summaryrefslogtreecommitdiffstats
path: root/store/sql_oauth_store_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'store/sql_oauth_store_test.go')
-rw-r--r--store/sql_oauth_store_test.go135
1 files changed, 133 insertions, 2 deletions
diff --git a/store/sql_oauth_store_test.go b/store/sql_oauth_store_test.go
index b9bde5be3..dd6fe906e 100644
--- a/store/sql_oauth_store_test.go
+++ b/store/sql_oauth_store_test.go
@@ -13,10 +13,24 @@ func TestOAuthStoreSaveApp(t *testing.T) {
a1 := model.OAuthApp{}
a1.CreatorId = model.NewId()
- a1.Name = "TestApp" + model.NewId()
a1.CallbackUrls = []string{"https://nowhere.com"}
a1.Homepage = "https://nowhere.com"
+ // Try to save an app that already has an Id
+ a1.Id = model.NewId()
+ if err := (<-store.OAuth().SaveApp(&a1)).Err; err == nil {
+ t.Fatal("Should have failed, cannot add an OAuth app cannot be save with an Id, it has to be updated")
+ }
+
+ // Try to save an Invalid App
+ a1.Id = ""
+ if err := (<-store.OAuth().SaveApp(&a1)).Err; err == nil {
+ t.Fatal("Should have failed, app should be invalid cause it doesn' have a name set")
+ }
+
+ // Save the app
+ a1.Id = ""
+ a1.Name = "TestApp" + model.NewId()
if err := (<-store.OAuth().SaveApp(&a1)).Err; err != nil {
t.Fatal(err)
}
@@ -32,10 +46,24 @@ func TestOAuthStoreGetApp(t *testing.T) {
a1.Homepage = "https://nowhere.com"
Must(store.OAuth().SaveApp(&a1))
+ // Lets try to get and app that does not exists
+ if err := (<-store.OAuth().GetApp("fake0123456789abcderfgret1")).Err; err == nil {
+ t.Fatal("Should have failed. App does not exists")
+ }
+
if err := (<-store.OAuth().GetApp(a1.Id)).Err; err != nil {
t.Fatal(err)
}
+ // Lets try and get the app from a user that hasn't created any apps
+ if result := (<-store.OAuth().GetAppByUser("fake0123456789abcderfgret1")); result.Err == nil {
+ if len(result.Data.([]*model.OAuthApp)) > 0 {
+ t.Fatal("Should have failed. Fake user hasn't created any apps")
+ }
+ } else {
+ t.Fatal(result.Err)
+ }
+
if err := (<-store.OAuth().GetAppByUser(a1.CreatorId)).Err; err != nil {
t.Fatal(err)
}
@@ -55,10 +83,27 @@ func TestOAuthStoreUpdateApp(t *testing.T) {
a1.Homepage = "https://nowhere.com"
Must(store.OAuth().SaveApp(&a1))
+ // temporarily save the created app id
+ id := a1.Id
+
a1.CreateAt = 1
a1.ClientSecret = "pwd"
a1.CreatorId = "12345678901234567890123456"
+
+ // Lets update the app by removing the name
+ a1.Name = ""
+ if result := <-store.OAuth().UpdateApp(&a1); result.Err == nil {
+ t.Fatal("Should have failed. App name is not set")
+ }
+
+ // Lets not find the app that we are trying to update
+ a1.Id = "fake0123456789abcderfgret1"
a1.Name = "NewName"
+ if result := <-store.OAuth().UpdateApp(&a1); result.Err == nil {
+ t.Fatal("Should have failed. Not able to find the app")
+ }
+
+ a1.Id = id
if result := <-store.OAuth().UpdateApp(&a1); result.Err != nil {
t.Fatal(result.Err)
} else {
@@ -81,14 +126,59 @@ func TestOAuthStoreSaveAccessData(t *testing.T) {
