Add token tests

2021-11-23 23:15:17 +01:00 · 2021-11-23 23:15:17 +01:00 · 965765f014
parent 0358fbbe8f
commit 965765f014
1 changed files with 96 additions and 56 deletions
--- a/indieAuthServer_test.go
+++ b/indieAuthServer_test.go
@ -1,6 +1,7 @@
 package main

 import (
+	"context"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@ -13,6 +14,7 @@ import (
 	"github.com/hacdias/indieauth"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/oauth2"
 )

 func Test_indieAuthServer(t *testing.T) {
@ -79,6 +81,8 @@ func Test_indieAuthServer(t *testing.T) {
 		assert.Equal(t, "https://example.org/indieauth/token", endpoints.Token)
 	}

+	for _, test := range []int{1, 2} {
+
 		authinfo, redirect, err := iac.Authenticate("https://example.org/", "create")
 		require.NoError(t, err)
 		assert.NotNil(t, authinfo)
@ -134,11 +138,47 @@ func Test_indieAuthServer(t *testing.T) {
 		require.NoError(t, err)
 		assert.NotEmpty(t, code)

+		if test == 1 {
+
 			profile, err := iac.FetchProfile(authinfo, code)
 			require.NoError(t, err)
 			assert.NotNil(t, profile)
 			assert.Equal(t, "https://example.org/", profile.Me)

-	// TODO: Somehow test token endpoint. I can't find a to change the round tripper of the oauth2 http.Client.
+		} else if test == 2 {
+
+			o := iac.GetOAuth2(&authinfo.Endpoints)
+			ctx := context.WithValue(context.Background(), oauth2.HTTPClient, iac.Client)
+			token, err := o.Exchange(
+				ctx,
+				code,
+				oauth2.SetAuthURLParam("client_id", iac.ClientID),
+				oauth2.SetAuthURLParam("code_verifier", authinfo.CodeVerifier),
+			)
+			require.NoError(t, err)
+			assert.NotNil(t, token)
+			assert.NotEqual(t, "", token.AccessToken)
+
+			rec = httptest.NewRecorder()
+			req = httptest.NewRequest(http.MethodGet, "https://example.org/indieauth/token", nil)
+			req.Header.Set("Authorization", "Bearer "+token.AccessToken)
+			app.d.ServeHTTP(rec, req)
+			assert.Equal(t, http.StatusOK, rec.Code)
+
+			rec = httptest.NewRecorder()
+			req = httptest.NewRequest(http.MethodPost, "https://example.org/indieauth/token?action=revoke&token="+token.AccessToken, nil)
+			req.Header.Set("Authorization", "Bearer "+token.AccessToken)
+			app.d.ServeHTTP(rec, req)
+			assert.Equal(t, http.StatusOK, rec.Code)
+
+			rec = httptest.NewRecorder()
+			req = httptest.NewRequest(http.MethodGet, "https://example.org/indieauth/token", nil)
+			req.Header.Set("Authorization", "Bearer "+token.AccessToken)
+			app.d.ServeHTTP(rec, req)
+			assert.Equal(t, http.StatusUnauthorized, rec.Code)
+
+		}
+
+	}

 }