gamzinav/forgejo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f982a71997
forgejo/tests/integration/oauth_test.go

362 lines
15 KiB
Go
Raw Normal View History

Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
package integration
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
import (
Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420) * When route cannot be found on chi, go to macaron * Stick chi version to 1.5.0 * Follow router log setting
2020-11-13 15:51:07 +03:00
"bytes"
refactor: move from io/ioutil to io and os package (#17109) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-22 08:38:34 +03:00
"io"
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
"net/http"
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
"testing"
Add an abstract json layout to make it's easier to change json library (#16528) * Add an abstract json layout to make it's easier to change json library * Fix import * Fix import sequence * Fix blank lines * Fix blank lines
2021-07-24 19:03:58 +03:00
"code.gitea.io/gitea/modules/json"
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
"code.gitea.io/gitea/modules/setting"
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code.gitea.io/gitea/routers/web/auth"
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
"code.gitea.io/gitea/tests"
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
"github.com/stretchr/testify/assert"
)
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
func TestAuthorizeNoClientID(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
req := NewRequest(t, "GET", "/login/oauth/authorize")
ctx := loginUser(t, "user2")
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp := ctx.MakeRequest(t, req, http.StatusBadRequest)
assert.Contains(t, resp.Body.String(), "Client ID not registered")
}
func TestAuthorizeUnregisteredRedirect(t *testing.T) {
defer tests.PrepareTestEnv(t)()
req := NewRequest(t, "GET", "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=UNREGISTERED&response_type=code&state=thestate")
ctx := loginUser(t, "user1")
resp := ctx.MakeRequest(t, req, http.StatusBadRequest)
assert.Contains(t, resp.Body.String(), "Unregistered Redirect URI")
}
func TestAuthorizeUnsupportedResponseType(t *testing.T) {
defer tests.PrepareTestEnv(t)()
req := NewRequest(t, "GET", "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=a&response_type=UNEXPECTED&state=thestate")
ctx := loginUser(t, "user1")
resp := ctx.MakeRequest(t, req, http.StatusSeeOther)
u, err := resp.Result().Location()
assert.NoError(t, err)
assert.Equal(t, "unsupported_response_type", u.Query().Get("error"))
assert.Equal(t, "Only code response type is supported.", u.Query().Get("error_description"))
}
func TestAuthorizeUnsupportedCodeChallengeMethod(t *testing.T) {
defer tests.PrepareTestEnv(t)()
req := NewRequest(t, "GET", "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=a&response_type=code&state=thestate&code_challenge_method=UNEXPECTED")
ctx := loginUser(t, "user1")
resp := ctx.MakeRequest(t, req, http.StatusSeeOther)
u, err := resp.Result().Location()
assert.NoError(t, err)
assert.Equal(t, "invalid_request", u.Query().Get("error"))
assert.Equal(t, "unsupported code challenge method", u.Query().Get("error_description"))
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
}
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
func TestAuthorizeLoginRedirect(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
req := NewRequest(t, "GET", "/login/oauth/authorize")
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
assert.Contains(t, MakeRequest(t, req, http.StatusSeeOther).Body.String(), "/user/login")
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
}
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
func TestAuthorizeShow(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
req := NewRequest(t, "GET", "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=a&response_type=code&state=thestate")
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
ctx := loginUser(t, "user4")
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
resp := ctx.MakeRequest(t, req, http.StatusOK)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
htmlDoc := NewHTMLParser(t, resp.Body)
htmlDoc.AssertElement(t, "#authorize-app", true)
htmlDoc.GetCSRF()
}
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
func TestAuthorizeRedirectWithExistingGrant(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
req := NewRequest(t, "GET", "/login/oauth/authorize?client_id=da7da3ba-9a13-4167-856f-3899de0b0138&redirect_uri=https%3A%2F%2Fexample.com%2Fxyzzy&response_type=code&state=thestate")
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
ctx := loginUser(t, "user1")
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
resp := ctx.MakeRequest(t, req, http.StatusSeeOther)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
u, err := resp.Result().Location()
assert.NoError(t, err)
assert.Equal(t, "thestate", u.Query().Get("state"))
assert.Truef(t, len(u.Query().Get("code")) > 30, "authorization code '%s' should be longer then 30", u.Query().Get("code"))
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
u.RawQuery = ""
assert.Equal(t, "https://example.com/xyzzy", u.String())
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
}
func TestAccessTokenExchange(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
})
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
resp := MakeRequest(t, req, http.StatusOK)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
