platform/packages/oauth2/test/auth_code_test.dart

import 'dart:async';
import 'dart:collection';
import 'dart:convert';
import 'package:angel3_framework/angel3_framework.dart';
import 'package:angel3_framework/http.dart';
import 'package:angel3_oauth2/angel3_oauth2.dart';
import 'package:angel3_test/angel3_test.dart';
import 'package:logging/logging.dart';
import 'package:oauth2/oauth2.dart' as oauth2;
import 'package:test/test.dart';
import 'package:uuid/uuid.dart';
import 'common.dart';

void main() {
  Angel app;
  late Uri authorizationEndpoint, tokenEndpoint, redirectUri;
  late TestClient testClient;

  setUp(() async {
    app = Angel();
    app.configuration['properties'] = app.configuration;
    app.container!.registerSingleton(AuthCodes());

    var server = _Server();

    app.group('/oauth2', (router) {
      router
        ..get('/authorize', server.authorizationEndpoint)
        ..post('/token', server.tokenEndpoint);
    });

    app.logger = Logger('angel')
      ..onRecord.listen((rec) {
        print(rec);
        if (rec.error != null) print(rec.error);
        if (rec.stackTrace != null) print(rec.stackTrace);
      });

    var http = AngelHttp(app);
    var s = await http.startServer();
    var url = 'http://${s.address.address}:${s.port}';
    authorizationEndpoint = Uri.parse('$url/oauth2/authorize');
    tokenEndpoint = Uri.parse('$url/oauth2/token');
    redirectUri = Uri.parse('http://foo.bar/baz');

    testClient = await connectTo(app);
  });

  tearDown(() async {
    await testClient.close();
  });

  group('auth code', () {
    oauth2.AuthorizationCodeGrant createGrant() =>
        oauth2.AuthorizationCodeGrant(
          pseudoApplication.id,
          authorizationEndpoint,
          tokenEndpoint,
          secret: pseudoApplication.secret,
        );

    test('show authorization form', () async {
      var grant = createGrant();
      var url = grant.getAuthorizationUrl(redirectUri, state: 'hello');
      var response = await testClient.client!.get(url);
      print('Body: ${response.body}');
      expect(
          response.body,
          json.encode(
              'Hello ${pseudoApplication.id}:${pseudoApplication.secret}'));
    });

    test('preserves state', () async {
      var grant = createGrant();
      var url = grant.getAuthorizationUrl(redirectUri, state: 'goodbye');
      var response = await testClient.client!.get(url);
      print('Body: ${response.body}');
      expect(json.decode(response.body)['state'], 'goodbye');
    });

    test('sends auth code', () async {
      var grant = createGrant();
      var url = grant.getAuthorizationUrl(redirectUri);
      var response = await testClient.client!.get(url);
      print('Body: ${response.body}');
      expect(
        json.decode(response.body),
        allOf(
          isMap,
          predicate((Map m) => m.containsKey('code'), 'contains "code"'),
        ),
      );
    });

    test('exchange code for token', () async {
      var grant = createGrant();
      var url = grant.getAuthorizationUrl(redirectUri);
      var response = await testClient.client!.get(url);
      print('Body: ${response.body}');

      var authCode = json.decode(response.body)['code'].toString();
      var client = await grant.handleAuthorizationCode(authCode);
      expect(client.credentials.accessToken, authCode + '_access');
    });

    test('can send refresh token', () async {
      var grant = createGrant();
      var url = grant.getAuthorizationUrl(redirectUri, state: 'can_refresh');
      var response = await testClient.client!.get(url);
      print('Body: ${response.body}');

      var authCode = json.decode(response.body)['code'].toString();
      var client = await grant.handleAuthorizationCode(authCode);
      expect(client.credentials.accessToken, authCode + '_access');
      expect(client.credentials.canRefresh, isTrue);
      expect(client.credentials.refreshToken, authCode + '_refresh');
    });
  });
}

class _Server extends AuthorizationServer<PseudoApplication, Map> {
  final Uuid _uuid = Uuid();

  @override
  FutureOr<PseudoApplication>? findClient(String? clientId) {
    return clientId == pseudoApplication.id ? pseudoApplication : null;
  }

  @override
  Future<bool> verifyClient(
      PseudoApplication client, String? clientSecret) async {
    return client.secret == clientSecret;
  }

  @override
  Future requestAuthorizationCode(
      PseudoApplication client,
      String? redirectUri,
      Iterable<String> scopes,
      String state,
      RequestContext req,
      ResponseContext res,
      bool implicit) async {
    if (implicit) {
      // Throw the default error on an implicit grant attempt.
      return super.requestAuthorizationCode(
          client, redirectUri, scopes, state, req, res, implicit);
    }

    if (state == 'hello') {
      return 'Hello ${pseudoApplication.id}:${pseudoApplication.secret}';
    }

    var authCode = _uuid.v4();
    var authCodes = req.container!.make<AuthCodes>()!;
    authCodes[authCode] = state;

    res.headers['content-type'] = 'application/json';
    var result = {'code': authCode};
    if (state.isNotEmpty == true) result['state'] = state;
    return result;
  }

