wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
7348 Commits
197 Branches
346 MB
572 Download
Tree: 783cd64927
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '783cd64927'
${ noResults }
aiforge/integrations/oauth_test.go

oauth_test.go 8.3 kB
Raw Normal View History

Integrate OAuth2 Provider (#5378)
6 years ago
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
6 years ago
Integrate OAuth2 Provider (#5378)
6 years ago
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
6 years ago
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
6 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package integrations

  6. 

  7. import (

  8. 	"encoding/json"

  9. 	"testing"

  10. 

  11. 	"code.gitea.io/gitea/modules/setting"

  12. 

  13. 	"github.com/stretchr/testify/assert"

  14. )

  15. 

  16. const defaultAuthorize = "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=a&response_type=code&state=thestate"

  17. 

  18. func TestNoClientID(t *testing.T) {

  19. 	prepareTestEnv(t)

  20. 	req := NewRequest(t, "GET", "/login/oauth/authorize")

  21. 	ctx := loginUser(t, "user2")

  22. 	ctx.MakeRequest(t, req, 400)

  23. }

  24. 

  25. func TestLoginRedirect(t *testing.T) {

  26. 	prepareTestEnv(t)

  27. 	req := NewRequest(t, "GET", "/login/oauth/authorize")

  28. 	assert.Contains(t, MakeRequest(t, req, 302).Body.String(), "/user/login")

  29. }

  30. 

  31. func TestShowAuthorize(t *testing.T) {

  32. 	prepareTestEnv(t)

  33. 	req := NewRequest(t, "GET", defaultAuthorize)

  34. 	ctx := loginUser(t, "user4")

  35. 	resp := ctx.MakeRequest(t, req, 200)

  36. 

  37. 	htmlDoc := NewHTMLParser(t, resp.Body)

  38. 	htmlDoc.AssertElement(t, "#authorize-app", true)

  39. 	htmlDoc.GetCSRF()

  40. }

  41. 

  42. func TestRedirectWithExistingGrant(t *testing.T) {

  43. 	prepareTestEnv(t)

  44. 	req := NewRequest(t, "GET", defaultAuthorize)

  45. 	ctx := loginUser(t, "user1")

  46. 	resp := ctx.MakeRequest(t, req, 302)

  47. 	u, err := resp.Result().Location()

  48. 	assert.NoError(t, err)

  49. 	assert.Equal(t, "thestate", u.Query().Get("state"))

  50. 	assert.Truef(t, len(u.Query().Get("code")) > 30, "authorization code '%s' should be longer then 30", u.Query().Get("code"))

  51. }

  52. 

  53. func TestAccessTokenExchange(t *testing.T) {

  54. 	prepareTestEnv(t)

  55. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  56. 		"grant_type":    "authorization_code",

  57. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  58. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  59. 		"redirect_uri":  "a",

  60. 		"code":          "authcode",

  61. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  62. 	})

  63. 	resp := MakeRequest(t, req, 200)

  64. 	type response struct {

  65. 		AccessToken  string `json:"access_token"`

  66. 		TokenType    string `json:"token_type"`

  67. 		ExpiresIn    int64  `json:"expires_in"`

  68. 		RefreshToken string `json:"refresh_token"`

  69. 	}

  70. 	parsed := new(response)

  71. 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))

  72. 	assert.True(t, len(parsed.AccessToken) > 10)

  73. 	assert.True(t, len(parsed.RefreshToken) > 10)

  74. }

  75. 

  76. func TestAccessTokenExchangeWithoutPKCE(t *testing.T) {

  77. 	prepareTestEnv(t)

  78. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  79. 		"grant_type":    "authorization_code",

  80. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  81. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  82. 		"redirect_uri":  "a",

  83. 		"code":          "authcode",

  84. 	})

  85. 	MakeRequest(t, req, 400)

  86. }

  87. 

