PLT-3484 OAuth2 Service Provider (#3632)

* PLT-3484 OAuth2 Service Provider * PM text review for OAuth 2.0 Service Provider * PLT-3484 OAuth2 Service Provider UI tweaks (#3668) * Tweaks to help text * Pushing OAuth improvements (#3680) * Re-arrange System Console for OAuth 2.0 Provider
author: enahum <nahumhbl@gmail.com> 2016-08-03 12:19:27 -0500
committer: Harrison Healey <harrisonmhealey@gmail.com> 2016-08-03 13:19:27 -0400
commit: 5bc3cea6fe4a909735753692d0c4cd960e8ab516 (patch)
tree: 85715d9fcbc146a9672d84c9a1ea1e96b6e71231 /api/oauth_test.go
parent: ea027c8de44d44b6ac4e66ab802e675d315b0be5 (diff)
download: chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.gz
chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.bz2
chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.zip
1 files changed, 194 insertions, 80 deletions
diff --git a/api/oauth_test.go b/api/oauth_test.go
index aa3c025a7..b719e17cc 100644
--- a/api/oauth_test.go
+++ b/api/oauth_test.go
@@ -11,131 +11,245 @@ import (
 )
 
 func TestRegisterApp(t *testing.T) {
-	th := Setup().InitBasic()
-	Client := th.BasicClient
+	th := Setup().InitBasic().InitSystemAdmin()
+	Client := th.SystemAdminClient
 
 	app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
 
 	if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
-
 		if _, err := Client.RegisterApp(app); err == nil {
 			t.Fatal("should have failed - oauth providing turned off")
 		}
 
-	} else {
+	}
 
-		Client.Logout()
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
 
-		if _, err := Client.RegisterApp(app); err == nil {
-			t.Fatal("not logged in - should have failed")
-		}
+	Client.Logout()
 
-		th.LoginBasic()
+	if _, err := Client.RegisterApp(app); err == nil {
+		t.Fatal("not logged in - should have failed")
+	}
 
-		if result, err := Client.RegisterApp(app); err != nil {
-			t.Fatal(err)
-		} else {
-			rapp := result.Data.(*model.OAuthApp)
-			if len(rapp.Id) != 26 {
-				t.Fatal("clientid didn't return properly")
-			}
-			if len(rapp.ClientSecret) != 26 {
-				t.Fatal("client secret didn't return properly")
-			}
-		}
+	th.LoginSystemAdmin()
 
-		app = &model.OAuthApp{Name: "", Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
-		if _, err := Client.RegisterApp(app); err == nil {
-			t.Fatal("missing name - should have failed")
+	if result, err := Client.RegisterApp(app); err != nil {
+		t.Fatal(err)
+	} else {
+		rapp := result.Data.(*model.OAuthApp)
+		if len(rapp.Id) != 26 {
+			t.Fatal("clientid didn't return properly")
 		}
-
-		app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
-		if _, err := Client.RegisterApp(app); err == nil {
-			t.Fatal("missing homepage - should have failed")
+		if len(rapp.ClientSecret) != 26 {
+			t.Fatal("client secret didn't return properly")
 		}
+	}
 
-		app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{}}
-		if _, err := Client.RegisterApp(app); err == nil {
-			t.Fatal("missing callback url - should have failed")
-		}
+	app = &model.OAuthApp{Name: "", Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+	if _, err := Client.RegisterApp(app); err == nil {
+		t.Fatal("missing name - should have failed")
+	}
+
+	app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+	if _, err := Client.RegisterApp(app); err == nil {
+		t.Fatal("missing homepage - should have failed")
+	}
+
+	app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{}}
+	if _, err := Client.RegisterApp(app); err == nil {
+		t.Fatal("missing callback url - should have failed")
 	}
 }
 
 func TestAllowOAuth(t *testing.T) {
-	th := Setup().InitBasic()
+	th := Setup().InitBasic().InitSystemAdmin()
 	Client := th.BasicClient
+	AdminClient := th.SystemAdminClient
 
