don't reject multiple acces tokens
This commit is contained in:
parent
1039a905bc
commit
abc11e112f
|
@ -267,29 +267,11 @@ func userMicropubHandler(repo *owl.Repository) func(http.ResponseWriter, *http.R
|
|||
}
|
||||
|
||||
// verify access token
|
||||
header_token := r.Header.Get("Authorization")
|
||||
form_token := r.Form.Get("access_token")
|
||||
if header_token != "" {
|
||||
header_token = strings.TrimPrefix(header_token, "Bearer ")
|
||||
}
|
||||
|
||||
if header_token == "" && form_token == "" {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
w.Write([]byte("Unauthorized"))
|
||||
return
|
||||
}
|
||||
|
||||
if header_token != "" && form_token != "" {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
w.Write([]byte("Multiple access tokens provided"))
|
||||
return
|
||||
}
|
||||
|
||||
var token string
|
||||
if header_token != "" {
|
||||
token = header_token
|
||||
token := r.Header.Get("Authorization")
|
||||
if token == "" {
|
||||
token = r.Form.Get("access_token")
|
||||
} else {
|
||||
token = form_token
|
||||
token = strings.TrimPrefix(token, "Bearer ")
|
||||
}
|
||||
|
||||
valid, _ := user.ValidateAccessToken(token)
|
||||
|
|
|
@ -116,14 +116,48 @@ func TestMicropubAccessTokenInBody(t *testing.T) {
|
|||
assertions.Assert(t, loc_header != "", "Location header should be set")
|
||||
}
|
||||
|
||||
func TestMicropubAccessTokenInBoth(t *testing.T) {
|
||||
// func TestMicropubAccessTokenInBoth(t *testing.T) {
|
||||
// repo, user := getSingleUserTestRepo()
|
||||
// user.ResetPassword("testpassword")
|
||||
|
||||
// code, _ := user.GenerateAuthCode(
|
||||
// "test", "test", "test", "test", "test",
|
||||
// )
|
||||
// token, _, _ := user.GenerateAccessToken(owl.AuthCode{
|
||||
// Code: code,
|
||||
// ClientId: "test",
|
||||
// RedirectUri: "test",
|
||||
// CodeChallenge: "test",
|
||||
// CodeChallengeMethod: "test",
|
||||
// Scope: "test",
|
||||
// })
|
||||
|
||||
// // Create Request and Response
|
||||
// form := url.Values{}
|
||||
// form.Add("h", "entry")
|
||||
// form.Add("content", "Test Content")
|
||||
// form.Add("access_token", token)
|
||||
|
||||
// req, err := http.NewRequest("POST", user.MicropubUrl(), strings.NewReader(form.Encode()))
|
||||
// req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
// req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
|
||||
// req.Header.Add("Authorization", "Bearer "+token)
|
||||
// assertions.AssertNoError(t, err, "Error creating request")
|
||||
// rr := httptest.NewRecorder()
|
||||
// router := main.SingleUserRouter(&repo)
|
||||
// router.ServeHTTP(rr, req)
|
||||
|
||||
// assertions.AssertStatus(t, rr, http.StatusBadRequest)
|
||||
// }
|
||||
|
||||
func TestMicropubNoAccessToken(t *testing.T) {
|
||||
repo, user := getSingleUserTestRepo()
|
||||
user.ResetPassword("testpassword")
|
||||
|
||||
code, _ := user.GenerateAuthCode(
|
||||
"test", "test", "test", "test", "test",
|
||||
)
|
||||
token, _, _ := user.GenerateAccessToken(owl.AuthCode{
|
||||
user.GenerateAccessToken(owl.AuthCode{
|
||||
Code: code,
|
||||
ClientId: "test",
|
||||
RedirectUri: "test",
|
||||
|
@ -136,16 +170,14 @@ func TestMicropubAccessTokenInBoth(t *testing.T) {
|
|||
form := url.Values{}
|
||||
form.Add("h", "entry")
|
||||
form.Add("content", "Test Content")
|
||||
form.Add("access_token", token)
|
||||
|
||||
req, err := http.NewRequest("POST", user.MicropubUrl(), strings.NewReader(form.Encode()))
|
||||
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
|
||||
req.Header.Add("Authorization", "Bearer "+token)
|
||||
assertions.AssertNoError(t, err, "Error creating request")
|
||||
rr := httptest.NewRecorder()
|
||||
router := main.SingleUserRouter(&repo)
|
||||
router.ServeHTTP(rr, req)
|
||||
|
||||
assertions.AssertStatus(t, rr, http.StatusBadRequest)
|
||||
assertions.AssertStatus(t, rr, http.StatusUnauthorized)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue