clientConfig

This commit is contained in:
Kagami Sascha Rosylight 2023-06-17 00:28:03 +02:00
parent 628377187a
commit 5db1126db6

View file

@ -6,7 +6,7 @@
process.env.NODE_ENV = 'test'; process.env.NODE_ENV = 'test';
import * as assert from 'assert'; import * as assert from 'assert';
import { AuthorizationCode, ResourceOwnerPassword, type AuthorizationTokenConfig, ClientCredentials } from 'simple-oauth2'; import { AuthorizationCode, ResourceOwnerPassword, type AuthorizationTokenConfig, ClientCredentials, ModuleOptions } from 'simple-oauth2';
import pkceChallenge from 'pkce-challenge'; import pkceChallenge from 'pkce-challenge';
import { JSDOM } from 'jsdom'; import { JSDOM } from 'jsdom';
import type * as misskey from 'misskey-js'; import type * as misskey from 'misskey-js';
@ -39,22 +39,20 @@ interface AuthorizationTokenConfigExtended extends AuthorizationTokenConfig {
code_verifier: string | undefined; code_verifier: string | undefined;
} }
function getClient(): AuthorizationCode<'client_id'> { const clientConfig: ModuleOptions<'client_id'> = {
return new AuthorizationCode({ client: {
client: { id: `http://127.0.0.1:${clientPort}/`,
id: `http://127.0.0.1:${clientPort}/`, secret: '',
secret: '', },
}, auth: {
auth: { tokenHost: host,
tokenHost: host, tokenPath: '/oauth/token',
tokenPath: '/oauth/token', authorizePath: '/oauth/authorize',
authorizePath: '/oauth/authorize', },
}, options: {
options: { authorizationMethod: 'body',
authorizationMethod: 'body', },
}, };
});
}
function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } { function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } {
const fragment = JSDOM.fragment(html); const fragment = JSDOM.fragment(html);
@ -87,7 +85,7 @@ async function fetchDecisionFromResponse(response: Response, user: misskey.entit
} }
async function fetchAuthorizationCode(user: misskey.entities.MeSignup, scope: string, code_challenge: string): Promise<{ client: AuthorizationCode, code: string }> { async function fetchAuthorizationCode(user: misskey.entities.MeSignup, scope: string, code_challenge: string): Promise<{ client: AuthorizationCode, code: string }> {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -172,7 +170,7 @@ describe('OAuth', () => {
test('Full flow', async () => { test('Full flow', async () => {
const { code_challenge, code_verifier } = await pkceChallenge(128); const { code_challenge, code_verifier } = await pkceChallenge(128);
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -229,7 +227,7 @@ describe('OAuth', () => {
}); });
test('Two concurrent flows', async () => { test('Two concurrent flows', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const pkceAlice = await pkceChallenge(128); const pkceAlice = await pkceChallenge(128);
const pkceBob = await pkceChallenge(128); const pkceBob = await pkceChallenge(128);
@ -316,7 +314,7 @@ describe('OAuth', () => {
// '... the authorization endpoint MUST return the authorization // '... the authorization endpoint MUST return the authorization
// error response with the "error" value set to "invalid_request".' // error response with the "error" value set to "invalid_request".'
test('Require PKCE', async () => { test('Require PKCE', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
// Pattern 1: No PKCE fields at all // Pattern 1: No PKCE fields at all
let response = await fetch(client.authorizeURL({ let response = await fetch(client.authorizeURL({
@ -430,7 +428,7 @@ describe('OAuth', () => {
}); });
test('Cancellation', async () => { test('Cancellation', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -460,7 +458,7 @@ describe('OAuth', () => {
// indicating an invalid scope." // indicating an invalid scope."
// (And Misskey does the latter) // (And Misskey does the latter)
test('Missing scope', async () => { test('Missing scope', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -472,7 +470,7 @@ describe('OAuth', () => {
}); });
test('Empty scope', async () => { test('Empty scope', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -485,7 +483,7 @@ describe('OAuth', () => {
}); });
