commit 5999212cd9cd836505fcf0b2231f39099f6f98b1
author Akron <nils@diewald-online.de> Tue Oct 29 11:28:45 2019 +0100
committer Akron <nils@diewald-online.de> Mon Mar 16 14:53:04 2020 +0100
tree 06bdd0e1783ef94c00ba8bdd87db553336f7aaec
parent d00b427f377f1f0e127db2cf8b5fcbb8bb851bea

Initial token management

Change-Id: I6177b46961b7a0e53b9fa1fa9430a4d5562ae2da

t/plugin/auth-oauth.t

diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index f03f61e..c9c4207 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -18,7 +18,8 @@
   'Kalamar-Auth' => {
     client_id => 2,
     client_secret => 'k414m4r-s3cr3t',
-    oauth2 => 1
+    oauth2 => 1,
+    experimental_client_registration => 1
   }
 });
 
@@ -371,7 +372,7 @@
 
 
 # The token is invalid and can't be refreshed!
-$t->get_ok('/?q=baum&cutoff=true')
+$csrf = $t->get_ok('/?q=baum&cutoff=true')
   ->status_is(200)
   ->session_hasnt('/auth')
   ->session_hasnt('/auth_r')
@@ -380,8 +381,57 @@
   ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
   ->content_unlike(qr/\"authorized\"\:\"yes\"/)
   ->element_exists('p.no-results')
+  ->tx->res->dom->at('input[name="csrf_token"]')
+  ->attr('value')
   ;
 
+# Login:
+$t->post_ok('/user/login' => form => {
+  handle_or_email => 'test',
+  pwd => 'pass',
+  csrf_token => $csrf
+})
+  ->status_is(302)
+  ->content_is('')
+  ->header_is('Location' => '/');
+
+$t->get_ok('/')
+  ->status_is(200)
+  ->element_exists_not('div.notify-error')
+  ->element_exists('div.notify-success')
+  ->text_is('div.notify-success', 'Login successful')
+  ->element_exists('aside.off')
+  ->element_exists_not('aside.active')
+  ;
+
+$t->get_ok('/settings/oauth')
+  ->text_is('form.form-table legend', 'Register new client application')
+  ->attr_is('form.oauth-register','action', '/settings/oauth/register')
+  ;
+
+$csrf = $t->post_ok('/settings/oauth/register' => form => {
+  name => 'MyApp',
+  type => 'PUBLIC',
+  desc => 'This is my application'
+})
+  ->text_is('div.notify-error', 'Bad CSRF token')
+  ->tx->res->dom->at('input[name="csrf_token"]')
+  ->attr('value')
+  ;
+
+$t->post_ok('/settings/oauth/register' => form => {
+  name => 'MyApp',
+  type => 'CONFIDENTIAL',
+  desc => 'This is my application',
+  csrf_token => $csrf
+})
+  ->status_is(200)
+  ->element_exists('div.notify-success')
+  ->text_is('legend', 'Client Credentials')
+  ->text_is('label[for=client_id]', 'ID of the client application')
+  ->element_exists('input[name=client_id][readonly][value]')
+  ->element_exists('input[name=client_secret][readonly][value]')
+  ;
 
 done_testing;
 __END__