summaryrefslogtreecommitdiffstats
path: root/api4/oauth_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'api4/oauth_test.go')
-rw-r--r--api4/oauth_test.go22
1 files changed, 22 insertions, 0 deletions
diff --git a/api4/oauth_test.go b/api4/oauth_test.go
index 5415e485e..cac40e442 100644
--- a/api4/oauth_test.go
+++ b/api4/oauth_test.go
@@ -13,6 +13,7 @@ import (
"testing"
"github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
"github.com/mattermost/mattermost-server/einterfaces"
"github.com/mattermost/mattermost-server/model"
@@ -665,6 +666,7 @@ func TestAuthorizeOAuthApp(t *testing.T) {
State: "123",
}
+ // Test auth code flow
ruri, resp := Client.AuthorizeOAuthApp(authRequest)
CheckNoError(t, resp)
@@ -684,6 +686,26 @@ func TestAuthorizeOAuthApp(t *testing.T) {
}
}
+ // Test implicit flow
+ authRequest.ResponseType = model.IMPLICIT_RESPONSE_TYPE
+ ruri, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckNoError(t, resp)
+ require.False(t, len(ruri) == 0, "redirect url should be set")
+
+ ru, _ = url.Parse(ruri)
+ require.NotNil(t, ru, "redirect url unparseable")
+ values, err := url.ParseQuery(ru.Fragment)
+ require.Nil(t, err)
+ assert.False(t, len(values.Get("access_token")) == 0, "access_token not returned")
+ assert.Equal(t, authRequest.State, values.Get("state"), "returned state doesn't match")
+
+ oldToken := Client.AuthToken
+ Client.AuthToken = values.Get("access_token")
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckForbiddenStatus(t, resp)
+
+ Client.AuthToken = oldToken
+
authRequest.RedirectUri = ""
_, resp = Client.AuthorizeOAuthApp(authRequest)
CheckBadRequestStatus(t, resp)
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-30 04:13:14 +0000