forked from mirror/misskey
dedupe test logic
This commit is contained in:
parent
c25836bc1a
commit
967989c5f8
@ -82,6 +82,31 @@ async function fetchDecisionFromResponse(response: Response, user: misskey.entit
|
|||||||
return await fetchDecision(transactionId!, user, { cancel });
|
return await fetchDecision(transactionId!, user, { cancel });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function fetchAuthorizationCode(user: ImmediateSignup, scope: string, code_challenge: string) {
|
||||||
|
const client = getClient();
|
||||||
|
|
||||||
|
const response = await fetch(client.authorizeURL({
|
||||||
|
redirect_uri,
|
||||||
|
scope,
|
||||||
|
state: 'state',
|
||||||
|
code_challenge,
|
||||||
|
code_challenge_method: 'S256',
|
||||||
|
} as AuthorizationParamsExtended));
|
||||||
|
assert.strictEqual(response.status, 200);
|
||||||
|
|
||||||
|
// TODO: this fetch-decision-code checks are everywhere, maybe get a helper for this.
|
||||||
|
const decisionResponse = await fetchDecisionFromResponse(response, user);
|
||||||
|
assert.strictEqual(decisionResponse.status, 302);
|
||||||
|
|
||||||
|
const location = new URL(decisionResponse.headers.get('location')!);
|
||||||
|
assert.ok(location.searchParams.has('code'));
|
||||||
|
|
||||||
|
const code = new URL(location).searchParams.get('code')!;
|
||||||
|
assert.ok(!!code);
|
||||||
|
|
||||||
|
return { client, code };
|
||||||
|
}
|
||||||
|
|
||||||
describe('OAuth', () => {
|
describe('OAuth', () => {
|
||||||
let app: INestApplicationContext;
|
let app: INestApplicationContext;
|
||||||
let fastify: FastifyInstance;
|
let fastify: FastifyInstance;
|
||||||
@ -301,23 +326,7 @@ describe('OAuth', () => {
|
|||||||
describe('Verify PKCE', () => {
|
describe('Verify PKCE', () => {
|
||||||
for (const [title, code_verifier] of Object.entries(tests)) {
|
for (const [title, code_verifier] of Object.entries(tests)) {
|
||||||
test(title, async () => {
|
test(title, async () => {
|
||||||
const client = getClient();
|
const { client, code } = await fetchAuthorizationCode(alice, 'write:notes', code_challenge);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
|
||||||
redirect_uri,
|
|
||||||
scope: 'write:notes',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
|
|
||||||
// TODO: this fetch-decision-code checks are everywhere, maybe get a helper for this.
|
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
|
||||||
|
|
||||||
const code = new URL(decisionResponse.headers.get('location')!).searchParams.get('code')!;
|
|
||||||
assert.ok(!!code);
|
|
||||||
|
|
||||||
await assert.rejects(client.getToken({
|
await assert.rejects(client.getToken({
|
||||||
code,
|
code,
|
||||||
@ -404,27 +413,12 @@ describe('OAuth', () => {
|
|||||||
test('Partially known scopes', async () => {
|
test('Partially known scopes', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
|
||||||
redirect_uri,
|
|
||||||
scope: 'write:notes test:unknown test:unknown2',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
|
|
||||||
// Just get the known scope for this case for backward compatibility
|
// Just get the known scope for this case for backward compatibility
|
||||||
assert.strictEqual(response.status, 200);
|
const { client, code } = await fetchAuthorizationCode(
|
||||||
|
alice,
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
'write:notes test:unknown test:unknown2',
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
code_challenge,
|
||||||
|
);
|
||||||
const location = new URL(decisionResponse.headers.get('location')!);
|
|
||||||
assert.ok(location.searchParams.has('code'));
|
|
||||||
|
|
||||||
const code = new URL(decisionResponse.headers.get('location')!).searchParams.get('code')!;
|
|
||||||
assert.ok(!!code);
|
|
||||||
|
|
||||||
const token = await client.getToken({
|
const token = await client.getToken({
|
||||||
code,
|
code,
|
||||||
@ -454,26 +448,11 @@ describe('OAuth', () => {
|
|||||||
test('Duplicated scopes', async () => {
|
test('Duplicated scopes', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const { client, code } = await fetchAuthorizationCode(
|
||||||
|
alice,
|
||||||
const response = await fetch(client.authorizeURL({
|
'write:notes write:notes read:account read:account',
|
||||||
redirect_uri,
|
|
||||||
scope: 'write:notes write:notes read:account read:account',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
code_challenge,
|
||||||
code_challenge_method: 'S256',
|
);
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
|
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
|
||||||
|
|
||||||
const location = new URL(decisionResponse.headers.get('location')!);
|
|
||||||
assert.ok(location.searchParams.has('code'));
|
|
||||||
|
|
||||||
const code = new URL(decisionResponse.headers.get('location')!).searchParams.get('code')!;
|
|
||||||
assert.ok(!!code);
|
|
||||||
|
|
||||||
const token = await client.getToken({
|
const token = await client.getToken({
|
||||||
code,
|
code,
|
||||||
@ -486,25 +465,10 @@ describe('OAuth', () => {
|
|||||||
test('Scope check by API', async () => {
|
