clientConfig
This commit is contained in:
parent
628377187a
commit
5db1126db6
1 changed files with 34 additions and 48 deletions
|
@ -6,7 +6,7 @@
|
||||||
process.env.NODE_ENV = 'test';
|
process.env.NODE_ENV = 'test';
|
||||||
|
|
||||||
import * as assert from 'assert';
|
import * as assert from 'assert';
|
||||||
import { AuthorizationCode, ResourceOwnerPassword, type AuthorizationTokenConfig, ClientCredentials } from 'simple-oauth2';
|
import { AuthorizationCode, ResourceOwnerPassword, type AuthorizationTokenConfig, ClientCredentials, ModuleOptions } from 'simple-oauth2';
|
||||||
import pkceChallenge from 'pkce-challenge';
|
import pkceChallenge from 'pkce-challenge';
|
||||||
import { JSDOM } from 'jsdom';
|
import { JSDOM } from 'jsdom';
|
||||||
import type * as misskey from 'misskey-js';
|
import type * as misskey from 'misskey-js';
|
||||||
|
@ -39,22 +39,20 @@ interface AuthorizationTokenConfigExtended extends AuthorizationTokenConfig {
|
||||||
code_verifier: string | undefined;
|
code_verifier: string | undefined;
|
||||||
}
|
}
|
||||||
|
|
||||||
function getClient(): AuthorizationCode<'client_id'> {
|
const clientConfig: ModuleOptions<'client_id'> = {
|
||||||
return new AuthorizationCode({
|
client: {
|
||||||
client: {
|
id: `http://127.0.0.1:${clientPort}/`,
|
||||||
id: `http://127.0.0.1:${clientPort}/`,
|
secret: '',
|
||||||
secret: '',
|
},
|
||||||
},
|
auth: {
|
||||||
auth: {
|
tokenHost: host,
|
||||||
tokenHost: host,
|
tokenPath: '/oauth/token',
|
||||||
tokenPath: '/oauth/token',
|
authorizePath: '/oauth/authorize',
|
||||||
authorizePath: '/oauth/authorize',
|
},
|
||||||
},
|
options: {
|
||||||
options: {
|
authorizationMethod: 'body',
|
||||||
authorizationMethod: 'body',
|
},
|
||||||
},
|
};
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } {
|
function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } {
|
||||||
const fragment = JSDOM.fragment(html);
|
const fragment = JSDOM.fragment(html);
|
||||||
|
@ -87,7 +85,7 @@ async function fetchDecisionFromResponse(response: Response, user: misskey.entit
|
||||||
}
|
}
|
||||||
|
|
||||||
async function fetchAuthorizationCode(user: misskey.entities.MeSignup, scope: string, code_challenge: string): Promise<{ client: AuthorizationCode, code: string }> {
|
async function fetchAuthorizationCode(user: misskey.entities.MeSignup, scope: string, code_challenge: string): Promise<{ client: AuthorizationCode, code: string }> {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -172,7 +170,7 @@ describe('OAuth', () => {
|
||||||
test('Full flow', async () => {
|
test('Full flow', async () => {
|
||||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||||
|
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -229,7 +227,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Two concurrent flows', async () => {
|
test('Two concurrent flows', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const pkceAlice = await pkceChallenge(128);
|
const pkceAlice = await pkceChallenge(128);
|
||||||
const pkceBob = await pkceChallenge(128);
|
const pkceBob = await pkceChallenge(128);
|
||||||
|
@ -316,7 +314,7 @@ describe('OAuth', () => {
|
||||||
// '... the authorization endpoint MUST return the authorization
|
// '... the authorization endpoint MUST return the authorization
|
||||||
// error response with the "error" value set to "invalid_request".'
|
// error response with the "error" value set to "invalid_request".'
|
||||||
test('Require PKCE', async () => {
|
test('Require PKCE', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
// Pattern 1: No PKCE fields at all
|
// Pattern 1: No PKCE fields at all
|
||||||
let response = await fetch(client.authorizeURL({
|
let response = await fetch(client.authorizeURL({
|
||||||
|
@ -430,7 +428,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Cancellation', async () => {
|
test('Cancellation', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -460,7 +458,7 @@ describe('OAuth', () => {
|
||||||
// indicating an invalid scope."
|
// indicating an invalid scope."
|
||||||
// (And Misskey does the latter)
|
// (And Misskey does the latter)
|
||||||
test('Missing scope', async () => {
|
test('Missing scope', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -472,7 +470,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Empty scope', async () => {
|
test('Empty scope', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -485,7 +483,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Unknown scopes', async () => {
|
test('Unknown scopes', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -522,7 +520,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Known scopes', async () => {
|
test('Known scopes', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -626,7 +624,7 @@ describe('OAuth', () => {
|
||||||
// automatically redirect the user-agent to the invalid redirection URI."
