From 1cbe6e797517089140ee2db12d73c0781f5e3e6b Mon Sep 17 00:00:00 2001
From: enahum <nahumhbl@gmail.com>
Date: Mon, 3 Apr 2017 14:37:58 -0300
Subject: Add more OAuth unit tests (#5946)

---
 store/sql_oauth_store_test.go | 135 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 133 insertions(+), 2 deletions(-)

(limited to 'store/sql_oauth_store_test.go')

diff --git a/store/sql_oauth_store_test.go b/store/sql_oauth_store_test.go
index b9bde5be3..dd6fe906e 100644
--- a/store/sql_oauth_store_test.go
+++ b/store/sql_oauth_store_test.go
@@ -13,10 +13,24 @@ func TestOAuthStoreSaveApp(t *testing.T) {
 
 	a1 := model.OAuthApp{}
 	a1.CreatorId = model.NewId()
-	a1.Name = "TestApp" + model.NewId()
 	a1.CallbackUrls = []string{"https://nowhere.com"}
 	a1.Homepage = "https://nowhere.com"
 
+	// Try to save an app that already has an Id
+	a1.Id = model.NewId()
+	if err := (<-store.OAuth().SaveApp(&a1)).Err; err == nil {
+		t.Fatal("Should have failed, cannot add an OAuth app cannot be save with an Id, it has to be updated")
+	}
+
+	// Try to save an Invalid App
+	a1.Id = ""
+	if err := (<-store.OAuth().SaveApp(&a1)).Err; err == nil {
+		t.Fatal("Should have failed, app should be invalid cause it doesn' have a name set")
+	}
+
+	// Save the app
+	a1.Id = ""
+	a1.Name = "TestApp" + model.NewId()
 	if err := (<-store.OAuth().SaveApp(&a1)).Err; err != nil {
 		t.Fatal(err)
 	}
@@ -32,10 +46,24 @@ func TestOAuthStoreGetApp(t *testing.T) {
 	a1.Homepage = "https://nowhere.com"
 	Must(store.OAuth().SaveApp(&a1))
 
+	// Lets try to get and app that does not exists
+	if err := (<-store.OAuth().GetApp("fake0123456789abcderfgret1")).Err; err == nil {
+		t.Fatal("Should have failed. App does not exists")
+	}
+
 	if err := (<-store.OAuth().GetApp(a1.Id)).Err; err != nil {
 		t.Fatal(err)
 	}
 
+	// Lets try and get the app from a user that hasn't created any apps
+	if result := (<-store.OAuth().GetAppByUser("fake0123456789abcderfgret1")); result.Err == nil {
+		if len(result.Data.([]*model.OAuthApp)) > 0 {
+			t.Fatal("Should have failed. Fake user hasn't created any apps")
+		}
+	} else {
+		t.Fatal(result.Err)
+	}
+
 	if err := (<-store.OAuth().GetAppByUser(a1.CreatorId)).Err; err != nil {
 		t.Fatal(err)
 	}
@@ -55,10 +83,27 @@ func TestOAuthStoreUpdateApp(t *testing.T) {
 	a1.Homepage = "https://nowhere.com"
 	Must(store.OAuth().SaveApp(&a1))
 
+	// temporarily save the created app id
+	id := a1.Id
+
 	a1.CreateAt = 1
 	a1.ClientSecret = "pwd"
 	a1.CreatorId = "12345678901234567890123456"
+
+	// Lets update the app by removing the name
+	a1.Name = ""
+	if result := <-store.OAuth().UpdateApp(&a1); result.Err == nil {
+		t.Fatal("Should have failed. App name is not set")
+	}
+
+	// Lets not find the app that we are trying to update
+	a1.Id = "fake0123456789abcderfgret1"
 	a1.Name = "NewName"
+	if result := <-store.OAuth().UpdateApp(&a1); result.Err == nil {
+		t.Fatal("Should have failed. Not able to find the app")
+	}
+
+	a1.Id = id
 	if result := <-store.OAuth().UpdateApp(&a1); result.Err != nil {
 		t.Fatal(result.Err)
 	} else {
@@ -81,14 +126,59 @@ func TestOAuthStoreSaveAccessData(t *testing.T) {
 	a1 := model.AccessData{}
 	a1.ClientId = model.NewId()
 	a1.UserId = model.NewId()
+
+	// Lets try and save an incomplete access data
+	if err := (<-store.OAuth().SaveAccessData(&a1)).Err; err == nil {
+		t.Fatal("Should have failed. Access data needs the token")
+	}
+
 	a1.Token = model.NewId()
 	a1.RefreshToken = model.NewId()
+	a1.RedirectUri = "http://example.com"
 
