// Copyright 2014 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package internal import ( "context" "fmt" "io" "net/http" "net/http/httptest" "net/url" "testing" ) func TestRegisterBrokenAuthHeaderProvider(t *testing.T) { RegisterBrokenAuthHeaderProvider("https://aaa.com/") tokenURL := "https://aaa.com/token" if providerAuthHeaderWorks(tokenURL) { t.Errorf("got %q as unbroken; want broken", tokenURL) } } func TestRetrieveTokenBustedNoSecret(t *testing.T) { const clientID = "client-id" ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if got, want := r.FormValue("client_id"), clientID; got != want { t.Errorf("client_id = %q; want %q", got, want) } if got, want := r.FormValue("client_secret"), ""; got != want { t.Errorf("client_secret = %q; want empty", got) } w.Header().Set("Content-Type", "application/json") io.WriteString(w, `{"access_token": "ACCESS_TOKEN", "token_type": "bearer"}`) })) defer ts.Close() RegisterBrokenAuthHeaderProvider(ts.URL) _, err := RetrieveToken(context.Background(), clientID, "", ts.URL, url.Values{}) if err != nil { t.Errorf("RetrieveToken = %v; want no error", err) } } func Test_providerAuthHeaderWorks(t *testing.T) { for _, p := range brokenAuthHeaderProviders { if providerAuthHeaderWorks(p) { t.Errorf("got %q as unbroken; want broken", p) } p := fmt.Sprintf("%ssomesuffix", p) if providerAuthHeaderWorks(p) { t.Errorf("got %q as unbroken; want broken", p) } } p := "https://api.not-in-the-list-example.com/" if !providerAuthHeaderWorks(p) { t.Errorf("got %q as unbroken; want broken", p) } } func TestProviderAuthHeaderWorksDomain(t *testing.T) { tests := []struct { tokenURL string wantWorks bool }{ {"https://dev-12345.okta.com/token-url", false}, {"https://dev-12345.oktapreview.com/token-url", false}, {"https://dev-12345.okta.org/token-url", true}, {"https://foo.bar.force.com/token-url", false}, {"https://foo.force.com/token-url", false}, {"https://force.com/token-url", true}, } for _, test := range tests { got := providerAuthHeaderWorks(test.tokenURL) if got != test.wantWorks { t.Errorf("providerAuthHeaderWorks(%q) = %v; want %v", test.tokenURL, got, test.wantWorks) } } } func TestRetrieveTokenWithContexts(t *testing.T) { const clientID = "client-id" ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") io.WriteString(w, `{"access_token": "ACCESS_TOKEN", "token_type": "bearer"}`) })) defer ts.Close() _, err := RetrieveToken(context.Background(), clientID, "", ts.URL, url.Values{}) if err != nil { t.Errorf("RetrieveToken (with background context) = %v; want no error", err) } retrieved := make(chan struct{}) cancellingts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { <-retrieved })) defer cancellingts.Close() ctx, cancel := context.WithCancel(context.Background()) cancel() _, err = RetrieveToken(ctx, clientID, "", cancellingts.URL, url.Values{}) close(retrieved) if err == nil { t.Errorf("RetrieveToken (with cancelled context) = nil; want error") } }