authhandler/authhandler_test.go - oauth2 - Git at Google

 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package authhandler

 import (
 	"context"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"

 	"golang.org/x/oauth2"
 )

 func TestTokenExchange_Success(t *testing.T) {
 	authhandler := func(authCodeURL string) (string, string, error) {
 		if authCodeURL == "testAuthCodeURL?client_id=testClientID&response_type=code&scope=pubsub&state=testState" {
 			return "testCode", "testState", nil
 		}
 		return "", "", fmt.Errorf("invalid authCodeURL: %q", authCodeURL)
 	}

 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 		if r.Form.Get("code") == "testCode" {
 			w.Header().Set("Content-Type", "application/json")
 			w.Write([]byte(`{
 				"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
 				"scope": "pubsub",
 				"token_type": "bearer",
 				"expires_in": 3600
 			}`))
 		}
 	}))
 	defer ts.Close()

 	conf := &oauth2.Config{
 		ClientID: "testClientID",
 		Scopes:   []string{"pubsub"},
 		Endpoint: oauth2.Endpoint{
 			AuthURL:  "testAuthCodeURL",
 			TokenURL: ts.URL,
 		},
 	}

 	tok, err := TokenSource(context.Background(), conf, "testState", authhandler).Token()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if !tok.Valid() {
 		t.Errorf("got invalid token: %v", tok)
 	}
 	if got, want := tok.AccessToken, "90d64460d14870c08c81352a05dedd3465940a7c"; got != want {
 		t.Errorf("access token = %q; want %q", got, want)
 	}
 	if got, want := tok.TokenType, "bearer"; got != want {
 		t.Errorf("token type = %q; want %q", got, want)
 	}
 	if got := tok.Expiry.IsZero(); got {
 		t.Errorf("token expiry is zero = %v, want false", got)
 	}
 	scope := tok.Extra("scope")
 	if got, want := scope, "pubsub"; got != want {
 		t.Errorf("scope = %q; want %q", got, want)
 	}
 }

 func TestTokenExchange_StateMismatch(t *testing.T) {
 	authhandler := func(authCodeURL string) (string, string, error) {
 		return "testCode", "testStateMismatch", nil
 	}

 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		w.Write([]byte(`{
 			"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
 			"scope": "pubsub",
 			"token_type": "bearer",
 			"expires_in": 3600
 		}`))
 	}))
 	defer ts.Close()

 	conf := &oauth2.Config{
 		ClientID: "testClientID",
 		Scopes:   []string{"pubsub"},
 		Endpoint: oauth2.Endpoint{
 			AuthURL:  "testAuthCodeURL",
 			TokenURL: ts.URL,
 		},
 	}

 	_, err := TokenSource(context.Background(), conf, "testState", authhandler).Token()
 	if want_err := "state mismatch in 3-legged-OAuth flow"; err == nil || err.Error() != want_err {
 		t.Errorf("err = %q; want %q", err, want_err)
 	}
 }

 func TestTokenExchangeWithPKCE_Success(t *testing.T) {
 	authhandler := func(authCodeURL string) (string, string, error) {
 		if authCodeURL == "testAuthCodeURL?client_id=testClientID&code_challenge=codeChallenge&code_challenge_method=plain&response_type=code&scope=pubsub&state=testState" {
 			return "testCode", "testState", nil
 		}
 		return "", "", fmt.Errorf("invalid authCodeURL: %q", authCodeURL)
 	}

 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 		if r.Form.Get("code") == "testCode" && r.Form.Get("code_verifier") == "codeChallenge" {
 			w.Header().Set("Content-Type", "application/json")
 			w.Write([]byte(`{
 				"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
 				"scope": "pubsub",
 				"token_type": "bearer",
 				"expires_in": 3600
 			}`))
 		}
 	}))
 	defer ts.Close()

 	conf := &oauth2.Config{
 		ClientID: "testClientID",
 		Scopes:   []string{"pubsub"},
 		Endpoint: oauth2.Endpoint{
 			AuthURL:  "testAuthCodeURL",
 			TokenURL: ts.URL,
 		},
 	}
 	pkce := PKCEParams{
 		Challenge:       "codeChallenge",
 		ChallengeMethod: "plain",
 		Verifier:        "codeChallenge",
 	}

 	tok, err := TokenSourceWithPKCE(context.Background(), conf, "testState", authhandler, &pkce).Token()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if !tok.Valid() {
 		t.Errorf("got invalid token: %v", tok)
 	}
 	if got, want := tok.AccessToken, "90d64460d14870c08c81352a05dedd3465940a7c"; got != want {
 		t.Errorf("access token = %q; want %q", got, want)
 	}
 	if got, want := tok.TokenType, "bearer"; got != want {
 		t.Errorf("token type = %q; want %q", got, want)
 	}
 	if got := tok.Expiry.IsZero(); got {
 		t.Errorf("token expiry is zero = %v, want false", got)
 	}
 	scope := tok.Extra("scope")
 	if got, want := scope, "pubsub"; got != want {
 		t.Errorf("scope = %q; want %q", got, want)
 	}
 }
	// Copyright 2021 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package authhandler

	import (
	"context"
	"fmt"
	"net/http"
	"net/http/httptest"
	"testing"

