mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-12-24 20:53:09 +02:00
more discovery test
This commit is contained in:
parent
87dbe5e9fb
commit
a688bd1061
2 changed files with 134 additions and 91 deletions
|
@ -511,7 +511,7 @@ export class OAuth2ProviderService {
|
||||||
|
|
||||||
const clientUrl = validateClientId(clientId);
|
const clientUrl = validateClientId(clientId);
|
||||||
|
|
||||||
if (process.env.NODE_ENV !== 'test') {
|
if (process.env.NODE_ENV !== 'test' || process.env.MISSKEY_TEST_DISALLOW_LOOPBACK === '1') {
|
||||||
const lookup = await dns.lookup(clientUrl.hostname);
|
const lookup = await dns.lookup(clientUrl.hostname);
|
||||||
if (ipaddr.parse(lookup.address).range() === 'loopback') {
|
if (ipaddr.parse(lookup.address).range() === 'loopback') {
|
||||||
throw new Error('client_id unexpectedly resolves to loopback IP.');
|
throw new Error('client_id unexpectedly resolves to loopback IP.');
|
||||||
|
|
|
@ -29,7 +29,7 @@ function getClient(): AuthorizationCode<'client_id'> {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } | undefined {
|
function getMeta(html: string): { transactionId: string | undefined, clientName: string | undefined } {
|
||||||
const fragment = JSDOM.fragment(html);
|
const fragment = JSDOM.fragment(html);
|
||||||
return {
|
return {
|
||||||
transactionId: fragment.querySelector<HTMLMetaElement>('meta[name="misskey:oauth:transaction-id"]')?.content,
|
transactionId: fragment.querySelector<HTMLMetaElement>('meta[name="misskey:oauth:transaction-id"]')?.content,
|
||||||
|
@ -68,6 +68,11 @@ describe('OAuth', () => {
|
||||||
|
|
||||||
beforeAll(async () => {
|
beforeAll(async () => {
|
||||||
app = await startServer();
|
app = await startServer();
|
||||||
|
alice = await signup({ username: 'alice' });
|
||||||
|
}, 1000 * 60 * 2);
|
||||||
|
|
||||||
|
beforeEach(async () => {
|
||||||
|
process.env.MISSKEY_TEST_DISALLOW_LOOPBACK = '';
|
||||||
fastify = Fastify();
|
fastify = Fastify();
|
||||||
fastify.get('/', async (request, reply) => {
|
fastify.get('/', async (request, reply) => {
|
||||||
reply.send(`
|
reply.send(`
|
||||||
|
@ -77,12 +82,13 @@ describe('OAuth', () => {
|
||||||
`);
|
`);
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
await fastify.listen({ port: clientPort });
|
||||||
|
});
|
||||||
alice = await signup({ username: 'alice' });
|
|
||||||
}, 1000 * 60 * 2);
|
|
||||||
|
|
||||||
afterAll(async () => {
|
afterAll(async () => {
|
||||||
await app.close();
|
await app.close();
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(async () => {
|
||||||
await fastify.close();
|
await fastify.close();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -104,7 +110,7 @@ describe('OAuth', () => {
|
||||||
|
|
||||||
const meta = getMeta(await response.text());
|
const meta = getMeta(await response.text());
|
||||||
assert.strictEqual(typeof meta.transactionId, 'string');
|
assert.strictEqual(typeof meta.transactionId, 'string');
|
||||||
assert.strictEqual(meta?.clientName, 'Misklient');
|
assert.strictEqual(meta.clientName, 'Misklient');
|
||||||
|
|
||||||
const decisionResponse = await fetchDecision(cookie!, meta.transactionId!, alice);
|
const decisionResponse = await fetchDecision(cookie!, meta.transactionId!, alice);
|
||||||
assert.strictEqual(decisionResponse.status, 302);
|
assert.strictEqual(decisionResponse.status, 302);
|
||||||
|
@ -602,123 +608,139 @@ describe('OAuth', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('Client Information Discovery', () => {
|
describe('Client Information Discovery', () => {
|
||||||
test('Read HTTP header', async () => {
|
describe('Redirection', () => {
|
||||||
await fastify.close();
|
test('Read HTTP header', async () => {
|
||||||
|
await fastify.close();
|
||||||
|
|
||||||
fastify = Fastify();
|
fastify = Fastify();
|
||||||
fastify.get('/', async (request, reply) => {
|
fastify.get('/', async (request, reply) => {
|
||||||
reply.header('Link', '</redirect>; rel="redirect_uri"');
|
reply.header('Link', '</redirect>; rel="redirect_uri"');
|
||||||
reply.send(`
|
reply.send(`
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<div class="h-app"><div class="p-name">Misklient
|
<div class="h-app"><div class="p-name">Misklient
|
||||||
`);
|