|
// automatically redirect the user-agent to the invalid redirection URI."
|
||||||
describe('Redirection', () => {
|
describe('Redirection', () => {
|
||||||
test('Invalid redirect_uri at authorization endpoint', async () => {
|
test('Invalid redirect_uri at authorization endpoint', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri: 'http://127.0.0.2/',
|
redirect_uri: 'http://127.0.0.2/',
|
||||||
|
@ -639,7 +637,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Invalid redirect_uri including the valid one at authorization endpoint', async () => {
|
test('Invalid redirect_uri including the valid one at authorization endpoint', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri: 'http://127.0.0.1/redirection',
|
redirect_uri: 'http://127.0.0.1/redirection',
|
||||||
|
@ -652,7 +650,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
test('No redirect_uri at authorization endpoint', async () => {
|
test('No redirect_uri at authorization endpoint', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
scope: 'write:notes',
|
scope: 'write:notes',
|
||||||
|
@ -722,7 +720,7 @@ describe('OAuth', () => {
|
||||||
// Do not use indirect error here.
|
// Do not use indirect error here.
|
||||||
describe('Decision endpoint', () => {
|
describe('Decision endpoint', () => {
|
||||||
test('No login token', async () => {
|
test('No login token', async () => {
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL(basicAuthParams));
|
const response = await fetch(client.authorizeURL(basicAuthParams));
|
||||||
assert.strictEqual(response.status, 200);
|
assert.strictEqual(response.status, 200);
|
||||||
|
@ -784,17 +782,11 @@ describe('OAuth', () => {
|
||||||
|
|
||||||
test('Resource owner grant is not supported', async () => {
|
test('Resource owner grant is not supported', async () => {
|
||||||
const client = new ResourceOwnerPassword({
|
const client = new ResourceOwnerPassword({
|
||||||
client: {
|
...clientConfig,
|
||||||
id: `http://127.0.0.1:${clientPort}/`,
|
|
||||||
secret: '',
|
|
||||||
},
|
|
||||||
auth: {
|
auth: {
|
||||||
tokenHost: host,
|
tokenHost: host,
|
||||||
tokenPath: '/oauth/token',
|
tokenPath: '/oauth/token',
|
||||||
},
|
},
|
||||||
options: {
|
|
||||||
authorizationMethod: 'body',
|
|
||||||
},
|
|
||||||
});
|
});
|
||||||
|
|
||||||
await assert.rejects(client.getToken({
|
await assert.rejects(client.getToken({
|
||||||
|
@ -808,17 +800,11 @@ describe('OAuth', () => {
|
||||||
|
|
||||||
test('Client credential grant is not supported', async () => {
|
test('Client credential grant is not supported', async () => {
|
||||||
const client = new ClientCredentials({
|
const client = new ClientCredentials({
|
||||||
client: {
|
...clientConfig,
|
||||||
id: `http://127.0.0.1:${clientPort}/`,
|
|
||||||
secret: '',
|
|
||||||
},
|
|
||||||
auth: {
|
auth: {
|
||||||
tokenHost: host,
|
tokenHost: host,
|
||||||
tokenPath: '/oauth/token',
|
tokenPath: '/oauth/token',
|
||||||
},
|
},
|
||||||
options: {
|
|
||||||
authorizationMethod: 'body',
|
|
||||||
},
|
|
||||||
});
|
});
|
||||||
|
|
||||||
await assert.rejects(client.getToken({}), (err: any) => {
|
await assert.rejects(client.getToken({}), (err: any) => {
|
||||||
|
@ -872,7 +858,7 @@ describe('OAuth', () => {
|
||||||
fastify.get('/', async (request, reply) => replyFunc(reply));
|
fastify.get('/', async (request, reply) => replyFunc(reply));
|
||||||
await fastify.listen({ port: clientPort });
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -897,7 +883,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
@ -915,7 +901,7 @@ describe('OAuth', () => {
|
||||||
test('Disallow loopback', async () => {
|
test('Disallow loopback', async () => {
|
||||||
process.env.MISSKEY_TEST_CHECK_IP_RANGE = '1';
|
process.env.MISSKEY_TEST_CHECK_IP_RANGE = '1';
|
||||||
|
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
scope: 'write:notes',
|
scope: 'write:notes',
|
||||||
|
@ -936,7 +922,7 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
const client = getClient();
|
const client = new AuthorizationCode(clientConfig);
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
|
|
Loading…
Reference in a new issue