afan
/
gitea
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
gitea源码
3 Ревизии
2 Клонове
Клон: master
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
gitea/models/auth/oauth2_test.go

oauth2_test.go 9.8KB
Постоянна връзка История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package auth_test

  5. 

  6. import (

  7. 	"testing"

  8. 

  9. 	auth_model "code.gitea.io/gitea/models/auth"

  10. 	"code.gitea.io/gitea/models/unittest"

  11. 

  12. 	"github.com/stretchr/testify/assert"

  13. )

  14. 

  15. func TestOAuth2Application_GenerateClientSecret(t *testing.T) {

  16. 	assert.NoError(t, unittest.PrepareTestDatabase())

  17. 	app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})

  18. 	secret, err := app.GenerateClientSecret(t.Context())

  19. 	assert.NoError(t, err)

  20. 	assert.NotEmpty(t, secret)

  21. 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1, ClientSecret: app.ClientSecret})

  22. }

  23. 

  24. func BenchmarkOAuth2Application_GenerateClientSecret(b *testing.B) {

  25. 	assert.NoError(b, unittest.PrepareTestDatabase())

  26. 	app := unittest.AssertExistsAndLoadBean(b, &auth_model.OAuth2Application{ID: 1})

  27. 	for b.Loop() {

  28. 		_, _ = app.GenerateClientSecret(b.Context())

  29. 	}

  30. }

  31. 

  32. func TestOAuth2Application_ContainsRedirectURI(t *testing.T) {

  33. 	app := &auth_model.OAuth2Application{

  34. 		RedirectURIs: []string{"a", "b", "c"},

  35. 	}

  36. 	assert.True(t, app.ContainsRedirectURI("a"))

  37. 	assert.True(t, app.ContainsRedirectURI("b"))

  38. 	assert.True(t, app.ContainsRedirectURI("c"))

  39. 	assert.False(t, app.ContainsRedirectURI("d"))

  40. }

  41. 

  42. func TestOAuth2Application_ContainsRedirectURI_WithPort(t *testing.T) {

  43. 	app := &auth_model.OAuth2Application{

  44. 		RedirectURIs:       []string{"http://127.0.0.1/", "http://::1/", "http://192.168.0.1/", "http://intranet/", "https://127.0.0.1/"},

  45. 		ConfidentialClient: false,

  46. 	}

  47. 

  48. 	// http loopback uris should ignore port

  49. 	// https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

  50. 	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1:3456/"))

  51. 	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))

  52. 	assert.True(t, app.ContainsRedirectURI("http://[::1]:3456/"))

  53. 

  54. 	// not http

  55. 	assert.False(t, app.ContainsRedirectURI("https://127.0.0.1:3456/"))

  56. 	// not loopback

  57. 	assert.False(t, app.ContainsRedirectURI("http://192.168.0.1:9954/"))

  58. 	assert.False(t, app.ContainsRedirectURI("http://intranet:3456/"))

  59. 	// unparseable

  60. 	assert.False(t, app.ContainsRedirectURI(":"))

  61. }

  62. 

  63. func TestOAuth2Application_ContainsRedirect_Slash(t *testing.T) {

  64. 	app := &auth_model.OAuth2Application{RedirectURIs: []string{"http://127.0.0.1"}}

  65. 	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1"))

  66. 	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))

  67. 	assert.False(t, app.ContainsRedirectURI("http://127.0.0.1/other"))

  68. 

  69. 	app = &auth_model.OAuth2Application{RedirectURIs: []string{"http://127.0.0.1/"}}

  70. 	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1"))

  71. 	assert.True(t, app.ContainsRedirectURI("http://127.0.0.1/"))

  72. 	assert.False(t, app.ContainsRedirectURI("http://127.0.0.1/other"))

  73. }

  74. 

  75. func TestOAuth2Application_ValidateClientSecret(t *testing.T) {

  76. 	assert.NoError(t, unittest.PrepareTestDatabase())

  77. 	app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})

  78. 	secret, err := app.GenerateClientSecret(t.Context())

  79. 	assert.NoError(t, err)

  80. 	assert.True(t, app.ValidateClientSecret([]byte(secret)))

  81. 	assert.False(t, app.ValidateClientSecret([]byte("fewijfowejgfiowjeoifew")))

  82. }

  83. 

  84. func TestGetOAuth2ApplicationByClientID(t *testing.T) {

  85. 	assert.NoError(t, unittest.PrepareTestDatabase())

  86. 	app, err := auth_model.GetOAuth2ApplicationByClientID(t.Context(), "da7da3ba-9a13-4167-856f-3899de0b0138")

  87. 	assert.NoError(t, err)

  88. 	assert.Equal(t, "da7da3ba-9a13-4167-856f-3899de0b0138", app.ClientID)

  89. 

