124 lines
4.3 KiB
Go
124 lines
4.3 KiB
Go
package web_test
|
|
|
|
import (
|
|
"encoding/json"
|
|
main "h4kor/owl-blogs/cmd/owl/web"
|
|
"h4kor/owl-blogs/priv/assertions"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestAuthPostWrongPassword(t *testing.T) {
|
|
repo, user := getSingleUserTestRepo()
|
|
user.ResetPassword("testpassword")
|
|
|
|
csrfToken := "test_csrf_token"
|
|
|
|
// Create Request and Response
|
|
form := url.Values{}
|
|
form.Add("password", "wrongpassword")
|
|
form.Add("client_id", "http://example.com")
|
|
form.Add("redirect_uri", "http://example.com/response")
|
|
form.Add("response_type", "code")
|
|
form.Add("state", "test_state")
|
|
form.Add("csrf_token", csrfToken)
|
|
|
|
req, err := http.NewRequest("POST", user.AuthUrl()+"verify/", strings.NewReader(form.Encode()))
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
|
|
req.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
assertions.AssertNoError(t, err, "Error creating request")
|
|
rr := httptest.NewRecorder()
|
|
router := main.SingleUserRouter(&repo)
|
|
router.ServeHTTP(rr, req)
|
|
|
|
assertions.AssertStatus(t, rr, http.StatusFound)
|
|
assertions.AssertContains(t, rr.Header().Get("Location"), "error=invalid_password")
|
|
}
|
|
|
|
func TestAuthPostCorrectPassword(t *testing.T) {
|
|
repo, user := getSingleUserTestRepo()
|
|
user.ResetPassword("testpassword")
|
|
|
|
csrfToken := "test_csrf_token"
|
|
|
|
// Create Request and Response
|
|
form := url.Values{}
|
|
form.Add("password", "testpassword")
|
|
form.Add("client_id", "http://example.com")
|
|
form.Add("redirect_uri", "http://example.com/response")
|
|
form.Add("response_type", "code")
|
|
form.Add("state", "test_state")
|
|
form.Add("csrf_token", csrfToken)
|
|
req, err := http.NewRequest("POST", user.AuthUrl()+"verify/", strings.NewReader(form.Encode()))
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
|
|
req.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
|
assertions.AssertNoError(t, err, "Error creating request")
|
|
rr := httptest.NewRecorder()
|
|
router := main.SingleUserRouter(&repo)
|
|
router.ServeHTTP(rr, req)
|
|
|
|
assertions.AssertStatus(t, rr, http.StatusFound)
|
|
assertions.AssertContains(t, rr.Header().Get("Location"), "code=")
|
|
assertions.AssertContains(t, rr.Header().Get("Location"), "state=test_state")
|
|
assertions.AssertContains(t, rr.Header().Get("Location"), "http://example.com/response")
|
|
}
|
|
|
|
func TestAuthPostWithIncorrectCode(t *testing.T) {
|
|
repo, user := getSingleUserTestRepo()
|
|
user.ResetPassword("testpassword")
|
|
user.GenerateAuthCode("http://example.com", "http://example.com/response")
|
|
|
|
// Create Request and Response
|
|
form := url.Values{}
|
|
form.Add("code", "wrongcode")
|
|
form.Add("client_id", "http://example.com")
|
|
form.Add("redirect_uri", "http://example.com/response")
|
|
form.Add("grant_type", "authorization_code")
|
|
req, err := http.NewRequest("POST", user.AuthUrl(), strings.NewReader(form.Encode()))
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
|
|
assertions.AssertNoError(t, err, "Error creating request")
|
|
rr := httptest.NewRecorder()
|
|
router := main.SingleUserRouter(&repo)
|
|
router.ServeHTTP(rr, req)
|
|
|
|
assertions.AssertStatus(t, rr, http.StatusUnauthorized)
|
|
}
|
|
|
|
func TestAuthPostWithCorrectCode(t *testing.T) {
|
|
repo, user := getSingleUserTestRepo()
|
|
user.ResetPassword("testpassword")
|
|
code, _ := user.GenerateAuthCode("http://example.com", "http://example.com/response")
|
|
|
|
// Create Request and Response
|
|
form := url.Values{}
|
|
form.Add("code", code)
|
|
form.Add("client_id", "http://example.com")
|
|
form.Add("redirect_uri", "http://example.com/response")
|
|
form.Add("grant_type", "authorization_code")
|
|
req, err := http.NewRequest("POST", user.AuthUrl(), strings.NewReader(form.Encode()))
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
|
|
req.Header.Add("Accept", "application/json")
|
|
assertions.AssertNoError(t, err, "Error creating request")
|
|
rr := httptest.NewRecorder()
|
|
router := main.SingleUserRouter(&repo)
|
|
router.ServeHTTP(rr, req)
|
|
|
|
assertions.AssertStatus(t, rr, http.StatusOK)
|
|
// parse response as json
|
|
type responseType struct {
|
|
Me string `json:"me"`
|
|
}
|
|
var response responseType
|
|
json.Unmarshal(rr.Body.Bytes(), &response)
|
|
assertions.AssertEqual(t, response.Me, user.FullUrl())
|
|
|
|
}
|