diff options
Diffstat (limited to 'api4/oauth_test.go')
-rw-r--r-- | api4/oauth_test.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/api4/oauth_test.go b/api4/oauth_test.go index 5415e485e..cac40e442 100644 --- a/api4/oauth_test.go +++ b/api4/oauth_test.go @@ -13,6 +13,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/mattermost/mattermost-server/einterfaces" "github.com/mattermost/mattermost-server/model" @@ -665,6 +666,7 @@ func TestAuthorizeOAuthApp(t *testing.T) { State: "123", } + // Test auth code flow ruri, resp := Client.AuthorizeOAuthApp(authRequest) CheckNoError(t, resp) @@ -684,6 +686,26 @@ func TestAuthorizeOAuthApp(t *testing.T) { } } + // Test implicit flow + authRequest.ResponseType = model.IMPLICIT_RESPONSE_TYPE + ruri, resp = Client.AuthorizeOAuthApp(authRequest) + CheckNoError(t, resp) + require.False(t, len(ruri) == 0, "redirect url should be set") + + ru, _ = url.Parse(ruri) + require.NotNil(t, ru, "redirect url unparseable") + values, err := url.ParseQuery(ru.Fragment) + require.Nil(t, err) + assert.False(t, len(values.Get("access_token")) == 0, "access_token not returned") + assert.Equal(t, authRequest.State, values.Get("state"), "returned state doesn't match") + + oldToken := Client.AuthToken + Client.AuthToken = values.Get("access_token") + _, resp = Client.AuthorizeOAuthApp(authRequest) + CheckForbiddenStatus(t, resp) + + Client.AuthToken = oldToken + authRequest.RedirectUri = "" _, resp = Client.AuthorizeOAuthApp(authRequest) CheckBadRequestStatus(t, resp) |