	"golang.org/x/oauth2"
	)

	func TestTokenExchange_Success(t *testing.T) {
	authhandler := func(authCodeURL string) (string, string, error) {
	if authCodeURL == "testAuthCodeURL?client_id=testClientID&response_type=code&scope=pubsub&state=testState" {
	return "testCode", "testState", nil
	}
	return "", "", fmt.Errorf("invalid authCodeURL: %q", authCodeURL)
	}

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	if r.Form.Get("code") == "testCode" {
	w.Header().Set("Content-Type", "application/json")
	w.Write([]byte(`{
	"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
	"scope": "pubsub",
	"token_type": "bearer",
	"expires_in": 3600
	}`))
	}
	}))
	defer ts.Close()

	conf := &oauth2.Config{
	ClientID: "testClientID",
	Scopes: []string{"pubsub"},
	Endpoint: oauth2.Endpoint{
	AuthURL: "testAuthCodeURL",
	TokenURL: ts.URL,
	},
	}

	tok, err := TokenSource(context.Background(), conf, "testState", authhandler).Token()
	if err != nil {
	t.Fatal(err)
	}
	if !tok.Valid() {
	t.Errorf("got invalid token: %v", tok)
	}
	if got, want := tok.AccessToken, "90d64460d14870c08c81352a05dedd3465940a7c"; got != want {
	t.Errorf("access token = %q; want %q", got, want)
	}
	if got, want := tok.TokenType, "bearer"; got != want {
	t.Errorf("token type = %q; want %q", got, want)
	}
	if got := tok.Expiry.IsZero(); got {
	t.Errorf("token expiry is zero = %v, want false", got)
	}
	scope := tok.Extra("scope")
	if got, want := scope, "pubsub"; got != want {
	t.Errorf("scope = %q; want %q", got, want)
	}
	}

	func TestTokenExchange_StateMismatch(t *testing.T) {
	authhandler := func(authCodeURL string) (string, string, error) {
	return "testCode", "testStateMismatch", nil
	}

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json")
	w.Write([]byte(`{
	"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
	"scope": "pubsub",
	"token_type": "bearer",
	"expires_in": 3600
	}`))
	}))
	defer ts.Close()

	conf := &oauth2.Config{
	ClientID: "testClientID",
	Scopes: []string{"pubsub"},
	Endpoint: oauth2.Endpoint{
	AuthURL: "testAuthCodeURL",
	TokenURL: ts.URL,
	},
	}

	_, err := TokenSource(context.Background(), conf, "testState", authhandler).Token()
	if want_err := "state mismatch in 3-legged-OAuth flow"; err == nil \|\| err.Error() != want_err {
	t.Errorf("err = %q; want %q", err, want_err)
	}
	}

	func TestTokenExchangeWithPKCE_Success(t *testing.T) {
	authhandler := func(authCodeURL string) (string, string, error) {
	if authCodeURL == "testAuthCodeURL?client_id=testClientID&code_challenge=codeChallenge&code_challenge_method=plain&response_type=code&scope=pubsub&state=testState" {
	return "testCode", "testState", nil
	}
	return "", "", fmt.Errorf("invalid authCodeURL: %q", authCodeURL)
	}

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	if r.Form.Get("code") == "testCode" && r.Form.Get("code_verifier") == "codeChallenge" {
	w.Header().Set("Content-Type", "application/json")
	w.Write([]byte(`{
	"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
	"scope": "pubsub",
	"token_type": "bearer",
	"expires_in": 3600
	}`))
	}
	}))
	defer ts.Close()

	conf := &oauth2.Config{
	ClientID: "testClientID",
	Scopes: []string{"pubsub"},
	Endpoint: oauth2.Endpoint{
	AuthURL: "testAuthCodeURL",
	TokenURL: ts.URL,
	},
	}
	pkce := PKCEParams{
	Challenge: "codeChallenge",
	ChallengeMethod: "plain",
	Verifier: "codeChallenge",
	}

	tok, err := TokenSourceWithPKCE(context.Background(), conf, "testState", authhandler, &pkce).Token()
	if err != nil {
	t.Fatal(err)
	}
	if !tok.Valid() {
	t.Errorf("got invalid token: %v", tok)
	}
	if got, want := tok.AccessToken, "90d64460d14870c08c81352a05dedd3465940a7c"; got != want {
	t.Errorf("access token = %q; want %q", got, want)
	}
	if got, want := tok.TokenType, "bearer"; got != want {
	t.Errorf("token type = %q; want %q", got, want)
	}
	if got := tok.Expiry.IsZero(); got {
	t.Errorf("token expiry is zero = %v, want false", got)
	}
	scope := tok.Extra("scope")
	if got, want := scope, "pubsub"; got != want {
	t.Errorf("scope = %q; want %q", got, want)
	}
	}