IndieAuth #25

Merged
h4kor merged 19 commits from auth into master 2022-11-07 19:38:21 +00:00
1 changed files with 33 additions and 2 deletions
Showing only changes of commit fa30d4fd8e - Show all commits

View File

@ -251,7 +251,7 @@ func TestAuthRedirectUriNotSet(t *testing.T) {
repo, user := getSingleUserTestRepo() repo, user := getSingleUserTestRepo()
repo.HttpClient = &mocks.MockHttpClient{} repo.HttpClient = &mocks.MockHttpClient{}
repo.Parser = &mocks.MockParseLinksHtmlParser{ repo.Parser = &mocks.MockParseLinksHtmlParser{
Links: []string{"http://example.com/response"}, Links: []string{"http://example2.com/response"},
} }
user.ResetPassword("testpassword") user.ResetPassword("testpassword")
@ -261,7 +261,7 @@ func TestAuthRedirectUriNotSet(t *testing.T) {
form := url.Values{} form := url.Values{}
form.Add("password", "wrongpassword") form.Add("password", "wrongpassword")
form.Add("client_id", "http://example.com") form.Add("client_id", "http://example.com")
form.Add("redirect_uri", "http://example.com/response_not_set") form.Add("redirect_uri", "http://example2.com/response_not_set")
form.Add("response_type", "code") form.Add("response_type", "code")
form.Add("state", "test_state") form.Add("state", "test_state")
form.Add("csrf_token", csrfToken) form.Add("csrf_token", csrfToken)
@ -308,3 +308,34 @@ func TestAuthRedirectUriSet(t *testing.T) {
assertions.AssertStatus(t, rr, http.StatusOK) assertions.AssertStatus(t, rr, http.StatusOK)
} }
func TestAuthRedirectUriSameHost(t *testing.T) {
repo, user := getSingleUserTestRepo()
repo.HttpClient = &mocks.MockHttpClient{}
repo.Parser = &mocks.MockParseLinksHtmlParser{
Links: []string{},
}
user.ResetPassword("testpassword")
csrfToken := "test_csrf_token"
// Create Request and Response
form := url.Values{}
form.Add("password", "wrongpassword")
form.Add("client_id", "http://example.com")
form.Add("redirect_uri", "http://example.com/response")
form.Add("response_type", "code")
form.Add("state", "test_state")
form.Add("csrf_token", csrfToken)
req, err := http.NewRequest("GET", user.AuthUrl()+"?"+form.Encode(), nil)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
req.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
assertions.AssertNoError(t, err, "Error creating request")
rr := httptest.NewRecorder()
router := main.SingleUserRouter(&repo)
router.ServeHTTP(rr, req)
assertions.AssertStatus(t, rr, http.StatusOK)
}