diplodocus.org Git - nmh/blob - test/oauth/test-mhlogin

   1 #!/bin/sh
   2 #
   3 # Test mhlogin
   4 #
   5
   6 if test -z "${MH_OBJ_DIR}"; then
   7     srcdir=`dirname "$0"`/../..
   8     MH_OBJ_DIR=`cd "${srcdir}" && pwd`; export MH_OBJ_DIR
   9 fi
  10
  11 . "${srcdir}/test/oauth/common.sh"
  12
  13 expect_no_creds() {
  14     cat /dev/null > "${MHTMPDIR}/$$.expected-creds"
  15     cat /dev/null > "${MHTMPDIR}/oauth-test"
  16     chmod 600 "${MHTMPDIR}/oauth-test"
  17 }
  18
  19 test_mhlogin() {
  20     start_fakehttp
  21     run_test 'eval echo code | mhlogin -saslmech xoauth2 -authservice test' \
  22 "Load the following URL in your browser and authorize nmh to access test:
  23
  24 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
  25
  26 Enter the authorization code: $1"
  27     check_http_req
  28     check_creds_private
  29     check_creds
  30 }
  31
  32 test_mhlogin_invalid_response() {
  33     test_mhlogin 'mhlogin: error exchanging code for OAuth2 token
  34 mhlogin: invalid response'
  35 }
  36
  37 #
  38 # success cases
  39 #
  40
  41 # TEST
  42 echo 'mhlogin receives access and expiration'
  43
  44 expect_http_post_code
  45
  46 fake_json_response <<EOF
  47 {
  48   "access_token": "test-access",
  49   "token_type": "Bearer",
  50   "expires_in": 3600
  51 }
  52 EOF
  53
  54 expect_creds <<EOF
  55 access: test-access
  56 expire:
  57 EOF
  58
  59 test_mhlogin
  60
  61 # TEST
  62 echo 'mhlogin receives access and refresh'
  63
  64 expect_http_post_code
  65
  66 fake_json_response <<EOF
  67 {
  68   "access_token": "test-access",
  69   "token_type": "Bearer"
  70 }
  71 EOF
  72
  73 expect_creds <<EOF
  74 access: test-access
  75 EOF
  76
  77 test_mhlogin
  78
  79 # TEST
  80 echo 'mhlogin receives access, expiration, and refresh'
  81
  82 expect_http_post_code
  83
  84 fake_json_response <<EOF
  85 {
  86   "access_token": "test-access",
  87   "refresh_token": "refresh-token",
  88   "expires_in": 3600,
  89   "token_type": "Bearer"
  90 }
  91 EOF
  92
  93 expect_creds <<EOF
  94 access: test-access
  95 refresh: refresh-token
  96 expire:
  97 EOF
  98
  99 test_mhlogin
 100
 101 # TEST
 102 echo 'mhlogin receives refresh only'
 103
 104 expect_http_post_code
 105
 106 fake_json_response <<EOF
 107 {
 108   "refresh_token": "refresh-token",
 109   "token_type": "Bearer"
 110 }
 111 EOF
 112
 113 expect_creds <<EOF
 114 refresh: refresh-token
 115 EOF
 116
 117 test_mhlogin
 118
 119 # TEST
 120 echo 'mhlogin receives token_type only'
 121
 122 expect_http_post_code
 123
 124 fake_json_response <<EOF
 125 {
 126   "token_type": "Bearer"
 127 }
 128 EOF
 129
 130 expect_no_creds
 131
 132 test_mhlogin_invalid_response
 133
 134 # TEST
 135 echo 'mhlogin ignores extra bits in successful response JSON'
 136
 137 expect_http_post_code
 138
 139 fake_json_response <<EOF
 140 {
 141   "access_token": "test-access",
 142   "refresh_token": "refresh-token",
 143   "extra_object": {
 144     "a": 1,
 145     "b": [1, 2, 3],
 146     "c": [{}, {"foo": "bar"}]
 147   },
 148   "extra_int": 1,
 149   "expires_in": 3600,
 150   "token_type": "Bearer"
 151 }
 152 EOF
 153
 154 expect_creds <<EOF
 155 access: test-access
 156 refresh: refresh-token
 157 expire:
 158 EOF
 159
 160 test_mhlogin
 161
 162 # TEST
 163 echo 'mhlogin user enters bad code'
 164
 165 expect_http_post_code
 166
 167 fake_http_response '400 Bad Request' <<EOF
 168 Content-Type: application/json
 169
 170 {
 171   "error": "invalid_grant"
 172 }
 173 EOF
 174
 175 expect_no_creds
 176
 177 test_mhlogin 'Code rejected; try again? '
 178
 179 #
 180 # fail cases
 181 #
 182
 183 # TEST
 184 echo 'mhlogin response has no content-type'
 185
 186 expect_http_post_code
 187
 188 fake_http_response '200 OK' <<EOF
 189
 190 {
 191   "access_token": "test-access",
 192   "token_type": "Bearer",
 193   "expires_in": 3600
 194 }
 195 EOF
 196
 197 expect_no_creds
 198
 199 test_mhlogin_invalid_response
 200
 201 # TEST
 202 echo 'mhlogin JSON array'
 203
 204 expect_http_post_code
 205
 206 fake_json_response <<EOF
 207 []
 208 EOF
 209
 210 expect_no_creds
 211
 212 test_mhlogin_invalid_response
 213
 214 # TEST
 215 echo 'mhlogin JSON empty object'
 216
 217 expect_http_post_code
 218
 219 fake_json_response <<EOF
 220 {}
 221 EOF
 222
 223 expect_no_creds
 224
 225 test_mhlogin_invalid_response
 226
 227 # TEST
 228 echo 'mhlogin empty response body'
 229
 230 expect_http_post_code
 231
 232 fake_json_response <<EOF
 233 EOF
 234
 235 expect_no_creds
 236
 237 test_mhlogin_invalid_response
 238
 239 # TEST
 240 echo 'mhlogin gets proper error from http'
 241
 242 expect_http_post_code
 243
 244 fake_http_response '400 Bad Request' <<EOF
 245 Content-Type: application/json
 246
 247 {
 248   "error": "invalid_request"
 249 }
 250 EOF
 251
 252 expect_no_creds
 253
 254 test_mhlogin 'mhlogin: error exchanging code for OAuth2 token
 255 mhlogin: bad OAuth request; re-run with -snoop and send REDACTED output to nmh-workers'
 256
 257 clean_fakehttp
 258
 259 exit ${failed:-0}