  90. 	app, err = auth_model.GetOAuth2ApplicationByClientID(t.Context(), "invalid client id")

  91. 	assert.Error(t, err)

  92. 	assert.Nil(t, app)

  93. }

  94. 

  95. func TestCreateOAuth2Application(t *testing.T) {

  96. 	assert.NoError(t, unittest.PrepareTestDatabase())

  97. 	app, err := auth_model.CreateOAuth2Application(t.Context(), auth_model.CreateOAuth2ApplicationOptions{Name: "newapp", UserID: 1})

  98. 	assert.NoError(t, err)

  99. 	assert.Equal(t, "newapp", app.Name)

  100. 	assert.Len(t, app.ClientID, 36)

  101. 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{Name: "newapp"})

  102. }

  103. 

  104. func TestOAuth2Application_TableName(t *testing.T) {

  105. 	assert.Equal(t, "oauth2_application", new(auth_model.OAuth2Application).TableName())

  106. }

  107. 

  108. func TestOAuth2Application_GetGrantByUserID(t *testing.T) {

  109. 	assert.NoError(t, unittest.PrepareTestDatabase())

  110. 	app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})

  111. 	grant, err := app.GetGrantByUserID(t.Context(), 1)

  112. 	assert.NoError(t, err)

  113. 	assert.Equal(t, int64(1), grant.UserID)

  114. 

  115. 	grant, err = app.GetGrantByUserID(t.Context(), 34923458)

  116. 	assert.NoError(t, err)

  117. 	assert.Nil(t, grant)

  118. }

  119. 

  120. func TestOAuth2Application_CreateGrant(t *testing.T) {

  121. 	assert.NoError(t, unittest.PrepareTestDatabase())

  122. 	app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})

  123. 	grant, err := app.CreateGrant(t.Context(), 2, "")

  124. 	assert.NoError(t, err)

  125. 	assert.NotNil(t, grant)

  126. 	assert.Equal(t, int64(2), grant.UserID)

  127. 	assert.Equal(t, int64(1), grant.ApplicationID)

  128. 	assert.Empty(t, grant.Scope)

  129. }

  130. 

  131. //////////////////// Grant

  132. 

  133. func TestGetOAuth2GrantByID(t *testing.T) {

  134. 	assert.NoError(t, unittest.PrepareTestDatabase())

  135. 	grant, err := auth_model.GetOAuth2GrantByID(t.Context(), 1)

  136. 	assert.NoError(t, err)

  137. 	assert.Equal(t, int64(1), grant.ID)

  138. 

  139. 	grant, err = auth_model.GetOAuth2GrantByID(t.Context(), 34923458)

  140. 	assert.NoError(t, err)

  141. 	assert.Nil(t, grant)

  142. }

  143. 

  144. func TestOAuth2Grant_IncreaseCounter(t *testing.T) {

  145. 	assert.NoError(t, unittest.PrepareTestDatabase())

  146. 	grant := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Grant{ID: 1, Counter: 1})

  147. 	assert.NoError(t, grant.IncreaseCounter(t.Context()))

  148. 	assert.Equal(t, int64(2), grant.Counter)

  149. 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Grant{ID: 1, Counter: 2})

  150. }

  151. 

  152. func TestOAuth2Grant_ScopeContains(t *testing.T) {

  153. 	assert.NoError(t, unittest.PrepareTestDatabase())

  154. 	grant := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Grant{ID: 1, Scope: "openid profile"})

  155. 	assert.True(t, grant.ScopeContains("openid"))

  156. 	assert.True(t, grant.ScopeContains("profile"))

  157. 	assert.False(t, grant.ScopeContains("profil"))

  158. 	assert.False(t, grant.ScopeContains("profile2"))

  159. }

  160. 

  161. func TestOAuth2Grant_GenerateNewAuthorizationCode(t *testing.T) {

  162. 	assert.NoError(t, unittest.PrepareTestDatabase())

  163. 	grant := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Grant{ID: 1})

  164. 	code, err := grant.GenerateNewAuthorizationCode(t.Context(), "https://example2.com/callback", "CjvyTLSdR47G5zYenDA-eDWW4lRrO8yvjcWwbD_deOg", "S256")

  165. 	assert.NoError(t, err)

  166. 	assert.NotNil(t, code)

  167. 	assert.Greater(t, len(code.Code), 32) // secret length > 32

  168. }

  169. 

  170. func TestOAuth2Grant_TableName(t *testing.T) {

  171. 	assert.Equal(t, "oauth2_grant", new(auth_model.OAuth2Grant).TableName())

  172. }

  173. 

  174. func TestGetOAuth2GrantsByUserID(t *testing.T) {

  175. 	assert.NoError(t, unittest.PrepareTestDatabase())

  176. 	result, err := auth_model.GetOAuth2GrantsByUserID(t.Context(), 1)

  177. 	assert.NoError(t, err)

  178. 	assert.Len(t, result, 1)

  179. 	assert.Equal(t, int64(1), result[0].ID)

  180. 	assert.Equal(t, result[0].ApplicationID, result[0].Application.ID)

  181. 

