func (suite *OauthTestSuite) TestClientCredentialsGrant() {
// Prepare a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.SetBasicAuth("test_client_1", "test_secret")
r.PostForm = url.Values{
"grant_type": {"client_credentials"},
"scope": {"read_write"},
}
// Serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Fetch data
accessToken := new(models.OauthAccessToken)
assert.False(suite.T(), models.OauthAccessTokenPreload(suite.db).
Last(accessToken).RecordNotFound())
// Check the response
expected := &oauth.AccessTokenResponse{
AccessToken: accessToken.Token,
ExpiresIn: 3600,
TokenType: tokentypes.Bearer,
Scope: "read_write",
}
testutil.TestResponseObject(suite.T(), w, expected, 200)
// Client credentials grant does not produce refresh token
assert.True(suite.T(), models.OauthRefreshTokenPreload(suite.db).
First(new(models.OauthRefreshToken)).RecordNotFound())
}
func (suite *OauthTestSuite) TestPasswordGrant() {
// Prepare a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.SetBasicAuth("test_client_1", "test_secret")
r.PostForm = url.Values{
"grant_type": {"password"},
"username": {"test@user"},
"password": {"test_password"},
"scope": {"read_write"},
}
// Serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Fetch data
accessToken, refreshToken := new(models.OauthAccessToken), new(models.OauthRefreshToken)
assert.False(suite.T(), models.OauthAccessTokenPreload(suite.db).
Last(accessToken).RecordNotFound())
assert.False(suite.T(), models.OauthRefreshTokenPreload(suite.db).
Last(refreshToken).RecordNotFound())
// Check the response
expected := &oauth.AccessTokenResponse{
UserID: accessToken.User.MetaUserID,
AccessToken: accessToken.Token,
ExpiresIn: 3600,
TokenType: tokentypes.Bearer,
Scope: "read_write",
RefreshToken: refreshToken.Token,
}
testutil.TestResponseObject(suite.T(), w, expected, 200)
}
func (suite *OauthTestSuite) TestAuthorizationCodeGrant() {
// Insert a test authorization code
err := suite.db.Create(&models.OauthAuthorizationCode{
Code: "test_code",
ExpiresAt: time.Now().UTC().Add(+10 * time.Second),
Client: suite.clients[0],
User: suite.users[0],
RedirectURI: util.StringOrNull("https://www.example.com"),
Scope: "read_write",
}).Error
assert.NoError(suite.T(), err, "Inserting test data failed")
// Prepare a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.SetBasicAuth("test_client_1", "test_secret")
r.PostForm = url.Values{
"grant_type": {"authorization_code"},
"code": {"test_code"},
"redirect_uri": {"https://www.example.com"},
}
// Serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Fetch data
accessToken, refreshToken := new(models.OauthAccessToken), new(models.OauthRefreshToken)
assert.False(suite.T(), models.OauthAccessTokenPreload(suite.db).
Last(accessToken).RecordNotFound())
assert.False(suite.T(), models.OauthRefreshTokenPreload(suite.db).
Last(refreshToken).RecordNotFound())
// Check the response
expected := &oauth.AccessTokenResponse{
UserID: accessToken.User.MetaUserID,
AccessToken: accessToken.Token,
ExpiresIn: 3600,
TokenType: tokentypes.Bearer,
Scope: "read_write",
RefreshToken: refreshToken.Token,
}
testutil.TestResponseObject(suite.T(), w, expected, 200)
// The authorization code should get deleted after use
assert.True(suite.T(), suite.db.Unscoped().
First(new(models.OauthAuthorizationCode)).RecordNotFound())
}
func (suite *OauthTestSuite) TestRefreshTokenGrant() {
// Insert a test refresh token
err := suite.db.Create(&models.OauthRefreshToken{
Token: "test_token",
ExpiresAt: time.Now().UTC().Add(+10 * time.Second),
Client: suite.clients[0],
User: suite.users[0],
Scope: "read_write",
}).Error
assert.NoError(suite.T(), err, "Inserting test data failed")
// Make a request
r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil)
assert.NoError(suite.T(), err, "Request setup should not get an error")
r.SetBasicAuth("test_client_1", "test_secret")
r.PostForm = url.Values{
"grant_type": {"refresh_token"},
"refresh_token": {"test_token"},
"scope": {"read_write"},
}
// Serve the request
w := httptest.NewRecorder()
suite.router.ServeHTTP(w, r)
// Fetch data
accessToken := new(models.OauthAccessToken)
assert.False(suite.T(), models.OauthAccessTokenPreload(suite.db).
Last(accessToken).RecordNotFound())
// Check the response
expected := &oauth.AccessTokenResponse{
UserID: accessToken.User.MetaUserID,
AccessToken: accessToken.Token,
ExpiresIn: 3600,
TokenType: tokentypes.Bearer,
Scope: "read_write",
RefreshToken: "test_token",
}
testutil.TestResponseObject(suite.T(), w, expected, 200)
}
func (suite *OauthTestSuite) TestGrantAccessToken() {
var (
accessToken *models.OauthAccessToken
err error
tokens []*models.OauthAccessToken
)
// Grant a client only access token
accessToken, err = suite.service.GrantAccessToken(
suite.clients[0], // client
nil, // user
3600, // expires in
"scope doesn't matter", // scope
)
// Error should be Nil
assert.Nil(suite.T(), err)
// Correct access token object should be returned
if assert.NotNil(suite.T(), accessToken) {
// Fetch all access tokens
models.OauthAccessTokenPreload(suite.db).Order("id").Find(&tokens)
// There should be just one right now
assert.Equal(suite.T(), 1, len(tokens))
// And the token should match the one returned by the grant method
assert.Equal(suite.T(), tokens[0].Token, accessToken.Token)
// Client id should be set
assert.True(suite.T(), tokens[0].ClientID.Valid)
assert.Equal(suite.T(), int64(suite.clients[0].ID), tokens[0].ClientID.Int64)
// User id should be nil
assert.False(suite.T(), tokens[0].UserID.Valid)
}
// Grant a user specific access token
accessToken, err = suite.service.GrantAccessToken(
suite.clients[0], // client
suite.users[0], // user
3600, // expires in
"scope doesn't matter", // scope
)
// Error should be Nil
assert.Nil(suite.T(), err)
// Correct access token object should be returned
if assert.NotNil(suite.T(), accessToken) {
// Fetch all access tokens
models.OauthAccessTokenPreload(suite.db).Order("id").Find(&tokens)
// There should be 2 tokens now
assert.Equal(suite.T(), 2, len(tokens))
// And the second token should match the one returned by the grant method
assert.Equal(suite.T(), tokens[1].Token, accessToken.Token)
// Client id should be set
assert.True(suite.T(), tokens[1].ClientID.Valid)
assert.Equal(suite.T(), int64(suite.clients[0].ID), tokens[1].ClientID.Int64)
// User id should be set
assert.True(suite.T(), tokens[1].UserID.Valid)
assert.Equal(suite.T(), int64(suite.users[0].ID), tokens[1].UserID.Int64)
}
}