  88. func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {

  89. 	prepareTestEnv(t)

  90. 	// invalid client id

  91. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  92. 		"grant_type":    "authorization_code",

  93. 		"client_id":     "???",

  94. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  95. 		"redirect_uri":  "a",

  96. 		"code":          "authcode",

  97. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  98. 	})

  99. 	MakeRequest(t, req, 400)

  100. 	// invalid client secret

  101. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  102. 		"grant_type":    "authorization_code",

  103. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  104. 		"client_secret": "???",

  105. 		"redirect_uri":  "a",

  106. 		"code":          "authcode",

  107. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  108. 	})

  109. 	MakeRequest(t, req, 400)

  110. 	// invalid redirect uri

  111. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  112. 		"grant_type":    "authorization_code",

  113. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  114. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  115. 		"redirect_uri":  "???",

  116. 		"code":          "authcode",

  117. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  118. 	})

  119. 	MakeRequest(t, req, 400)

  120. 	// invalid authorization code

  121. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  122. 		"grant_type":    "authorization_code",

  123. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  124. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  125. 		"redirect_uri":  "a",

  126. 		"code":          "???",

  127. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  128. 	})

  129. 	MakeRequest(t, req, 400)

  130. 	// invalid grant_type

  131. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  132. 		"grant_type":    "???",

  133. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  134. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  135. 		"redirect_uri":  "a",

  136. 		"code":          "authcode",

  137. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  138. 	})

  139. 	MakeRequest(t, req, 400)

  140. }

  141. 

  142. func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {

  143. 	prepareTestEnv(t)

  144. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  145. 		"grant_type":    "authorization_code",

  146. 		"redirect_uri":  "a",

  147. 		"code":          "authcode",

  148. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  149. 	})

  150. 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")

  151. 	resp := MakeRequest(t, req, 200)

  152. 	type response struct {

  153. 		AccessToken  string `json:"access_token"`

  154. 		TokenType    string `json:"token_type"`

  155. 		ExpiresIn    int64  `json:"expires_in"`

  156. 		RefreshToken string `json:"refresh_token"`

  157. 	}

  158. 	parsed := new(response)

  159. 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))

  160. 	assert.True(t, len(parsed.AccessToken) > 10)

  161. 	assert.True(t, len(parsed.RefreshToken) > 10)

  162. 

  163. 	// use wrong client_secret

  164. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  165. 		"grant_type":    "authorization_code",

  166. 		"redirect_uri":  "a",

  167. 		"code":          "authcode",

  168. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  169. 	})

  170. 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OmJsYWJsYQ==")

  171. 	resp = MakeRequest(t, req, 400)

  172. 

  173. 	// missing header

  174. 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  175. 		"grant_type":    "authorization_code",

  176. 		"redirect_uri":  "a",

  177. 		"code":          "authcode",

  178. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  179. 	})

  180. 	resp = MakeRequest(t, req, 400)

  181. }

  182. 

  183. func TestRefreshTokenInvalidation(t *testing.T) {

  184. 	prepareTestEnv(t)

  185. 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  186. 		"grant_type":    "authorization_code",

  187. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  188. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  189. 		"redirect_uri":  "a",

  190. 		"code":          "authcode",

  191. 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally

  192. 	})

  193. 	resp := MakeRequest(t, req, 200)

  194. 	type response struct {

  195. 		AccessToken  string `json:"access_token"`

  196. 		TokenType    string `json:"token_type"`

  197. 		ExpiresIn    int64  `json:"expires_in"`

  198. 		RefreshToken string `json:"refresh_token"`

  199. 	}

  200. 	parsed := new(response)

  201. 	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))

  202. 

  203. 	// test without invalidation

  204. 	setting.OAuth2.InvalidateRefreshTokens = false

  205. 

  206. 	refreshReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{

  207. 		"grant_type":    "refresh_token",

  208. 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

  209. 		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",

  210. 		"redirect_uri":  "a",

  211. 		"refresh_token": parsed.RefreshToken,

  212. 	})

  213. 	MakeRequest(t, refreshReq, 200)

  214. 	MakeRequest(t, refreshReq, 200)

  215. 

  216. 	// test with invalidation

  217. 	setting.OAuth2.InvalidateRefreshTokens = true

  218. 	MakeRequest(t, refreshReq, 200)

  219. 	MakeRequest(t, refreshReq, 400)

  220. }

No Description