Exemplo n.º 1
0
func (suite *OauthTestSuite) TestHandleIntrospectInactiveToken() {
	// Make a request
	r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.SetBasicAuth("test_client_1", "test_secret")

	// With access token hint
	r.PostForm = url.Values{
		"token":           {"unexisting_token"},
		"token_type_hint": {oauth.AccessTokenHint},
	}

	// And serve the request
	w := httptest.NewRecorder()
	suite.router.ServeHTTP(w, r)

	// Check response
	testutil.TestResponseForError(
		suite.T(),
		w,
		oauth.ErrAccessTokenNotFound.Error(),
		404,
	)

	// With refresh token hint
	r.PostForm = url.Values{
		"token":           {"unexisting_token"},
		"token_type_hint": {oauth.RefreshTokenHint},
	}

	// Serve the request
	w = httptest.NewRecorder()
	suite.router.ServeHTTP(w, r)

	// Check response
	testutil.TestResponseForError(
		suite.T(),
		w,
		oauth.ErrRefreshTokenNotFound.Error(),
		404,
	)

	// Without token hint
	r.PostForm = url.Values{
		"token": {"unexisting_token"},
	}

	// Serve the request
	w = httptest.NewRecorder()
	suite.router.ServeHTTP(w, r)

	// Check response
	testutil.TestResponseForError(
		suite.T(),
		w,
		oauth.ErrAccessTokenNotFound.Error(),
		404,
	)
}
Exemplo n.º 2
0
func (suite *OauthTestSuite) TestHandleIntrospectMissingToken() {
	// Make a request
	r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.SetBasicAuth("test_client_1", "test_secret")
	r.PostForm = url.Values{}

	// And serve the request
	w := httptest.NewRecorder()
	suite.router.ServeHTTP(w, r)

	// Check response
	testutil.TestResponseForError(
		suite.T(),
		w,
		oauth.ErrTokenMissing.Error(),
		400,
	)
}
Exemplo n.º 3
0
func (suite *OauthTestSuite) TestHandleIntrospectRefreshToken() {
	// Insert a test refresh token with a user
	refreshToken := &oauth.RefreshToken{
		Token:     "test_token_introspect_1",
		ExpiresAt: time.Now().UTC().Add(+10 * time.Second),
		Client:    suite.clients[0],
		User:      suite.users[0],
		Scope:     "read_write",
	}
	err := suite.db.Create(refreshToken).Error
	assert.NoError(suite.T(), err, "Inserting test data failed")

	// Make a request
	r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil)
	assert.NoError(suite.T(), err, "Request setup should not get an error")
	r.SetBasicAuth("test_client_1", "test_secret")

	// With correct token hint
	r.PostForm = url.Values{
		"token":           {refreshToken.Token},
		"token_type_hint": {oauth.RefreshTokenHint},
	}

	// And serve the request
	w := httptest.NewRecorder()
	suite.router.ServeHTTP(w, r)

	// Check the response
	expected, err := suite.service.NewIntrospectResponseFromRefreshToken(refreshToken)
	assert.NoError(suite.T(), err)
	testutil.TestResponseObject(suite.T(), w, expected, 200)

	// With incorrect token hint
	r.PostForm = url.Values{
		"token":           {refreshToken.Token},
		"token_type_hint": {oauth.AccessTokenHint},
	}

	// Serve the request
	w = httptest.NewRecorder()
	suite.router.ServeHTTP(w, r)

	// Check response
	testutil.TestResponseForError(
		suite.T(),
		w,
		oauth.ErrAccessTokenNotFound.Error(),
		404,
	)

	// Without token hint
	r.PostForm = url.Values{
		"token": {refreshToken.Token},
	}

	// Serve the request
	w = httptest.NewRecorder()
	suite.router.ServeHTTP(w, r)

	// Check response
	testutil.TestResponseForError(
		suite.T(),
		w,
		oauth.ErrAccessTokenNotFound.Error(),
		404,
	)
}