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
 	app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+	app = AdminClient.Must(AdminClient.RegisterApp(app)).Data.(*model.OAuthApp)
 
 	state := "123"
 
-	if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
-		if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "12345678901234567890123456", app.CallbackUrls[0], "all", state); err == nil {
-			t.Fatal("should have failed - oauth service providing turned off")
-		}
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+	if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", state); err == nil {
+		t.Fatal("should have failed - oauth providing turned off")
+	}
+
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+
+	if result, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", state); err != nil {
+		t.Fatal(err)
 	} else {
-		app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp)
+		redirect := result.Data.(map[string]string)["redirect"]
+		if len(redirect) == 0 {
+			t.Fatal("redirect url should be set")
+		}
 
-		if result, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", state); err != nil {
-			t.Fatal(err)
+		ru, _ := url.Parse(redirect)
+		if ru == nil {
+			t.Fatal("redirect url unparseable")
 		} else {
-			redirect := result.Data.(map[string]string)["redirect"]
-			if len(redirect) == 0 {
-				t.Fatal("redirect url should be set")
+			if len(ru.Query().Get("code")) == 0 {
+				t.Fatal("authorization code not returned")
 			}
-
-			ru, _ := url.Parse(redirect)
-			if ru == nil {
-				t.Fatal("redirect url unparseable")
-			} else {
-				if len(ru.Query().Get("code")) == 0 {
-					t.Fatal("authorization code not returned")
-				}
-				if ru.Query().Get("state") != state {
-					t.Fatal("returned state doesn't match")
-				}
+			if ru.Query().Get("state") != state {
+				t.Fatal("returned state doesn't match")
 			}
 		}
+	}
 
-		if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "all", state); err == nil {
-			t.Fatal("should have failed - no redirect_url given")
-		}
+	if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "all", state); err == nil {
+		t.Fatal("should have failed - no redirect_url given")
+	}
 
-		if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "", state); err == nil {
-			t.Fatal("should have failed - no redirect_url given")
+	if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "", state); err == nil {
+		t.Fatal("should have failed - no redirect_url given")
+	}
+
+	if result, err := Client.AllowOAuth("junk", app.Id, app.CallbackUrls[0], "all", state); err != nil {
+		t.Fatal(err)
+	} else {
+		redirect := result.Data.(map[string]string)["redirect"]
+		if len(redirect) == 0 {
+			t.Fatal("redirect url should be set")
 		}
 
-		if result, err := Client.AllowOAuth("junk", app.Id, app.CallbackUrls[0], "all", state); err != nil {
-			t.Fatal(err)
+		ru, _ := url.Parse(redirect)
+		if ru == nil {
+			t.Fatal("redirect url unparseable")
 		} else {
-			redirect := result.Data.(map[string]string)["redirect"]
-			if len(redirect) == 0 {
-				t.Fatal("redirect url should be set")
+			if ru.Query().Get("error") != "unsupported_response_type" {
+				t.Fatal("wrong error returned")
 			}
-
-			ru, _ := url.Parse(redirect)
-			if ru == nil {
-				t.Fatal("redirect url unparseable")
-			} else {
-				if ru.Query().Get("error") != "unsupported_response_type" {
-					t.Fatal("wrong error returned")
-				}
-				if ru.Query().Get("state") != state {
-					t.Fatal("returned state doesn't match")
-				}
+			if ru.Query().Get("state") != state {
+				t.Fatal("returned state doesn't match")
 			}
 		}
+	}
 