`);
|
||||||
|
});
|
||||||
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
|
const client = getClient();
|
||||||
|
|
||||||
|
const response = await fetch(client.authorizeURL({
|
||||||
|
redirect_uri,
|
||||||
|
scope: 'write:notes',
|
||||||
|
state: 'state',
|
||||||
|
code_challenge: 'code',
|
||||||
|
code_challenge_method: 'S256',
|
||||||
|
}));
|
||||||
|
assert.strictEqual(response.status, 200);
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
|
||||||
|
|
||||||
const client = getClient();
|
test('Mixed links', async () => {
|
||||||
|
await fastify.close();
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
fastify = Fastify();
|
||||||
redirect_uri,
|
fastify.get('/', async (request, reply) => {
|
||||||
scope: 'write:notes',
|
reply.header('Link', '</redirect>; rel="redirect_uri"');
|
||||||
state: 'state',
|
reply.send(`
|
||||||
code_challenge: 'code',
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
}));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
});
|
|
||||||
|
|
||||||
test('Mixed links', async () => {
|
|
||||||
await fastify.close();
|
|
||||||
|
|
||||||
fastify = Fastify();
|
|
||||||
fastify.get('/', async (request, reply) => {
|
|
||||||
reply.header('Link', '</redirect>; rel="redirect_uri"');
|
|
||||||
reply.send(`
|
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<link rel="redirect_uri" href="/redirect2" />
|
<link rel="redirect_uri" href="/redirect2" />
|
||||||
<div class="h-app"><div class="p-name">Misklient
|
<div class="h-app"><div class="p-name">Misklient
|
||||||
`);
|
`);
|
||||||
|
});
|
||||||
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
|
const client = getClient();
|
||||||
|
|
||||||
|
const response = await fetch(client.authorizeURL({
|
||||||
|
redirect_uri,
|
||||||
|
scope: 'write:notes',
|
||||||
|
state: 'state',
|
||||||
|
code_challenge: 'code',
|
||||||
|
code_challenge_method: 'S256',
|
||||||
|
}));
|
||||||
|
assert.strictEqual(response.status, 200);
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
|
||||||
|
|
||||||
const client = getClient();
|
test('Multiple items in Link header', async () => {
|
||||||
|
await fastify.close();
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
fastify = Fastify();
|
||||||
redirect_uri,
|
fastify.get('/', async (request, reply) => {
|
||||||
scope: 'write:notes',
|
reply.header('Link', '</redirect2>; rel="redirect_uri",</redirect>; rel="redirect_uri"');
|
||||||
state: 'state',
|
reply.send(`
|
||||||
code_challenge: 'code',
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
}));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
});
|
|
||||||
|
|
||||||
test('Multiple items in Link header', async () => {
|
|
||||||
await fastify.close();
|
|
||||||
|
|
||||||
fastify = Fastify();
|
|
||||||
fastify.get('/', async (request, reply) => {
|
|
||||||
reply.header('Link', '</redirect2>; rel="redirect_uri",</redirect>; rel="redirect_uri"');
|
|
||||||
reply.send(`
|
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<div class="h-app"><div class="p-name">Misklient
|
<div class="h-app"><div class="p-name">Misklient
|
||||||
`);
|
`);
|
||||||
|
});
|
||||||
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
|
const client = getClient();
|
||||||
|
|
||||||
|
const response = await fetch(client.authorizeURL({
|
||||||
|
redirect_uri,
|
||||||
|
scope: 'write:notes',
|
||||||
|
state: 'state',
|
||||||
|
code_challenge: 'code',
|
||||||
|
code_challenge_method: 'S256',
|
||||||
|
}));
|
||||||
|
assert.strictEqual(response.status, 200);
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
|
||||||
|
|
||||||
const client = getClient();
|
test('Multiple items in HTML', async () => {
|
||||||
|
await fastify.close();
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
fastify = Fastify();
|
||||||
redirect_uri,
|
fastify.get('/', async (request, reply) => {
|
||||||
scope: 'write:notes',
|
reply.send(`
|
||||||
state: 'state',
|
|
||||||
code_challenge: 'code',
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
}));
|
|
||||||
console.log(await response.text());
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
});
|
|
||||||
|
|
||||||
test('Multiple items in HTML', async () => {
|
|
||||||
await fastify.close();
|
|
||||||
|
