Merge pull request #409 from Tecsisa/408-test-handleToken

tests: add HandleTokenFunc test
2016-04-15 08:32:53 -07:00 · 2016-04-15 08:32:53 -07:00 · c2c7f03f47
commit c2c7f03f47
parent 58d9ae90c0 d3d2db8e05
1 changed files with 131 additions and 0 deletions
--- a/server/http_test.go
+++ b/server/http_test.go
@ -332,6 +332,137 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
 	}
 }
 func TestHandleTokenFunc(t *testing.T) {
 	fx, err := makeTestFixtures()
 	if err != nil {
 		t.Fatalf("could not run test fixtures: %v", err)
 	}
 	tests := []struct {
 		query    url.Values
 		user     string
 		passwd   string
 		wantCode int
 	}{
 		// bad grant_type
 		{
 			query: url.Values{
 				"grant_type": []string{"invalid!"},
 				"code":       []string{"someCode"},
 			},
 			user:     "XXX",
 			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
 			wantCode: http.StatusBadRequest,
 		},
 		// authorization_code needs code param
 		{
 			query: url.Values{
 				"grant_type": []string{"authorization_code"},
 			},
 			user:     "XXX",
 			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
 			wantCode: http.StatusBadRequest,
 		},
 		// empty code
 		{
 			query: url.Values{
 				"grant_type": []string{"authorization_code"},
 				"code":       []string{""},
 			},
 			user:     "XXX",
 			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
 			wantCode: http.StatusBadRequest,
 		},
 		// valid code but bad creds
 		{
 			query: url.Values{
 				"grant_type": []string{"authorization_code"},
 				"code":       []string{"code-2"},
 			},
 			user:     "XASD",
 			passwd:   base64.URLEncoding.EncodeToString([]byte("failSecrete")),
 			wantCode: http.StatusUnauthorized,
 		},
 		// bad code
 		{
 			query: url.Values{
 				"grant_type": []string{"authorization_code"},
 				"code":       []string{"asdasd"},
 			},
 			user:     "XXX",
 			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
 			wantCode: http.StatusBadRequest,
 		},
 		// OK testcase
 		{
 			query: url.Values{
 				"grant_type": []string{"authorization_code"},
 				"code":       []string{"code-2"},
 			},
 			user:     "XXX",
 			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
 			wantCode: http.StatusOK,
 		},
 	}
 	for i, tt := range tests {
 		hdlr := handleTokenFunc(fx.srv)
 		w := httptest.NewRecorder()
 		req, err := http.NewRequest("POST", "http://example.com/token", strings.NewReader(tt.query.Encode()))
 		if err != nil {
 			t.Errorf("unable to create HTTP request, error=%v", err)
 			continue
 		}
 		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 		req.SetBasicAuth(tt.user, tt.passwd)
 		// need to create session in order to exchange the code (generated by the NewSessionKey func) for token
 		setSession := func() error {
 			sid, err := fx.sessionManager.NewSession("local", "XXX", "", testRedirectURL, "", true, []string{"openid"})
 			if err != nil {
 				return fmt.Errorf("case %d: cannot create session, error=%v", i, err)
 			}
 			_, err = fx.sessionManager.AttachRemoteIdentity(sid, oidc.Identity{})
 			if err != nil {
 				return fmt.Errorf("case %d: cannot attach remoteID, error=%v", i, err)
 			}
 			_, err = fx.sessionManager.AttachUser(sid, "ID-Verified")
 			if err != nil {
 				return fmt.Errorf("case %d: cannot attach user, error=%v", i, err)
 			}
 			_, err = fx.sessionManager.NewSessionKey(sid)
 			if err != nil {
 				return fmt.Errorf("case %d: cannot create session code, error=%v", i, err)
 			}
 			return nil
 		}
 		if err := setSession(); err != nil {
 			t.Errorf("case %d: %v", i, err)
 			continue
 		}
 		hdlr.ServeHTTP(w, req)
 		if tt.wantCode != w.Code {
 			t.Errorf("case %d: expected HTTP %d, got %v", i, tt.wantCode, w.Code)
 		}
 	}
 }
 func TestHandleTokenFuncMethodNotAllowed(t *testing.T) {
 	for _, m := range []string{"GET", "PUT", "DELETE"} {
 		hdlr := handleTokenFunc(nil)