wdevs/amcs
5
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
a5c7b90f4928f36325137959fe01bc3c771eaf37
amcs/internal/auth/oauth_registry_test.go
Hein 56c84df342 feat(auth): implement OAuth 2.0 authorization code flow and dynamic client registration 
- Add OAuth 2.0 support with authorization code flow and dynamic client registration.
- Introduce new handlers for OAuth metadata, client registration, authorization, and token issuance.
- Enhance authentication middleware to support OAuth client credentials.
- Create in-memory stores for authorization codes and tokens.
- Update configuration to include OAuth client details.
- Ensure validation checks for OAuth clients in the configuration.
2026-03-26 21:17:55 +02:00

93 lines
2.9 KiB
Go
Raw Blame History

package auth
import (
"encoding/base64"
"net/http"
"net/http/httptest"
"testing"
"git.warky.dev/wdevs/amcs/internal/config"
)
func TestNewOAuthRegistryAndLookup(t *testing.T) {
_, err := NewOAuthRegistry(nil)
if err == nil {
t.Fatal("NewOAuthRegistry(nil) error = nil, want error")
}
registry, err := NewOAuthRegistry([]config.OAuthClient{{
ID: "oauth-client",
ClientID: "client-id",
ClientSecret: "client-secret",
}})
if err != nil {
t.Fatalf("NewOAuthRegistry() error = %v", err)
}
if got, ok := registry.Lookup("client-id", "client-secret"); !ok || got != "oauth-client" {
t.Fatalf("Lookup(client-id, client-secret) = (%q, %v), want (oauth-client, true)", got, ok)
}
if _, ok := registry.Lookup("client-id", "wrong"); ok {
t.Fatal("Lookup(client-id, wrong) = true, want false")
}
}
func TestMiddlewareAllowsOAuthBasicAuthAndSetsContext(t *testing.T) {
oauthRegistry, err := NewOAuthRegistry([]config.OAuthClient{{
ID: "oauth-client",
ClientID: "client-id",
ClientSecret: "client-secret",
}})
if err != nil {
t.Fatalf("NewOAuthRegistry() error = %v", err)
}
handler := Middleware(config.AuthConfig{}, nil, oauthRegistry, nil, testLogger())(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
keyID, ok := KeyIDFromContext(r.Context())
if !ok || keyID != "oauth-client" {
t.Fatalf("KeyIDFromContext() = (%q, %v), want (oauth-client, true)", keyID, ok)
}
w.WriteHeader(http.StatusOK)
}))
req := httptest.NewRequest(http.MethodGet, "/mcp", nil)
req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("client-id:client-secret")))
rec := httptest.NewRecorder()
handler.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
}
}
func TestMiddlewareRejectsOAuthMissingOrInvalidCredentials(t *testing.T) {
oauthRegistry, err := NewOAuthRegistry([]config.OAuthClient{{
ID: "oauth-client",
ClientID: "client-id",
ClientSecret: "client-secret",
}})
if err != nil {
t.Fatalf("NewOAuthRegistry() error = %v", err)
}
handler := Middleware(config.AuthConfig{}, nil, oauthRegistry, nil, testLogger())(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Fatal("next handler should not be called")
}))
req := httptest.NewRequest(http.MethodGet, "/mcp", nil)
rec := httptest.NewRecorder()
handler.ServeHTTP(rec, req)
if rec.Code != http.StatusUnauthorized {
t.Fatalf("missing credentials status = %d, want %d", rec.Code, http.StatusUnauthorized)
}
req = httptest.NewRequest(http.MethodGet, "/mcp", nil)
req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("client-id:wrong")))
rec = httptest.NewRecorder()
handler.ServeHTTP(rec, req)
if rec.Code != http.StatusUnauthorized {
t.Fatalf("invalid credentials status = %d, want %d", rec.Code, http.StatusUnauthorized)
}
}
Reference in New Issue View Git Blame Copy Permalink