test('Unknown scopes', async () => { test('Unknown scopes', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -522,7 +520,7 @@ describe('OAuth', () => {
}); });
test('Known scopes', async () => { test('Known scopes', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -626,7 +624,7 @@ describe('OAuth', () => {
// automatically redirect the user-agent to the invalid redirection URI." // automatically redirect the user-agent to the invalid redirection URI."
describe('Redirection', () => { describe('Redirection', () => {
test('Invalid redirect_uri at authorization endpoint', async () => { test('Invalid redirect_uri at authorization endpoint', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri: 'http://127.0.0.2/', redirect_uri: 'http://127.0.0.2/',
@ -639,7 +637,7 @@ describe('OAuth', () => {
}); });
test('Invalid redirect_uri including the valid one at authorization endpoint', async () => { test('Invalid redirect_uri including the valid one at authorization endpoint', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri: 'http://127.0.0.1/redirection', redirect_uri: 'http://127.0.0.1/redirection',
@ -652,7 +650,7 @@ describe('OAuth', () => {
}); });
test('No redirect_uri at authorization endpoint', async () => { test('No redirect_uri at authorization endpoint', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
scope: 'write:notes', scope: 'write:notes',
@ -722,7 +720,7 @@ describe('OAuth', () => {
// Do not use indirect error here. // Do not use indirect error here.
describe('Decision endpoint', () => { describe('Decision endpoint', () => {
test('No login token', async () => { test('No login token', async () => {
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL(basicAuthParams)); const response = await fetch(client.authorizeURL(basicAuthParams));
assert.strictEqual(response.status, 200); assert.strictEqual(response.status, 200);
@ -784,17 +782,11 @@ describe('OAuth', () => {
test('Resource owner grant is not supported', async () => { test('Resource owner grant is not supported', async () => {
const client = new ResourceOwnerPassword({ const client = new ResourceOwnerPassword({
client: { ...clientConfig,
id: `http://127.0.0.1:${clientPort}/`,
secret: '',
},
auth: { auth: {
tokenHost: host, tokenHost: host,
tokenPath: '/oauth/token', tokenPath: '/oauth/token',
}, },
options: {
authorizationMethod: 'body',
},
}); });
await assert.rejects(client.getToken({ await assert.rejects(client.getToken({
@ -808,17 +800,11 @@ describe('OAuth', () => {
test('Client credential grant is not supported', async () => { test('Client credential grant is not supported', async () => {
const client = new ClientCredentials({ const client = new ClientCredentials({
client: { ...clientConfig,
id: `http://127.0.0.1:${clientPort}/`,
secret: '',
},
auth: { auth: {
tokenHost: host, tokenHost: host,
tokenPath: '/oauth/token', tokenPath: '/oauth/token',
}, },
options: {
authorizationMethod: 'body',
},
}); });
await assert.rejects(client.getToken({}), (err: any) => { await assert.rejects(client.getToken({}), (err: any) => {
@ -872,7 +858,7 @@ describe('OAuth', () => {
fastify.get('/', async (request, reply) => replyFunc(reply)); fastify.get('/', async (request, reply) => replyFunc(reply));
await fastify.listen({ port: clientPort }); await fastify.listen({ port: clientPort });
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -897,7 +883,7 @@ describe('OAuth', () => {
}); });
await fastify.listen({ port: clientPort }); await fastify.listen({ port: clientPort });
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
@ -915,7 +901,7 @@ describe('OAuth', () => {
test('Disallow loopback', async () => { test('Disallow loopback', async () => {
process.env.MISSKEY_TEST_CHECK_IP_RANGE = '1'; process.env.MISSKEY_TEST_CHECK_IP_RANGE = '1';
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,
scope: 'write:notes', scope: 'write:notes',
@ -936,7 +922,7 @@ describe('OAuth', () => {
}); });
await fastify.listen({ port: clientPort }); await fastify.listen({ port: clientPort });
const client = getClient(); const client = new AuthorizationCode(clientConfig);
const response = await fetch(client.authorizeURL({ const response = await fetch(client.authorizeURL({
redirect_uri, redirect_uri,