diff --git a/packages/backend/test/e2e/oauth.ts b/packages/backend/test/e2e/oauth.ts index 1a42d60cb..f56846f30 100644 --- a/packages/backend/test/e2e/oauth.ts +++ b/packages/backend/test/e2e/oauth.ts @@ -76,7 +76,7 @@ describe('OAuth', () => {
Misklient `); }); - fastify.listen({ port: clientPort, host: '0.0.0.0' }); + await fastify.listen({ port: clientPort }); alice = await signup({ username: 'alice' }); }, 1000 * 60 * 2); @@ -601,6 +601,136 @@ describe('OAuth', () => { assert.ok(body.scopes_supported.includes('write:notes')); }); + describe('Client Information Discovery', () => { + test('Read HTTP header', async () => { + await fastify.close(); + + fastify = Fastify(); + fastify.get('/', async (request, reply) => { + reply.header('Link', '; rel="redirect_uri"'); + reply.send(` + +
Misklient + `); + }); + await fastify.listen({ port: clientPort }); + + const client = getClient(); + + const response = await fetch(client.authorizeURL({ + redirect_uri, + scope: 'write:notes', + state: 'state', + code_challenge: 'code', + code_challenge_method: 'S256', + })); + assert.strictEqual(response.status, 200); + }); + + test('Mixed links', async () => { + await fastify.close(); + + fastify = Fastify(); + fastify.get('/', async (request, reply) => { + reply.header('Link', '; rel="redirect_uri"'); + reply.send(` + + +
Misklient + `); + }); + await fastify.listen({ port: clientPort }); + + const client = getClient(); + + const response = await fetch(client.authorizeURL({ + redirect_uri, + scope: 'write:notes', + state: 'state', + code_challenge: 'code', + code_challenge_method: 'S256', + })); + assert.strictEqual(response.status, 200); + }); + + test('Multiple items in Link header', async () => { + await fastify.close(); + + fastify = Fastify(); + fastify.get('/', async (request, reply) => { + reply.header('Link', '; rel="redirect_uri",; rel="redirect_uri"'); + reply.send(` + +
Misklient + `); + }); + await fastify.listen({ port: clientPort }); + + const client = getClient(); + + const response = await fetch(client.authorizeURL({ + redirect_uri, + scope: 'write:notes', + state: 'state', + code_challenge: 'code', + code_challenge_method: 'S256', + })); + console.log(await response.text()); + assert.strictEqual(response.status, 200); + }); + + test('Multiple items in HTML', async () => { + await fastify.close(); + + fastify = Fastify(); + fastify.get('/', async (request, reply) => { + reply.send(` + + + +
Misklient + `); + }); + await fastify.listen({ port: clientPort }); + + const client = getClient(); + + const response = await fetch(client.authorizeURL({ + redirect_uri, + scope: 'write:notes', + state: 'state', + code_challenge: 'code', + code_challenge_method: 'S256', + })); + assert.strictEqual(response.status, 200); + }); + + test('No item', async () => { + await fastify.close(); + + fastify = Fastify(); + fastify.get('/', async (request, reply) => { + reply.send(` + +
Misklient + `); + }); + await fastify.listen({ port: clientPort }); + + const client = getClient(); + + const response = await fetch(client.authorizeURL({ + redirect_uri, + scope: 'write:notes', + state: 'state', + code_challenge: 'code', + code_challenge_method: 'S256', + })); + // TODO: status code + assert.strictEqual(response.status, 500); + }); + }); + // TODO: authorizing two users concurrently // TODO: Error format required by OAuth spec