authorize_write_test.go

Documentation: github.com/ory/fosite

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package fosite_test
    23  
    24  import (
    25  	"net/http"
    26  	"net/url"
    27  	"testing"
    28  
    29  	"github.com/golang/mock/gomock"
    30  	"github.com/stretchr/testify/assert"
    31  
    32  	. "github.com/ory/fosite"
    33  	. "github.com/ory/fosite/internal"
    34  )
    35  
    36  func TestWriteAuthorizeResponse(t *testing.T) {
    37  	oauth2 := &Fosite{}
    38  	header := http.Header{}
    39  	ctrl := gomock.NewController(t)
    40  	rw := NewMockResponseWriter(ctrl)
    41  	ar := NewMockAuthorizeRequester(ctrl)
    42  	resp := NewMockAuthorizeResponder(ctrl)
    43  	defer ctrl.Finish()
    44  
    45  	for k, c := range []struct {
    46  		setup  func()
    47  		expect func()
    48  	}{
    49  		{
    50  			setup: func() {
    51  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
    52  				ar.EXPECT().GetRedirectURI().Return(redir)
    53  				ar.EXPECT().GetResponseMode().Return(ResponseModeDefault)
    54  				resp.EXPECT().GetParameters().Return(url.Values{})
    55  				resp.EXPECT().GetHeader().Return(http.Header{})
    56  
    57  				rw.EXPECT().Header().Return(header).Times(2)
    58  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
    59  			},
    60  			expect: func() {
    61  				assert.Equal(t, http.Header{
    62  					"Location":      []string{"https://foobar.com/?foo=bar"},
    63  					"Cache-Control": []string{"no-store"},
    64  					"Pragma":        []string{"no-cache"},
    65  				}, header)
    66  			},
    67  		},
    68  		{
    69  			setup: func() {
    70  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
    71  				ar.EXPECT().GetRedirectURI().Return(redir)
    72  				ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
    73  				resp.EXPECT().GetParameters().Return(url.Values{"bar": {"baz"}})
    74  				resp.EXPECT().GetHeader().Return(http.Header{})
    75  
    76  				rw.EXPECT().Header().Return(header).Times(2)
    77  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
    78  			},
    79  			expect: func() {
    80  				assert.Equal(t, http.Header{
    81  					"Location":      []string{"https://foobar.com/?foo=bar#bar=baz"},
    82  					"Cache-Control": []string{"no-store"},
    83  					"Pragma":        []string{"no-cache"},
    84  				}, header)
    85  			},
    86  		},
    87  		{
    88  			setup: func() {
    89  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
    90  				ar.EXPECT().GetRedirectURI().Return(redir)
    91  				ar.EXPECT().GetResponseMode().Return(ResponseModeQuery)
    92  				resp.EXPECT().GetParameters().Return(url.Values{"bar": {"baz"}})
    93  				resp.EXPECT().GetHeader().Return(http.Header{})
    94  
    95  				rw.EXPECT().Header().Return(header).Times(2)
    96  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
    97  			},
    98  			expect: func() {
    99  				expectedUrl, _ := url.Parse("https://foobar.com/?foo=bar&bar=baz")
   100  				actualUrl, err := url.Parse(header.Get("Location"))
   101  				assert.Nil(t, err)
   102  				assert.Equal(t, expectedUrl.Query(), actualUrl.Query())
   103  				assert.Equal(t, "no-cache", header.Get("Pragma"))
   104  				assert.Equal(t, "no-store", header.Get("Cache-Control"))
   105  			},
   106  		},
   107  		{
   108  			setup: func() {
   109  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
   110  				ar.EXPECT().GetRedirectURI().Return(redir)
   111  				ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
   112  				resp.EXPECT().GetParameters().Return(url.Values{"bar": {"b+az ab"}})
   113  				resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
   114  
   115  				rw.EXPECT().Header().Return(header).Times(2)
   116  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
   117  			},
   118  			expect: func() {
   119  				assert.Equal(t, http.Header{
   120  					"X-Bar":         {"baz"},
   121  					"Location":      {"https://foobar.com/?foo=bar#bar=b%2Baz+ab"},
   122  					"Cache-Control": []string{"no-store"},
   123  					"Pragma":        []string{"no-cache"},
   124  				}, header)
   125  			},
   126  		},
   127  		{
   128  			setup: func() {
   129  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
   130  				ar.EXPECT().GetRedirectURI().Return(redir)
