closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7223 Commits
2 Branches
178 MiB
Tree: e777c6bdc6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e777c6bdc6'
${ noResults }
gitea/integrations/oauth_test.go

138 lines
5.0 KiB
Raw Normal View History

Integrate OAuth2 Provider (#5378)
5 years ago
 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package integrations
  6. 

  7. import (
  8. 	"encoding/json"
  9. 	"testing"
  10. 

  11. 	"github.com/stretchr/testify/assert"
  12. )
  13. 

  14. const defaultAuthorize = "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=a&response_type=code&state=thestate"
  15. 

  16. func TestNoClientID(t *testing.T) {
  17. 	prepareTestEnv(t)
  18. 	req := NewRequest(t, "GET", "/login/oauth/authorize")
  19. 	ctx := loginUser(t, "user2")
  20. 	ctx.MakeRequest(t, req, 400)
  21. }
  22. 

  23. func TestLoginRedirect(t *testing.T) {
  24. 	prepareTestEnv(t)
  25. 	req := NewRequest(t, "GET", "/login/oauth/authorize")
  26. 	assert.Contains(t, MakeRequest(t, req, 302).Body.String(), "/user/login")
  27. }
  28. 

  29. func TestShowAuthorize(t *testing.T) {
  30. 	prepareTestEnv(t)
  31. 	req := NewRequest(t, "GET", defaultAuthorize)
  32. 	ctx := loginUser(t, "user4")
  33. 	resp := ctx.MakeRequest(t, req, 200)
  34. 

  35. 	htmlDoc := NewHTMLParser(t, resp.Body)
  36. 	htmlDoc.AssertElement(t, "#authorize-app", true)
  37. 	htmlDoc.GetCSRF()
  38. }
  39. 

  40. func TestRedirectWithExistingGrant(t *testing.T) {
  41. 	prepareTestEnv(t)
  42. 	req := NewRequest(t, "GET", defaultAuthorize)
  43. 	ctx := loginUser(t, "user1")
  44. 	resp := ctx.MakeRequest(t, req, 302)
  45. 	u, err := resp.Result().Location()
  46. 	assert.NoError(t, err)
  47. 	assert.Equal(t, "thestate", u.Query().Get("state"))
  48. 	assert.Truef(t, len(u.Query().Get("code")) > 30, "authorization code '%s' should be longer then 30", u.Query().Get("code"))
  49. }
  50. 

  51. func TestAccessTokenExchange(t *testing.T) {
  52. 	prepareTestEnv(t)
  53. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
  54. 		"grant_type":    "authorization_code",
  55. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
  56. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
  57. 		"redirect_uri":  "a",
  58. 		"code":          "authcode",
  59. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  60. 	})
  61. 	resp := MakeRequest(t, req, 200)
  62. 	type response struct {
  63. 		AccessToken  string `json:"access_token"`
  64. 		TokenType    string `json:"token_type"`
  65. 		ExpiresIn    int64  `json:"expires_in"`
  66. 		RefreshToken string `json:"refresh_token"`
  67. 	}
  68. 	parsed := new(response)
  69. 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
  70. 	assert.True(t, len(parsed.AccessToken) > 10)
  71. 	assert.True(t, len(parsed.RefreshToken) > 10)
  72. }
  73. 

  74. func TestAccessTokenExchangeWithoutPKCE(t *testing.T) {
  75. 	prepareTestEnv(t)
  76. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
  77. 		"grant_type":    "authorization_code",
  78. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
  79. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
  80. 		"redirect_uri":  "a",
  81. 		"code":          "authcode",
  82. 	})
  83. 	MakeRequest(t, req, 400)
  84. }
  85. 

  86. func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
  87. 	prepareTestEnv(t)
  88. 	// invalid client id

  89. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
  90. 		"grant_type":    "authorization_code",
  91. 		"client_id":     "???",
  92. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
  93. 		"redirect_uri":  "a",
  94. 		"code":          "authcode",
  95. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  96. 	})
  97. 	MakeRequest(t, req, 400)
  98. 	// invalid client secret

  99. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
  100. 		"grant_type":    "authorization_code",
  101. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
  102. 		"client_secret": "???",
  103. 		"redirect_uri":  "a",
  104. 		"code":          "authcode",
  105. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  106. 	})
  107. 	MakeRequest(t, req, 400)
  108. 	// invalid redirect uri

  109. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
  110. 		"grant_type":    "authorization_code",
  111. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
  112. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
  113. 		"redirect_uri":  "???",
  114. 		"code":          "authcode",
  115. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  116. 	})
  117. 	MakeRequest(t, req, 400)
  118. 	// invalid authorization code

  119. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
  120. 		"grant_type":    "authorization_code",
  121. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
  122. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
  123. 		"redirect_uri":  "a",
  124. 		"code":          "???",
  125. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  126. 	})
  127. 	MakeRequest(t, req, 400)
  128. 	// invalid grant_type

  129. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
  130. 		"grant_type":    "???",
  131. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
  132. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
  133. 		"redirect_uri":  "a",
  134. 		"code":          "authcode",
  135. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  136. 	})
  137. 	MakeRequest(t, req, 400)
  138. }