func TestAll(t *testing.T) {
	//secret handler
	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte(`hello world`))
	})
	//protect with cookieauth
	ca := New()
	ca.SetUserPass("foo", "bar")
	// ca.SetLogger(log.New(os.Stdout, "", log.LstdFlags))
	protected := ca.Wrap(handler)
	//start server
	server := httptest.NewServer(protected)
	defer server.Close()
	//begin
	e := httpexpect.New(t, server.URL)
	e.GET("/").Expect().Status(http.StatusUnauthorized)
	e.GET("/").WithBasicAuth("bazz", "bar").Expect().Status(http.StatusUnauthorized)
	c := e.GET("/").WithBasicAuth("foo", "bar").Expect().Status(http.StatusOK).Cookie("cookieauth")
	e.GET("/").WithCookie("cookieauth", "incorrect").Expect().Status(http.StatusUnauthorized)
	e.GET("/").WithCookie("cookieauth", c.Value().Raw()).Expect().Status(http.StatusOK)
	ca.SetUserPass("zip", "zop")
	e.GET("/").WithCookie("cookieauth", c.Value().Raw()).Expect().Status(http.StatusUnauthorized)
	c = e.GET("/").WithBasicAuth("zip", "zop").Expect().Status(http.StatusOK).Cookie("cookieauth")
	e.GET("/").WithCookie("cookieauth", c.Value().Raw()).Expect().Status(http.StatusOK)
}
Exemple #2
0
func TestPasswordCredentials(t *testing.T) {
	tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		testServer(t, w, r)
	}))
	defer tsrv.Close()
	e := httpexpect.New(t, tsrv.URL)

	manager.MapClientStorage(clientStore(""))
	srv = server.NewServer(server.NewConfig(), manager)
	srv.SetPasswordAuthorizationHandler(func(username, password string) (userID string, err error) {
		if username == "admin" && password == "123456" {
			userID = "000000"
			return
		}
		err = errors.New("user not found")
		return
	})

	val := e.POST("/token").
		WithFormField("grant_type", "password").
		WithFormField("client_id", clientID).
		WithFormField("client_secret", clientSecret).
		WithFormField("username", "admin").
		WithFormField("password", "123456").
		WithFormField("scope", "all").
		Expect().
		Status(http.StatusOK).
		JSON().Raw()

	t.Log(val)
}
Exemple #3
0
func TestImplicit(t *testing.T) {
	tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		testServer(t, w, r)
	}))
	defer tsrv.Close()
	e := httpexpect.New(t, tsrv.URL)

	csrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
	defer csrv.Close()

	manager.MapClientStorage(clientStore(csrv.URL))
	srv = server.NewServer(server.NewConfig(), manager)
	srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
		userID = "000000"
		return
	})

	e.GET("/authorize").
		WithQuery("response_type", "token").
		WithQuery("client_id", clientID).
		WithQuery("scope", "all").
		WithQuery("state", "123").
		WithQuery("redirect_uri", url.QueryEscape(csrv.URL+"/oauth2")).
		Expect().Status(http.StatusOK)
}
Exemple #4
0
func TestFruits(t *testing.T) {
	handler := FruitServer()

	server := httptest.NewServer(handler)
	defer server.Close()

	e := httpexpect.New(t, server.URL)

	e.GET("/fruits").
		Expect().
		Status(http.StatusOK).JSON().Array().Empty()

	orange := map[string]interface{}{
		"weight": 100,
	}

	e.PUT("/fruits/orange").WithJSON(orange).
		Expect().
		Status(http.StatusNoContent).NoContent()

	apple := map[string]interface{}{
		"colors": []interface{}{"green", "red"},
		"weight": 200,
	}

	e.PUT("/fruits/apple").WithJSON(apple).
		Expect().
		Status(http.StatusNoContent).NoContent()

	e.GET("/fruits").
		Expect().
		Status(http.StatusOK).JSON().Array().ContainsOnly("orange", "apple")

	e.GET("/fruits/orange").
		Expect().
		Status(http.StatusOK).JSON().Object().Equal(orange).NotEqual(apple)

	e.GET("/fruits/orange").
		Expect().
		Status(http.StatusOK).
		JSON().Object().ContainsKey("weight").ValueEqual("weight", 100)

	obj := e.GET("/fruits/apple").
		Expect().
		Status(http.StatusOK).JSON().Object()

	obj.Keys().ContainsOnly("colors", "weight")

	obj.Value("colors").Array().Elements("green", "red")
	obj.Value("colors").Array().Element(0).String().Equal("green")
	obj.Value("colors").Array().Element(1).String().Equal("red")

	obj.Value("weight").Number().Equal(200)

	e.GET("/fruits/melon").
		Expect().
		Status(http.StatusNotFound)
}
Exemple #5
0
func TestRefreshing(t *testing.T) {
	tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		testServer(t, w, r)
	}))
	defer tsrv.Close()
	e := httpexpect.New(t, tsrv.URL)

	csrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		switch r.URL.Path {
		case "/oauth2":
			r.ParseForm()
			code, state := r.Form.Get("code"), r.Form.Get("state")
			if state != "123" {
				t.Error("unrecognized state:", state)
				return
			}
			jval := e.POST("/token").
				WithFormField("redirect_uri", csrv.URL+"/oauth2").
				WithFormField("code", code).
				WithFormField("grant_type", "authorization_code").
				WithFormField("client_id", clientID).
				WithFormField("client_secret", clientSecret).
				Expect().
				Status(http.StatusOK).
				JSON()

			refresh := jval.Object().Value("refresh_token").String().Raw()
			rval := e.POST("/token").
				WithFormField("grant_type", "refreshtoken").
				WithFormField("client_id", clientID).
				WithFormField("client_secret", clientSecret).
				WithFormField("scope", "one").
				WithFormField("refresh_token", refresh).
				Expect().
				Status(http.StatusOK).
				JSON().Raw()

			t.Log(rval)
		}
	}))
	defer csrv.Close()

	manager.MapClientStorage(clientStore(csrv.URL))
	srv = server.NewServer(server.NewConfig(), manager)
	srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
		userID = "000000"
		return
	})

	e.GET("/authorize").
		WithQuery("response_type", "code").
		WithQuery("client_id", clientID).
		WithQuery("scope", "all").
		WithQuery("state", "123").
		WithQuery("redirect_uri", url.QueryEscape(csrv.URL+"/oauth2")).
		Expect().Status(http.StatusOK)
}
Exemple #6
0
func TestClientCredentials(t *testing.T) {
	tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		testServer(t, w, r)
	}))
	defer tsrv.Close()
	e := httpexpect.New(t, tsrv.URL)

	manager.MapClientStorage(clientStore(""))
	srv = server.NewServer(server.NewConfig(), manager)

	val := e.POST("/token").
		WithFormField("grant_type", "clientcredentials").
		WithFormField("client_id", clientID).
		WithFormField("client_secret", clientSecret).
		WithFormField("scope", "all").
		Expect().
		Status(http.StatusOK).
		JSON().Raw()

	t.Log(val)
}