From 5bc3cea6fe4a909735753692d0c4cd960e8ab516 Mon Sep 17 00:00:00 2001 From: enahum Date: Wed, 3 Aug 2016 12:19:27 -0500 Subject: PLT-3484 OAuth2 Service Provider (#3632) * PLT-3484 OAuth2 Service Provider * PM text review for OAuth 2.0 Service Provider * PLT-3484 OAuth2 Service Provider UI tweaks (#3668) * Tweaks to help text * Pushing OAuth improvements (#3680) * Re-arrange System Console for OAuth 2.0 Provider --- api/oauth_test.go | 274 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 194 insertions(+), 80 deletions(-) (limited to 'api/oauth_test.go') diff --git a/api/oauth_test.go b/api/oauth_test.go index aa3c025a7..b719e17cc 100644 --- a/api/oauth_test.go +++ b/api/oauth_test.go @@ -11,131 +11,245 @@ import ( ) func TestRegisterApp(t *testing.T) { - th := Setup().InitBasic() - Client := th.BasicClient + th := Setup().InitBasic().InitSystemAdmin() + Client := th.SystemAdminClient app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { - if _, err := Client.RegisterApp(app); err == nil { t.Fatal("should have failed - oauth providing turned off") } - } else { + } - Client.Logout() + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true - if _, err := Client.RegisterApp(app); err == nil { - t.Fatal("not logged in - should have failed") - } + Client.Logout() - th.LoginBasic() + if _, err := Client.RegisterApp(app); err == nil { + t.Fatal("not logged in - should have failed") + } - if result, err := Client.RegisterApp(app); err != nil { - t.Fatal(err) - } else { - rapp := result.Data.(*model.OAuthApp) - if len(rapp.Id) != 26 { - t.Fatal("clientid didn't return properly") - } - if len(rapp.ClientSecret) != 26 { - t.Fatal("client secret didn't return properly") - } - } + th.LoginSystemAdmin() - app = &model.OAuthApp{Name: "", Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} - if _, err := Client.RegisterApp(app); err == nil { - t.Fatal("missing name - should have failed") + if result, err := Client.RegisterApp(app); err != nil { + t.Fatal(err) + } else { + rapp := result.Data.(*model.OAuthApp) + if len(rapp.Id) != 26 { + t.Fatal("clientid didn't return properly") } - - app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} - if _, err := Client.RegisterApp(app); err == nil { - t.Fatal("missing homepage - should have failed") + if len(rapp.ClientSecret) != 26 { + t.Fatal("client secret didn't return properly") } + } - app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{}} - if _, err := Client.RegisterApp(app); err == nil { - t.Fatal("missing callback url - should have failed") - } + app = &model.OAuthApp{Name: "", Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + if _, err := Client.RegisterApp(app); err == nil { + t.Fatal("missing name - should have failed") + } + + app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + if _, err := Client.RegisterApp(app); err == nil { + t.Fatal("missing homepage - should have failed") + } + + app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{}} + if _, err := Client.RegisterApp(app); err == nil { + t.Fatal("missing callback url - should have failed") } } func TestAllowOAuth(t *testing.T) { - th := Setup().InitBasic() + th := Setup().InitBasic().InitSystemAdmin() Client := th.BasicClient + AdminClient := th.SystemAdminClient + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + app = AdminClient.Must(AdminClient.RegisterApp(app)).Data.(*model.OAuthApp) state := "123" - if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { - if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "12345678901234567890123456", app.CallbackUrls[0], "all", state); err == nil { - t.Fatal("should have failed - oauth service providing turned off") - } + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false + if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", state); err == nil { + t.Fatal("should have failed - oauth providing turned off") + } + + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true + + if result, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", state); err != nil { + t.Fatal(err) } else { - app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp) + redirect := result.Data.(map[string]string)["redirect"] + if len(redirect) == 0 { + t.Fatal("redirect url should be set") + } - if result, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", state); err != nil { - t.Fatal(err) + ru, _ := url.Parse(redirect) + if ru == nil { + t.Fatal("redirect url unparseable") } else { - redirect := result.Data.(map[string]string)["redirect"] - if len(redirect) == 0 { - t.Fatal("redirect url should be set") + if len(ru.Query().Get("code")) == 0 { + t.Fatal("authorization code not returned") } - - ru, _ := url.Parse(redirect) - if ru == nil { - t.Fatal("redirect url unparseable") - } else { - if len(ru.Query().Get("code")) == 0 { - t.Fatal("authorization code not returned") - } - if ru.Query().Get("state") != state { - t.Fatal("returned state doesn't match") - } + if ru.Query().Get("state") != state { + t.Fatal("returned state doesn't match") } } + } - if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "all", state); err == nil { - t.Fatal("should have failed - no redirect_url given") - } + if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "all", state); err == nil { + t.Fatal("should have failed - no redirect_url given") + } - if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "", state); err == nil { - t.Fatal("should have failed - no redirect_url given") + if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "", state); err == nil { + t.Fatal("should have failed - no redirect_url given") + } + + if result, err := Client.AllowOAuth("junk", app.Id, app.CallbackUrls[0], "all", state); err != nil { + t.Fatal(err) + } else { + redirect := result.Data.