mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-26 16:52:04 +05:30
Added more fizzfuzz tests
This commit is contained in:
parent
806838b8e4
commit
69208fe0ac
9
tests/fuzz/grant-authcode.yml
Normal file
9
tests/fuzz/grant-authcode.yml
Normal file
@ -0,0 +1,9 @@
|
||||
url: 'http://localhost:8000/authcode_grant.php/authorize?client_id=testclient&redirect_uri=http%3A%2F%2Fexample.com%2Fredirect&response_type=code&scope=basic'
|
||||
request:
|
||||
method: GET
|
||||
response:
|
||||
statusCode: 200
|
||||
headers:
|
||||
-
|
||||
key: Location
|
||||
valueRegex: /http:\/\/example.com\/redirect\?code=([a-zA-Z0-9]*)/
|
59
tests/fuzz/grant-client-credentials.yml
Normal file
59
tests/fuzz/grant-client-credentials.yml
Normal file
@ -0,0 +1,59 @@
|
||||
url: 'http://localhost:8000/other_grants.php/access_token'
|
||||
request:
|
||||
method: POST
|
||||
body:
|
||||
-
|
||||
key: client_id
|
||||
value: testclient
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 401
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_client
|
||||
body.message: "Client authentication failed."
|
||||
-
|
||||
key: client_secret
|
||||
value: secret
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 401
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_client
|
||||
body.message: "Client authentication failed."
|
||||
-
|
||||
key: grant_type
|
||||
value: client_credentials
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: unsupported_grant_type
|
||||
#body.message: "The authorization grant type XXX is not supported by the authorization server."
|
||||
response:
|
||||
statusCode: 200
|
||||
headers:
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: expires_in
|
||||
valueType: integer
|
||||
-
|
||||
key: access_token
|
||||
valueRegex: /([a-zA-Z0-9]*)/
|
||||
-
|
||||
key: token_type
|
||||
value: Bearer
|
85
tests/fuzz/grant-password.yml
Normal file
85
tests/fuzz/grant-password.yml
Normal file
@ -0,0 +1,85 @@
|
||||
url: 'http://localhost:8000/other_grants.php/access_token'
|
||||
request:
|
||||
method: POST
|
||||
body:
|
||||
-
|
||||
key: client_id
|
||||
value: testclient
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 401
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_client
|
||||
body.message: "Client authentication failed."
|
||||
-
|
||||
key: client_secret
|
||||
value: secret
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 401
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_client
|
||||
body.message: "Client authentication failed."
|
||||
-
|
||||
key: username
|
||||
value: alex
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"username\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 401
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_client
|
||||
body.message: "Client authentication failed."
|
||||
-
|
||||
key: password
|
||||
value: whisky
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"password\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 401
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_client
|
||||
body.message: "Client authentication failed."
|
||||
-
|
||||
key: grant_type
|
||||
value: password
|
||||
missing:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: invalid_request
|
||||
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
|
||||
invalid:
|
||||
response.statusCode: 400
|
||||
headers.content-type: "application/json"
|
||||
body.error: unsupported_grant_type
|
||||
#body.message: "The authorization grant type XXX is not supported by the authorization server."
|
||||
response:
|
||||
statusCode: 200
|
||||
headers:
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: expires_in
|
||||
valueType: integer
|
||||
-
|
||||
key: access_token
|
||||
valueRegex: /([a-zA-Z0-9]*)/
|
||||
-
|
||||
key: token_type
|
||||
value: Bearer
|
@ -4,7 +4,9 @@ request:
|
||||
response:
|
||||
statusCode: 400
|
||||
headers:
|
||||
Content-type: application/json
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: error
|
||||
|
@ -2,13 +2,15 @@ url: 'http://localhost:8000/api.php/tokeninfo?access_token=foobar'
|
||||
request:
|
||||
method: GET
|
||||
response:
|
||||
statusCode: 400
|
||||
statusCode: 401
|
||||
headers:
|
||||
Content-type: application/json
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: error
|
||||
value: "invalid_request"
|
||||
value: "access_denied"
|
||||
-
|
||||
key: message
|
||||
value: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter."
|
||||
value: "The resource owner or authorization server denied the request."
|
@ -8,7 +8,9 @@ request:
|
||||
response:
|
||||
statusCode: 401
|
||||
headers:
|
||||
Content-type: application/json
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: error
|
||||
|
26
tests/fuzz/tokeninfo-valid-token-header.yml
Normal file
26
tests/fuzz/tokeninfo-valid-token-header.yml
Normal file
@ -0,0 +1,26 @@
|
||||
url: 'http://localhost:8000/api.php/tokeninfo'
|
||||
request:
|
||||
method: GET
|
||||
headers:
|
||||
-
|
||||
key: Authorization
|
||||
value: "Bearer iamgod"
|
||||
response:
|
||||
statusCode: 200
|
||||
headers:
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: owner_id
|
||||
value: testclient
|
||||
-
|
||||
key: owner_type
|
||||
value: client
|
||||
-
|
||||
key: access_token
|
||||
value: iamgod
|
||||
-
|
||||
key: client_id
|
||||
value: testclient
|
@ -1,14 +1,12 @@
|
||||
url: 'http://localhost:8000/api.php/tokeninfo'
|
||||
url: 'http://localhost:8000/api.php/tokeninfo?access_token=iamgod'
|
||||
request:
|
||||
method: GET
|
||||
headers:
|
||||
-
|
||||
key: Authorization
|
||||
value: "Bearer iamgod"
|
||||
response:
|
||||
statusCode: 200
|
||||
headers:
|
||||
Content-type: application/json
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: owner_id
|
||||
|
32
tests/fuzz/users-token-iamalex.yml
Normal file
32
tests/fuzz/users-token-iamalex.yml
Normal file
@ -0,0 +1,32 @@
|
||||
url: 'http://localhost:8000/api.php/users'
|
||||
request:
|
||||
method: GET
|
||||
headers:
|
||||
-
|
||||
key: Authorization
|
||||
value: Bearer iamalex
|
||||
response:
|
||||
statusCode: 200
|
||||
headers:
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: 0.username
|
||||
value: alexbilbie
|
||||
-
|
||||
key: 0.name
|
||||
value: Alex Bilbie
|
||||
-
|
||||
key: 0.photo
|
||||
valueType: string
|
||||
-
|
||||
key: 1.username
|
||||
value: philsturgeon
|
||||
-
|
||||
key: 1.name
|
||||
value: Phil Sturgeon
|
||||
-
|
||||
key: 1.photo
|
||||
valueType: string
|
32
tests/fuzz/users-token-iamphil.yml
Normal file
32
tests/fuzz/users-token-iamphil.yml
Normal file
@ -0,0 +1,32 @@
|
||||
url: 'http://localhost:8000/api.php/users'
|
||||
request:
|
||||
method: GET
|
||||
headers:
|
||||
-
|
||||
key: Authorization
|
||||
value: Bearer iamphil
|
||||
response:
|
||||
statusCode: 200
|
||||
headers:
|
||||
-
|
||||
key: Content-type
|
||||
value: application/json
|
||||
body:
|
||||
-
|
||||
key: 0.username
|
||||
value: alexbilbie
|
||||
-
|
||||
key: 0.name
|
||||
value: Alex Bilbie
|
||||
-
|
||||
key: 0.email
|
||||
valueType: string
|
||||
-
|
||||
key: 1.username
|
||||
value: philsturgeon
|
||||
-
|
||||
key: 1.name
|
||||
value: Phil Sturgeon
|
||||
-
|
||||
key: 1.email
|
||||
valueType: string
|
Loading…
Reference in New Issue
Block a user