a1 := model.AccessData{}
a1.ClientId = model.NewId()
a1.UserId = model.NewId()
+
+ // Lets try and save an incomplete access data
+ if err := (<-store.OAuth().SaveAccessData(&a1)).Err; err == nil {
+ t.Fatal("Should have failed. Access data needs the token")
+ }
+
a1.Token = model.NewId()
a1.RefreshToken = model.NewId()
+ a1.RedirectUri = "http://example.com"
if err := (<-store.OAuth().SaveAccessData(&a1)).Err; err != nil {
t.Fatal(err)
}
}
+func TestOAuthUpdateAccessData(t *testing.T) {
+ Setup()
+
+ a1 := model.AccessData{}
+ a1.ClientId = model.NewId()
+ a1.UserId = model.NewId()
+ a1.Token = model.NewId()
+ a1.RefreshToken = model.NewId()
+ a1.ExpiresAt = model.GetMillis()
+ a1.RedirectUri = "http://example.com"
+ Must(store.OAuth().SaveAccessData(&a1))
+
+ //Try to update to invalid Refresh Token
+ refreshToken := a1.RefreshToken
+ a1.RefreshToken = model.NewId() + "123"
+ if err := (<-store.OAuth().UpdateAccessData(&a1)).Err; err == nil {
+ t.Fatal("Should have failed with invalid token")
+ }
+
+ //Try to update to invalid RedirectUri
+ a1.RefreshToken = model.NewId()
+ a1.RedirectUri = ""
+ if err := (<-store.OAuth().UpdateAccessData(&a1)).Err; err == nil {
+ t.Fatal("Should have failed with invalid Redirect URI")
+ }
+
+ // Should update fine
+ a1.RedirectUri = "http://example.com"
+ if result := <-store.OAuth().UpdateAccessData(&a1); result.Err != nil {
+ t.Fatal(result.Err)
+ } else {
+ ra1 := result.Data.(*model.AccessData)
+ if ra1.RefreshToken == refreshToken {
+ t.Fatal("refresh tokens didn't match")
+ }
+ }
+}
+
func TestOAuthStoreGetAccessData(t *testing.T) {
Setup()
@@ -98,8 +188,13 @@ func TestOAuthStoreGetAccessData(t *testing.T) {
a1.Token = model.NewId()
a1.RefreshToken = model.NewId()
a1.ExpiresAt = model.GetMillis()
+ a1.RedirectUri = "http://example.com"
Must(store.OAuth().SaveAccessData(&a1))
+ if err := (<-store.OAuth().GetAccessData("invalidToken")).Err; err == nil {
+ t.Fatal("Should have failed. There is no data with an invalid token")
+ }
+
if result := <-store.OAuth().GetAccessData(a1.Token); result.Err != nil {
t.Fatal(result.Err)
} else {
@@ -116,6 +211,21 @@ func TestOAuthStoreGetAccessData(t *testing.T) {
if err := (<-store.OAuth().GetPreviousAccessData("user", "junk")).Err; err != nil {
t.Fatal(err)
}
+
+ // Try to get the Access data using an invalid refresh token
+ if err := (<-store.OAuth().GetAccessDataByRefreshToken(a1.Token)).Err; err == nil {
+ t.Fatal("Should have failed. There is no data with an invalid token")
+ }
+
+ // Get the Access Data using the refresh token
+ if result := <-store.OAuth().GetAccessDataByRefreshToken(a1.RefreshToken); result.Err != nil {
+ t.Fatal(result.Err)
+ } else {
+ ra1 := result.Data.(*model.AccessData)
+ if a1.RefreshToken != ra1.RefreshToken {
+ t.Fatal("tokens didn't match")
+ }
+ }
}
func TestOAuthStoreRemoveAccessData(t *testing.T) {
