]> diplodocus.org Git - nmh/blob - test/oauth/test-mhlogin
projects / nmh / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
mh-mkstemp.man: Detail exit status as 255 rather than -1.
[nmh] / test / oauth / test-mhlogin
1 #!/bin/sh
2 #
3 # Test mhlogin
4 #
5
6 if test -z "${MH_OBJ_DIR}"; then
7 srcdir=`dirname "$0"`/../..
8 MH_OBJ_DIR=`cd "${srcdir}" && pwd`; export MH_OBJ_DIR
9 fi
10
11 . "${srcdir}/test/oauth/common.sh"
12
13 check_exit '-eq 1' mhlogin - # gcov
14
15 expect_no_creds() {
16 cat /dev/null > "${MHTMPDIR}/$$.expected-creds"
17 cat /dev/null > "${MHTMPDIR}/oauth-test"
18 chmod 600 "${MHTMPDIR}/oauth-test"
19 }
20
21 test_mhlogin() {
22 start_fakehttp
23 run_test 'eval echo code | mhlogin -saslmech xoauth2 -authservice test -user nobody@example.com' \
24 "Load the following URL in your browser and authorize nmh to access test:
25
26 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
27
28 Enter the authorization code: $1"
29 check_http_req
30 check_creds_private
31 check_creds
32 }
33
34 test_mhlogin_invalid_response() {
35 test_mhlogin 'mhlogin: error exchanging code for OAuth2 token
36 mhlogin: invalid response'
37 }
38
39 #
40 # success cases
41 #
42
43 # TEST
44 start_test 'mhlogin receives access and expiration'
45
46 expect_http_post_code
47
48 fake_json_response <<EOF
49 {
50 "access_token": "test-access",
51 "token_type": "Bearer",
52 "expires_in": 3600
53 }
54 EOF
55
56 expect_creds <<EOF
57 access-nobody@example.com: test-access
58 expire-nobody@example.com:
59 EOF
60
61 test_mhlogin
62
63 # TEST
64 start_test 'mhlogin receives access and refresh'
65
66 expect_http_post_code
67
68 fake_json_response <<EOF
69 {
70 "access_token": "test-access",
71 "token_type": "Bearer"
72 }
73 EOF
74
75 expect_creds <<EOF
76 access-nobody@example.com: test-access
77 EOF
78
79 test_mhlogin
80
81 # TEST
82 start_test 'mhlogin receives access, expiration, and refresh'
83
84 expect_http_post_code
85
86 fake_json_response <<EOF
87 {
88 "access_token": "test-access",
89 "refresh_token": "refresh-token",
90 "expires_in": 3600,
91 "token_type": "Bearer"
92 }
93 EOF
94
95 expect_creds <<EOF
96 access-nobody@example.com: test-access
97 refresh-nobody@example.com: refresh-token
98 expire-nobody@example.com:
99 EOF
100
101 test_mhlogin
102
103 # TEST
104 start_test 'mhlogin receives refresh only'
105
106 expect_http_post_code
107
108 fake_json_response <<EOF
109 {
110 "refresh_token": "refresh-token",
111 "token_type": "Bearer"
112 }
113 EOF
114
115 expect_creds <<EOF
116 refresh-nobody@example.com: refresh-token
117 EOF
118
119 test_mhlogin
120
121 # TEST
122 start_test 'mhlogin receives token_type only'
123
124 expect_http_post_code
125
126 fake_json_response <<EOF
127 {
128 "token_type": "Bearer"
129 }
130 EOF
131
132 expect_no_creds
133
134 test_mhlogin_invalid_response
135
136 # TEST
137 start_test 'mhlogin ignores extra bits in successful response JSON'
138
139 expect_http_post_code
140
141 fake_json_response <<EOF
142 {
143 "access_token": "test-access",
144 "refresh_token": "refresh-token",
145 "extra_object": {
146 "a": 1,
147 "b": [1, 2, 3],
148 "c": [{}, {"foo": "bar"}]
149 },
150 "extra_int": 1,
151 "expires_in": 3600,
152 "token_type": "Bearer"
153 }
154 EOF
155
156 expect_creds <<EOF
157 access-nobody@example.com: test-access
158 refresh-nobody@example.com: refresh-token
159 expire-nobody@example.com:
160 EOF
161
162 test_mhlogin
163
164 # TEST
165 start_test 'mhlogin multiple users'
166
167 expect_http_post_code
168
169 fake_json_response <<EOF
170 {
171 "access_token": "user3-access",
172 "refresh_token": "user3-refresh",
173 "expires_in": 3600,
174 "token_type": "Bearer"
175 }
176 EOF
177
178 expect_creds <<EOF
179 access-nobody@example.com: user1-access
180 refresh-nobody@example.com: user1-refresh
181 expire-nobody@example.com:
182 access-nobody2@example.com: user2-access
183 refresh-nobody2@example.com: user2-refresh