type response struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
RefreshToken string `json:"refresh_token"`
}
parsed := new(response)
Migrate to use jsoniter instead of encoding/json (#14841) * Migrate to use jsoniter * fix tests * update gitea.com/go-chi/binding Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
2021-03-02 00:08:10 +03:00
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
assert.True(t, len(parsed.AccessToken) > 10)
assert.True(t, len(parsed.RefreshToken) > 10)
}
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
func TestAccessTokenExchangeJSON(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Add json tags for oauth2 form (#6627)
2019-04-15 18:54:50 +03:00
req := NewRequestWithJSON(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Add json tags for oauth2 form (#6627)
2019-04-15 18:54:50 +03:00
})
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
resp := MakeRequest(t, req, http.StatusOK)
Add json tags for oauth2 form (#6627)
2019-04-15 18:54:50 +03:00
type response struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
RefreshToken string `json:"refresh_token"`
}
parsed := new(response)
Migrate to use jsoniter instead of encoding/json (#14841) * Migrate to use jsoniter * fix tests * update gitea.com/go-chi/binding Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
2021-03-02 00:08:10 +03:00
Add json tags for oauth2 form (#6627)
2019-04-15 18:54:50 +03:00
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
assert.True(t, len(parsed.AccessToken) > 10)
assert.True(t, len(parsed.RefreshToken) > 10)
}
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
func TestAccessTokenExchangeWithoutPKCE(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
"grant_type": "authorization_code",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"code": "authcode",
})
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp := MakeRequest(t, req, http.StatusBadRequest)
parsedError := new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
assert.Equal(t, "failed PKCE code challenge", parsedError.ErrorDescription)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
}
func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
// invalid client id
req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"client_id": "???",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
})
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp := MakeRequest(t, req, http.StatusBadRequest)
parsedError := new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
assert.Equal(t, "cannot load client with client id: '???'", parsedError.ErrorDescription)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
// invalid client secret
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "???",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
})
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp = MakeRequest(t, req, http.StatusBadRequest)
parsedError = new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
assert.Equal(t, "invalid client secret", parsedError.ErrorDescription)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
// invalid redirect uri
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "???",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
})
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp = MakeRequest(t, req, http.StatusBadRequest)
parsedError = new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
assert.Equal(t, "unexpected redirect URI", parsedError.ErrorDescription)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
// invalid authorization code
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"code": "???",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
})
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp = MakeRequest(t, req, http.StatusBadRequest)
parsedError = new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
assert.Equal(t, "client is not authorized", parsedError.ErrorDescription)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
// invalid grant_type
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "???",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
})
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp = MakeRequest(t, req, http.StatusBadRequest)
parsedError = new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "unsupported_grant_type", string(parsedError.ErrorCode))
assert.Equal(t, "Only refresh_token or authorization_code grant type is supported", parsedError.ErrorDescription)
Integrate OAuth2 Provider (#5378)
2019-03-08 19:42:50 +03:00
}
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
})
req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
resp := MakeRequest(t, req, http.StatusOK)
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
type response struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
RefreshToken string `json:"refresh_token"`
}
parsed := new(response)
Migrate to use jsoniter instead of encoding/json (#14841) * Migrate to use jsoniter * fix tests * update gitea.com/go-chi/binding Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
2021-03-02 00:08:10 +03:00
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
assert.True(t, len(parsed.AccessToken) > 10)
assert.True(t, len(parsed.RefreshToken) > 10)
// use wrong client_secret
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
})
req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OmJsYWJsYQ==")
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp = MakeRequest(t, req, http.StatusBadRequest)
