Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make enable_client_secret work #3

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Make enable_client_secret work #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a2ff340
Fix client_id verification bug in token grant
mulletboy2 Aug 25, 2015
fded63f
Fix comment
mulletboy2 Aug 25, 2015
18fcd32
Remove unused client vars
mulletboy2 Aug 25, 2015
1c1ce63
Honour action config specified in package config for Providers
mulletboy2 Aug 26, 2015
73653f9
Add a test for no client_secret specified in RequestAuth when enable_…
mulletboy2 Aug 26, 2015
6e94426
Prevent uninitialized warning when no enable_client_secret is true and
mulletboy2 Aug 26, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions lib/CatalystX/OAuth2/Controller/Role/Provider.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ has $_ => (
around create_action => sub {
my $orig = shift;
my $self = shift;
my $name = {@_}->{name};
if ( $name =~ /(request|grant)/ ) {
my $action_config = $self->config->{action} && $self->config->{action}{$name};
push @_, (%$action_config) if $action_config;
}

my $action = $self->$orig(@_);
if (
Moose::Util::does_role(
Expand Down
6 changes: 3 additions & 3 deletions lib/CatalystX/OAuth2/Store/DBIC.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ sub create_client_code {
sub find_client_code {
my ( $self, $code, $id ) = @_;
return $id
? $self->_code_rs->find($code)
: $self->_code_rs($id)->find($code);
? $self->_code_rs($id)->find($code)
: $self->_code_rs->find($code);
}

sub activate_client_code {
Expand Down Expand Up @@ -117,7 +117,7 @@ sub find_code_from_refresh {
sub verify_client_secret {
my ( $self, $client_id, $access_secret ) = @_;
my $client = $self->find_client($client_id);
return $client->client_secret eq $access_secret;
return ($client->client_secret||'') eq ($access_secret||'');
}

sub verify_client_token {
Expand Down
28 changes: 27 additions & 1 deletion t/unit/200-actionrole-request-auth.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,16 +65,42 @@ my $mock = mock_context('AuthServer');
is( $res->status, 302 );
}

# Fail by not supplying a client_secret
{
my $uri = URI->new('/secret/request');
my $query = {
response_type => 'code',
client_id => 1,
state => 'bar',
redirect_uri => 'http://localhost/auth',
client_secret => 'foosecret'
};
$uri->query_form($query);
my $c = $mock->( GET $uri );
$c->dispatch;
is_deeply( $c->error, [], 'dispatches to request action cleanly' );
is( $c->res->body, undef, q{doesn't produce warning} );
ok( $c->req->can('oauth2'),
"installs oauth2 accessors if request is valid" );
ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
my $res = $c->res;
ok( my $redirect = $c->req->oauth2->next_action_uri( $c->controller, $c ) );
is( $res->location, $redirect, 'redirects to the correct action' );
is_deeply( { $redirect->query_form }, {
error => 'unauthorized_client',
error_description => 'the client identified by 1 is not authorized to access this resource'
} )
or diag( Data::Dump::dump( $redirect->query_form ) );
}

{
my $uri = URI->new('/secret/request');
my $query = {
response_type => 'code',
client_id => 1,
state => 'bar',
redirect_uri => 'http://localhost/auth',
client_secret => 'foosecret'
};
$uri->query_form($query);
my $c = $mock->( GET $uri );
$c->dispatch;
Expand Down
48 changes: 41 additions & 7 deletions t/unit/300-actionrole-grant-auth.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ my $code =
"installs oauth2 accessors if request is valid" );
ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
my $res = $c->res;
my $client = $c->controller->store->find_client(1);
isa_ok( my $oauth2 = $c->req->oauth2,
'CatalystX::OAuth2::Request::GrantAuth' );
my $redirect = $c->req->oauth2->next_action_uri( $c->controller, $c );
Expand Down Expand Up @@ -73,7 +72,6 @@ my $code =
"installs oauth2 accessors if request is valid" );
ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
my $res = $c->res;
my $client = $c->controller->store->find_client(1);
isa_ok( my $oauth2 = $c->req->oauth2,
'CatalystX::OAuth2::Request::GrantAuth' );
my $redirect = $c->req->oauth2->next_action_uri( $c->controller, $c );
Expand Down Expand Up @@ -111,7 +109,6 @@ my $code =
"installs oauth2 accessors if request is valid" );
ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
my $res = $c->res;
my $client = $c->controller->store->find_client(1);
isa_ok( my $oauth2 = $c->req->oauth2,
'CatalystX::OAuth2::Request::GrantAuth' );
ok( !$res->location );
Expand All @@ -124,7 +121,7 @@ my $code =
my $uri = URI->new('/grant');
$uri->query_form(
{ response_type => 'code',
client_id => 1,
client_id => $code->client_id,
state => 'bar',
redirect_uri => '/client/foo',
code => $code->as_string,
Expand All @@ -141,7 +138,6 @@ my $code =
"installs oauth2 accessors if request is valid" );
ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
my $res = $c->res;
my $client = $c->controller->store->find_client(1);
isa_ok( my $oauth2 = $c->req->oauth2,
'CatalystX::OAuth2::Request::GrantAuth' );
my $redirect = $c->req->oauth2->next_action_uri( $c->controller, $c );
Expand All @@ -157,13 +153,52 @@ my $code =
is( $res->status, 302 );
}

# try a grant with an incorrect client id
# should redirect with unauthorized_client
{
my $uri = URI->new('/grant');
$uri->query_form(
{ response_type => 'code',
client_id => 9999999,
state => 'bar',
redirect_uri => '/client/foo',
code => $code->as_string,
approved => 0
}
);
$code->discard_changes;
ok(!$code->is_active);
my $c = $mock->( GET $uri );
$c->dispatch;
is_deeply( $c->error, [], 'dispatches to request action cleanly' );
is( $c->res->body, undef, q{doesn't produce warning} );
ok( $c->req->can('oauth2'),
"installs oauth2 accessors if request is valid" );
ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
my $res = $c->res;
isa_ok( my $oauth2 = $c->req->oauth2,
'CatalystX::OAuth2::Request::GrantAuth' );
my $redirect = $c->req->oauth2->next_action_uri( $c->controller, $c );
is_deeply(
{ $redirect->query_form },
{ error => 'unauthorized_client',
error_description =>
'the client identified by 9999999 is not authorized to access this resource'
},
"deny access to incorrect clients"
);
is( $res->location, $redirect );
is( $res->status, 302 );
}


# try a grant with a valid code and approval
# should activate code and redirect
{
my $uri = URI->new('/grant');
$uri->query_form(
{ response_type => 'code',
client_id => 1,
client_id => $code->client_id,
state => 'bar',
redirect_uri => '/client/foo',
code => $code->as_string,
Expand All @@ -180,7 +215,6 @@ my $code =
"installs oauth2 accessors if request is valid" );
ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
my $res = $c->res;
my $client = $c->controller->store->find_client(1);
isa_ok( my $oauth2 = $c->req->oauth2,
'CatalystX::OAuth2::Request::GrantAuth' );
my $redirect = $c->req->oauth2->next_action_uri( $c->controller, $c );
Expand Down