@@ -126,6 +236,7 @@ func TestOAuthStoreRemoveAccessData(t *testing.T) {
a1.UserId = model.NewId()
a1.Token = model.NewId()
a1.RefreshToken = model.NewId()
+ a1.RedirectUri = "http://example.com"
Must(store.OAuth().SaveAccessData(&a1))
if err := (<-store.OAuth().RemoveAccessData(a1.Token)).Err; err != nil {
@@ -147,7 +258,7 @@ func TestOAuthStoreSaveAuthData(t *testing.T) {
a1.ClientId = model.NewId()
a1.UserId = model.NewId()
a1.Code = model.NewId()
-
+ a1.RedirectUri = "http://example.com"
if err := (<-store.OAuth().SaveAuthData(&a1)).Err; err != nil {
t.Fatal(err)
}
@@ -160,6 +271,7 @@ func TestOAuthStoreGetAuthData(t *testing.T) {
a1.ClientId = model.NewId()
a1.UserId = model.NewId()
a1.Code = model.NewId()
+ a1.RedirectUri = "http://example.com"
Must(store.OAuth().SaveAuthData(&a1))
if err := (<-store.OAuth().GetAuthData(a1.Code)).Err; err != nil {
@@ -174,6 +286,7 @@ func TestOAuthStoreRemoveAuthData(t *testing.T) {
a1.ClientId = model.NewId()
a1.UserId = model.NewId()
a1.Code = model.NewId()
+ a1.RedirectUri = "http://example.com"
Must(store.OAuth().SaveAuthData(&a1))
if err := (<-store.OAuth().RemoveAuthData(a1.Code)).Err; err != nil {
@@ -192,6 +305,7 @@ func TestOAuthStoreRemoveAuthDataByUser(t *testing.T) {
a1.ClientId = model.NewId()
a1.UserId = model.NewId()
a1.Code = model.NewId()
+ a1.RedirectUri = "http://example.com"
Must(store.OAuth().SaveAuthData(&a1))
if err := (<-store.OAuth().PermanentDeleteAuthDataByUser(a1.UserId)).Err; err != nil {
@@ -209,6 +323,15 @@ func TestOAuthGetAuthorizedApps(t *testing.T) {
a1.Homepage = "https://nowhere.com"
Must(store.OAuth().SaveApp(&a1))
+ // Lets try and get an Authorized app for a user who hasn't authorized it
+ if result := <-store.OAuth().GetAuthorizedApps("fake0123456789abcderfgret1"); result.Err == nil {
+ if len(result.Data.([]*model.OAuthApp)) > 0 {
+ t.Fatal("Should have failed. Fake user hasn't authorized the app")
+ }
+ } else {
+ t.Fatal(result.Err)
+ }
+
// allow the app
p := model.Preference{}
p.UserId = a1.CreatorId
@@ -260,6 +383,7 @@ func TestOAuthGetAccessDataByUserForApp(t *testing.T) {
ad1.UserId = a1.CreatorId
ad1.Token = model.NewId()
ad1.RefreshToken = model.NewId()
+ ad1.RedirectUri = "http://example.com"
if err := (<-store.OAuth().SaveAccessData(&ad1)).Err; err != nil {
t.Fatal(err)
@@ -276,6 +400,8 @@ func TestOAuthGetAccessDataByUserForApp(t *testing.T) {
}
func TestOAuthStoreDeleteApp(t *testing.T) {
+ Setup()
+
a1 := model.OAuthApp{}
a1.CreatorId = model.NewId()
a1.Name = "TestApp" + model.NewId()
@@ -283,6 +409,11 @@ func TestOAuthStoreDeleteApp(t *testing.T) {
a1.Homepage = "https://nowhere.com"
Must(store.OAuth().SaveApp(&a1))
+ // delete a non-existent app
+ if err := (<-store.OAuth().DeleteApp("fakeclientId")).Err; err != nil {
+ t.Fatal(err)
+ }
+
if err := (<-store.OAuth().DeleteApp(a1.Id)).Err; err != nil {
t.Fatal(err)
}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-09 23:01:16 +0000