diff options
author | Joram Wilander <jwawilander@gmail.com> | 2018-07-27 17:35:43 -0400 |
---|---|---|
committer | Elias Nahum <nahumhbl@gmail.com> | 2018-07-27 17:35:43 -0400 |
commit | 6ac82d5171769bf8d543cb6c017d29c0a4c81621 (patch) | |
tree | 945a5d1511b1eb4048bfaa4ea59777886713d797 /api4/oauth_test.go | |
parent | 441c8741c1738e93258b861d92e4f7293203918a (diff) | |
download | chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.tar.gz chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.tar.bz2 chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.zip |
Implement OAuth2 implicit grant flow (#9178)
Diffstat (limited to 'api4/oauth_test.go')
-rw-r--r-- | api4/oauth_test.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/api4/oauth_test.go b/api4/oauth_test.go index 5415e485e..cac40e442 100644 --- a/api4/oauth_test.go +++ b/api4/oauth_test.go @@ -13,6 +13,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/mattermost/mattermost-server/einterfaces" "github.com/mattermost/mattermost-server/model" @@ -665,6 +666,7 @@ func TestAuthorizeOAuthApp(t *testing.T) { State: "123", } + // Test auth code flow ruri, resp := Client.AuthorizeOAuthApp(authRequest) CheckNoError(t, resp) @@ -684,6 +686,26 @@ func TestAuthorizeOAuthApp(t *testing.T) { } } + // Test implicit flow + authRequest.ResponseType = model.IMPLICIT_RESPONSE_TYPE + ruri, resp = Client.AuthorizeOAuthApp(authRequest) + CheckNoError(t, resp) + require.False(t, len(ruri) == 0, "redirect url should be set") + + ru, _ = url.Parse(ruri) + require.NotNil(t, ru, "redirect url unparseable") + values, err := url.ParseQuery(ru.Fragment) + require.Nil(t, err) + assert.False(t, len(values.Get("access_token")) == 0, "access_token not returned") + assert.Equal(t, authRequest.State, values.Get("state"), "returned state doesn't match") + + oldToken := Client.AuthToken + Client.AuthToken = values.Get("access_token") + _, resp = Client.AuthorizeOAuthApp(authRequest) + CheckForbiddenStatus(t, resp) + + Client.AuthToken = oldToken + authRequest.RedirectUri = "" _, resp = Client.AuthorizeOAuthApp(authRequest) CheckBadRequestStatus(t, resp) |