From 5bc3cea6fe4a909735753692d0c4cd960e8ab516 Mon Sep 17 00:00:00 2001
From: enahum <nahumhbl@gmail.com>
Date: Wed, 3 Aug 2016 12:19:27 -0500
Subject: PLT-3484 OAuth2 Service Provider (#3632)

* PLT-3484 OAuth2 Service Provider

* PM text review for OAuth 2.0 Service Provider

* PLT-3484 OAuth2 Service Provider UI tweaks (#3668)

* Tweaks to help text

* Pushing OAuth improvements (#3680)

* Re-arrange System Console for OAuth 2.0 Provider
---
 web/web_test.go | 185 ++++++++++++++++++++++++++++----------------------------
 1 file changed, 94 insertions(+), 91 deletions(-)

(limited to 'web/web_test.go')

diff --git a/web/web_test.go b/web/web_test.go
index 40eba5ff2..5f74430fa 100644
--- a/web/web_test.go
+++ b/web/web_test.go
@@ -72,122 +72,125 @@ func TestGetAccessToken(t *testing.T) {
 
 	app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
 
-	if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
-		data := url.Values{"grant_type": []string{"junk"}, "client_id": []string{"12345678901234567890123456"}, "client_secret": []string{"12345678901234567890123456"}, "code": []string{"junk"}, "redirect_uri": []string{app.CallbackUrls[0]}}
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+	data := url.Values{"grant_type": []string{"junk"}, "client_id": []string{"12345678901234567890123456"}, "client_secret": []string{"12345678901234567890123456"}, "code": []string{"junk"}, "redirect_uri": []string{app.CallbackUrls[0]}}
 
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - oauth providing turned off")
-		}
-	} else {
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - oauth providing turned off")
+	}
+	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
 
-		ApiClient.Must(ApiClient.LoginById(ruser.Id, "passwd1"))
-		ApiClient.SetTeamId(rteam.Data.(*model.Team).Id)
-		app = ApiClient.Must(ApiClient.RegisterApp(app)).Data.(*model.OAuthApp)
+	ApiClient.Must(ApiClient.LoginById(ruser.Id, "passwd1"))
+	ApiClient.SetTeamId(rteam.Data.(*model.Team).Id)
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+	app = ApiClient.Must(ApiClient.RegisterApp(app)).Data.(*model.OAuthApp)
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
 
-		redirect := ApiClient.Must(ApiClient.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", "123")).Data.(map[string]string)["redirect"]
-		rurl, _ := url.Parse(redirect)
+	redirect := ApiClient.Must(ApiClient.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", "123")).Data.(map[string]string)["redirect"]
+	rurl, _ := url.Parse(redirect)
 
-		ApiClient.Logout()
+	teamId := rteam.Data.(*model.Team).Id
 
-		data := url.Values{"grant_type": []string{"junk"}, "client_id": []string{app.Id}, "client_secret": []string{app.ClientSecret}, "code": []string{rurl.Query().Get("code")}, "redirect_uri": []string{app.CallbackUrls[0]}}
+	ApiClient.Logout()
 
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad grant type")
-		}
+	data = url.Values{"grant_type": []string{"junk"}, "client_id": []string{app.Id}, "client_secret": []string{app.ClientSecret}, "code": []string{rurl.Query().Get("code")}, "redirect_uri": []string{app.CallbackUrls[0]}}
 
-		data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
-		data.Set("client_id", "")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - missing client id")
-		}
-		data.Set("client_id", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad client id")
-		}
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad grant type")
+	}
 
-		data.Set("client_id", app.Id)
-		data.Set("client_secret", "")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - missing client secret")
-		}
+	data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
+	data.Set("client_id", "")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - missing client id")
+	}
+	data.Set("client_id", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad client id")
+	}
 
-		data.Set("client_secret", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad client secret")
-		}
+	data.Set("client_id", app.Id)
+	data.Set("client_secret", "")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - missing client secret")
+	}
 
-		data.Set("client_secret", app.ClientSecret)
-		data.Set("code", "")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - missing code")
-		}
+	data.Set("client_secret", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad client secret")
+	}
 
-		data.Set("code", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - bad code")
-		}
+	data.Set("client_secret", app.ClientSecret)
+	data.Set("code", "")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - missing code")
+	}
 
-		data.Set("code", rurl.Query().Get("code"))
-		data.Set("redirect_uri", "junk")
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - non-matching redirect uri")
-		}
+	data.Set("code", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - bad code")
+	}
 
