platform/packages/oauth2/test/pkce_test.dart

import 'dart:async';
import 'dart:collection';
import 'package:angel3_container/mirrors.dart';
import 'package:angel3_framework/angel3_framework.dart';
import 'package:angel3_framework/http.dart';
import 'package:angel3_oauth2/angel3_oauth2.dart';
import 'package:angel3_test/angel3_test.dart';
import 'package:logging/logging.dart';
import 'package:test/test.dart';
import 'common.dart';

void main() {
  Angel app;
  late Uri authorizationEndpoint, tokenEndpoint;
  late TestClient testClient;

  setUp(() async {
    app = Angel(reflector: MirrorsReflector());
    app.container.registerSingleton(AuthCodes());

    var server = _Server();

    app.group('/oauth2', (router) {
      router
        ..get('/authorize', server.authorizationEndpoint)
        ..post('/token', server.tokenEndpoint);
    });

    app.logger = Logger('angel')
      ..onRecord.listen((rec) {
        print(rec);
        if (rec.error != null) print(rec.error);
        if (rec.stackTrace != null) print(rec.stackTrace);
      });

    var http = AngelHttp(app);
    var s = await http.startServer();
    var url = 'http://${s.address.address}:${s.port}';
    authorizationEndpoint = Uri.parse('$url/oauth2/authorize');
    tokenEndpoint = Uri.parse('$url/oauth2/token');

    testClient = await connectTo(app);
  });

  tearDown(() async {
    await testClient.close();
  });

  group('get auth code', () {
    test('with challenge + implied plain', () async {
      var url = authorizationEndpoint.replace(queryParameters: {
        'response_type': 'code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry',
        'code_challenge': 'foo',
      });
      var response =
          await testClient.get(url, headers: {'accept': 'application/json'});
      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(200),
            isJson({'code': 'ok'}),
          ));
    });

    test('with challenge + plain', () async {
      var url = authorizationEndpoint.replace(queryParameters: {
        'response_type': 'code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry',
        'code_challenge': 'foo',
        'code_challenge_method': 'plain',
      });
      var response =
          await testClient.get(url, headers: {'accept': 'application/json'});
      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(200),
            isJson({'code': 'ok'}),
          ));
    });

    test('with challenge + s256', () async {
      var url = authorizationEndpoint.replace(queryParameters: {
        'response_type': 'code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry',
        'code_challenge': 'foo',
        'code_challenge_method': 's256',
      });
      var response =
          await testClient.get(url, headers: {'accept': 'application/json'});
      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(200),
            isJson({'code': 'ok'}),
          ));
    });

    test('with challenge + wrong method', () async {
      var url = authorizationEndpoint.replace(queryParameters: {
        'response_type': 'code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry',
        'code_challenge': 'foo',
        'code_challenge_method': 'bar',
      });
      var response =
          await testClient.get(url, headers: {'accept': 'application/json'});
      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(400),
            isJson({
              'error': 'invalid_request',
              'error_description':
                  "The `code_challenge_method` parameter must be either 'plain' or 's256'."
            }),
          ));
    });

    test('with no challenge', () async {
      var url = authorizationEndpoint.replace(queryParameters: {
        'response_type': 'code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry'
      });
      var response =
          await testClient.get(url, headers: {'accept': 'application/json'});
      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(400),
            isJson({
              'error': 'invalid_request',
              'error_description': 'Missing `code_challenge` parameter.'
            }),
          ));
    });
  });

  group('get token', () {
    test('with correct verifier', () async {
      var url = tokenEndpoint.replace(
          userInfo: '${pseudoApplication.id}:${pseudoApplication.secret}');
      var response = await testClient.post(url, headers: {
        'accept': 'application/json',
        // 'authorization': 'Basic ' + base64Url.encode(ascii.encode(url.userInfo))
      }, body: {
        'grant_type': 'authorization_code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry',
        'code': 'ok',
        'code_verifier': 'hello',
      });

      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(200),
            isJson({'token_type': 'bearer', 'access_token': 'yes'}),
          ));
    });
    test('with incorrect verifier', () async {
      var url = tokenEndpoint.replace(
          userInfo: '${pseudoApplication.id}:${pseudoApplication.secret}');
      var response = await testClient.post(url, headers: {
        'accept': 'application/json',
        // 'authorization': 'Basic ' + base64Url.encode(ascii.encode(url.userInfo))
      }, body: {
        'grant_type': 'authorization_code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry',
        'code': 'ok',
        'code_verifier': 'foo',
      });

