Example #1
0
// example server web app
func testOAuth2Server(t *testing.T, baseURL, msg string) http.Handler {

	rtr := pat.New()

	// oauth2 manager
	m := oauth2.NewManager()

	type tempKey int
	const (
		testDB tempKey = iota
	)

	// define store factory for storage
	factory := store.NewFactory()
	factory.SetSource(testDB, defaultTestSrc())
	factory.Set(oauth2.KeyUser, testDB, oauth2.UserStoreProvider)
	factory.Set(oauth2.KeyClient, testDB, oauth2.ClientStoreProvider)
	factory.Set(oauth2.KeyAccess, testDB, oauth2.AccessDataStoreProvider)
	factory.Set(oauth2.KeyAuth, testDB, oauth2.AuthorizeDataStoreProvider)

	// router function
	rtrFunc := func(path string, methods []string, h http.Handler) error {
		for i := range methods {
			rtr.Add(methods[i], path, h)
		}
		return nil
	}

	// add oauth2 endpoints to router
	// ServeEndpoints bind OAuth2 endpoints to a given base path
	// Note: this is router specific and need to be generated somehow
	oauth2.Route(rtrFunc, baseURL, m.GetEndpoints(factory))

	// add a route the requires access
	rtr.Get("/content", func(w http.ResponseWriter, r *http.Request) {

		ctx := store.WithFactory(context.Background(), factory)
		ctx = oauth2.LoadTokenAccess(oauth2.UseToken(ctx, r))
		t.Logf("Dummy content page accessed")

		// obtain access
		a := oauth2.GetAccess(ctx)
		if a == nil {
			fmt.Fprint(w, "Unable to gain Access")
			return
		}

		// no news is good news
		fmt.Fprint(w, msg)
	})

	return rtr
}
Example #2
0
func TestGetAccess_Session(t *testing.T) {

	var err error

	// test oauth2 server (router only)
	testCtx := &testContext{
		password:     "password",
		t:            t,
		redirectBase: "https://test.foobar/example_app/",
		redirectURL:  "https://test.foobar/example_app/code",
		oauth2Path:   "/oauth2/dummy",
	}

	message := "Success"
	oauth2Srvr := testOAuth2Server(t, testCtx.oauth2Path, message)
	contentURL := "/content"

	// test oauth2 client app (router only)
	//redirectURL := "/application/redirect"

	// test store context
	type tempKey int
	const (
		testDB tempKey = iota
	)
	factory := store.NewFactory()
	factory.SetSource(testDB, defaultTestSrc())
	factory.Set(oauth2.KeyUser, testDB, oauth2.UserStoreProvider)
	factory.Set(oauth2.KeyClient, testDB, oauth2.ClientStoreProvider)
	factory.Set(oauth2.KeyAccess, testDB, oauth2.AccessDataStoreProvider)
	factory.Set(oauth2.KeyAuth, testDB, oauth2.AuthorizeDataStoreProvider)
	ctx := store.WithFactory(context.Background(), factory)
	defer store.CloseAllIn(ctx)

	// create dummy oauth client and user
	testCtx.client, testCtx.user = createStoreDummies(ctx,
		testCtx.password, testCtx.redirectBase)

	// run the code request
	testCtx.code, err = getCode(oauth2Srvr, getCodeRequest(testCtx))
	if err != nil {
		t.Errorf("getCode error (%#v)", err.Error())
		return
	}
	t.Logf("code:  %#v", testCtx.code)

	// get oauth2 token
	testCtx.token, err = getToken(oauth2Srvr, getTokenRequest(testCtx))
	if err != nil {
		t.Errorf("getToken error (%s)", err.Error())
		return
	}
	t.Logf("token: %#v", testCtx.token)

	if want, have := (*oauth2.AccessData)(nil), oauth2.GetAccess(ctx); want != have {
		t.Errorf("expected %#v, got %#v", want, have)
	}

	// middleware routine: WithAccess set context with proper token passed
	// test getting AccessData from supposed context with AccessData
	r := getContentRequest(testCtx.token, contentURL)
	ctx = oauth2.LoadTokenAccess(oauth2.UseToken(ctx, r))
	access := oauth2.GetAccess(ctx)
	if access == nil {
		t.Errorf("expected *AccessData, got %#v", access)
		return
	}

	if want, have := "", access.ID; want != have {
		t.Errorf("expect %#v, got %#v", want, have)
	}
	if access.ClientID == "" {
		t.Errorf("access.ClientId expected to be not empty")
	}
	if want, have := testCtx.token, access.AccessToken; want != have {
		t.Errorf("expect %#v, got %#v", want, have)
	}
	if want, have := testCtx.user.ID, access.UserID; want != have {
		t.Errorf("expect %#v, got %#v", want, have)
	}
	if access.UserData == nil {
		t.Error("expect access.UserData not nil")
	} else if want, have := testCtx.user.ID, access.UserData.(*oauth2.User).ID; want != have {
		t.Errorf("expect %#v, got %#v", want, have)
	}
	if access.RefreshToken == "" {
		t.Errorf("access.RefreshToken expected to be not empty")
	}

}