   131  				ar.EXPECT().GetResponseMode().Return(ResponseModeQuery)
   132  				resp.EXPECT().GetParameters().Return(url.Values{"bar": {"b+az"}, "scope": {"a b"}})
   133  				resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
   134  
   135  				rw.EXPECT().Header().Return(header).Times(2)
   136  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
   137  			},
   138  			expect: func() {
   139  				expectedUrl, err := url.Parse("https://foobar.com/?foo=bar&bar=b%2Baz&scope=a+b")
   140  				assert.Nil(t, err)
   141  				actualUrl, err := url.Parse(header.Get("Location"))
   142  				assert.Nil(t, err)
   143  				assert.Equal(t, expectedUrl.Query(), actualUrl.Query())
   144  				assert.Equal(t, "no-cache", header.Get("Pragma"))
   145  				assert.Equal(t, "no-store", header.Get("Cache-Control"))
   146  				assert.Equal(t, "baz", header.Get("X-Bar"))
   147  			},
   148  		},
   149  		{
   150  			setup: func() {
   151  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
   152  				ar.EXPECT().GetRedirectURI().Return(redir)
   153  				ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
   154  				resp.EXPECT().GetParameters().Return(url.Values{"scope": {"api:*"}})
   155  				resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
   156  
   157  				rw.EXPECT().Header().Return(header).Times(2)
   158  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
   159  			},
   160  			expect: func() {
   161  				assert.Equal(t, http.Header{
   162  					"X-Bar":         {"baz"},
   163  					"Location":      {"https://foobar.com/?foo=bar#scope=api%3A%2A"},
   164  					"Cache-Control": []string{"no-store"},
   165  					"Pragma":        []string{"no-cache"},
   166  				}, header)
   167  			},
   168  		},
   169  		{
   170  			setup: func() {
   171  				redir, _ := url.Parse("https://foobar.com/?foo=bar#bar=baz")
   172  				ar.EXPECT().GetRedirectURI().Return(redir)
   173  				ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
   174  				resp.EXPECT().GetParameters().Return(url.Values{"qux": {"quux"}})
   175  				resp.EXPECT().GetHeader().Return(http.Header{})
   176  
   177  				rw.EXPECT().Header().Return(header).Times(2)
   178  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
   179  			},
   180  			expect: func() {
   181  				assert.Equal(t, http.Header{
   182  					"Location":      {"https://foobar.com/?foo=bar#qux=quux"},
   183  					"Cache-Control": []string{"no-store"},
   184  					"Pragma":        []string{"no-cache"},
   185  				}, header)
   186  			},
   187  		},
   188  		{
   189  			setup: func() {
   190  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
   191  				ar.EXPECT().GetRedirectURI().Return(redir)
   192  				ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
   193  				resp.EXPECT().GetParameters().Return(url.Values{"state": {"{\"a\":\"b=c&d=e\"}"}})
   194  				resp.EXPECT().GetHeader().Return(http.Header{})
   195  
   196  				rw.EXPECT().Header().Return(header).Times(2)
   197  				rw.EXPECT().WriteHeader(http.StatusSeeOther)
   198  			},
   199  			expect: func() {
   200  				assert.Equal(t, http.Header{
   201  					"Location":      {"https://foobar.com/?foo=bar#state=%7B%22a%22%3A%22b%3Dc%26d%3De%22%7D"},
   202  					"Cache-Control": []string{"no-store"},
   203  					"Pragma":        []string{"no-cache"},
   204  				}, header)
   205  			},
   206  		},
   207  		{
   208  			setup: func() {
   209  				redir, _ := url.Parse("https://foobar.com/?foo=bar")
   210  				ar.EXPECT().GetRedirectURI().Return(redir)
   211  				ar.EXPECT().GetResponseMode().Return(ResponseModeFormPost)
   212  				resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
   213  				resp.EXPECT().GetParameters().Return(url.Values{"code": {"poz65kqoneu"}, "state": {"qm6dnsrn"}})
   214  
   215  				rw.EXPECT().Header().Return(header).AnyTimes()
   216  				rw.EXPECT().Write(gomock.Any()).AnyTimes()
   217  			},
   218  			expect: func() {
   219  				assert.Equal(t, "text/html;charset=UTF-8", header.Get("Content-Type"))
   220  			},
   221  		},
   222  	} {
   223  		t.Logf("Starting test case %d", k)
   224  		c.setup()
   225  		oauth2.WriteAuthorizeResponse(rw, ar, resp)
   226  		c.expect()
   227  		header = http.Header{}
   228  		t.Logf("Passed test case %d", k)
   229  	}
   230  }
   231
View as plain text