]> diplodocus.org Git - nmh/blob - test/oauth/test-mhlogin
projects / nmh / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
netsec_set_tls(): Return a value in the !TLS_SUPPORT && !tls case.
[nmh] / test / oauth / test-mhlogin
1 #!/bin/sh
2 #
3 # Test mhlogin
4 #
5
6 if test -z "${MH_OBJ_DIR}"; then
7 srcdir=`dirname "$0"`/../..
8 MH_OBJ_DIR=`cd "${srcdir}" && pwd`; export MH_OBJ_DIR
9 fi
10
11 . "${srcdir}/test/oauth/common.sh"
12
13 expect_no_creds() {
14 cat /dev/null > "${MHTMPDIR}/$$.expected-creds"
15 cat /dev/null > "${MHTMPDIR}/oauth-test"
16 chmod 600 "${MHTMPDIR}/oauth-test"
17 }
18
19 test_mhlogin() {
20 start_fakehttp
21 run_test 'eval echo code | mhlogin -saslmech xoauth2 -authservice test -user nobody@example.com' \
22 "Load the following URL in your browser and authorize nmh to access test:
23
24 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
25
26 Enter the authorization code: $1"
27 check_http_req
28 check_creds_private
29 check_creds
30 }
31
32 test_mhlogin_invalid_response() {
33 test_mhlogin 'mhlogin: error exchanging code for OAuth2 token
34 mhlogin: invalid response'
35 }
36
37 #
38 # success cases
39 #
40
41 # TEST
42 start_test 'mhlogin receives access and expiration'
43
44 expect_http_post_code
45
46 fake_json_response <<EOF
47 {
48 "access_token": "test-access",
49 "token_type": "Bearer",
50 "expires_in": 3600
51 }
52 EOF
53
54 expect_creds <<EOF
55 access-nobody@example.com: test-access
56 expire-nobody@example.com:
57 EOF
58
59 test_mhlogin
60
61 # TEST
62 start_test 'mhlogin receives access and refresh'
63
64 expect_http_post_code
65
66 fake_json_response <<EOF
67 {
68 "access_token": "test-access",
69 "token_type": "Bearer"
70 }
71 EOF
72
73 expect_creds <<EOF
74 access-nobody@example.com: test-access
75 EOF
76
77 test_mhlogin
78
79 # TEST
80 start_test 'mhlogin receives access, expiration, and refresh'
81
82 expect_http_post_code
83
84 fake_json_response <<EOF
85 {
86 "access_token": "test-access",
87 "refresh_token": "refresh-token",
88 "expires_in": 3600,
89 "token_type": "Bearer"
90 }
91 EOF
92
93 expect_creds <<EOF
94 access-nobody@example.com: test-access
95 refresh-nobody@example.com: refresh-token
96 expire-nobody@example.com:
97 EOF
98
99 test_mhlogin
100
101 # TEST
102 start_test 'mhlogin receives refresh only'
103
104 expect_http_post_code
105
106 fake_json_response <<EOF
107 {
108 "refresh_token": "refresh-token",
109 "token_type": "Bearer"
110 }
111 EOF
112
113 expect_creds <<EOF
114 refresh-nobody@example.com: refresh-token
115 EOF
116
117 test_mhlogin
118
119 # TEST
120 start_test 'mhlogin receives token_type only'
121
122 expect_http_post_code
123
124 fake_json_response <<EOF
125 {
126 "token_type": "Bearer"
127 }
128 EOF
129
130 expect_no_creds
131
132 test_mhlogin_invalid_response
133
134 # TEST
135 start_test 'mhlogin ignores extra bits in successful response JSON'
136
137 expect_http_post_code
138
139 fake_json_response <<EOF
140 {
141 "access_token": "test-access",
142 "refresh_token": "refresh-token",
143 "extra_object": {
144 "a": 1,
145 "b": [1, 2, 3],
146 "c": [{}, {"foo": "bar"}]
147 },
148 "extra_int": 1,
149 "expires_in": 3600,
150 "token_type": "Bearer"
151 }
152 EOF
153
154 expect_creds <<EOF
155 access-nobody@example.com: test-access
156 refresh-nobody@example.com: refresh-token
157 expire-nobody@example.com:
158 EOF
159
160 test_mhlogin
161
162 # TEST
163 start_test 'mhlogin multiple users'
164
165 expect_http_post_code
166
167 fake_json_response <<EOF
168 {
169 "access_token": "user3-access",
170 "refresh_token": "user3-refresh",
171 "expires_in": 3600,
172 "token_type": "Bearer"
173 }
174 EOF
175
176 expect_creds <<EOF
177 access-nobody@example.com: user1-access
178 refresh-nobody@example.com: user1-refresh
179 expire-nobody@example.com:
180 access-nobody2@example.com: user2-access
181 refresh-nobody2@example.com: user2-refresh
182 expire-nobody2@example.com:
183 access-nobody3@example.com: user3-access
184 refresh-nobody3@example.com: user3-refresh
185 expire-nobody3@example.com:
186 EOF
187
188 fake_creds <<EOF
189 access-nobody@example.com: user1-access
190 refresh-nobody@example.com: user1-refresh
191 expire-nobody@example.com: 100
192 access-nobody2@example.com: user2-access
193 refresh-nobody2@example.com: user2-refresh
194 expire-nobody2@example.com: 100
195 EOF
196
197 start_fakehttp
198 run_test 'eval echo code | mhlogin -saslmech xoauth2 -authservice test -user nobody3@example.com' \
199 "Load the following URL in your browser and authorize nmh to access test:
200
201 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
202
203 Enter the authorization code: $1"
204 check_http_req
205 check_creds_private
206 check_creds
207
208 #
209 # fail cases
210 #
211
212 # TEST
213 start_test 'mhlogin user enters bad code'
214
215 expect_http_post_code
216
217 fake_http_response '400 Bad Request' <<EOF
218 Content-Type: application/json
219
220 {
221 "error": "invalid_grant"
222 }
223 EOF
224
225 expect_no_creds
226
227 test_mhlogin 'Code rejected; try again? '
228
229 # TEST
230 start_test 'mhlogin response has no content-type'
231
232 expect_http_post_code
233
234 fake_http_response '200 OK' <<EOF
235
236 {
237 "access_token": "test-access",
238 "token_type": "Bearer",
239 "expires_in": 3600
240 }
241 EOF
242
243 expect_no_creds
244
245 test_mhlogin_invalid_response
246
247 # TEST
248 start_test 'mhlogin JSON array'
249
250 expect_http_post_code
251
252 fake_json_response <<EOF
253 []
254 EOF
255
256 expect_no_creds
257
258 test_mhlogin_invalid_response
259
260 # TEST
261 start_test 'mhlogin JSON empty object'
262
263 expect_http_post_code
264
265 fake_json_response <<EOF
266 {}
267 EOF
268
269 expect_no_creds
270
271 test_mhlogin_invalid_response
272
273 # TEST
274 start_test 'mhlogin empty response body'
275
276 expect_http_post_code
277
278 fake_json_response <<EOF
279 EOF
280
281 expect_no_creds
282
283 test_mhlogin_invalid_response
284
285 # TEST
286 start_test 'mhlogin gets proper error from http'
287
288 expect_http_post_code
289
290 fake_http_response '400 Bad Request' <<EOF
291 Content-Type: application/json
292
293 {
294 "error": "invalid_request"
295 }
296 EOF
297
298 expect_no_creds
299
300 test_mhlogin 'mhlogin: error exchanging code for OAuth2 token
301 mhlogin: bad OAuth request; re-run with -snoop and send REDACTED output to nmh-workers'
302
303 # TEST
304 start_test 'mhlogin -browser'
305
306 #### Strip off the error string because it can vary, e.g.,
307 #### "Failed to connect to 127.0.0.1 port 64546: Connection refused", or
308 #### "Connection timed out after 1004 milliseconds"
309 echo code | mhlogin -saslmech xoauth2 -authservice test -user nobody@example.com \
310 -browser "echo \$@ > ${MHTMPDIR}/$$.browser" 2>&1 1>/dev/null | \
311 sed 's/\( endpoint:\) .*/\1/' > "${MHTMPDIR}/$$.mhlogin.err"
312 cat > "${MHTMPDIR}/$$.mhlogin.err.expected" <<EOF
313 mhlogin: error exchanging code for OAuth2 token
314 mhlogin: error making HTTP request to OAuth2 authorization endpoint:
315 EOF
316 check "${MHTMPDIR}/$$.mhlogin.err" "${MHTMPDIR}/$$.mhlogin.err.expected"
317
318 cat > "${MHTMPDIR}/$$.browser.expected" <<EOF
319 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
320 EOF
321 check "${MHTMPDIR}/$$.browser" "${MHTMPDIR}/$$.browser.expected"
322
323 # TEST
324 start_test 'empty authorization code'
325 run_test 'eval echo '' | mhlogin -saslmech xoauth2 -authservice test -user nobody@example.com' \
326 "Load the following URL in your browser and authorize nmh to access test:
327
328 http://127.0.0.1:${http_port}/oauth/auth?response_type=code&client_id=test-id&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=test-scope
329
330 Enter the authorization code: Empty code; try again? "
331
332
333 clean_fakehttp
334 finish_test
335
336 exit ${failed:-0}
Fork of https://git.savannah.nongnu.org/cgit/nmh.git