184 expire-nobody2@example.com:
185 access-nobody3@example.com: user3-access
186 refresh-nobody3@example.com: user3-refresh
187 expire-nobody3@example.com:
188 EOF
189
190 fake_creds <<EOF
191 access-nobody@example.com: user1-access
192 refresh-nobody@example.com: user1-refresh
193 expire-nobody@example.com: 100
194 access-nobody2@example.com: user2-access
195 refresh-nobody2@example.com: user2-refresh
196 expire-nobody2@example.com: 100
197 EOF
198
199 start_fakehttp
200 run_test 'eval echo code | mhlogin -saslmech xoauth2 -authservice test -user nobody3@example.com' \
201 "Load the following URL in your browser and authorize nmh to access test:
202
203 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
204
205 Enter the authorization code: $1"
206 check_http_req
207 check_creds_private
208 check_creds
209
210 #
211 # fail cases
212 #
213
214 # TEST
215 start_test 'mhlogin user enters bad code'
216
217 expect_http_post_code
218
219 fake_http_response '400 Bad Request' <<EOF
220 Content-Type: application/json
221
222 {
223 "error": "invalid_grant"
224 }
225 EOF
226
227 expect_no_creds
228
229 test_mhlogin 'Code rejected; try again? '
230
231 # TEST
232 start_test 'mhlogin response has no content-type'
233
234 expect_http_post_code
235
236 fake_http_response '200 OK' <<EOF
237
238 {
239 "access_token": "test-access",
240 "token_type": "Bearer",
241 "expires_in": 3600
242 }
243 EOF
244
245 expect_no_creds
246
247 test_mhlogin_invalid_response
248
249 # TEST
250 start_test 'mhlogin JSON array'
251
252 expect_http_post_code
253
254 fake_json_response <<EOF
255 []
256 EOF
257
258 expect_no_creds
259
260 test_mhlogin_invalid_response
261
262 # TEST
263 start_test 'mhlogin JSON empty object'
264
265 expect_http_post_code
266
267 fake_json_response <<EOF
268 {}
269 EOF
270
271 expect_no_creds
272
273 test_mhlogin_invalid_response
274
275 # TEST
276 start_test 'mhlogin empty response body'
277
278 expect_http_post_code
279
280 fake_json_response <<EOF
281 EOF
282
283 expect_no_creds
284
285 test_mhlogin_invalid_response
286
287 # TEST
288 start_test 'mhlogin gets proper error from http'
289
290 expect_http_post_code
291
292 fake_http_response '400 Bad Request' <<EOF
293 Content-Type: application/json
294
295 {
296 "error": "invalid_request"
297 }
298 EOF
299
300 expect_no_creds
301
302 test_mhlogin 'mhlogin: error exchanging code for OAuth2 token
303 mhlogin: bad OAuth request; re-run with -snoop and send REDACTED output to nmh-workers'
304
305 # TEST
306 start_test 'mhlogin -browser'
307
308 #### Strip off the error string because it can vary, e.g.,
309 #### "Failed to connect to 127.0.0.1 port 64546: Connection refused", or
310 #### "Connection timed out after 1004 milliseconds"
311 echo code | mhlogin -saslmech xoauth2 -authservice test -user nobody@example.com \
312 -browser "echo \$@ > ${MHTMPDIR}/$$.browser" 2>&1 1>/dev/null | \
313 sed 's/\( endpoint:\) .*/\1/' > "${MHTMPDIR}/$$.mhlogin.err"
314 cat > "${MHTMPDIR}/$$.mhlogin.err.expected" <<EOF
315 mhlogin: error exchanging code for OAuth2 token
316 mhlogin: error making HTTP request to OAuth2 authorization endpoint:
317 EOF
318 check "${MHTMPDIR}/$$.mhlogin.err" "${MHTMPDIR}/$$.mhlogin.err.expected"
319
320 cat > "${MHTMPDIR}/$$.browser.expected" <<EOF
321 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
322 EOF
323 check "${MHTMPDIR}/$$.browser" "${MHTMPDIR}/$$.browser.expected"
324
325 # TEST
326 start_test 'empty authorization code'
327 run_test 'eval echo '' | mhlogin -saslmech xoauth2 -authservice test -user nobody@example.com' \
328 "Load the following URL in your browser and authorize nmh to access test:
329
330 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
331
332 Enter the authorization code: Empty code; try again? "
333
334
335 clean_fakehttp
336 finish_test
337
338 exit ${failed:-0}
Fork of https://git.savannah.nongnu.org/cgit/nmh.git