ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Added more fizzfuzz tests

Browse Source
This commit is contained in:
Alex Bilbie 2014-08-04 15:18:55 +01:00
parent 806838b8e4
commit 69208fe0ac
10 changed files with 259 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tests/fuzz/grant-authcode.yml Normal file
View File

@ -0,0 +1,9 @@
url: 'http://localhost:8000/authcode_grant.php/authorize?client_id=testclient&redirect_uri=http%3A%2F%2Fexample.com%2Fredirect&response_type=code&scope=basic'
request:
method: GET
response:
statusCode: 200
headers:
-
key: Location
valueRegex: /http:\/\/example.com\/redirect\?code=([a-zA-Z0-9]*)/

59
tests/fuzz/grant-client-credentials.yml Normal file
View File

@ -0,0 +1,59 @@
url: 'http://localhost:8000/other_grants.php/access_token'
request:
method: POST
body:
-
key: client_id
value: testclient
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."
invalid:
response.statusCode: 401
headers.content-type: "application/json"
body.error: invalid_client
body.message: "Client authentication failed."
-
key: client_secret
value: secret
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."
invalid:
response.statusCode: 401
headers.content-type: "application/json"
body.error: invalid_client
body.message: "Client authentication failed."
-
key: grant_type
value: client_credentials
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
invalid:
response.statusCode: 400
headers.content-type: "application/json"
body.error: unsupported_grant_type
#body.message: "The authorization grant type XXX is not supported by the authorization server."
response:
statusCode: 200
headers:
-
key: Content-type
value: application/json
body:
-
key: expires_in
valueType: integer
-
key: access_token
valueRegex: /([a-zA-Z0-9]*)/
-
key: token_type
value: Bearer

85
tests/fuzz/grant-password.yml Normal file
View File

@ -0,0 +1,85 @@
url: 'http://localhost:8000/other_grants.php/access_token'
request:
method: POST
body:
-
key: client_id
value: testclient
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."
invalid:
response.statusCode: 401
headers.content-type: "application/json"
body.error: invalid_client
body.message: "Client authentication failed."
-
key: client_secret
value: secret
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."
invalid:
response.statusCode: 401
headers.content-type: "application/json"
body.error: invalid_client
body.message: "Client authentication failed."
-
key: username
value: alex
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"username\" parameter."
invalid:
response.statusCode: 401
headers.content-type: "application/json"
body.error: invalid_client
body.message: "Client authentication failed."
-
key: password
value: whisky
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"password\" parameter."
invalid:
response.statusCode: 401
headers.content-type: "application/json"
body.error: invalid_client
body.message: "Client authentication failed."
-
key: grant_type
value: password
missing:
response.statusCode: 400
headers.content-type: "application/json"
body.error: invalid_request
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
invalid:
response.statusCode: 400
headers.content-type: "application/json"
body.error: unsupported_grant_type
#body.message: "The authorization grant type XXX is not supported by the authorization server."
response:
statusCode: 200
headers:
-
key: Content-type
value: application/json
body:
-
key: expires_in
valueType: integer
-
key: access_token
valueRegex: /([a-zA-Z0-9]*)/
-
key: token_type
value: Bearer

4
tests/fuzz/tokeninfo-no-access-token.yml
View File

@ -4,7 +4,9 @@ request:
response: response:
statusCode: 400 statusCode: 400
headers: headers:
Content-type: application/json -
key: Content-type
value: application/json
body: body:
- -
key: error key: error

10
tests/fuzz/tokeninfo-no-invalid-token-query-string.yml
View File

@ -2,13 +2,15 @@ url: 'http://localhost:8000/api.php/tokeninfo?access_token=foobar'
request: request:
method: GET method: GET
response: response:
statusCode: 400 statusCode: 401
headers: headers:
Content-type: application/json -
key: Content-type
value: application/json
body: body:
- -
key: error key: error
value: "invalid_request" value: "access_denied"
- -
key: message key: message
value: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter." value: "The resource owner or authorization server denied the request."

4
tests/fuzz/tokeninfo-no-invalid-token.yml
View File

@ -8,7 +8,9 @@ request:
response: response:
statusCode: 401 statusCode: 401
headers: headers:
Content-type: application/json -
key: Content-type
value: application/json
body: body:
- -
key: error key: error

26
tests/fuzz/tokeninfo-valid-token-header.yml Normal file
View File

@ -0,0 +1,26 @@
url: 'http://localhost:8000/api.php/tokeninfo'
request:
method: GET
headers:
-
key: Authorization
value: "Bearer iamgod"
response:
statusCode: 200
headers:
-
key: Content-type
value: application/json
body:
-
key: owner_id
value: testclient
-
key: owner_type
value: client
-
key: access_token
value: iamgod
-
key: client_id
value: testclient

10
tests/fuzz/tokeninfo-valid-token.yml
View File

@ -1,14 +1,12 @@
url: 'http://localhost:8000/api.php/tokeninfo' url: 'http://localhost:8000/api.php/tokeninfo?access_token=iamgod'
request: request:
method: GET method: GET
headers:
-
key: Authorization
value: "Bearer iamgod"
response: response:
statusCode: 200 statusCode: 200
headers: headers:
Content-type: application/json -
key: Content-type
value: application/json
body: body:
- -
key: owner_id key: owner_id

32
tests/fuzz/users-token-iamalex.yml Normal file
View File

@ -0,0 +1,32 @@
url: 'http://localhost:8000/api.php/users'
request:
method: GET
headers:
-
key: Authorization
value: Bearer iamalex
response:
statusCode: 200
headers:
-
key: Content-type
value: application/json
body:
-
key: 0.username
value: alexbilbie
-
key: 0.name
value: Alex Bilbie
-
key: 0.photo
valueType: string
-
key: 1.username
value: philsturgeon
-
key: 1.name
value: Phil Sturgeon
-
key: 1.photo
valueType: string

32
tests/fuzz/users-token-iamphil.yml Normal file
View File

@ -0,0 +1,32 @@
url: 'http://localhost:8000/api.php/users'
request:
method: GET
headers:
-
key: Authorization
value: Bearer iamphil
response:
statusCode: 200
headers:
-
key: Content-type
value: application/json
body:
-
key: 0.username
value: alexbilbie
-
key: 0.name
value: Alex Bilbie
-
key: 0.email
valueType: string
-
key: 1.username
value: philsturgeon
-
key: 1.name
value: Phil Sturgeon
-
key: 1.email
valueType: string