|
||||||
fastify = Fastify();
|
|
||||||
fastify.get('/', async (request, reply) => {
|
|
||||||
reply.send(`
|
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<link rel="redirect_uri" href="/redirect2" />
|
<link rel="redirect_uri" href="/redirect2" />
|
||||||
<link rel="redirect_uri" href="/redirect" />
|
<link rel="redirect_uri" href="/redirect" />
|
||||||
<div class="h-app"><div class="p-name">Misklient
|
<div class="h-app"><div class="p-name">Misklient
|
||||||
`);
|
`);
|
||||||
|
});
|
||||||
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
|
const client = getClient();
|
||||||
|
|
||||||
|
const response = await fetch(client.authorizeURL({
|
||||||
|
redirect_uri,
|
||||||
|
scope: 'write:notes',
|
||||||
|
state: 'state',
|
||||||
|
code_challenge: 'code',
|
||||||
|
code_challenge_method: 'S256',
|
||||||
|
}));
|
||||||
|
assert.strictEqual(response.status, 200);
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
|
||||||
|
|
||||||
const client = getClient();
|
test('No item', async () => {
|
||||||
|
await fastify.close();
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
fastify = Fastify();
|
||||||
redirect_uri,
|
fastify.get('/', async (request, reply) => {
|
||||||
scope: 'write:notes',
|
reply.send(`
|
||||||
state: 'state',
|
|
||||||
code_challenge: 'code',
|
|
||||||
code_challenge_method: 'S256',
|
|
||||||
}));
|
|
||||||
assert.strictEqual(response.status, 200);
|
|
||||||
});
|
|
||||||
|
|
||||||
test('No item', async () => {
|
|
||||||
await fastify.close();
|
|
||||||
|
|
||||||
fastify = Fastify();
|
|
||||||
fastify.get('/', async (request, reply) => {
|
|
||||||
reply.send(`
|
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<div class="h-app"><div class="p-name">Misklient
|
<div class="h-app"><div class="p-name">Misklient
|
||||||
`);
|
`);
|
||||||
|
});
|
||||||
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
|
const client = getClient();
|
||||||
|
|
||||||
|
const response = await fetch(client.authorizeURL({
|
||||||
|
redirect_uri,
|
||||||
|
scope: 'write:notes',
|
||||||
|
state: 'state',
|
||||||
|
code_challenge: 'code',
|
||||||
|
code_challenge_method: 'S256',
|
||||||
|
}));
|
||||||
|
// TODO: status code
|
||||||
|
assert.strictEqual(response.status, 500);
|
||||||
});
|
});
|
||||||
await fastify.listen({ port: clientPort });
|
});
|
||||||
|
|
||||||
|
test('Disallow loopback', async () => {
|
||||||
|
process.env.MISSKEY_TEST_DISALLOW_LOOPBACK = '1';
|
||||||
|
|
||||||
const client = getClient();
|
const client = getClient();
|
||||||
|
|
||||||
const response = await fetch(client.authorizeURL({
|
const response = await fetch(client.authorizeURL({
|
||||||
redirect_uri,
|
redirect_uri,
|
||||||
scope: 'write:notes',
|
scope: 'write:notes',
|
||||||
|
@ -729,11 +751,32 @@ describe('OAuth', () => {
|
||||||
// TODO: status code
|
// TODO: status code
|
||||||
assert.strictEqual(response.status, 500);
|
assert.strictEqual(response.status, 500);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test('Missing name', async () => {
|
||||||
|
await fastify.close();
|
||||||
|
|
||||||
|
fastify = Fastify();
|
||||||
|
fastify.get('/', async (request, reply) => {
|
||||||
|
reply.header('Link', '</redirect>; rel="redirect_uri"');
|
||||||
|
reply.send();
|
||||||
|
});
|
||||||
|
await fastify.listen({ port: clientPort });
|
||||||
|
|
||||||
|
const client = getClient();
|
||||||
|
|
||||||
|
const response = await fetch(client.authorizeURL({
|
||||||
|
redirect_uri,
|
||||||
|
scope: 'write:notes',
|
||||||
|
state: 'state',
|
||||||
|
code_challenge: 'code',
|
||||||
|
code_challenge_method: 'S256',
|
||||||
|
}));
|
||||||
|
assert.strictEqual(response.status, 200);
|
||||||
|
assert.strictEqual(getMeta(await response.text()).clientName, `http://127.0.0.1:${clientPort}/`);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
// TODO: authorizing two users concurrently
|
// TODO: authorizing two users concurrently
|
||||||
|
|
||||||
// TODO: Error format required by OAuth spec
|
// TODO: Error format required by OAuth spec
|
||||||
|
|
||||||
// TODO: Client Information Discovery (use http header, loopback check, missing name or redirection uri)
|
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue