Added token refresh helper for OAuth2
Change-Id: I543ed737584d08d5d7b59c4a664268b3d69082dc
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index 2769515..d67837f 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -109,7 +109,7 @@
$csrf = $t->get_ok('/')
->status_is(200)
->element_exists('div.notify-error')
- ->text_is('div.notify-error', 'Access denied')
+ ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
->element_exists('input[name=handle_or_email][value=test]')
->element_exists_not('div.button.top a')
->tx->res->dom->at('input[name=csrf_token]')->attr('value')
@@ -133,7 +133,6 @@
->element_exists_not('aside.active')
;
-
# Now the user is logged in and should be able to
# search with authorization
$t->get_ok('/?q=Baum')
@@ -199,11 +198,70 @@
->status_is(302)
->header_is('Location' => '/?q=Baum&ql=poliqarp');
+$t->get_ok('/?q=Baum&ql=poliqarp')
+ ->status_is(200)
+ ->element_exists_not('div.notify-error')
+ ->element_exists('div.notify-success')
+ ->text_is('div.notify-success', 'Login successful')
+ ;
+
+$t->app->routes->get(
+ '/user/refresh' => sub {
+ my $c = shift;
+
+ my $old_auth = $c->auth->token;
+ my $refresh = $c->chi('user')->get("refr_$old_auth");
+
+ $c->auth->refresh_token($refresh)->then(
+ sub {
+ my $new_auth = $c->auth->token;
+ $c->notify(success => $new_auth . ' vs. ' . $old_auth);
+ }
+ )->catch(
+ sub {
+
+ # Notify the user on login failure
+ unless (@_) {
+ $c->notify(error => $c->loc('Auth_refreshFail'));
+ }
+
+ # There are known errors
+ foreach (@_) {
+ if (ref $_ eq 'HASH') {
+ my $err = ($_->{code} ? $_->{code} . ': ' : '') .
+ $_->{message};
+ $c->notify(error => $err);
+ }
+ else {
+ $c->notify(error => $_);
+ }
+ };
+ }
+ )->finally(
+ sub {
+ return $c->redirect_to('index');
+ }
+ )->wait;
+ }
+);
+
+$t->get_ok('/user/refresh')
+ ->status_is(302)
+ ->header_is('Location' => '/');
+
+$t->get_ok('/')
+ ->status_is(200)
+ ->element_exists_not('div.notify-error')
+ ->element_exists('div.notify-success')
+ ->text_like('div.notify-success', qr!Bearer abcde vs\. Bearer .{6,}!)
+ ;
+
done_testing;
__END__
+
# Login mit falschem Nutzernamen:
# 400 und:
{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
diff --git a/t/server/mock.pl b/t/server/mock.pl
index e32365e..359f78c 100644
--- a/t/server/mock.pl
+++ b/t/server/mock.pl
@@ -278,62 +278,98 @@
post '/oauth2/token' => sub {
my $c = shift;
- # Check for wrong client id
- if ($c->param('client_id') ne '2') {
- return $c->render(
- json => {
- "error_description" => "Unknown client with " . $_->{client_id},
- "error" => "invalid_client"
- },
- status => 401
- );
- }
+ if ($c->param('grant_type') eq 'password') {
- # Check for wrong client secret
- elsif ($c->param('client_secret') ne 'k414m4r-s3cr3t') {
- return $c->render(
- json => {
- "error_description" => "Invalid client credentials",
- "error" => "invalid_client"
- },
- status => 401
- );
- }
+ # Check for wrong client id
+ if ($c->param('client_id') ne '2') {
+ return $c->render(
+ json => {
+ "error_description" => "Unknown client with " . $_->{client_id},
+ "error" => "invalid_client"
+ },
+ status => 401
+ );
+ }
- # Check for wrong user name
- elsif ($c->param('username') ne 'test') {
- return $c->render(json => {
- error => [[2004, undef]]
- });
- }
+ # Check for wrong client secret
+ elsif ($c->param('client_secret') ne 'k414m4r-s3cr3t') {
+ return $c->render(
+ json => {
+ "error_description" => "Invalid client credentials",
+ "error" => "invalid_client"
+ },
+ status => 401
+ );
+ }
- # Check for ldap error
- elsif ($c->param('password') eq 'ldaperr') {
- return $c->render(
- format => 'html',
- status => 401,
- json => {
+ # Check for wrong user name
+ elsif ($c->param('username') ne 'test') {
+ return $c->render(json => {
+ error => [[2004, undef]]
+ });
+ }
+
+ # Check for ldap error
+ elsif ($c->param('password') eq 'ldaperr') {
+ return $c->render(
+ format => 'html',
+ status => 401,
+ json => {
+ "errors" => [
+ [
+ 2022,
+ "LDAP Authentication failed due to unknown user or password!"
+ ]
+ ]
+ }
+ );
+ }
+
+ # Check for wrong password
+ elsif ($c->param('password') ne 'pass') {
+ return $c->render(json => {
+ format => 'html',
+ status => 401,
"errors" => [[2022,"LDAP Authentication failed due to unknown user or password!"]]
+ });
+ }
+
+ # Return fine access
+ return $c->render(
+ json => {
+ "access_token" => "4dcf8784ccfd26fac9bdb82778fe60e2",
+ "refresh_token" => "hlWci75xb8atDiq3924NUSvOdtAh7Nlf9z",
+ "scope" => "all",
+ "token_type" => "Bearer",
+ "expires_in" => 86400
+ });
+ }
+
+ # Refresh token
+ elsif ($c->param('grant_type') eq 'refresh_token') {
+ return $c->render(
+ status => 200,
+ json => {
+ "access_token" => "abcde",
+ "refresh_token" => "fghijk",
+ "token_type" => "Bearer",
+ "expires_in" => 86400
}
);
}
- # Check for wrong password
- elsif ($c->param('password') ne 'pass') {
- return $c->render(json => {
- error => [[2004, undef]]
- });
+ # Unknown token grant
+ else {
+ return $c->render(
+ json => {
+ "errors" => [
+ [
+ 0, "Grant Type unknown", $c->param("grant_type")
+ ]
+ ]
+ }
+ )
}
-
- # Return fine access
- return $c->render(
- json => {
- "access_token" => "4dcf8784ccfd26fac9bdb82778fe60e2",
- "refresh_token" => "hlWci75xb8atDiq3924NUSvOdtAh7Nlf9z",
- "scope" => "all",
- "token_type" => "Bearer",
- "expires_in" => 86400
- });
};