diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2018-07-27 17:35:43 -0400 |
|---|---|---|
| committer | Elias Nahum <nahumhbl@gmail.com> | 2018-07-27 17:35:43 -0400 |
| commit | 6ac82d5171769bf8d543cb6c017d29c0a4c81621 (patch) | |
| tree | 945a5d1511b1eb4048bfaa4ea59777886713d797 /app/oauth_test.go | |
| parent | 441c8741c1738e93258b861d92e4f7293203918a (diff) | |
| download | chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.tar.gz chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.tar.bz2 chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.zip | |
Implement OAuth2 implicit grant flow (#9178)
Diffstat (limited to 'app/oauth_test.go')
| -rw-r--r-- | app/oauth_test.go | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/app/oauth_test.go b/app/oauth_test.go index 60854a354..70cd5460a 100644 --- a/app/oauth_test.go +++ b/app/oauth_test.go @@ -7,8 +7,59 @@ import ( "testing" "github.com/mattermost/mattermost-server/model" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) +func TestGetOAuthAccessTokenForImplicitFlow(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + + th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) + + oapp := &model.OAuthApp{ + Name: "fakeoauthapp" + model.NewRandomString(10), + CreatorId: th.BasicUser2.Id, + Homepage: "https://nowhere.com", + Description: "test", + CallbackUrls: []string{"https://nowhere.com"}, + } + + oapp, err := th.App.CreateOAuthApp(oapp) + require.Nil(t, err) + + authRequest := &model.AuthorizeRequest{ + ResponseType: model.IMPLICIT_RESPONSE_TYPE, + ClientId: oapp.Id, + RedirectUri: oapp.CallbackUrls[0], + Scope: "", + State: "123", + } + + session, err := th.App.GetOAuthAccessTokenForImplicitFlow(th.BasicUser.Id, authRequest) + assert.Nil(t, err) + assert.NotNil(t, session) + + th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = false }) + + session, err = th.App.GetOAuthAccessTokenForImplicitFlow(th.BasicUser.Id, authRequest) + assert.NotNil(t, err, "should fail - oauth2 disabled") + assert.Nil(t, session) + + th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = true }) + authRequest.ClientId = "junk" + + session, err = th.App.GetOAuthAccessTokenForImplicitFlow(th.BasicUser.Id, authRequest) + assert.NotNil(t, err, "should fail - bad client id") + assert.Nil(t, session) + + authRequest.ClientId = oapp.Id + + session, err = th.App.GetOAuthAccessTokenForImplicitFlow("junk", authRequest) + assert.NotNil(t, err, "should fail - bad user id") + assert.Nil(t, session) +} + func TestOAuthRevokeAccessToken(t *testing.T) { th := Setup() defer th.TearDown() |