(map[string]string)["redirect"] + if len(redirect) == 0 { + t.Fatal("redirect url should be set") } - if result, err := Client.AllowOAuth("junk", app.Id, app.CallbackUrls[0], "all", state); err != nil { - t.Fatal(err) + ru, _ := url.Parse(redirect) + if ru == nil { + t.Fatal("redirect url unparseable") } else { - redirect := result.Data.(map[string]string)["redirect"] - if len(redirect) == 0 { - t.Fatal("redirect url should be set") + if ru.Query().Get("error") != "unsupported_response_type" { + t.Fatal("wrong error returned") } - - ru, _ := url.Parse(redirect) - if ru == nil { - t.Fatal("redirect url unparseable") - } else { - if ru.Query().Get("error") != "unsupported_response_type" { - t.Fatal("wrong error returned") - } - if ru.Query().Get("state") != state { - t.Fatal("returned state doesn't match") - } + if ru.Query().Get("state") != state { + t.Fatal("returned state doesn't match") } } + } - if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "", app.CallbackUrls[0], "all", state); err == nil { - t.Fatal("should have failed - empty client id") + if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "", app.CallbackUrls[0], "all", state); err == nil { + t.Fatal("should have failed - empty client id") + } + + if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "junk", app.CallbackUrls[0], "all", state); err == nil { + t.Fatal("should have failed - bad client id") + } + + if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "https://somewhereelse.com", "all", state); err == nil { + t.Fatal("should have failed - redirect uri host does not match app host") + } +} + +func TestGetOAuthAppsByUser(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + Client := th.BasicClient + AdminClient := th.SystemAdminClient + + if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { + if _, err := Client.GetOAuthAppsByUser(); err == nil { + t.Fatal("should have failed - oauth providing turned off") } - if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "junk", app.CallbackUrls[0], "all", state); err == nil { - t.Fatal("should have failed - bad client id") + } + + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true + + if _, err := Client.GetOAuthAppsByUser(); err == nil { + t.Fatal("Should have failed. only admin is permitted") + } + + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + + if result, err := Client.GetOAuthAppsByUser(); err != nil { + t.Fatal(err) + } else { + apps := result.Data.([]*model.OAuthApp) + + if len(apps) != 0 { + t.Fatal("incorrect number of apps should have been 0") } + } - if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "https://somewhereelse.com", "all", state); err == nil { - t.Fatal("should have failed - redirect uri host does not match app host") + app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp) + + if result, err := Client.GetOAuthAppsByUser(); err != nil { + t.Fatal(err) + } else { + apps := result.Data.([]*model.OAuthApp) + + if len(apps) != 1 { + t.Fatal("incorrect number of apps should have been 1") + } + } + + app = &model.OAuthApp{Name: "TestApp4" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + app = AdminClient.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp) + + if result, err := AdminClient.GetOAuthAppsByUser(); err != nil { + t.Fatal(err) + } else { + apps := result.Data.([]*model.OAuthApp) + + if len(apps) != 4 { + t.Fatal("incorrect number of apps should have been 4") + } + } +} + +func TestGetOAuthAppInfo(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + Client := th.BasicClient + AdminClient := th.SystemAdminClient + + if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { + if _, err := Client.GetOAuthAppInfo("fakeId"); err == nil { + t.Fatal("should have failed - oauth providing turned off") } + + } + + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true + + app := &model.OAuthApp{Name: "TestApp5" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + + app = AdminClient.Must(AdminClient.RegisterApp(app)).Data.(*model.OAuthApp) + + if _, err := Client.GetOAuthAppInfo(app.Id); err != nil { + t.Fatal(err) + } +} + +func TestOAuthDeleteApp(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + Client := th.BasicClient + AdminClient := th.SystemAdminClient + + if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { + if _, err := Client.DeleteOAuthApp("fakeId"); err == nil { + t.Fatal("should have failed - oauth providing turned off") + } + + } + + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + + app := &model.OAuthApp{Name: "TestApp5" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + + app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp) + + if _, err := Client.DeleteOAuthApp(app.Id); err != nil { + t.Fatal(err) + } + + app = &model.OAuthApp{Name: "TestApp5" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} + + app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp) + + if _, err := AdminClient.DeleteOAuthApp(app.Id); err != nil { + t.Fatal(err) } } -- cgit v1.2.3-1-g7c22