  @override
  Future<AuthorizationTokenResponse> exchangeAuthorizationCodeForToken(
      PseudoApplication? client,
      String? authCode,
      String? redirectUri,
      RequestContext req,
      ResponseContext res) async {
    var authCodes = req.container!.make<AuthCodes>()!;
    var state = authCodes[authCode!];
    var refreshToken = state == 'can_refresh' ? '${authCode}_refresh' : null;
    return AuthorizationTokenResponse('${authCode}_access',
        refreshToken: refreshToken);
  }
}

class AuthCodes extends MapBase<String, String> with MapMixin<String, String> {
  var inner = <String, String>{};

  @override
  String? operator [](Object? key) => inner[key as String];

  @override
  void operator []=(String key, String value) => inner[key] = value;

  @override
  void clear() => inner.clear();

  @override
  Iterable<String> get keys => inner.keys;

  @override
  String? remove(Object? key) => inner.remove(key);
}
Need to work out tokens 2017-09-29 02:16:44 +00:00			`import 'dart:async';`
Angel 2 support 2018-11-08 15:32:36 +00:00			`import 'dart:collection';`
remove dart2constant 2018-11-08 15:34:49 +00:00			`import 'dart:convert';`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`import 'package:angel3_framework/angel3_framework.dart';`
			`import 'package:angel3_framework/http.dart';`
			`import 'package:angel3_oauth2/angel3_oauth2.dart';`
			`import 'package:angel3_test/angel3_test.dart';`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`import 'package:logging/logging.dart';`
			`import 'package:oauth2/oauth2.dart' as oauth2;`
			`import 'package:test/test.dart';`
			`import 'package:uuid/uuid.dart';`
			`import 'common.dart';`

Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`void main() {`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`Angel app;`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`late Uri authorizationEndpoint, tokenEndpoint, redirectUri;`
			`late TestClient testClient;`
Need to work out tokens 2017-09-29 02:16:44 +00:00
			`setUp(() async {`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`app = Angel();`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`app.configuration['properties'] = app.configuration;`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`app.container!.registerSingleton(AuthCodes());`
Need to work out tokens 2017-09-29 02:16:44 +00:00
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`var server = _Server();`
Need to work out tokens 2017-09-29 02:16:44 +00:00
			`app.group('/oauth2', (router) {`
			`router`
			`..get('/authorize', server.authorizationEndpoint)`
			`..post('/token', server.tokenEndpoint);`
			`});`

Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`app.logger = Logger('angel')`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`..onRecord.listen((rec) {`
			`print(rec);`
			`if (rec.error != null) print(rec.error);`
			`if (rec.stackTrace != null) print(rec.stackTrace);`
			`});`

Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`var http = AngelHttp(app);`
dart2_constant 2018-07-09 15:38:29 +00:00			`var s = await http.startServer();`
			`var url = 'http://${s.address.address}:${s.port}';`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`authorizationEndpoint = Uri.parse('$url/oauth2/authorize');`
			`tokenEndpoint = Uri.parse('$url/oauth2/token');`
			`redirectUri = Uri.parse('http://foo.bar/baz');`

			`testClient = await connectTo(app);`
			`});`

			`tearDown(() async {`
			`await testClient.close();`
			`});`

			`group('auth code', () {`
			`oauth2.AuthorizationCodeGrant createGrant() =>`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`oauth2.AuthorizationCodeGrant(`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`pseudoApplication.id,`
			`authorizationEndpoint,`
			`tokenEndpoint,`
			`secret: pseudoApplication.secret,`
			`);`

			`test('show authorization form', () async {`
			`var grant = createGrant();`
			`var url = grant.getAuthorizationUrl(redirectUri, state: 'hello');`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.client!.get(url);`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`print('Body: ${response.body}');`
			`expect(`
			`response.body,`
dart2_constant 2018-07-09 15:38:29 +00:00			`json.encode(`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`'Hello ${pseudoApplication.id}:${pseudoApplication.secret}'));`
			`});`

			`test('preserves state', () async {`
			`var grant = createGrant();`
			`var url = grant.getAuthorizationUrl(redirectUri, state: 'goodbye');`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.client!.get(url);`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`print('Body: ${response.body}');`
dart2_constant 2018-07-09 15:38:29 +00:00			`expect(json.decode(response.body)['state'], 'goodbye');`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`});`

