func (suite *OauthTestSuite) TestHandleIntrospectInactiveToken() {
// Make a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.SetBasicAuth("test_client_1", "test_secret")
// With access token hint
r.PostForm = url.Values{
"token": {"unexisting_token"},
"token_type_hint": {oauth.AccessTokenHint},
}
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check response
testutil.TestResponseForError(
suite.T(),
w,
oauth.ErrAccessTokenNotFound.Error(),
404,
)
// With refresh token hint
r.PostForm = url.Values{
"token": {"unexisting_token"},
"token_type_hint": {oauth.RefreshTokenHint},
}
// Serve the request
w = httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check response
testutil.TestResponseForError(
suite.T(),
w,
oauth.ErrRefreshTokenNotFound.Error(),
404,
)
// Without token hint
r.PostForm = url.Values{
"token": {"unexisting_token"},
}
// Serve the request
w = httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check response
testutil.TestResponseForError(
suite.T(),
w,
oauth.ErrAccessTokenNotFound.Error(),
404,
)
}
func (suite *OauthTestSuite) TestHandleIntrospectMissingToken() {
// Make a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.SetBasicAuth("test_client_1", "test_secret")
r.PostForm = url.Values{}
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check response
testutil.TestResponseForError(
suite.T(),
w,
oauth.ErrTokenMissing.Error(),
400,
)
}
func (suite *OauthTestSuite) TestHandleIntrospectRefreshToken() {
// Insert a test refresh token with a user
refreshToken := &oauth.RefreshToken{
Token: "test_token_introspect_1",
ExpiresAt: time.Now().UTC().Add(+10 * time.Second),
Client: suite.clients[0],
User: suite.users[0],
Scope: "read_write",
}
err := suite.db.Create(refreshToken).Error
assert.NoError(suite.T(), err, "Inserting test data failed")
// Make a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.SetBasicAuth("test_client_1", "test_secret")
// With correct token hint
r.PostForm = url.Values{
"token": {refreshToken.Token},
"token_type_hint": {oauth.RefreshTokenHint},
}
// And serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check the response
expected, err := suite.service.NewIntrospectResponseFromRefreshToken(refreshToken)
assert.NoError(suite.T(), err)
testutil.TestResponseObject(suite.T(), w, expected, 200)
// With incorrect token hint
r.PostForm = url.Values{
"token": {refreshToken.Token},
"token_type_hint": {oauth.AccessTokenHint},
}
// Serve the request
w = httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check response
testutil.TestResponseForError(
suite.T(),
w,
oauth.ErrAccessTokenNotFound.Error(),
404,
)
// Without token hint
r.PostForm = url.Values{
"token": {refreshToken.Token},
}
// Serve the request
w = httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Check response
testutil.TestResponseForError(
suite.T(),
w,
oauth.ErrAccessTokenNotFound.Error(),
404,
)
}