test('Scope check by API', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const { client, code } = await fetchAuthorizationCode(alice, 'read:account', code_challenge);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
|
||||||
redirect_uri,
|
|
||||||
scope: 'read:account',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
|
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
|
||||||
|
|
||||||
const location = new URL(decisionResponse.headers.get('location')!);
|
|
||||||
assert.ok(location.searchParams.has('code'));
|
|
||||||
|
|
||||||
const token = await client.getToken({
|
const token = await client.getToken({
|
||||||
code: location.searchParams.get('code')!,
|
code,
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
code_verifier,
|
code_verifier,
|
||||||
} as AuthorizationTokenConfigExtended);
|
} as AuthorizationTokenConfigExtended);
|
||||||
@ -526,25 +490,10 @@ describe('OAuth', () => {
|
|||||||
test('Authorization header', async () => {
|
test('Authorization header', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const { client, code } = await fetchAuthorizationCode(alice, 'write:notes', code_challenge);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
|
||||||
redirect_uri,
|
|
||||||
scope: 'write:notes',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
|
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
|
||||||
|
|
||||||
const location = new URL(decisionResponse.headers.get('location')!);
|
|
||||||
assert.ok(location.searchParams.has('code'));
|
|
||||||
|
|
||||||
const token = await client.getToken({
|
const token = await client.getToken({
|
||||||
code: location.searchParams.get('code')!,
|
code,
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
code_verifier,
|
code_verifier,
|
||||||
} as AuthorizationTokenConfigExtended);
|
} as AuthorizationTokenConfigExtended);
|
||||||
@ -623,25 +572,10 @@ describe('OAuth', () => {
|
|||||||
test('Invalid redirect_uri at token endpoint', async () => {
|
test('Invalid redirect_uri at token endpoint', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const { client, code } = await fetchAuthorizationCode(alice, 'write:notes', code_challenge);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
|
||||||
redirect_uri,
|
|
||||||
scope: 'write:notes',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
|
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
|
||||||
|
|
||||||
const location = new URL(decisionResponse.headers.get('location')!);
|
|
||||||
assert.ok(location.searchParams.has('code'));
|
|
||||||
|
|
||||||
await assert.rejects(client.getToken({
|
await assert.rejects(client.getToken({
|
||||||
code: location.searchParams.get('code')!,
|
code,
|
||||||
redirect_uri: 'http://127.0.0.2/',
|
redirect_uri: 'http://127.0.0.2/',
|
||||||
code_verifier,
|
code_verifier,
|
||||||
} as AuthorizationTokenConfigExtended));
|
} as AuthorizationTokenConfigExtended));
|
||||||
@ -650,25 +584,10 @@ describe('OAuth', () => {
|
|||||||
test('Invalid redirect_uri including the valid one at token endpoint', async () => {
|
test('Invalid redirect_uri including the valid one at token endpoint', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const { client, code } = await fetchAuthorizationCode(alice, 'write:notes', code_challenge);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
|
||||||
redirect_uri,
|
|
||||||
scope: 'write:notes',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
|
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
|
||||||
|
|
||||||
const location = new URL(decisionResponse.headers.get('location')!);
|
|
||||||
assert.ok(location.searchParams.has('code'));
|
|
||||||
|
|
||||||
await assert.rejects(client.getToken({
|
await assert.rejects(client.getToken({
|
||||||
code: location.searchParams.get('code')!,
|
code,
|
||||||
redirect_uri: 'http://127.0.0.1/redirection',
|
redirect_uri: 'http://127.0.0.1/redirection',
|
||||||
code_verifier,
|
code_verifier,
|
||||||
} as AuthorizationTokenConfigExtended));
|
} as AuthorizationTokenConfigExtended));
|
||||||
@ -677,25 +596,10 @@ describe('OAuth', () => {
|
|||||||
test('No redirect_uri at token endpoint', async () => {
|
test('No redirect_uri at token endpoint', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const { client, code } = await fetchAuthorizationCode(alice, 'write:notes', code_challenge);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
|
||||||
redirect_uri,
|
|
||||||
scope: 'write:notes',
|
|
||||||
state: 'state',
|
|
||||||
code_challenge,
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
} as AuthorizationParamsExtended));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
|
|
||||||
const decisionResponse = await fetchDecisionFromResponse(response, alice);
|
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
|
||||||
|
|
||||||
const location = new URL(decisionResponse.headers.get('location')!);
|
|
||||||
assert.ok(location.searchParams.has('code'));
|
|
||||||
|
|
||||||
await assert.rejects(client.getToken({
|
await assert.rejects(client.getToken({
|
||||||
code: location.searchParams.get('code')!,
|
code,
|
||||||
code_verifier,
|
code_verifier,
|
||||||
} as AuthorizationTokenConfigExtended));
|
} as AuthorizationTokenConfigExtended));
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user