      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(400),
            isJson({
              'error': 'invalid_grant',
              'error_description':
                  'The given `code_verifier` parameter is invalid.'
            }),
          ));
    });

    test('with missing verifier', () async {
      var url = tokenEndpoint.replace(
          userInfo: '${pseudoApplication.id}:${pseudoApplication.secret}');
      var response = await testClient.post(url, headers: {
        'accept': 'application/json',
        // 'authorization': 'Basic ' + base64Url.encode(ascii.encode(url.userInfo))
      }, body: {
        'grant_type': 'authorization_code',
        'client_id': 'freddie mercury',
        'redirect_uri': 'https://freddie.mercu.ry',
        'code': 'ok'
      });

      print(response.body);
      expect(
          response,
          allOf(
            hasStatus(400),
            isJson({
              'error': 'invalid_request',
              'error_description': 'Missing `code_verifier` parameter.'
            }),
          ));
    });
  });
}

class _Server extends AuthorizationServer<PseudoApplication, Map> {
  @override
  FutureOr<PseudoApplication> findClient(String? clientId) {
    return pseudoApplication;
  }

  @override
  Future<bool> verifyClient(
      PseudoApplication client, String? clientSecret) async {
    return client.secret == clientSecret;
  }

  @override
  Future requestAuthorizationCode(
      PseudoApplication client,
      String? redirectUri,
      Iterable<String> scopes,
      String state,
      RequestContext req,
      ResponseContext res,
      bool implicit) async {
    req.container!.make<Pkce>();
    return {'code': 'ok'};
  }

  @override
  Future<AuthorizationTokenResponse> exchangeAuthorizationCodeForToken(
      PseudoApplication? client,
      String? authCode,
      String? redirectUri,
      RequestContext req,
      ResponseContext res) async {
    var codeVerifier = await getPkceCodeVerifier(req);
    var pkce = Pkce('plain', 'hello');
    pkce.validate(codeVerifier);
    return AuthorizationTokenResponse('yes');
  }
}

class AuthCodes with MapMixin<String, String> {
  var inner = <String, String>{};

  @override
  String? operator [](Object? key) => inner[key as String];

  @override
  void operator []=(String key, String value) => inner[key] = value;

  @override
  void clear() => inner.clear();

  @override
  Iterable<String> get keys => inner.keys;

  @override
  String? remove(Object? key) => inner.remove(key);
}
add example 2018-12-15 08:39:04 +00:00			`import 'dart:async';`
			`import 'dart:collection';`
Updated logo 2023-10-08 03:29:28 +00:00			`import 'package:angel3_container/mirrors.dart';`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`import 'package:angel3_framework/angel3_framework.dart';`
			`import 'package:angel3_framework/http.dart';`
			`import 'package:angel3_oauth2/angel3_oauth2.dart';`
			`import 'package:angel3_test/angel3_test.dart';`
add example 2018-12-15 08:39:04 +00:00			`import 'package:logging/logging.dart';`
			`import 'package:test/test.dart';`
			`import 'common.dart';`

Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`void main() {`
add example 2018-12-15 08:39:04 +00:00			`Angel app;`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`late Uri authorizationEndpoint, tokenEndpoint;`
			`late TestClient testClient;`
add example 2018-12-15 08:39:04 +00:00
			`setUp(() async {`
Updated logo 2023-10-08 03:29:28 +00:00			`app = Angel(reflector: MirrorsReflector());`
Fixed http exception error 2022-04-25 00:54:13 +00:00			`app.container.registerSingleton(AuthCodes());`
add example 2018-12-15 08:39:04 +00:00
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`var server = _Server();`
add example 2018-12-15 08:39:04 +00:00
			`app.group('/oauth2', (router) {`
			`router`
			`..get('/authorize', server.authorizationEndpoint)`
			`..post('/token', server.tokenEndpoint);`
			`});`

Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`app.logger = Logger('angel')`
add example 2018-12-15 08:39:04 +00:00			`..onRecord.listen((rec) {`
			`print(rec);`
			`if (rec.error != null) print(rec.error);`
			`if (rec.stackTrace != null) print(rec.stackTrace);`
			`});`

Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`var http = AngelHttp(app);`
add example 2018-12-15 08:39:04 +00:00			`var s = await http.startServer();`
			`var url = 'http://${s.address.address}:${s.port}';`
			`authorizationEndpoint = Uri.parse('$url/oauth2/authorize');`
			`tokenEndpoint = Uri.parse('$url/oauth2/token');`

			`testClient = await connectTo(app);`
			`});`

			`tearDown(() async {`
			`await testClient.close();`
			`});`

			`group('get auth code', () {`
			`test('with challenge + implied plain', () async {`
			`var url = authorizationEndpoint.replace(queryParameters: {`
			`'response_type': 'code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry',`
			`'code_challenge': 'foo',`
			`});`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response =`
			`await testClient.get(url, headers: {'accept': 'application/json'});`
add example 2018-12-15 08:39:04 +00:00			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(200),`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`isJson({'code': 'ok'}),`
add example 2018-12-15 08:39:04 +00:00			`));`
			`});`

			`test('with challenge + plain', () async {`
			`var url = authorizationEndpoint.replace(queryParameters: {`
			`'response_type': 'code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry',`
			`'code_challenge': 'foo',`
			`'code_challenge_method': 'plain',`
			`});`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response =`
			`await testClient.get(url, headers: {'accept': 'application/json'});`
add example 2018-12-15 08:39:04 +00:00			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(200),`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`isJson({'code': 'ok'}),`
add example 2018-12-15 08:39:04 +00:00			`));`
			`});`

			`test('with challenge + s256', () async {`
			`var url = authorizationEndpoint.replace(queryParameters: {`
			`'response_type': 'code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry',`
			`'code_challenge': 'foo',`
			`'code_challenge_method': 's256',`
			`});`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response =`
			`await testClient.get(url, headers: {'accept': 'application/json'});`
add example 2018-12-15 08:39:04 +00:00			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(200),`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`isJson({'code': 'ok'}),`
add example 2018-12-15 08:39:04 +00:00			`));`
			`});`

			`test('with challenge + wrong method', () async {`
			`var url = authorizationEndpoint.replace(queryParameters: {`
			`'response_type': 'code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry',`
			`'code_challenge': 'foo',`
			`'code_challenge_method': 'bar',`
			`});`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response =`
			`await testClient.get(url, headers: {'accept': 'application/json'});`
add example 2018-12-15 08:39:04 +00:00			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(400),`
			`isJson({`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`'error': 'invalid_request',`
			`'error_description':`
add example 2018-12-15 08:39:04 +00:00			"The `code_challenge_method` parameter must be either 'plain' or 's256'."
			`}),`
			`));`
			`});`

			`test('with no challenge', () async {`
			`var url = authorizationEndpoint.replace(queryParameters: {`
			`'response_type': 'code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry'`
			`});`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response =`
			`await testClient.get(url, headers: {'accept': 'application/json'});`
add example 2018-12-15 08:39:04 +00:00			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(400),`
			`isJson({`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`'error': 'invalid_request',`
			'error_description': 'Missing `code_challenge` parameter.'
add example 2018-12-15 08:39:04 +00:00			`}),`
			`));`
			`});`
			`});`

			`group('get token', () {`
			`test('with correct verifier', () async {`
			`var url = tokenEndpoint.replace(`
			`userInfo: '${pseudoApplication.id}:${pseudoApplication.secret}');`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.post(url, headers: {`
add example 2018-12-15 08:39:04 +00:00			`'accept': 'application/json',`
Fix PKCE test 2019-05-03 07:29:59 +00:00			`// 'authorization': 'Basic ' + base64Url.encode(ascii.encode(url.userInfo))`
add example 2018-12-15 08:39:04 +00:00			`}, body: {`
			`'grant_type': 'authorization_code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry',`
			`'code': 'ok',`
			`'code_verifier': 'hello',`
			`});`

