too much effort into the garbage

oauth2test/package_test.go

@@ -1,13 +1,11 @@
 package oauth2
 
 import (
+	"context"
 	"errors"
 	"fmt"
-	"gitea.inhome.blapointe.com/local/oauth2"
-	"gitea.inhome.blapointe.com/local/oauth2/oauth2client"
-	"gitea.inhome.blapointe.com/local/oauth2/oauth2server/config"
-	"gitea.inhome.blapointe.com/local/oauth2/oauth2server/server"
-	"log"
+	"io"
+	"net"
 	"net/http"
 	"net/http/cookiejar"
 	"net/http/httptest"
@@ -15,9 +13,16 @@ import (
 	"regexp"
 	"strings"
 	"testing"
+
+	"gitea.inhome.blapointe.com/local/oauth2"
+	"gitea.inhome.blapointe.com/local/oauth2/oauth2client"
+	"gitea.inhome.blapointe.com/local/oauth2/oauth2server/config"
+	"gitea.inhome.blapointe.com/local/oauth2/oauth2server/server"
 )
 
 func TestAll(t *testing.T) {
+	oauth2client.HTTPClient.Transport = makeTransport()
+
 	oauth2server, err := launchServer()
 	if err != nil {
 		t.Fatal(err)
@@ -25,24 +30,38 @@ func TestAll(t *testing.T) {
 	defer oauth2server.Close()
 	oauth2server.URL = strings.ReplaceAll(oauth2server.URL, "127.0.0.1", "echo.belbox.dev")
 
-	s := dummyServer(oauth2server.URL)
+	s := dummyServer(t, oauth2server.URL)
 	defer s.Close()
 
+	t.Log("createUser...")
 	if err := createUser(oauth2server.URL); err != nil {
 		t.Fatal(err)
 	}
 
-	if err := logUser(oauth2server.URL); err != nil {
+	t.Log("loginAsUser...")
+	if err := loginAsuser(oauth2server.URL); err != nil {
 		t.Fatal(err)
 	}
 
+	t.Log("shouldRedir...")
 	if err := shouldRedir(s.URL); err != nil {
 		t.Fatal(err)
 	}
 
+	t.Log("testAuth...")
 	if err := testAuth(oauth2server.URL, s.URL); err != nil {
 		t.Fatal(err)
 	}
+
+	t.Log("testAuthViaBadBasicAuth...")
+	if err := testAuthViaBadBasicAuth(s.URL); err != nil {
+		t.Fatal(err)
+	}
+
+	t.Log("testAuthViaBasicAuth...")
+	if err := testAuthViaBasicAuth(s.URL); err != nil {
+		t.Fatal(err)
+	}
 }
 
 func launchServer() (*httptest.Server, error) {
@@ -63,18 +82,22 @@ func launchServer() (*httptest.Server, error) {
 	return s, err
 }
 
-func dummyServer(oauth2server string) *httptest.Server {
+func dummyServer(t *testing.T, oauth2server string) *httptest.Server {
 	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		err := oauth2client.Authenticate(oauth2server, "scope", w, r)
 		if err != nil {
+			t.Logf("dummy: %s: %v", r.URL.Path, err)
 			return
 		}
+		t.Logf("dummy: %s: :D", r.URL.Path)
 		fmt.Fprintln(w, "dummy server serving authenticated")
 	}))
 }
 
 func createUser(oauth2server string) error {
-	resp, err := http.Post(oauth2server+"/users/submit/scope", "application/x-www-form-urlencoded", strings.NewReader("username=abc"))
+	req, _ := http.NewRequest(http.MethodPost, oauth2server+"/users/submit/scope", strings.NewReader("username=abc"))
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	resp, err := makeClient().Do(req)
 	if err != nil {
 		return err
 	}
@@ -85,8 +108,10 @@ func createUser(oauth2server string) error {
 	return nil
 }
 
-func logUser(oauth2server string) error {
-	resp, err := http.Post(oauth2server+"/authorize/scope", "application/x-www-form-urlencoded", strings.NewReader("username=abc"))
+func loginAsuser(oauth2server string) error {
+	req, _ := http.NewRequest(http.MethodPost, oauth2server+"/authorize/scope", strings.NewReader("username=abc"))
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	resp, err := makeClient().Do(req)
 	if err != nil {
 		return err
 	}
@@ -109,8 +134,8 @@ func clientShouldRedir(c *http.Client, dummy string) error {
 		return err
 	}
 	defer resp.Body.Close()
-	if resp.Request.URL.Path != "/users/log/scope" {
-		return fmt.Errorf("did not need redir without auth: %v", resp.Request.URL)
+	if resp.StatusCode != 403 || resp.Header.Get("WWW-Authenticate") == "" {
+		return fmt.Errorf("did not need redir without auth: (%d) %q", resp.StatusCode, resp.Header.Get("WWW-Authenticate"))
 	}
 	return nil
 }
@@ -130,16 +155,13 @@ func clientShouldNotRedir(c *http.Client, dummy string) error {
 
 func testAuth(oauth2server, dummy string) error {
 	c := makeClient()
-	log.Println("should redir...")
 	if err := clientShouldRedir(c, dummy); err != nil {
 		return err
 	}
-	log.Println("client login...")
 	access, err := clientLogin(c, oauth2server)
 	if err != nil {
 		return err
 	}
-	log.Println("client should not redir...")
 	if err := clientShouldNotRedir(c, dummy+"?"+oauth2.NEWCOOKIE+"="+access); err != nil {
 		return err
 	}
@@ -178,9 +200,58 @@ func clientLogin(c *http.Client, oauth2server string) (string, error) {
 	return a, nil
 }
 
+func testAuthViaBadBasicAuth(dummy string) error {
+	c := makeClient()
+	req, _ := http.NewRequest(http.MethodGet, dummy, nil)
+	req.SetBasicAuth("u", "p")
+	resp, err := c.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != 403 {
+		b, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("got through with bad basic auth set: (%d) %s", resp.StatusCode, b)
+	}
+	return nil
+}
+
+func testAuthViaBasicAuth(dummy string) error {
+	c := makeClient()
+	req, _ := http.NewRequest(http.MethodGet, dummy, nil)
+	req.SetBasicAuth("", "abc")
+	resp, err := c.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		b, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("failed to get through with basic auth set: (%d) %s", resp.StatusCode, b)
+	}
+	if !strings.Contains(fmt.Sprint(c.Jar), oauth2.COOKIE) {
+		return errors.New("cookie jar empty:" + fmt.Sprint(c.Jar))
+	}
+	return nil
+}
+
 func makeClient() *http.Client {
 	jar, _ := cookiejar.New(&cookiejar.Options{})
 	return &http.Client{
-		Jar: jar,
+		Jar:       jar,
+		Transport: makeTransport(),
+	}
+}
+
+func makeTransport() *http.Transport {
+	return &http.Transport{
+		DialContext: func(ctx context.Context, network string, addr string) (net.Conn, error) {
+			parts := strings.Split(addr, ":")
+			port := "80"
+			if len(parts) > 0 {
+				port = parts[1]
+			}
+			return (&net.Dialer{}).DialContext(ctx, "tcp4", fmt.Sprintf("127.0.0.1:%s", port))
+		},
 	}
 }