-		// reset data for successful request
-		data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
-		data.Set("client_id", app.Id)
-		data.Set("client_secret", app.ClientSecret)
-		data.Set("code", rurl.Query().Get("code"))
-		data.Set("redirect_uri", app.CallbackUrls[0])
+	data.Set("code", rurl.Query().Get("code"))
+	data.Set("redirect_uri", "junk")
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - non-matching redirect uri")
+	}
 
-		token := ""
-		if result, err := ApiClient.GetAccessToken(data); err != nil {
-			t.Fatal(err)
-		} else {
-			rsp := result.Data.(*model.AccessResponse)
-			if len(rsp.AccessToken) == 0 {
-				t.Fatal("access token not returned")
-			} else {
-				token = rsp.AccessToken
-			}
-			if rsp.TokenType != model.ACCESS_TOKEN_TYPE {
-				t.Fatal("access token type incorrect")
-			}
-		}
+	// reset data for successful request
+	data.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
+	data.Set("client_id", app.Id)
+	data.Set("client_secret", app.ClientSecret)
+	data.Set("code", rurl.Query().Get("code"))
+	data.Set("redirect_uri", app.CallbackUrls[0])
 
-		if result, err := ApiClient.DoApiGet("/users/profiles?access_token="+token, "", ""); err != nil {
-			t.Fatal(err)
+	token := ""
+	if result, err := ApiClient.GetAccessToken(data); err != nil {
+		t.Fatal(err)
+	} else {
+		rsp := result.Data.(*model.AccessResponse)
+		if len(rsp.AccessToken) == 0 {
+			t.Fatal("access token not returned")
 		} else {
-			userMap := model.UserMapFromJson(result.Body)
-			if len(userMap) == 0 {
-				t.Fatal("user map empty - did not get results correctly")
-			}
+			token = rsp.AccessToken
 		}
-
-		if _, err := ApiClient.DoApiGet("/users/profiles", "", ""); err == nil {
-			t.Fatal("should have failed - no access token provided")
+		if rsp.TokenType != model.ACCESS_TOKEN_TYPE {
+			t.Fatal("access token type incorrect")
 		}
+	}
 
-		if _, err := ApiClient.DoApiGet("/users/profiles?access_token=junk", "", ""); err == nil {
-			t.Fatal("should have failed - bad access token provided")
+	if result, err := ApiClient.DoApiGet("/users/profiles/"+teamId+"?access_token="+token, "", ""); err != nil {
+		t.Fatal(err)
+	} else {
+		userMap := model.UserMapFromJson(result.Body)
+		if len(userMap) == 0 {
+			t.Fatal("user map empty - did not get results correctly")
 		}
+	}
 
-		ApiClient.SetOAuthToken(token)
-		if result, err := ApiClient.DoApiGet("/users/profiles", "", ""); err != nil {
-			t.Fatal(err)
-		} else {
-			userMap := model.UserMapFromJson(result.Body)
-			if len(userMap) == 0 {
-				t.Fatal("user map empty - did not get results correctly")
-			}
-		}
+	if _, err := ApiClient.DoApiGet("/users/profiles/"+teamId, "", ""); err == nil {
+		t.Fatal("should have failed - no access token provided")
+	}
 
-		if _, err := ApiClient.GetAccessToken(data); err == nil {
-			t.Fatal("should have failed - tried to reuse auth code")
+	if _, err := ApiClient.DoApiGet("/users/profiles/"+teamId+"?access_token=junk", "", ""); err == nil {
+		t.Fatal("should have failed - bad access token provided")
+	}
+
+	ApiClient.SetOAuthToken(token)
+	if result, err := ApiClient.DoApiGet("/users/profiles/"+teamId, "", ""); err != nil {
+		t.Fatal(err)
+	} else {
+		userMap := model.UserMapFromJson(result.Body)
+		if len(userMap) == 0 {
+			t.Fatal("user map empty - did not get results correctly")
 		}
+	}
 
-		ApiClient.ClearOAuthToken()
+	if _, err := ApiClient.GetAccessToken(data); err == nil {
+		t.Fatal("should have failed - tried to reuse auth code")
 	}
+
+	ApiClient.ClearOAuthToken()
 }
 
 func TestIncomingWebhook(t *testing.T) {
-- 
cgit v1.2.3-1-g7c22