func TestAll(t *testing.T) {
//secret handler
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte(`hello world`))
})
//protect with cookieauth
ca := New()
ca.SetUserPass("foo", "bar")
// ca.SetLogger(log.New(os.Stdout, "", log.LstdFlags))
protected := ca.Wrap(handler)
//start server
server := httptest.NewServer(protected)
defer server.Close()
//begin
e := httpexpect.New(t, server.URL)
e.GET("/").Expect().Status(http.StatusUnauthorized)
e.GET("/").WithBasicAuth("bazz", "bar").Expect().Status(http.StatusUnauthorized)
c := e.GET("/").WithBasicAuth("foo", "bar").Expect().Status(http.StatusOK).Cookie("cookieauth")
e.GET("/").WithCookie("cookieauth", "incorrect").Expect().Status(http.StatusUnauthorized)
e.GET("/").WithCookie("cookieauth", c.Value().Raw()).Expect().Status(http.StatusOK)
ca.SetUserPass("zip", "zop")
e.GET("/").WithCookie("cookieauth", c.Value().Raw()).Expect().Status(http.StatusUnauthorized)
c = e.GET("/").WithBasicAuth("zip", "zop").Expect().Status(http.StatusOK).Cookie("cookieauth")
e.GET("/").WithCookie("cookieauth", c.Value().Raw()).Expect().Status(http.StatusOK)
}
func TestPasswordCredentials(t *testing.T) {
tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
testServer(t, w, r)
}))
defer tsrv.Close()
e := httpexpect.New(t, tsrv.URL)
manager.MapClientStorage(clientStore(""))
srv = server.NewServer(server.NewConfig(), manager)
srv.SetPasswordAuthorizationHandler(func(username, password string) (userID string, err error) {
if username == "admin" && password == "123456" {
userID = "000000"
return
}
err = errors.New("user not found")
return
})
val := e.POST("/token").
WithFormField("grant_type", "password").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithFormField("username", "admin").
WithFormField("password", "123456").
WithFormField("scope", "all").
Expect().
Status(http.StatusOK).
JSON().Raw()
t.Log(val)
}
func TestImplicit(t *testing.T) {
tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
testServer(t, w, r)
}))
defer tsrv.Close()
e := httpexpect.New(t, tsrv.URL)
csrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
defer csrv.Close()
manager.MapClientStorage(clientStore(csrv.URL))
srv = server.NewServer(server.NewConfig(), manager)
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
userID = "000000"
return
})
e.GET("/authorize").
WithQuery("response_type", "token").
WithQuery("client_id", clientID).
WithQuery("scope", "all").
WithQuery("state", "123").
WithQuery("redirect_uri", url.QueryEscape(csrv.URL+"/oauth2")).
Expect().Status(http.StatusOK)
}
func TestFruits(t *testing.T) {
handler := FruitServer()
server := httptest.NewServer(handler)
defer server.Close()
e := httpexpect.New(t, server.URL)
e.GET("/fruits").
Expect().
Status(http.StatusOK).JSON().Array().Empty()
orange := map[string]interface{}{
"weight": 100,
}
e.PUT("/fruits/orange").WithJSON(orange).
Expect().
Status(http.StatusNoContent).NoContent()
apple := map[string]interface{}{
"colors": []interface{}{"green", "red"},
"weight": 200,
}
e.PUT("/fruits/apple").WithJSON(apple).
Expect().
Status(http.StatusNoContent).NoContent()
e.GET("/fruits").
Expect().
Status(http.StatusOK).JSON().Array().ContainsOnly("orange", "apple")
e.GET("/fruits/orange").
Expect().
Status(http.StatusOK).JSON().Object().Equal(orange).NotEqual(apple)
e.GET("/fruits/orange").
Expect().
Status(http.StatusOK).
JSON().Object().ContainsKey("weight").ValueEqual("weight", 100)
obj := e.GET("/fruits/apple").
Expect().
Status(http.StatusOK).JSON().Object()
obj.Keys().ContainsOnly("colors", "weight")
obj.Value("colors").Array().Elements("green", "red")
obj.Value("colors").Array().Element(0).String().Equal("green")
obj.Value("colors").Array().Element(1).String().Equal("red")
obj.Value("weight").Number().Equal(200)
e.GET("/fruits/melon").
Expect().
Status(http.StatusNotFound)
}
func TestRefreshing(t *testing.T) {
tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
testServer(t, w, r)
}))
defer tsrv.Close()
e := httpexpect.New(t, tsrv.URL)
csrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
case "/oauth2":
r.ParseForm()
code, state := r.Form.Get("code"), r.Form.Get("state")
if state != "123" {
t.Error("unrecognized state:", state)
return
}
jval := e.POST("/token").
WithFormField("redirect_uri", csrv.URL+"/oauth2").
WithFormField("code", code).
WithFormField("grant_type", "authorization_code").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
Expect().
Status(http.StatusOK).
JSON()
refresh := jval.Object().Value("refresh_token").String().Raw()
rval := e.POST("/token").
WithFormField("grant_type", "refreshtoken").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithFormField("scope", "one").
WithFormField("refresh_token", refresh).
Expect().
Status(http.StatusOK).
JSON().Raw()
t.Log(rval)
}
}))
defer csrv.Close()
manager.MapClientStorage(clientStore(csrv.URL))
srv = server.NewServer(server.NewConfig(), manager)
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
userID = "000000"
return
})
e.GET("/authorize").
WithQuery("response_type", "code").
WithQuery("client_id", clientID).
WithQuery("scope", "all").
WithQuery("state", "123").
WithQuery("redirect_uri", url.QueryEscape(csrv.URL+"/oauth2")).
Expect().Status(http.StatusOK)
}
func TestClientCredentials(t *testing.T) {
tsrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
testServer(t, w, r)
}))
defer tsrv.Close()
e := httpexpect.New(t, tsrv.URL)
manager.MapClientStorage(clientStore(""))
srv = server.NewServer(server.NewConfig(), manager)
val := e.POST("/token").
WithFormField("grant_type", "clientcredentials").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithFormField("scope", "all").
Expect().
Status(http.StatusOK).
JSON().Raw()
t.Log(val)
}