			`test('sends auth code', () async {`
			`var grant = createGrant();`
			`var url = grant.getAuthorizationUrl(redirectUri);`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.client!.get(url);`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`print('Body: ${response.body}');`
			`expect(`
dart2_constant 2018-07-09 15:38:29 +00:00			`json.decode(response.body),`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`allOf(`
			`isMap,`
			`predicate((Map m) => m.containsKey('code'), 'contains "code"'),`
			`),`
			`);`
			`});`

			`test('exchange code for token', () async {`
			`var grant = createGrant();`
			`var url = grant.getAuthorizationUrl(redirectUri);`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.client!.get(url);`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`print('Body: ${response.body}');`

Angel 2 support 2018-11-08 15:32:36 +00:00			`var authCode = json.decode(response.body)['code'].toString();`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`var client = await grant.handleAuthorizationCode(authCode);`
			`expect(client.credentials.accessToken, authCode + '_access');`
			`});`

			`test('can send refresh token', () async {`
			`var grant = createGrant();`
			`var url = grant.getAuthorizationUrl(redirectUri, state: 'can_refresh');`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var response = await testClient.client!.get(url);`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`print('Body: ${response.body}');`

Angel 2 support 2018-11-08 15:32:36 +00:00			`var authCode = json.decode(response.body)['code'].toString();`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`var client = await grant.handleAuthorizationCode(authCode);`
			`expect(client.credentials.accessToken, authCode + '_access');`
			`expect(client.credentials.canRefresh, isTrue);`
			`expect(client.credentials.refreshToken, authCode + '_refresh');`
			`});`
			`});`
			`}`

All grants ready 2017-10-16 06:38:46 +00:00			`class _Server extends AuthorizationServer<PseudoApplication, Map> {`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`final Uuid _uuid = Uuid();`
Need to work out tokens 2017-09-29 02:16:44 +00:00
			`@override`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`FutureOr<PseudoApplication>? findClient(String? clientId) {`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`return clientId == pseudoApplication.id ? pseudoApplication : null;`
			`}`

			`@override`
			`Future<bool> verifyClient(`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`PseudoApplication client, String? clientSecret) async {`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`return client.secret == clientSecret;`
			`}`

			`@override`
All grants ready 2017-10-16 06:38:46 +00:00			`Future requestAuthorizationCode(`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`PseudoApplication client,`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`String? redirectUri,`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`Iterable<String> scopes,`
			`String state,`
			`RequestContext req,`
implicit 2019-05-03 07:24:24 +00:00			`ResponseContext res,`
			`bool implicit) async {`
			`if (implicit) {`
			`// Throw the default error on an implicit grant attempt.`
			`return super.requestAuthorizationCode(`
			`client, redirectUri, scopes, state, req, res, implicit);`
			`}`

Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`if (state == 'hello') {`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`return 'Hello ${pseudoApplication.id}:${pseudoApplication.secret}';`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`}`
Need to work out tokens 2017-09-29 02:16:44 +00:00
Publish 2.2.0 2019-05-02 07:31:02 +00:00			`var authCode = _uuid.v4();`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var authCodes = req.container!.make<AuthCodes>()!;`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`authCodes[authCode] = state;`

			`res.headers['content-type'] = 'application/json';`
			`var result = {'code': authCode};`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`if (state.isNotEmpty == true) result['state'] = state;`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`return result;`
			`}`

			`@override`
All grants ready 2017-10-16 06:38:46 +00:00			`Future<AuthorizationTokenResponse> exchangeAuthorizationCodeForToken(`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`PseudoApplication? client,`
			`String? authCode,`
			`String? redirectUri,`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`RequestContext req,`
			`ResponseContext res) async {`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`var authCodes = req.container!.make<AuthCodes>()!;`
			`var state = authCodes[authCode!];`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`var refreshToken = state == 'can_refresh' ? '${authCode}_refresh' : null;`
Bump to 2.2.0 2019-05-02 07:28:38 +00:00			`return AuthorizationTokenResponse('${authCode}_access',`
Need to work out tokens 2017-09-29 02:16:44 +00:00			`refreshToken: refreshToken);`
			`}`
			`}`
Angel 2 support 2018-11-08 15:32:36 +00:00
			`class AuthCodes extends MapBase<String, String> with MapMixin<String, String> {`
			`var inner = <String, String>{};`

			`@override`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`String? operator [](Object? key) => inner[key as String];`
Angel 2 support 2018-11-08 15:32:36 +00:00
			`@override`
			`void operator []=(String key, String value) => inner[key] = value;`

			`@override`
			`void clear() => inner.clear();`

			`@override`
			`Iterable<String> get keys => inner.keys;`

			`@override`
Published oauth2, cache, cors, auth_oauth2 2021-05-30 00:46:13 +00:00			`String? remove(Object? key) => inner.remove(key);`
Angel 2 support 2018-11-08 15:32:36 +00:00			`}`