  182. 	result, err = auth_model.GetOAuth2GrantsByUserID(t.Context(), 34134)

  183. 	assert.NoError(t, err)

  184. 	assert.Empty(t, result)

  185. }

  186. 

  187. func TestRevokeOAuth2Grant(t *testing.T) {

  188. 	assert.NoError(t, unittest.PrepareTestDatabase())

  189. 	assert.NoError(t, auth_model.RevokeOAuth2Grant(t.Context(), 1, 1))

  190. 	unittest.AssertNotExistsBean(t, &auth_model.OAuth2Grant{ID: 1, UserID: 1})

  191. }

  192. 

  193. //////////////////// Authorization Code

  194. 

  195. func TestGetOAuth2AuthorizationByCode(t *testing.T) {

  196. 	assert.NoError(t, unittest.PrepareTestDatabase())

  197. 	code, err := auth_model.GetOAuth2AuthorizationByCode(t.Context(), "authcode")

  198. 	assert.NoError(t, err)

  199. 	assert.NotNil(t, code)

  200. 	assert.Equal(t, "authcode", code.Code)

  201. 	assert.Equal(t, int64(1), code.ID)

  202. 

  203. 	code, err = auth_model.GetOAuth2AuthorizationByCode(t.Context(), "does not exist")

  204. 	assert.NoError(t, err)

  205. 	assert.Nil(t, code)

  206. }

  207. 

  208. func TestOAuth2AuthorizationCode_ValidateCodeChallenge(t *testing.T) {

  209. 	// test plain

  210. 	code := &auth_model.OAuth2AuthorizationCode{

  211. 		CodeChallengeMethod: "plain",

  212. 		CodeChallenge:       "test123",

  213. 	}

  214. 	assert.True(t, code.ValidateCodeChallenge("test123"))

  215. 	assert.False(t, code.ValidateCodeChallenge("ierwgjoergjio"))

  216. 

  217. 	// test S256

  218. 	code = &auth_model.OAuth2AuthorizationCode{

  219. 		CodeChallengeMethod: "S256",

  220. 		CodeChallenge:       "CjvyTLSdR47G5zYenDA-eDWW4lRrO8yvjcWwbD_deOg",

  221. 	}

  222. 	assert.True(t, code.ValidateCodeChallenge("N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt"))

  223. 	assert.False(t, code.ValidateCodeChallenge("wiogjerogorewngoenrgoiuenorg"))

  224. 

  225. 	// test unknown

  226. 	code = &auth_model.OAuth2AuthorizationCode{

  227. 		CodeChallengeMethod: "monkey",

  228. 		CodeChallenge:       "foiwgjioriogeiogjerger",

  229. 	}

  230. 	assert.False(t, code.ValidateCodeChallenge("foiwgjioriogeiogjerger"))

  231. 

  232. 	// test no code challenge

  233. 	code = &auth_model.OAuth2AuthorizationCode{

  234. 		CodeChallengeMethod: "",

  235. 		CodeChallenge:       "foierjiogerogerg",

  236. 	}

  237. 	assert.True(t, code.ValidateCodeChallenge(""))

  238. }

  239. 

  240. func TestOAuth2AuthorizationCode_GenerateRedirectURI(t *testing.T) {

  241. 	code := &auth_model.OAuth2AuthorizationCode{

  242. 		RedirectURI: "https://example.com/callback",

  243. 		Code:        "thecode",

  244. 	}

  245. 

  246. 	redirect, err := code.GenerateRedirectURI("thestate")

  247. 	assert.NoError(t, err)

  248. 	assert.Equal(t, "https://example.com/callback?code=thecode&state=thestate", redirect.String())

  249. 

  250. 	redirect, err = code.GenerateRedirectURI("")

  251. 	assert.NoError(t, err)

  252. 	assert.Equal(t, "https://example.com/callback?code=thecode", redirect.String())

  253. }

  254. 

  255. func TestOAuth2AuthorizationCode_Invalidate(t *testing.T) {

  256. 	assert.NoError(t, unittest.PrepareTestDatabase())

  257. 	code := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2AuthorizationCode{Code: "authcode"})

  258. 	assert.NoError(t, code.Invalidate(t.Context()))

  259. 	unittest.AssertNotExistsBean(t, &auth_model.OAuth2AuthorizationCode{Code: "authcode"})

  260. }

  261. 

  262. func TestOAuth2AuthorizationCode_TableName(t *testing.T) {

  263. 	assert.Equal(t, "oauth2_authorization_code", new(auth_model.OAuth2AuthorizationCode).TableName())

  264. }