 	if err := (<-store.OAuth().SaveAccessData(&a1)).Err; err != nil {
 		t.Fatal(err)
 	}
 }
 
+func TestOAuthUpdateAccessData(t *testing.T) {
+	Setup()
+
+	a1 := model.AccessData{}
+	a1.ClientId = model.NewId()
+	a1.UserId = model.NewId()
+	a1.Token = model.NewId()
+	a1.RefreshToken = model.NewId()
+	a1.ExpiresAt = model.GetMillis()
+	a1.RedirectUri = "http://example.com"
+	Must(store.OAuth().SaveAccessData(&a1))
+
+	//Try to update to invalid Refresh Token
+	refreshToken := a1.RefreshToken
+	a1.RefreshToken = model.NewId() + "123"
+	if err := (<-store.OAuth().UpdateAccessData(&a1)).Err; err == nil {
+		t.Fatal("Should have failed with invalid token")
+	}
+
+	//Try to update to invalid RedirectUri
+	a1.RefreshToken = model.NewId()
+	a1.RedirectUri = ""
+	if err := (<-store.OAuth().UpdateAccessData(&a1)).Err; err == nil {
+		t.Fatal("Should have failed with invalid Redirect URI")
+	}
+
+	// Should update fine
+	a1.RedirectUri = "http://example.com"
+	if result := <-store.OAuth().UpdateAccessData(&a1); result.Err != nil {
+		t.Fatal(result.Err)
+	} else {
+		ra1 := result.Data.(*model.AccessData)
+		if ra1.RefreshToken == refreshToken {
+			t.Fatal("refresh tokens didn't match")
+		}
+	}
+}
+
 func TestOAuthStoreGetAccessData(t *testing.T) {
 	Setup()
 
@@ -98,8 +188,13 @@ func TestOAuthStoreGetAccessData(t *testing.T) {
 	a1.Token = model.NewId()
 	a1.RefreshToken = model.NewId()
 	a1.ExpiresAt = model.GetMillis()
+	a1.RedirectUri = "http://example.com"
 	Must(store.OAuth().SaveAccessData(&a1))
 
+	if err := (<-store.OAuth().GetAccessData("invalidToken")).Err; err == nil {
+		t.Fatal("Should have failed. There is no data with an invalid token")
+	}
+
 	if result := <-store.OAuth().GetAccessData(a1.Token); result.Err != nil {
 		t.Fatal(result.Err)
 	} else {
@@ -116,6 +211,21 @@ func TestOAuthStoreGetAccessData(t *testing.T) {
 	if err := (<-store.OAuth().GetPreviousAccessData("user", "junk")).Err; err != nil {
 		t.Fatal(err)
 	}
+
+	// Try to get the Access data using an invalid refresh token
+	if err := (<-store.OAuth().GetAccessDataByRefreshToken(a1.Token)).Err; err == nil {
+		t.Fatal("Should have failed. There is no data with an invalid token")
+	}
+
+	// Get the Access Data using the refresh token
+	if result := <-store.OAuth().GetAccessDataByRefreshToken(a1.RefreshToken); result.Err != nil {
+		t.Fatal(result.Err)
+	} else {
+		ra1 := result.Data.(*model.AccessData)
+		if a1.RefreshToken != ra1.RefreshToken {
+			t.Fatal("tokens didn't match")
+		}
+	}
 }
 
 func TestOAuthStoreRemoveAccessData(t *testing.T) {
@@ -126,6 +236,7 @@ func TestOAuthStoreRemoveAccessData(t *testing.T) {
 	a1.UserId = model.NewId()
 	a1.Token = model.NewId()
 	a1.RefreshToken = model.NewId()
+	a1.RedirectUri = "http://example.com"
 	Must(store.OAuth().SaveAccessData(&a1))
 
