masakiq · masakiq · Feb 17, 2020 · Feb 18, 2020 · Feb 18, 2020
diff --git a/bin/test b/bin/test
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+for i in `find test/* -name '*_test.rb'`
+do
+  ruby $i
+done
diff --git a/oauth/authorization_code/auth_server.rb b/oauth/authorization_code/auth_server.rb
@@ -56,29 +56,42 @@ def do_POST request, response
     code = params['code']
     redirect_uri = URI.decode(params['redirect_uri'])
 
-    if grant_type != 'authorization_code' || code != $auth_code || redirect_uri != "#{ENV['SAF_REDIRECT_URI']}"
+    response['Content-Type'] = 'text/plain'
+
+    errors = []
+    errors << 'Not allow request token directly' if $auth_code.nil?
+    errors << 'Invalid auth_code' if code != $auth_code && errors.size == 0
+    errors << 'Invalid grant_type' if grant_type != 'authorization_code'
+    errors << 'Invalid redirect_uri' if redirect_uri != "#{ENV['SAF_REDIRECT_URI']}"
+    if errors.size > 0
       response.status = 400
-      response['Content-Type'] = 'text/plain'
-      response.body = 'Invalid auth_code'
+      response.body = errors.join(',')
       return
     end
 
     uri = URI("#{ENV['SAF_RESOURCE_SERVER_URI']}/issue_token")
     res = Net::HTTP.post_form(uri, private_token: 'private_token')
     if res.code == '200'
       response.status = 200
-      response['Content-Type'] = 'text/plain'
       response.body = res.body
     else
       response.status = 500
-      response['Content-Type'] = 'text/plain'
       response.body = 'Internal server error'
     end
   end
 end
 
+class HeartBeat < WEBrick::HTTPServlet::AbstractServlet
+  def do_GET request, response
+    response.status = 200
+    response['Content-Type'] = 'text/plain'
+    response.body = 'ok'
+  end
+end
+
 server.mount '/authorization', Authorization
 server.mount '/permit', Permit
 server.mount '/deny', Deny
 server.mount '/token', Token
+server.mount '/heart_beat', HeartBeat
 server.start
diff --git a/test/mock/resource_server_mock.rb b/test/mock/resource_server_mock.rb
@@ -0,0 +1,25 @@
+require 'webrick'
+require 'securerandom'
+
+resource_port = ENV['SAF_RESOURCE_SERVER_URI'].match(/\Ahttp:\/\/localhost:(?<port>.+?)\z/)[:port].to_i
+server = WEBrick::HTTPServer.new :Port => resource_port
+
+class IssueToken < WEBrick::HTTPServlet::AbstractServlet
+  def do_POST request, response
+    response['Content-Type'] = 'text/plain'
+    response.status = (ARGV[0] || 200).to_i
+    response.body = ARGV[1] || 'token'
+  end
+end
+
+class HeartBeat < WEBrick::HTTPServlet::AbstractServlet
+  def do_GET request, response
+    response.status = 200
+    response['Content-Type'] = 'text/plain'
+    response.body = 'ok'
+  end
+end
+
+server.mount '/issue_token', IssueToken
+server.mount '/heart_beat', HeartBeat
+server.start
diff --git a/test/oauth/authorization_code/auth_server_test.rb b/test/oauth/authorization_code/auth_server_test.rb
@@ -0,0 +1,214 @@
+require 'test/unit'
+require 'net/http'
+require 'pry'
+
+class AuthServerTest < Test::Unit::TestCase
+  def setup
+    kill_server
+    start_server
+  end
+
+  def teardown
+    kill_server
+  end
+
+  def kill_server
+    result = `ps aux | grep 'ruby oauth/authorization_code/auth_server.rb' | grep -v grep`
+    `kill #{ result.split(' ')[1] } > /dev/null 2>&1`
+    result = `ps aux | grep 'ruby test/mock/resource_server_mock.rb' | grep -v grep`
+    `kill #{ result.split(' ')[1] } > /dev/null 2>&1`
+  end
+
+  def start_server
+    env =
+      'SAF_AUTH_SERVER_URI=http://localhost:10001 '\
+      'SAF_RESOURCE_SERVER_URI=http://localhost:10002 '\
+      'SAF_CLIENT_ID=123 '\
+      'SAF_REDIRECT_URI=http://localhost:10003/callback '
+    `#{env}ruby oauth/authorization_code/auth_server.rb > /dev/null 2>&1 &`
+    while true do
+      begin
+        Net::HTTP.get_response(URI.parse('http://localhost:10001/heart_beat'))
+        break
+      rescue Errno::ECONNREFUSED
+        sleep 0.1
+      end
+    end
+  end
+
+  def start_resource_server_mock(status:, response:)
+    env =
+      'SAF_RESOURCE_SERVER_URI=http://localhost:10002 '
+    `#{env}ruby test/mock/resource_server_mock.rb #{status} #{response} > /dev/null 2>&1 &`
+    while true do
+      begin
+        Net::HTTP.get_response(URI.parse('http://localhost:10002/heart_beat'))
+        break
+      rescue Errno::ECONNREFUSED
+        sleep 0.1
+      end
+    end
+  end
+
+  def test_authorization
+    url =
+      'http://localhost:10001/authorization'\
+      '?response_type=code'\
+      '&client_id=123'\
+      '&redirect_uri=http://localhost:10003/callback'\
+      '&state=state'
+    res = Net::HTTP.get_response(URI.parse(url))
+    assert_equal(res.code, '200')
+  end
+
+  def test_authorization_invalid_client_id
+    url =
+      'http://localhost:10001/authorization'\
+      '?response_type=code'\
+      '&client_id=abc'\
+      '&redirect_uri=http://localhost:10003/callback'\
+      '&state=state'
+    res = Net::HTTP.get_response(URI.parse(url))
+    assert_equal(res.code, '400')
+  end
+
+  def test_authorization_invalid_redirect_uri
+    url =
+      'http://localhost:10001/authorization'\
+      '?response_type=code'\
+      '&client_id=123'\
+      '&redirect_uri=http://localhost:10002/callback'\
+      '&state=state'
+    res = Net::HTTP.get_response(URI.parse(url))
+    assert_equal(res.code, '400')
+  end
+
+  def test_permit
+    url =
+      'http://localhost:10001/permit'\
+      '?redirect_uri=http://localhost:10002/callback'\
+      '&state=state'
+    res = Net::HTTP.get_response(URI.parse(url))
+    assert_equal(res.code, '302')
+    location = res.to_hash['location'].first
+    uri = URI.parse(location)
+    assert_equal(uri.port, 10002)
+    assert_equal(uri.host, 'localhost')
+    assert_equal(uri.path, '/callback')
+    assert_equal(uri.query.include?("code=#{$auth_code}"), true)
+    assert_equal(uri.query.include?('state=state'), true)
+  end
+
+  def test_deny
+    url =
+      'http://localhost:10001/deny'\
+      '?redirect_uri=http://localhost:10002/callback'
+    res = Net::HTTP.get_response(URI.parse(url))
+    assert_equal(res.code, '302')
+    location = res.to_hash['location'].first
+    uri = URI.parse(location)
+    assert_equal(uri.port, 10002)
+    assert_equal(uri.host, 'localhost')
+    assert_equal(uri.path, '/callback')
+    assert_equal(uri.query.include?('deny=true'), true)
+  end
+
+  def prepare_permit
+    uri =
+      'http://localhost:10001/permit'\
+      '?redirect_uri=http://localhost:10002/callback'\
+      '&state=state'
+    res = Net::HTTP.get_response(URI.parse(uri))
+    location = res.to_hash['location'].first
+    URI.parse(location).query.split('&').inject({}) { |r, q| r.merge(q.split('=')[0] => q.split('=')[1]) }
+  end
+
+  def test_token
+    start_resource_server_mock(status: 200, response: 'token')
+    params = prepare_permit
+
+    uri = URI('http://localhost:10001/token')
+    res = Net::HTTP.post_form(
+      uri,
+      grant_type: 'authorization_code',
+      code: params['code'],
+      redirect_uri: 'http://localhost:10003/callback'
+    )
+    assert_equal(res.code, '200')
+    assert_equal(res.body, 'token')
+  end
+
+  def test_token_auth_code_is_not_generated
+    start_resource_server_mock(status: 200, response: 'token')
+
+    uri = URI('http://localhost:10001/token')
+    res = Net::HTTP.post_form(
+      uri,
+      grant_type: 'authorization_code',
+      code: 'code',
+      redirect_uri: 'http://localhost:10003/callback'
+    )
+    assert_equal(res.code, '400')
+    assert_equal(res.body, 'Not allow request token directly')
+  end
+
+  def test_token_invalid_auth_code
+    start_resource_server_mock(status: 200, response: 'token')
+    params = prepare_permit
+
+    uri = URI('http://localhost:10001/token')
+    res = Net::HTTP.post_form(
+      uri,
+      grant_type: 'authorization_code',
+      code: 'invalid' + params['code'],
+      redirect_uri: 'http://localhost:10003/callback'
+    )
+    assert_equal(res.code, '400')
+    assert_equal(res.body, 'Invalid auth_code')
+  end
+
+  def test_token_invalid_grant_type
+    start_resource_server_mock(status: 200, response: 'token')
+    params = prepare_permit
+
+    uri = URI('http://localhost:10001/token')
+    res = Net::HTTP.post_form(
+      uri,
+      grant_type: 'password',
+      code: params['code'],
+      redirect_uri: 'http://localhost:10003/callback'
+    )
+    assert_equal(res.code, '400')
+    assert_equal(res.body, 'Invalid grant_type')
+  end
+
+  def test_token_invalid_redirect_uri
+    start_resource_server_mock(status: 200, response: 'token')
+    params = prepare_permit
+
+    uri = URI('http://localhost:10001/token')
+    res = Net::HTTP.post_form(
+      uri,
+      grant_type: 'authorization_code',
+      code: params['code'],
+      redirect_uri: 'http://localhost:10003/invalid'
+    )
+    assert_equal(res.code, '400')
+    assert_equal(res.body, 'Invalid redirect_uri')
+  end
+
+  def test_token_deny_resource_server_access
+    start_resource_server_mock(status: 400, response: 'invalid access')
+    params = prepare_permit
+
+    uri = URI('http://localhost:10001/token')
+    res = Net::HTTP.post_form(
+      uri,
+      grant_type: 'authorization_code',
+      code: params['code'],
+      redirect_uri: 'http://localhost:10003/callback'
+    )
+    assert_equal(res.code, '500')
+    assert_equal(res.body, 'Internal server error')
+  end
+end