OAuth 2.0 Authorization Server [MOD-559] (#733)

* WIP end-of-day push * Authorize endpoint, accept endpoints, DB stuff for oauth clients, their redirects, and client authorizations * OAuth Client create route * Get user clients * Client delete * Edit oauth client * Include redirects in edit client route * Database stuff for tokens * Reorg oauth stuff out of auth/flows and into its own module * Impl OAuth get access token endpoint * Accept oauth access tokens as auth and update through AuthQueue * User OAuth authorization management routes * Forgot to actually add the routes lol * Bit o cleanup * Happy path test for OAuth and minor fixes for things it found * Add dummy data oauth client (and detect/handle dummy data version changes) * More tests * Another test * More tests and reject endpoint * Test oauth client and authorization management routes * cargo sqlx prepare * dead code warning * Auto clippy fixes * Uri refactoring * minor name improvement * Don't compile-time check the test sqlx queries * Trying to fix db concurrency problem to get tests to pass * Try fix from test PR * Fixes for updated sqlx * Prevent restricted scopes from being requested or issued * Get OAuth client(s) * Remove joined oauth client info from authorization returns * Add default conversion to OAuthError::error so we can use ? * Rework routes * Consolidate scopes into SESSION_ACCESS * Cargo sqlx prepare * Parse to OAuthClientId automatically through serde and actix * Cargo clippy * Remove validation requiring 1 redirect URI on oauth client creation * Use serde(flatten) on OAuthClientCreationResult
2023-10-30 11:14:38 -05:00
parent 8803e11945
commit 6cfd4637db
54 changed files with 3658 additions and 135 deletions
--- a/tests/common/api_v3/oauth_clients.rs
+++ b/tests/common/api_v3/oauth_clients.rs
@@ -0,0 +1,107 @@
+use actix_http::StatusCode;
+use actix_web::{
+    dev::ServiceResponse,
+    test::{self, TestRequest},
+};
+use labrinth::{
+    models::{
+        oauth_clients::{OAuthClient, OAuthClientAuthorization},
+        pats::Scopes,
+    },
+    routes::v3::oauth_clients::OAuthClientEdit,
+};
+use reqwest::header::AUTHORIZATION;
+use serde_json::json;
+
+use crate::common::asserts::assert_status;
+
+use super::ApiV3;
+
+impl ApiV3 {
+    pub async fn add_oauth_client(
+        &self,
+        name: String,
+        max_scopes: Scopes,
+        redirect_uris: Vec<String>,
+        pat: &str,
+    ) -> ServiceResponse {
+        let max_scopes = max_scopes.bits();
+        let req = TestRequest::post()
+            .uri("/v3/oauth/app")
+            .append_header((AUTHORIZATION, pat))
+            .set_json(json!({
+                "name": name,
+                "max_scopes": max_scopes,
+                "redirect_uris": redirect_uris
+            }))
+            .to_request();
+
+        self.call(req).await
+    }
+
+    pub async fn get_user_oauth_clients(&self, user_id: &str, pat: &str) -> Vec<OAuthClient> {
+        let req = TestRequest::get()
+            .uri(&format!("/v3/user/{}/oauth_apps", user_id))
+            .append_header((AUTHORIZATION, pat))
+            .to_request();
+        let resp = self.call(req).await;
+        assert_status(&resp, StatusCode::OK);
+
+        test::read_body_json(resp).await
+    }
+
+    pub async fn get_oauth_client(&self, client_id: String, pat: &str) -> ServiceResponse {
+        let req = TestRequest::get()
+            .uri(&format!("/v3/oauth/app/{}", client_id))
+            .append_header((AUTHORIZATION, pat))
+            .to_request();
+
+        self.call(req).await
+    }
+
+    pub async fn edit_oauth_client(
+        &self,
+        client_id: &str,
+        edit: OAuthClientEdit,
+        pat: &str,
+    ) -> ServiceResponse {
+        let req = TestRequest::patch()
+            .uri(&format!("/v3/oauth/app/{}", urlencoding::encode(client_id)))
+            .set_json(edit)
+            .append_header((AUTHORIZATION, pat))
+            .to_request();
+
+        self.call(req).await
+    }
+
+    pub async fn delete_oauth_client(&self, client_id: &str, pat: &str) -> ServiceResponse {
+        let req = TestRequest::delete()
+            .uri(&format!("/v3/oauth/app/{}", client_id))
+            .append_header((AUTHORIZATION, pat))
+            .to_request();
+
+        self.call(req).await
+    }
+
+    pub async fn revoke_oauth_authorization(&self, client_id: &str, pat: &str) -> ServiceResponse {
+        let req = TestRequest::delete()
+            .uri(&format!(
+                "/v3/oauth/authorizations?client_id={}",
+                urlencoding::encode(client_id)
+            ))
+            .append_header((AUTHORIZATION, pat))
+            .to_request();
+        self.call(req).await
+    }
+
+    pub async fn get_user_oauth_authorizations(&self, pat: &str) -> Vec<OAuthClientAuthorization> {
+        let req = TestRequest::get()
+            .uri("/v3/oauth/authorizations")
+            .append_header((AUTHORIZATION, pat))
+            .to_request();
+        let resp = self.call(req).await;
+        assert_status(&resp, StatusCode::OK);
+
+        test::read_body_json(resp).await
+    }
+}