github.com/resonatecoop/id@v1.1.0-43/oauth/grant_type_authorization_code_test.go (about) 1 package oauth_test 2 3 import ( 4 "context" 5 "net/http" 6 "net/http/httptest" 7 "net/url" 8 "time" 9 10 "github.com/resonatecoop/id/oauth" 11 "github.com/resonatecoop/id/oauth/tokentypes" 12 testutil "github.com/resonatecoop/id/test-util" 13 "github.com/resonatecoop/id/util" 14 "github.com/resonatecoop/user-api/model" 15 "github.com/stretchr/testify/assert" 16 ) 17 18 func (suite *OauthTestSuite) TestAuthorizationCodeGrantEmptyNotFound() { 19 // Prepare a request 20 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 21 assert.NoError(suite.T(), err, "Request setup should not get an error") 22 r.SetBasicAuth("test_client_1", "test_secret") 23 r.PostForm = url.Values{ 24 "grant_type": {"authorization_code"}, 25 "code": {""}, 26 } 27 28 // Serve the request 29 w := httptest.NewRecorder() 30 suite.router.ServeHTTP(w, r) 31 32 // Check the response 33 testutil.TestResponseForError( 34 suite.T(), 35 w, 36 oauth.ErrAuthorizationCodeNotFound.Error(), 37 404, 38 ) 39 } 40 41 func (suite *OauthTestSuite) TestAuthorizationCodeGrantBogusNotFound() { 42 // Prepare a request 43 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 44 assert.NoError(suite.T(), err, "Request setup should not get an error") 45 r.SetBasicAuth("test_client_1", "test_secret") 46 r.PostForm = url.Values{ 47 "grant_type": {"authorization_code"}, 48 "code": {"bogus"}, 49 } 50 51 // Serve the request 52 w := httptest.NewRecorder() 53 suite.router.ServeHTTP(w, r) 54 55 // Check the response 56 testutil.TestResponseForError( 57 suite.T(), 58 w, 59 oauth.ErrAuthorizationCodeNotFound.Error(), 60 404, 61 ) 62 } 63 64 func (suite *OauthTestSuite) TestAuthorizationCodeGrantExpired() { 65 // Insert a test authorization code 66 67 ctx := context.Background() 68 69 authorizationcode := &model.AuthorizationCode{ 70 IDRecord: model.IDRecord{CreatedAt: time.Now().UTC()}, 71 Code: "test_code", 72 ExpiresAt: time.Now().UTC().Add(-10 * time.Second), 73 ClientID: suite.clients[0].ID, 74 UserID: suite.users[0].ID, 75 RedirectURI: util.StringOrNull("https://www.example.com"), 76 Scope: "read_write", 77 } 78 79 _, err := suite.db.NewInsert(). 80 Model(authorizationcode). 81 Exec(ctx) 82 83 assert.NoError(suite.T(), err, "Inserting test data failed") 84 85 // Prepare a request 86 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 87 assert.NoError(suite.T(), err, "Request setup should not get an error") 88 r.SetBasicAuth("test_client_1", "test_secret") 89 r.PostForm = url.Values{ 90 "grant_type": {"authorization_code"}, 91 "code": {"test_code"}, 92 "redirect_uri": {"https://www.example.com"}, 93 } 94 95 // Serve the request 96 w := httptest.NewRecorder() 97 suite.router.ServeHTTP(w, r) 98 99 // Check the response 100 testutil.TestResponseForError( 101 suite.T(), 102 w, 103 oauth.ErrAuthorizationCodeExpired.Error(), 104 400, 105 ) 106 } 107 108 func (suite *OauthTestSuite) TestAuthorizationCodeGrantInvalidRedirectURI() { 109 // Insert a test authorization code 110 111 ctx := context.Background() 112 113 authorizationCode := &model.AuthorizationCode{ 114 IDRecord: model.IDRecord{CreatedAt: time.Now().UTC()}, 115 Code: "test_code", 116 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 117 ClientID: suite.clients[0].ID, 118 UserID: suite.users[0].ID, 119 RedirectURI: util.StringOrNull("https://www.example.com"), 120 Scope: "read_write", 121 } 122 123 _, err := suite.db.NewInsert(). 124 Model(authorizationCode). 125 Exec(ctx) 126 127 assert.NoError(suite.T(), err, "Inserting test data failed") 128 129 // Prepare a request 130 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 131 assert.NoError(suite.T(), err, "Request setup should not get an error") 132 r.SetBasicAuth("test_client_1", "test_secret") 133 r.PostForm = url.Values{ 134 "grant_type": {"authorization_code"}, 135 "code": {"test_code"}, 136 "redirect_uri": {"https://bogus"}, 137 } 138 139 // Serve the request 140 w := httptest.NewRecorder() 141 suite.router.ServeHTTP(w, r) 142 143 // Check the response 144 testutil.TestResponseForError( 145 suite.T(), 146 w, 147 oauth.ErrInvalidRedirectURI.Error(), 148 400, 149 ) 150 } 151 152 func (suite *OauthTestSuite) TestAuthorizationCodeGrant() { 153 ctx := context.Background() 154 // Insert a test authorization code 155 authorizationcode := &model.AuthorizationCode{ 156 IDRecord: model.IDRecord{CreatedAt: time.Now().UTC()}, 157 Code: "test_code", 158 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 159 ClientID: suite.clients[0].ID, 160 UserID: suite.users[0].ID, 161 RedirectURI: util.StringOrNull("https://www.example.com"), 162 Scope: "read_write tenantadmin", 163 } 164 165 _, err := suite.db.NewInsert(). 166 Model(authorizationcode). 167 Exec(ctx) 168 169 assert.NoError(suite.T(), err, "Inserting test data failed") 170 171 // Prepare a request 172 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 173 assert.NoError(suite.T(), err, "Request setup should not get an error") 174 r.SetBasicAuth("test_client_1", "test_secret") 175 r.PostForm = url.Values{ 176 "grant_type": {"authorization_code"}, 177 "code": {"test_code"}, 178 "redirect_uri": {"https://www.example.com"}, 179 } 180 181 // Serve the request 182 w := httptest.NewRecorder() 183 suite.router.ServeHTTP(w, r) 184 185 // Fetch data 186 accessToken, refreshToken := new(model.AccessToken), new(model.RefreshToken) 187 188 err = suite.db.NewSelect(). 189 Model(accessToken). 190 Order("created_at DESC"). 191 Limit(1). 192 Scan(ctx) 193 194 assert.Nil(suite.T(), err) 195 196 err = suite.db.NewSelect(). 197 Model(refreshToken). 198 Order("created_at DESC"). 199 Limit(1). 200 Scan(ctx) 201 202 assert.Nil(suite.T(), err) 203 204 // Check the response 205 expected := &oauth.AccessTokenResponse{ 206 UserID: accessToken.UserID.String(), 207 AccessToken: accessToken.Token, 208 ExpiresIn: 3600, 209 TokenType: tokentypes.Bearer, 210 Scope: "read_write tenantadmin", 211 RefreshToken: refreshToken.Token, 212 } 213 testutil.TestResponseObject(suite.T(), w, expected, 200) 214 215 // The authorization code should get deleted after use 216 217 err = suite.db.NewSelect(). 218 Model(new(model.AuthorizationCode)). 219 Limit(1). 220 Scan(ctx) 221 222 assert.NotNil(suite.T(), err) 223 }