From 995c37d58365bf13a7b5dc81677d6b1e5c254ab8 Mon Sep 17 00:00:00 2001
From: Mark Haines <mjark@negativecurvature.net>
Date: Thu, 5 May 2016 19:26:40 +0100
Subject: [PATCH] =?UTF-8?q?Add=20test=20for=20a=20openidish=20mechanism=20?=
 =?UTF-8?q?for=20proving=20to=20third=20parties=20that=20=E2=80=A6=20(#234?=
 =?UTF-8?q?)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add test for a openidish mechanism for proving to third parties that you own a given user_id

* Add tests for missing and invalid tokens

* Rename openid/token to openid/request_token
---
 tests/45openid.pl | 57 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 tests/45openid.pl

diff --git a/tests/45openid.pl b/tests/45openid.pl
new file mode 100644
index 000000000..f48cb53f0
--- /dev/null
+++ b/tests/45openid.pl
@@ -0,0 +1,57 @@
+test "Can generate a openid access_token that can be exchanged for information about a user",
+   requires => [ local_user_fixture(), $main::HTTP_CLIENT, $main::HOMESERVER_INFO[0] ],
+
+   check => sub {
+      my ( $user, $http, $info ) = @_;
+
+      do_request_json_for( $user,
+         method  => "POST",
+         uri     => "/r0/user/:user_id/openid/request_token",
+         content => {},
+      )->then( sub {
+         my ( $body ) = @_;
+
+         assert_json_keys( $body, qw( access_token matrix_server_name expires_in ) );
+         assert_eq( $body->{matrix_server_name}, $info->server_name );
+
+         my $token = $body->{access_token};
+
+         $http->do_request_json(
+            method   => "GET",
+            uri => $info->client_location . "/_matrix/federation/v1/openid/userinfo",
+            params   => { access_token => $token },
+         );
+      })->then( sub {
+         my ( $body ) = @_;
+
+         assert_json_keys( $body, qw( sub ) );
+         assert_eq( $body->{sub}, $user->user_id );
+
+         Future->done(1);
+      });
+   };
+
+test "Invalid openid access tokens are rejected",
+   requires => [ $main::HTTP_CLIENT, $main::HOMESERVER_INFO[0] ],
+
+   check => sub {
+      my ( $http, $info ) = @_;
+
+      $http->do_request_json(
+         method   => "GET",
+         uri => $info->client_location . "/_matrix/federation/v1/openid/userinfo",
+         params   => { access_token => "an/invalid/token" },
+      )->main::expect_http_401;
+   };
+
+test "Requests to userinfo without access tokens are rejected",
+   requires => [ $main::HTTP_CLIENT, $main::HOMESERVER_INFO[0] ],
+
+   check => sub {
+      my ( $http, $info ) = @_;
+
+      $http->do_request_json(
+         method   => "GET",
+         uri => $info->client_location . "/_matrix/federation/v1/openid/userinfo",
+      )->main::expect_http_401;
+   };