2017-10-16 06:38:46 +00:00
|
|
|
import 'dart:async';
|
2018-11-08 15:34:49 +00:00
|
|
|
import 'dart:convert';
|
2017-10-16 06:38:46 +00:00
|
|
|
import 'package:angel_framework/angel_framework.dart';
|
|
|
|
|
import 'package:angel_test/angel_test.dart';
|
|
|
|
|
import 'package:angel_oauth2/angel_oauth2.dart';
|
|
|
|
|
import 'package:angel_validate/angel_validate.dart';
|
|
|
|
|
import 'package:test/test.dart';
|
|
|
|
|
import 'common.dart';
|
|
|
|
|
|
|
|
|
|
main() {
|
|
|
|
|
TestClient client;
|
|
|
|
|
|
|
|
|
|
setUp(() async {
|
2019-05-02 07:28:38 +00:00
|
|
|
var app = Angel();
|
|
|
|
|
var oauth2 = _AuthorizationServer();
|
2017-10-16 06:38:46 +00:00
|
|
|
|
|
|
|
|
app.group('/oauth2', (router) {
|
|
|
|
|
router
|
|
|
|
|
..get('/authorize', oauth2.authorizationEndpoint)
|
|
|
|
|
..post('/token', oauth2.tokenEndpoint);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
app.errorHandler = (e, req, res) async {
|
|
|
|
|
res.json(e.toJson());
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
client = await connectTo(app);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
tearDown(() => client.close());
|
|
|
|
|
|
|
|
|
|
test('authenticate via client credentials', () async {
|
|
|
|
|
var response = await client.post(
|
|
|
|
|
'/oauth2/token',
|
|
|
|
|
headers: {
|
2018-07-09 15:38:29 +00:00
|
|
|
'Authorization': 'Basic ' + base64Url.encode('foo:bar'.codeUnits),
|
2017-10-16 06:38:46 +00:00
|
|
|
},
|
|
|
|
|
body: {
|
|
|
|
|
'grant_type': 'client_credentials',
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
print('Response: ${response.body}');
|
|
|
|
|
|
2018-11-08 15:32:36 +00:00
|
|
|
expect(
|
|
|
|
|
response,
|
|
|
|
|
allOf(
|
|
|
|
|
hasStatus(200),
|
|
|
|
|
hasContentType('application/json'),
|
2019-05-02 07:28:38 +00:00
|
|
|
hasValidBody(Validator({
|
2018-11-08 15:32:36 +00:00
|
|
|
'token_type': equals('bearer'),
|
|
|
|
|
'access_token': equals('foo'),
|
|
|
|
|
})),
|
|
|
|
|
));
|
2017-10-16 06:38:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('force correct id', () async {
|
|
|
|
|
var response = await client.post(
|
|
|
|
|
'/oauth2/token',
|
|
|
|
|
headers: {
|
2018-07-09 15:38:29 +00:00
|
|
|
'Authorization': 'Basic ' + base64Url.encode('fooa:bar'.codeUnits),
|
2017-10-16 06:38:46 +00:00
|
|
|
},
|
|
|
|
|
body: {
|
|
|
|
|
'grant_type': 'client_credentials',
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
print('Response: ${response.body}');
|
2017-10-16 16:52:12 +00:00
|
|
|
expect(response, hasStatus(400));
|
2017-10-16 06:38:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('force correct secret', () async {
|
|
|
|
|
var response = await client.post(
|
|
|
|
|
'/oauth2/token',
|
|
|
|
|
headers: {
|
2018-07-09 15:38:29 +00:00
|
|
|
'Authorization': 'Basic ' + base64Url.encode('foo:bara'.codeUnits),
|
2017-10-16 06:38:46 +00:00
|
|
|
},
|
|
|
|
|
body: {
|
|
|
|
|
'grant_type': 'client_credentials',
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
print('Response: ${response.body}');
|
2017-10-16 16:52:12 +00:00
|
|
|
expect(response, hasStatus(400));
|
2017-10-16 06:38:46 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class _AuthorizationServer
|
|
|
|
|
extends AuthorizationServer<PseudoApplication, PseudoUser> {
|
|
|
|
|
@override
|
|
|
|
|
PseudoApplication findClient(String clientId) {
|
|
|
|
|
return clientId == pseudoApplication.id ? pseudoApplication : null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@override
|
|
|
|
|
Future<bool> verifyClient(
|
|
|
|
|
PseudoApplication client, String clientSecret) async {
|
|
|
|
|
return client.secret == clientSecret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@override
|
|
|
|
|
Future<AuthorizationTokenResponse> clientCredentialsGrant(
|
|
|
|
|
PseudoApplication client, RequestContext req, ResponseContext res) async {
|
2019-05-02 07:28:38 +00:00
|
|
|
return AuthorizationTokenResponse('foo');
|
2017-10-16 06:38:46 +00:00
|
|
|
}
|
|
|
|
|
}
|
