// example server web app
func testOAuth2Server(t *testing.T, baseURL, msg string) http.Handler {
rtr := pat.New()
// oauth2 manager
m := oauth2.NewManager()
type tempKey int
const (
testDB tempKey = iota
)
// define store factory for storage
factory := store.NewFactory()
factory.SetSource(testDB, defaultTestSrc())
factory.Set(oauth2.KeyUser, testDB, oauth2.UserStoreProvider)
factory.Set(oauth2.KeyClient, testDB, oauth2.ClientStoreProvider)
factory.Set(oauth2.KeyAccess, testDB, oauth2.AccessDataStoreProvider)
factory.Set(oauth2.KeyAuth, testDB, oauth2.AuthorizeDataStoreProvider)
// router function
rtrFunc := func(path string, methods []string, h http.Handler) error {
for i := range methods {
rtr.Add(methods[i], path, h)
}
return nil
}
// add oauth2 endpoints to router
// ServeEndpoints bind OAuth2 endpoints to a given base path
// Note: this is router specific and need to be generated somehow
oauth2.Route(rtrFunc, baseURL, m.GetEndpoints(factory))
// add a route the requires access
rtr.Get("/content", func(w http.ResponseWriter, r *http.Request) {
ctx := store.WithFactory(context.Background(), factory)
ctx = oauth2.LoadTokenAccess(oauth2.UseToken(ctx, r))
t.Logf("Dummy content page accessed")
// obtain access
a := oauth2.GetAccess(ctx)
if a == nil {
fmt.Fprint(w, "Unable to gain Access")
return
}
// no news is good news
fmt.Fprint(w, msg)
})
return rtr
}
func TestGetAccess_Session(t *testing.T) {
var err error
// test oauth2 server (router only)
testCtx := &testContext{
password: "******",
t: t,
redirectBase: "https://test.foobar/example_app/",
redirectURL: "https://test.foobar/example_app/code",
oauth2Path: "/oauth2/dummy",
}
message := "Success"
oauth2Srvr := testOAuth2Server(t, testCtx.oauth2Path, message)
contentURL := "/content"
// test oauth2 client app (router only)
//redirectURL := "/application/redirect"
// test store context
type tempKey int
const (
testDB tempKey = iota
)
factory := store.NewFactory()
factory.SetSource(testDB, defaultTestSrc())
factory.Set(oauth2.KeyUser, testDB, oauth2.UserStoreProvider)
factory.Set(oauth2.KeyClient, testDB, oauth2.ClientStoreProvider)
factory.Set(oauth2.KeyAccess, testDB, oauth2.AccessDataStoreProvider)
factory.Set(oauth2.KeyAuth, testDB, oauth2.AuthorizeDataStoreProvider)
ctx := store.WithFactory(context.Background(), factory)
defer store.CloseAllIn(ctx)
// create dummy oauth client and user
testCtx.client, testCtx.user = createStoreDummies(ctx,
testCtx.password, testCtx.redirectBase)
// run the code request
testCtx.code, err = getCode(oauth2Srvr, getCodeRequest(testCtx))
if err != nil {
t.Errorf("getCode error (%#v)", err.Error())
return
}
t.Logf("code: %#v", testCtx.code)
// get oauth2 token
testCtx.token, err = getToken(oauth2Srvr, getTokenRequest(testCtx))
if err != nil {
t.Errorf("getToken error (%s)", err.Error())
return
}
t.Logf("token: %#v", testCtx.token)
if want, have := (*oauth2.AccessData)(nil), oauth2.GetAccess(ctx); want != have {
t.Errorf("expected %#v, got %#v", want, have)
}
// middleware routine: WithAccess set context with proper token passed
// test getting AccessData from supposed context with AccessData
r := getContentRequest(testCtx.token, contentURL)
ctx = oauth2.LoadTokenAccess(oauth2.UseToken(ctx, r))
access := oauth2.GetAccess(ctx)
if access == nil {
t.Errorf("expected *AccessData, got %#v", access)
return
}
if want, have := "", access.ID; want != have {
t.Errorf("expect %#v, got %#v", want, have)
}
if access.ClientID == "" {
t.Errorf("access.ClientId expected to be not empty")
}
if want, have := testCtx.token, access.AccessToken; want != have {
t.Errorf("expect %#v, got %#v", want, have)
}
if want, have := testCtx.user.ID, access.UserID; want != have {
t.Errorf("expect %#v, got %#v", want, have)
}
if access.UserData == nil {
t.Error("expect access.UserData not nil")
} else if want, have := testCtx.user.ID, access.UserData.(*oauth2.User).ID; want != have {
t.Errorf("expect %#v, got %#v", want, have)
}
if access.RefreshToken == "" {
t.Errorf("access.RefreshToken expected to be not empty")
}
}