 	if err := (<-store.OAuth().RemoveAccessData(a1.Token)).Err; err != nil {
@@ -147,7 +258,7 @@ func TestOAuthStoreSaveAuthData(t *testing.T) {
 	a1.ClientId = model.NewId()
 	a1.UserId = model.NewId()
 	a1.Code = model.NewId()
-
+	a1.RedirectUri = "http://example.com"
 	if err := (<-store.OAuth().SaveAuthData(&a1)).Err; err != nil {
 		t.Fatal(err)
 	}
@@ -160,6 +271,7 @@ func TestOAuthStoreGetAuthData(t *testing.T) {
 	a1.ClientId = model.NewId()
 	a1.UserId = model.NewId()
 	a1.Code = model.NewId()
+	a1.RedirectUri = "http://example.com"
 	Must(store.OAuth().SaveAuthData(&a1))
 
 	if err := (<-store.OAuth().GetAuthData(a1.Code)).Err; err != nil {
@@ -174,6 +286,7 @@ func TestOAuthStoreRemoveAuthData(t *testing.T) {
 	a1.ClientId = model.NewId()
 	a1.UserId = model.NewId()
 	a1.Code = model.NewId()
+	a1.RedirectUri = "http://example.com"
 	Must(store.OAuth().SaveAuthData(&a1))
 
 	if err := (<-store.OAuth().RemoveAuthData(a1.Code)).Err; err != nil {
@@ -192,6 +305,7 @@ func TestOAuthStoreRemoveAuthDataByUser(t *testing.T) {
 	a1.ClientId = model.NewId()
 	a1.UserId = model.NewId()
 	a1.Code = model.NewId()
+	a1.RedirectUri = "http://example.com"
 	Must(store.OAuth().SaveAuthData(&a1))
 
 	if err := (<-store.OAuth().PermanentDeleteAuthDataByUser(a1.UserId)).Err; err != nil {
@@ -209,6 +323,15 @@ func TestOAuthGetAuthorizedApps(t *testing.T) {
 	a1.Homepage = "https://nowhere.com"
 	Must(store.OAuth().SaveApp(&a1))
 
+	// Lets try and get an Authorized app for a user who hasn't authorized it
+	if result := <-store.OAuth().GetAuthorizedApps("fake0123456789abcderfgret1"); result.Err == nil {
+		if len(result.Data.([]*model.OAuthApp)) > 0 {
+			t.Fatal("Should have failed. Fake user hasn't authorized the app")
+		}
+	} else {
+		t.Fatal(result.Err)
+	}
+
 	// allow the app
 	p := model.Preference{}
 	p.UserId = a1.CreatorId
@@ -260,6 +383,7 @@ func TestOAuthGetAccessDataByUserForApp(t *testing.T) {
 	ad1.UserId = a1.CreatorId
 	ad1.Token = model.NewId()
 	ad1.RefreshToken = model.NewId()
+	ad1.RedirectUri = "http://example.com"
 
 	if err := (<-store.OAuth().SaveAccessData(&ad1)).Err; err != nil {
 		t.Fatal(err)
@@ -276,6 +400,8 @@ func TestOAuthGetAccessDataByUserForApp(t *testing.T) {
 }
 
 func TestOAuthStoreDeleteApp(t *testing.T) {
+	Setup()
+
 	a1 := model.OAuthApp{}
 	a1.CreatorId = model.NewId()
 	a1.Name = "TestApp" + model.NewId()
@@ -283,6 +409,11 @@ func TestOAuthStoreDeleteApp(t *testing.T) {
 	a1.Homepage = "https://nowhere.com"
 	Must(store.OAuth().SaveApp(&a1))
 
+	// delete a non-existent app
+	if err := (<-store.OAuth().DeleteApp("fakeclientId")).Err; err != nil {
+		t.Fatal(err)
+	}
+
 	if err := (<-store.OAuth().DeleteApp(a1.Id)).Err; err != nil {
 		t.Fatal(err)
 	}
-- 
cgit v1.2.3-1-g7c22