tests: add HandleTokenFunc test

Fixes #408

server/http_test.go

@@ -332,6 +332,137 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
 	}
 }
 
+func TestHandleTokenFunc(t *testing.T) {
+
+	fx, err := makeTestFixtures()
+	if err != nil {
+		t.Fatalf("could not run test fixtures: %v", err)
+	}
+
+	tests := []struct {
+		query    url.Values
+		user     string
+		passwd   string
+		wantCode int
+	}{
+		// bad grant_type
+		{
+			query: url.Values{
+				"grant_type": []string{"invalid!"},
+				"code":       []string{"someCode"},
+			},
+			user:     "XXX",
+			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
+			wantCode: http.StatusBadRequest,
+		},
+
+		// authorization_code needs code param
+		{
+			query: url.Values{
+				"grant_type": []string{"authorization_code"},
+			},
+			user:     "XXX",
+			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
+			wantCode: http.StatusBadRequest,
+		},
+
+		// empty code
+		{
+			query: url.Values{
+				"grant_type": []string{"authorization_code"},
+				"code":       []string{""},
+			},
+			user:     "XXX",
+			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
+			wantCode: http.StatusBadRequest,
+		},
+
+		// valid code but bad creds
+		{
+			query: url.Values{
+				"grant_type": []string{"authorization_code"},
+				"code":       []string{"code-2"},
+			},
+			user:     "XASD",
+			passwd:   base64.URLEncoding.EncodeToString([]byte("failSecrete")),
+			wantCode: http.StatusUnauthorized,
+		},
+
+		// bad code
+		{
+			query: url.Values{
+				"grant_type": []string{"authorization_code"},
+				"code":       []string{"asdasd"},
+			},
+			user:     "XXX",
+			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
+			wantCode: http.StatusBadRequest,
+		},
+
+		// OK testcase
+		{
+			query: url.Values{
+				"grant_type": []string{"authorization_code"},
+				"code":       []string{"code-2"},
+			},
+			user:     "XXX",
+			passwd:   base64.URLEncoding.EncodeToString([]byte("secrete")),
+			wantCode: http.StatusOK,
+		},
+	}
+
+	for i, tt := range tests {
+		hdlr := handleTokenFunc(fx.srv)
+		w := httptest.NewRecorder()
+
+		req, err := http.NewRequest("POST", "http://example.com/token", strings.NewReader(tt.query.Encode()))
+		if err != nil {
+			t.Errorf("unable to create HTTP request, error=%v", err)
+			continue
+		}
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.SetBasicAuth(tt.user, tt.passwd)
+
+		// need to create session in order to exchange the code (generated by the NewSessionKey func) for token
+		setSession := func() error {
+			sid, err := fx.sessionManager.NewSession("local", "XXX", "", testRedirectURL, "", true, []string{"openid"})
+			if err != nil {
+				return fmt.Errorf("case %d: cannot create session, error=%v", i, err)
+			}
+
+			_, err = fx.sessionManager.AttachRemoteIdentity(sid, oidc.Identity{})
+			if err != nil {
+				return fmt.Errorf("case %d: cannot attach remoteID, error=%v", i, err)
+			}
+
+			_, err = fx.sessionManager.AttachUser(sid, "ID-Verified")
+			if err != nil {
+				return fmt.Errorf("case %d: cannot attach user, error=%v", i, err)
+			}
+
+			_, err = fx.sessionManager.NewSessionKey(sid)
+			if err != nil {
+				return fmt.Errorf("case %d: cannot create session code, error=%v", i, err)
+			}
+
+			return nil
+
+		}
+
+		if err := setSession(); err != nil {
+			t.Errorf("case %d: %v", i, err)
+			continue
+		}
+
+		hdlr.ServeHTTP(w, req)
+		if tt.wantCode != w.Code {
+			t.Errorf("case %d: expected HTTP %d, got %v", i, tt.wantCode, w.Code)
+		}
+
+	}
+
+}
+
 func TestHandleTokenFuncMethodNotAllowed(t *testing.T) {
 	for _, m := range []string{"GET", "PUT", "DELETE"} {
 		hdlr := handleTokenFunc(nil)