clientConfig
This commit is contained in:
parent
628377187a
commit
5db1126db6
1 changed files with 34 additions and 48 deletions
|
@ -6,7 +6,7 @@
|
|||
process.env.NODE_ENV = 'test';
|
||||
|
||||
import * as assert from 'assert';
|
||||
import { AuthorizationCode, ResourceOwnerPassword, type AuthorizationTokenConfig, ClientCredentials } from 'simple-oauth2';
|
||||
import { AuthorizationCode, ResourceOwnerPassword, type AuthorizationTokenConfig, ClientCredentials, ModuleOptions } from 'simple-oauth2';
|
||||
import pkceChallenge from 'pkce-challenge';
|
||||
import { JSDOM } from 'jsdom';
|
||||
import type * as misskey from 'misskey-js';
|
||||
|
@ -39,8 +39,7 @@ interface AuthorizationTokenConfigExtended extends AuthorizationTokenConfig {
|
|||
code_verifier: string | undefined;
|
||||
}
|
||||
|
||||
function getClient(): AuthorizationCode<'client_id'> {
|
||||
return new AuthorizationCode({
|
||||
const clientConfig: ModuleOptions<'client_id'> = {
|
||||
client: {
|
||||
id: `http://127.0.0.1:${clientPort}/`,
|
||||
secret: '',
|
||||
|
@ -53,8 +52,7 @@ function getClient(): AuthorizationCode<'client_id'> {
|
|||
options: {
|
||||
authorizationMethod: 'body',
|
||||
},
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } {
|
||||
const fragment = JSDOM.fragment(html);
|
||||
|
@ -87,7 +85,7 @@ async function fetchDecisionFromResponse(response: Response, user: misskey.entit
|
|||
}
|
||||
|
||||
async function fetchAuthorizationCode(user: misskey.entities.MeSignup, scope: string, code_challenge: string): Promise<{ client: AuthorizationCode, code: string }> {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -172,7 +170,7 @@ describe('OAuth', () => {
|
|||
test('Full flow', async () => {
|
||||
const { code_challenge, code_verifier } = await pkceChallenge(128);
|
||||
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -229,7 +227,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
|
||||
test('Two concurrent flows', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const pkceAlice = await pkceChallenge(128);
|
||||
const pkceBob = await pkceChallenge(128);
|
||||
|
@ -316,7 +314,7 @@ describe('OAuth', () => {
|
|||
// '... the authorization endpoint MUST return the authorization
|
||||
// error response with the "error" value set to "invalid_request".'
|
||||
test('Require PKCE', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
// Pattern 1: No PKCE fields at all
|
||||
let response = await fetch(client.authorizeURL({
|
||||
|
@ -430,7 +428,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
|
||||
test('Cancellation', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -460,7 +458,7 @@ describe('OAuth', () => {
|
|||
// indicating an invalid scope."
|
||||
// (And Misskey does the latter)
|
||||
test('Missing scope', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -472,7 +470,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
|
||||
test('Empty scope', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -485,7 +483,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
|
||||
test('Unknown scopes', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -522,7 +520,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
|
||||
test('Known scopes', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -626,7 +624,7 @@ describe('OAuth', () => {
|
|||
// automatically redirect the user-agent to the invalid redirection URI."
|
||||
describe('Redirection', () => {
|
||||
test('Invalid redirect_uri at authorization endpoint', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri: 'http://127.0.0.2/',
|
||||
|
@ -639,7 +637,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
|
||||
test('Invalid redirect_uri including the valid one at authorization endpoint', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri: 'http://127.0.0.1/redirection',
|
||||
|
@ -652,7 +650,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
|
||||
test('No redirect_uri at authorization endpoint', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
scope: 'write:notes',
|
||||
|
@ -722,7 +720,7 @@ describe('OAuth', () => {
|
|||
// Do not use indirect error here.
|
||||
describe('Decision endpoint', () => {
|
||||
test('No login token', async () => {
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL(basicAuthParams));
|
||||
assert.strictEqual(response.status, 200);
|
||||
|
@ -784,17 +782,11 @@ describe('OAuth', () => {
|
|||
|
||||
test('Resource owner grant is not supported', async () => {
|
||||
const client = new ResourceOwnerPassword({
|
||||
client: {
|
||||
id: `http://127.0.0.1:${clientPort}/`,
|
||||
secret: '',
|
||||
},
|
||||
...clientConfig,
|
||||
auth: {
|
||||
tokenHost: host,
|
||||
tokenPath: '/oauth/token',
|
||||
},
|
||||
options: {
|
||||
authorizationMethod: 'body',
|
||||
},
|
||||
});
|
||||
|
||||
await assert.rejects(client.getToken({
|
||||
|
@ -808,17 +800,11 @@ describe('OAuth', () => {
|
|||
|
||||
test('Client credential grant is not supported', async () => {
|
||||
const client = new ClientCredentials({
|
||||
client: {
|
||||
id: `http://127.0.0.1:${clientPort}/`,
|
||||
secret: '',
|
||||
},
|
||||
...clientConfig,
|
||||
auth: {
|
||||
tokenHost: host,
|
||||
tokenPath: '/oauth/token',
|
||||
},
|
||||
options: {
|
||||
authorizationMethod: 'body',
|
||||
},
|
||||
});
|
||||
|
||||
await assert.rejects(client.getToken({}), (err: any) => {
|
||||
|
@ -872,7 +858,7 @@ describe('OAuth', () => {
|
|||
fastify.get('/', async (request, reply) => replyFunc(reply));
|
||||
await fastify.listen({ port: clientPort });
|
||||
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -897,7 +883,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
await fastify.listen({ port: clientPort });
|
||||
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
@ -915,7 +901,7 @@ describe('OAuth', () => {
|
|||
test('Disallow loopback', async () => {
|
||||
process.env.MISSKEY_TEST_CHECK_IP_RANGE = '1';
|
||||
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
scope: 'write:notes',
|
||||
|
@ -936,7 +922,7 @@ describe('OAuth', () => {
|
|||
});
|
||||
await fastify.listen({ port: clientPort });
|
||||
|
||||
const client = getClient();
|
||||
const client = new AuthorizationCode(clientConfig);
|
||||
|
||||
const response = await fetch(client.authorizeURL({
|
||||
redirect_uri,
|
||||
|
|
Loading…
Reference in a new issue