parsedError := new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
assert.Equal(t, "invalid client secret", parsedError.ErrorDescription)
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
// missing header
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
})
resp = MakeRequest(t, req, http.StatusBadRequest)
parsedError = new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
assert.Equal(t, "cannot load client with client id: ''", parsedError.ErrorDescription)
// client_id inconsistent with Authorization header
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"redirect_uri": "a",
"code": "authcode",
"client_id": "inconsistent",
})
req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")
resp = MakeRequest(t, req, http.StatusBadRequest)
parsedError = new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "invalid_request", string(parsedError.ErrorCode))
assert.Equal(t, "client_id in request body inconsistent with Authorization header", parsedError.ErrorDescription)
// client_secret inconsistent with Authorization header
req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"redirect_uri": "a",
"code": "authcode",
"client_secret": "inconsistent",
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
})
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")
parsedError = new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "invalid_request", string(parsedError.ErrorCode))
assert.Equal(t, "client_id in request body inconsistent with Authorization header", parsedError.ErrorDescription)
Add support for client basic auth for exchanging access tokens (#6293) * Add support for client basic auth for exchanging access tokens * Improve error messages * Fix tests
2019-03-11 05:54:59 +03:00
}
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
func TestRefreshTokenInvalidation(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "authorization_code",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"code": "authcode",
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
})
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
resp := MakeRequest(t, req, http.StatusOK)
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
type response struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
RefreshToken string `json:"refresh_token"`
}
parsed := new(response)
Migrate to use jsoniter instead of encoding/json (#14841) * Migrate to use jsoniter * fix tests * update gitea.com/go-chi/binding Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
2021-03-02 00:08:10 +03:00
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
// test without invalidation
setting.OAuth2.InvalidateRefreshTokens = false
refreshReq := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
"grant_type": "refresh_token",
"client_id": "da7da3ba-9a13-4167-856f-3899de0b0138",
"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
"redirect_uri": "a",
"refresh_token": parsed.RefreshToken,
})
Update docs and comments to remove macaron (#14491)
2021-01-29 18:35:30 +03:00
refactor: move from io/ioutil to io and os package (#17109) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-22 08:38:34 +03:00
bs, err := io.ReadAll(refreshReq.Body)
Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420) * When route cannot be found on chi, go to macaron * Stick chi version to 1.5.0 * Follow router log setting
2020-11-13 15:51:07 +03:00
assert.NoError(t, err)
refactor: move from io/ioutil to io and os package (#17109) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-22 08:38:34 +03:00
refreshReq.Body = io.NopCloser(bytes.NewReader(bs))
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
MakeRequest(t, refreshReq, http.StatusOK)
Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420) * When route cannot be found on chi, go to macaron * Stick chi version to 1.5.0 * Follow router log setting
2020-11-13 15:51:07 +03:00
refactor: move from io/ioutil to io and os package (#17109) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-22 08:38:34 +03:00
refreshReq.Body = io.NopCloser(bytes.NewReader(bs))
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
MakeRequest(t, refreshReq, http.StatusOK)
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
// test with invalidation
setting.OAuth2.InvalidateRefreshTokens = true
refactor: move from io/ioutil to io and os package (#17109) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-22 08:38:34 +03:00
refreshReq.Body = io.NopCloser(bytes.NewReader(bs))
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 07:54:07 +03:00
MakeRequest(t, refreshReq, http.StatusOK)
Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420) * When route cannot be found on chi, go to macaron * Stick chi version to 1.5.0 * Follow router log setting
2020-11-13 15:51:07 +03:00
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
// repeat request should fail
refactor: move from io/ioutil to io and os package (#17109) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-22 08:38:34 +03:00
refreshReq.Body = io.NopCloser(bytes.NewReader(bs))
Improve OAuth integration tests (#21390) In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 07:22:43 +03:00
resp = MakeRequest(t, refreshReq, http.StatusBadRequest)
parsedError := new(auth.AccessTokenError)
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
assert.Equal(t, "token was already used", parsedError.ErrorDescription)
Add option to disable refresh token invalidation (#6584) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 10:50:21 +03:00
}
Reference in New Issue Copy Permalink