From 1cbe6e797517089140ee2db12d73c0781f5e3e6b Mon Sep 17 00:00:00 2001 From: enahum Date: Mon, 3 Apr 2017 14:37:58 -0300 Subject: Add more OAuth unit tests (#5946) --- web/web_test.go | 139 -------------------------------------------------------- 1 file changed, 139 deletions(-) (limited to 'web') diff --git a/web/web_test.go b/web/web_test.go index 8db0eb91c..03cacdddf 100644 --- a/web/web_test.go +++ b/web/web_test.go @@ -4,8 +4,6 @@ package web import ( - "net/url" - "strings" "testing" "time" @@ -62,143 +60,6 @@ func TestStatic(t *testing.T) { } */ -func TestGetAccessToken(t *testing.T) { - Setup() - - user := model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Password: "passwd1"} - ruser := ApiClient.Must(ApiClient.CreateUser(&user, "")).Data.(*model.User) - store.Must(app.Srv.Store.User().VerifyEmail(ruser.Id)) - - ApiClient.Must(ApiClient.LoginById(ruser.Id, "passwd1")) - - team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - rteam, _ := ApiClient.CreateTeam(&team) - - oauthApp := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} - - utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false - data := url.Values{"grant_type": []string{"junk"}, "client_id": []string{"12345678901234567890123456"}, "client_secret": []string{"12345678901234567890123456"}, "code": []string{"junk"}, "redirect_uri": []string{oauthApp.CallbackUrls[0]}} - - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - oauth providing turned off") - } - utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true - - ApiClient.Must(ApiClient.LoginById(ruser.Id, "passwd1")) - ApiClient.SetTeamId(rteam.Data.(*model.Team).Id) - *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false - utils.SetDefaultRolesBasedOnConfig() - oauthApp = ApiClient.Must(ApiClient.RegisterApp(oauthApp)).Data.(*model.OAuthApp) - *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - utils.SetDefaultRolesBasedOnConfig() - - redirect := ApiClient.Must(ApiClient.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, oauthApp.Id, oauthApp.CallbackUrls[0], "all", "123")).Data.(map[string]string)["redirect"] - rurl, _ := url.Parse(redirect) - - teamId := rteam.Data.(*model.Team).Id - - ApiClient.Logout() - - data = url.Values{"grant_type": []string{"junk"}, "client_id": []string{oauthApp.Id}, "client_secret": []string{oauthApp.ClientSecret}, "code": []string{rurl.Query().Get("code")}, "redirect_uri": []string{oauthApp.CallbackUrls[0]}} - - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - bad grant type") - } - - data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE) - data.Set("client_id", "") - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - missing client id") - } - data.Set("client_id", "junk") - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - bad client id") - } - - data.Set("client_id", oauthApp.Id) - data.Set("client_secret", "") - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - missing client secret") - } - - data.Set("client_secret", "junk") - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - bad client secret") - } - - data.Set("client_secret", oauthApp.ClientSecret) - data.Set("code", "") - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - missing code") - } - - data.Set("code", "junk") - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - bad code") - } - - data.Set("code", rurl.Query().Get("code")) - data.Set("redirect_uri", "junk") - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - non-matching redirect uri") - } - - // reset data for successful request - data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE) - data.Set("client_id", oauthApp.Id) - data.Set("client_secret", oauthApp.ClientSecret) - data.Set("code", rurl.Query().Get("code")) - data.Set("redirect_uri", oauthApp.CallbackUrls[0]) - - token := "" - if result, err := ApiClient.GetAccessToken(data); err != nil { - t.Fatal(err) - } else { - rsp := result.Data.(*model.AccessResponse) - if len(rsp.AccessToken) == 0 { - t.Fatal("access token not returned") - } else { - token = rsp.AccessToken - } - if rsp.TokenType != model.ACCESS_TOKEN_TYPE { - t.Fatal("access token type incorrect") - } - } - - if result, err := ApiClient.DoApiGet("/teams/"+teamId+"/users/0/100?access_token="+token, "", ""); err != nil { - t.Fatal(err) - } else { - userMap := model.UserMapFromJson(result.Body) - if len(userMap) == 0 { - t.Fatal("user map empty - did not get results correctly") - } - } - - if _, err := ApiClient.DoApiGet("/teams/"+teamId+"/users/0/100", "", ""); err == nil { - t.Fatal("should have failed - no access token provided") - } - - if _, err := ApiClient.DoApiGet("/teams/"+teamId+"/users/0/100?access_token=junk", "", ""); err == nil { - t.Fatal("should have failed - bad access token provided") - } - - ApiClient.SetOAuthToken(token) - if result, err := ApiClient.DoApiGet("/teams/"+teamId+"/users/0/100", "", ""); err != nil { - t.Fatal(err) - } else { - userMap := model.UserMapFromJson(result.Body) - if len(userMap) == 0 { - t.Fatal("user map empty - did not get results correctly") - } - } - - if _, err := ApiClient.GetAccessToken(data); err == nil { - t.Fatal("should have failed - tried to reuse auth code") - } - - ApiClient.ClearOAuthToken() -} - func TestIncomingWebhook(t *testing.T) { Setup() -- cgit v1.2.3-1-g7c22