckNoError(t, resp) 480 assert.Equal(t, rrapp.Id, rapp.Id, "wrong app") 481 assert.NotEqual(t, rapp.ClientSecret, rrapp.ClientSecret, "secret didn't change") 482 483 _, resp = AdminClient.RegenerateOAuthAppSecret(rapp2.Id) 484 CheckNoError(t, resp) 485 486 rapp, resp = AdminClient.CreateOAuthApp(oapp) 487 CheckNoError(t, resp) 488 489 oapp.Name = GenerateTestAppName() 490 rapp2, resp = Client.CreateOAuthApp(oapp) 491 CheckNoError(t, resp) 492 493 _, resp = Client.RegenerateOAuthAppSecret(rapp.Id) 494 CheckForbiddenStatus(t, resp) 495 496 _, resp = Client.RegenerateOAuthAppSecret(rapp2.Id) 497 CheckNoError(t, resp) 498 499 // Revoke permission from regular users. 500 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID) 501 502 _, resp = Client.RegenerateOAuthAppSecret(rapp.Id) 503 CheckForbiddenStatus(t, resp) 504 505 Client.Logout() 506 _, resp = Client.RegenerateOAuthAppSecret(rapp.Id) 507 CheckUnauthorizedStatus(t, resp) 508 509 _, resp = AdminClient.RegenerateOAuthAppSecret("junk") 510 CheckBadRequestStatus(t, resp) 511 512 _, resp = AdminClient.RegenerateOAuthAppSecret(model.NewId()) 513 CheckNotFoundStatus(t, resp) 514 515 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 516 _, resp = AdminClient.RegenerateOAuthAppSecret(rapp.Id) 517 CheckNotImplementedStatus(t, resp) 518 } 519 520 func TestGetAuthorizedOAuthAppsForUser(t *testing.T) { 521 th := Setup(t).InitBasic() 522 defer th.TearDown() 523 Client := th.Client 524 AdminClient := th.SystemAdminClient 525 526 enableOAuth := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 527 defer func() { 528 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth }) 529 }() 530 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 531 532 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 533 534 rapp, resp := AdminClient.CreateOAuthApp(oapp) 535 CheckNoError(t, resp) 536 537 authRequest := &model.AuthorizeRequest{ 538 ResponseType: model.AUTHCODE_RESPONSE_TYPE, 539 ClientId: rapp.Id, 540 RedirectUri: rapp.CallbackUrls[0], 541 Scope: "", 542 State: "123", 543 } 544 545 _, resp = Client.AuthorizeOAuthApp(authRequest) 546 CheckNoError(t, resp) 547 548 apps, resp := Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 549 CheckNoError(t, resp) 550 551 found := false 552 for _, a := range apps { 553 if a.Id == rapp.Id { 554 found = true 555 } 556 assert.Equal(t, "", a.ClientSecret, "not sanitized") 557 } 558 require.True(t, found, "missing app") 559 560 _, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser2.Id, 0, 1000) 561 CheckForbiddenStatus(t, resp) 562 563 _, resp = Client.GetAuthorizedOAuthAppsForUser("junk", 0, 1000) 564 CheckBadRequestStatus(t, resp) 565 566 Client.Logout() 567 _, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 568 CheckUnauthorizedStatus(t, resp) 569 570 _, resp = AdminClient.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 571 CheckNoError(t, resp) 572 } 573 574 func closeBody(r *http.Response) { 575 if r != nil && r.Body != nil { 576 ioutil.ReadAll(r.Body) 577 r.Body.Close() 578 } 579 }