			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(200),`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`isJson({'token_type': 'bearer', 'access_token': 'yes'}),`
add example 2018-12-15 08:39:04 +00:00			`));`
			`});`
			`test('with incorrect verifier', () async {`
			`var url = tokenEndpoint.replace(`
			`userInfo: '${pseudoApplication.id}:${pseudoApplication.secret}');`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.post(url, headers: {`
add example 2018-12-15 08:39:04 +00:00			`'accept': 'application/json',`
Fix PKCE test 2019-05-03 07:29:59 +00:00			`// 'authorization': 'Basic ' + base64Url.encode(ascii.encode(url.userInfo))`
add example 2018-12-15 08:39:04 +00:00			`}, body: {`
			`'grant_type': 'authorization_code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry',`
			`'code': 'ok',`
			`'code_verifier': 'foo',`
			`});`

			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(400),`
			`isJson({`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`'error': 'invalid_grant',`
			`'error_description':`
			'The given `code_verifier` parameter is invalid.'
add example 2018-12-15 08:39:04 +00:00			`}),`
			`));`
			`});`

			`test('with missing verifier', () async {`
			`var url = tokenEndpoint.replace(`
			`userInfo: '${pseudoApplication.id}:${pseudoApplication.secret}');`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.post(url, headers: {`
add example 2018-12-15 08:39:04 +00:00			`'accept': 'application/json',`
Fix PKCE test 2019-05-03 07:29:59 +00:00			`// 'authorization': 'Basic ' + base64Url.encode(ascii.encode(url.userInfo))`
add example 2018-12-15 08:39:04 +00:00			`}, body: {`
			`'grant_type': 'authorization_code',`
			`'client_id': 'freddie mercury',`
			`'redirect_uri': 'https://freddie.mercu.ry',`
			`'code': 'ok'`
			`});`

			`print(response.body);`
			`expect(`
			`response,`
			`allOf(`
			`hasStatus(400),`
			`isJson({`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`'error': 'invalid_request',`
			'error_description': 'Missing `code_verifier` parameter.'
add example 2018-12-15 08:39:04 +00:00			`}),`
			`));`
			`});`
			`});`
			`}`

			`class _Server extends AuthorizationServer<PseudoApplication, Map> {`
			`@override`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`FutureOr<PseudoApplication> findClient(String? clientId) {`
add example 2018-12-15 08:39:04 +00:00			`return pseudoApplication;`
			`}`

			`@override`
			`Future<bool> verifyClient(`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`PseudoApplication client, String? clientSecret) async {`
add example 2018-12-15 08:39:04 +00:00			`return client.secret == clientSecret;`
			`}`

			`@override`
			`Future requestAuthorizationCode(`
			`PseudoApplication client,`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`String? redirectUri,`
add example 2018-12-15 08:39:04 +00:00			`Iterable<String> scopes,`
			`String state,`
			`RequestContext req,`
implicit 2019-05-03 07:24:24 +00:00			`ResponseContext res,`
			`bool implicit) async {`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`req.container!.make<Pkce>();`
add example 2018-12-15 08:39:04 +00:00			`return {'code': 'ok'};`
			`}`

			`@override`
			`Future<AuthorizationTokenResponse> exchangeAuthorizationCodeForToken(`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`PseudoApplication? client,`
			`String? authCode,`
			`String? redirectUri,`
add example 2018-12-15 08:39:04 +00:00			`RequestContext req,`
			`ResponseContext res) async {`
			`var codeVerifier = await getPkceCodeVerifier(req);`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`var pkce = Pkce('plain', 'hello');`
add example 2018-12-15 08:39:04 +00:00			`pkce.validate(codeVerifier);`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`return AuthorizationTokenResponse('yes');`
add example 2018-12-15 08:39:04 +00:00			`}`
			`}`

Updated oauth 2023-05-27 01:33:53 +00:00			`class AuthCodes with MapMixin<String, String> {`
add example 2018-12-15 08:39:04 +00:00			`var inner = <String, String>{};`

			`@override`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`String? operator [](Object? key) => inner[key as String];`
add example 2018-12-15 08:39:04 +00:00
			`@override`
			`void operator []=(String key, String value) => inner[key] = value;`

			`@override`
			`void clear() => inner.clear();`

			`@override`
			`Iterable<String> get keys => inner.keys;`

			`@override`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`String? remove(Object? key) => inner.remove(key);`
add example 2018-12-15 08:39:04 +00:00			`}`