-		if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "", app.CallbackUrls[0], "all", state); err == nil {
-			t.Fatal("should have failed - empty client id")
+	if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "", app.CallbackUrls[0], "all", state); err == nil {
+		t.Fatal("should have failed - empty client id")
+	}
+
+	if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "junk", app.CallbackUrls[0], "all", state); err == nil {
+		t.Fatal("should have failed - bad client id")
+	}
+
+	if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "https://somewhereelse.com", "all", state); err == nil {
+		t.Fatal("should have failed - redirect uri host does not match app host")
+	}
+}
+
+func TestGetOAuthAppsByUser(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	Client := th.BasicClient
+	AdminClient := th.SystemAdminClient
+
+	if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
+		if _, err := Client.GetOAuthAppsByUser(); err == nil {
+			t.Fatal("should have failed - oauth providing turned off")
 		}
 
-		if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "junk", app.CallbackUrls[0], "all", state); err == nil {
-			t.Fatal("should have failed - bad client id")
+	}
+
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+
+	if _, err := Client.GetOAuthAppsByUser(); err == nil {
+		t.Fatal("Should have failed. only admin is permitted")
+	}
+
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+
+	if result, err := Client.GetOAuthAppsByUser(); err != nil {
+		t.Fatal(err)
+	} else {
+		apps := result.Data.([]*model.OAuthApp)
+
+		if len(apps) != 0 {
+			t.Fatal("incorrect number of apps should have been 0")
 		}
+	}
 
-		if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "https://somewhereelse.com", "all", state); err == nil {
-			t.Fatal("should have failed - redirect uri host does not match app host")
+	app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+	app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp)
+
+	if result, err := Client.GetOAuthAppsByUser(); err != nil {
+		t.Fatal(err)
+	} else {
+		apps := result.Data.([]*model.OAuthApp)
+
+		if len(apps) != 1 {
+			t.Fatal("incorrect number of apps should have been 1")
+		}
+	}
+
+	app = &model.OAuthApp{Name: "TestApp4" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+	app = AdminClient.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp)
+
+	if result, err := AdminClient.GetOAuthAppsByUser(); err != nil {
+		t.Fatal(err)
+	} else {
+		apps := result.Data.([]*model.OAuthApp)
+
+		if len(apps) != 4 {
+			t.Fatal("incorrect number of apps should have been 4")
+		}
+	}
+}
+
+func TestGetOAuthAppInfo(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	Client := th.BasicClient
+	AdminClient := th.SystemAdminClient
+
+	if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
+		if _, err := Client.GetOAuthAppInfo("fakeId"); err == nil {
+			t.Fatal("should have failed - oauth providing turned off")
 		}
+
+	}
+
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+
+	app := &model.OAuthApp{Name: "TestApp5" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+	app = AdminClient.Must(AdminClient.RegisterApp(app)).Data.(*model.OAuthApp)
+
+	if _, err := Client.GetOAuthAppInfo(app.Id); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestOAuthDeleteApp(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	Client := th.BasicClient
+	AdminClient := th.SystemAdminClient
+
+	if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
+		if _, err := Client.DeleteOAuthApp("fakeId"); err == nil {
+			t.Fatal("should have failed - oauth providing turned off")
+		}
+
+	}
+
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+
+	app := &model.OAuthApp{Name: "TestApp5" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+	app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp)
+
+	if _, err := Client.DeleteOAuthApp(app.Id); err != nil {
+		t.Fatal(err)
+	}
+
+	app = &model.OAuthApp{Name: "TestApp5" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+	app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp)
+
+	if _, err := AdminClient.DeleteOAuthApp(app.Id); err != nil {
+		t.Fatal(err)
 	}
 }
author	enahum <nahumhbl@gmail.com>	2016-08-03 12:19:27 -0500
committer	Harrison Healey <harrisonmhealey@gmail.com>	2016-08-03 13:19:27 -0400
commit	5bc3cea6fe4a909735753692d0c4cd960e8ab516 (patch)
tree	85715d9fcbc146a9672d84c9a1ea1e96b6e71231 /api/oauth_test.go
parent	ea027c8de44d44b6ac4e66ab802e675d315b0be5 (diff)
download	chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.gz chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.tar.bz2 chat-5bc3cea6fe4a909735753692d0c4cd960e8ab516.zip