authorize: added tests fragment capabilities to writeresponse

authorize.go

@@ -70,25 +70,31 @@ func (c *Fosite) NewAuthorizeRequest(_ context.Context, r *http.Request) (Author
 
 func (c *Fosite) WriteAuthorizeResponse(rw http.ResponseWriter, ar AuthorizeRequester, resp AuthorizeResponder) {
 	redir := ar.GetRedirectURI()
+
+	// Explicit grants
 	q := redir.Query()
-	args := resp.GetQuery()
-	for k, _ := range args {
-		q.Add(k, args.Get(k))
+	rq := resp.GetQuery()
+	for k, _ := range rq {
+		q.Set(k, rq.Get(k))
 	}
 	redir.RawQuery = q.Encode()
-	header := resp.GetHeader()
-	for k, v := range header {
-		for _, vv := range v {
-			rw.Header().Add(k, vv)
-		}
+
+	// Set custom headers, e.g. "X-MySuperCoolCustomHeader" or "X-DONT-CACHE-ME"...
+	wh := rw.Header()
+	rh := resp.GetHeader()
+	for k, _ := range rh {
+		wh.Set(k, rh.Get(k))
 	}
 
+	// Implicit grants
+	redir.Fragment = resp.GetFragment().Encode()
+
 	// https://tools.ietf.org/html/rfc6749#section-4.1.1
 	// When a decision is established, the authorization server directs the
 	// user-agent to the provided client redirection URI using an HTTP
 	// redirection response, or by other means available to it via the
 	// user-agent.
-	rw.Header().Set("Location", ar.GetRedirectURI().String())
+	wh.Set("Location", redir.String())
 	rw.WriteHeader(http.StatusFound)
 }
 

authorize_test.go

@@ -338,3 +338,95 @@ func TestNewAuthorizeRequest(t *testing.T) {
 		t.Logf("Passed test case %d", k)
 	}
 }
+
+func TestWriteAuthorizeResponse(t *testing.T) {
+	oauth2 := &Fosite{}
+	header := http.Header{}
+	ctrl := gomock.NewController(t)
+	rw := NewMockResponseWriter(ctrl)
+	ar := NewMockAuthorizeRequester(ctrl)
+	resp := NewMockAuthorizeResponder(ctrl)
+	defer ctrl.Finish()
+
+	for k, c := range []struct {
+		setup  func()
+		expect func()
+	}{
+		{
+			setup: func() {
+				redir, _ := url.Parse("http://foobar.com/?foo=bar")
+				ar.EXPECT().GetRedirectURI().Return(redir)
+				resp.EXPECT().GetFragment().Return(url.Values{})
+				resp.EXPECT().GetHeader().Return(http.Header{})
+				resp.EXPECT().GetQuery().Return(url.Values{})
+
+				rw.EXPECT().Header().Return(header)
+				rw.EXPECT().WriteHeader(http.StatusFound)
+			},
+			expect: func() {
+				assert.Equal(t, http.Header{
+					"Location": []string{"http://foobar.com/?foo=bar"},
+				}, header)
+			},
+		},
+		{
+			setup: func() {
+				redir, _ := url.Parse("http://foobar.com/?foo=bar")
+				ar.EXPECT().GetRedirectURI().Return(redir)
+				resp.EXPECT().GetFragment().Return(url.Values{"bar": {"baz"}})
+				resp.EXPECT().GetHeader().Return(http.Header{})
+				resp.EXPECT().GetQuery().Return(url.Values{})
+
+				rw.EXPECT().Header().Return(header)
+				rw.EXPECT().WriteHeader(http.StatusFound)
+			},
+			expect: func() {
+				assert.Equal(t, http.Header{
+					"Location": []string{"http://foobar.com/?foo=bar#bar=baz"},
+				}, header)
+			},
+		},
+		{
+			setup: func() {
+				redir, _ := url.Parse("http://foobar.com/?foo=bar")
+				ar.EXPECT().GetRedirectURI().Return(redir)
+				resp.EXPECT().GetFragment().Return(url.Values{"bar": {"baz"}})
+				resp.EXPECT().GetHeader().Return(http.Header{})
+				resp.EXPECT().GetQuery().Return(url.Values{"bar": {"baz"}})
+
+				rw.EXPECT().Header().Return(header)
+				rw.EXPECT().WriteHeader(http.StatusFound)
+			},
+			expect: func() {
+				assert.Equal(t, http.Header{
+					"Location": []string{"http://foobar.com/?bar=baz&foo=bar#bar=baz"},
+				}, header)
+			},
+		},
+		{
+			setup: func() {
+				redir, _ := url.Parse("http://foobar.com/?foo=bar")
+				ar.EXPECT().GetRedirectURI().Return(redir)
+				resp.EXPECT().GetFragment().Return(url.Values{"bar": {"baz"}})
+				resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
+				resp.EXPECT().GetQuery().Return(url.Values{"bar": {"baz"}})
+
+				rw.EXPECT().Header().Return(header)
+				rw.EXPECT().WriteHeader(http.StatusFound)
+			},
+			expect: func() {
+				assert.Equal(t, http.Header{
+					"X-Bar":    {"baz"},
+					"Location": {"http://foobar.com/?bar=baz&foo=bar#bar=baz"},
+				}, header)
+			},
+		},
+	} {
+		t.Logf("Starting test case %d", k)
+		c.setup()
+		oauth2.WriteAuthorizeResponse(rw, ar, resp)
+		c.expect()
+		header = http.Header{}
+		t.Logf("Passed test case %d", k)
+	}
+}