mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-30 02:33:14 +05:30
Added more fizzfuzz tests
This commit is contained in:
parent
806838b8e4
commit
69208fe0ac
9
tests/fuzz/grant-authcode.yml
Normal file
9
tests/fuzz/grant-authcode.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
url: 'http://localhost:8000/authcode_grant.php/authorize?client_id=testclient&redirect_uri=http%3A%2F%2Fexample.com%2Fredirect&response_type=code&scope=basic'
|
||||||
|
request:
|
||||||
|
method: GET
|
||||||
|
response:
|
||||||
|
statusCode: 200
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Location
|
||||||
|
valueRegex: /http:\/\/example.com\/redirect\?code=([a-zA-Z0-9]*)/
|
59
tests/fuzz/grant-client-credentials.yml
Normal file
59
tests/fuzz/grant-client-credentials.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
url: 'http://localhost:8000/other_grants.php/access_token'
|
||||||
|
request:
|
||||||
|
method: POST
|
||||||
|
body:
|
||||||
|
-
|
||||||
|
key: client_id
|
||||||
|
value: testclient
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 401
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_client
|
||||||
|
body.message: "Client authentication failed."
|
||||||
|
-
|
||||||
|
key: client_secret
|
||||||
|
value: secret
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 401
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_client
|
||||||
|
body.message: "Client authentication failed."
|
||||||
|
-
|
||||||
|
key: grant_type
|
||||||
|
value: client_credentials
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: unsupported_grant_type
|
||||||
|
#body.message: "The authorization grant type XXX is not supported by the authorization server."
|
||||||
|
response:
|
||||||
|
statusCode: 200
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
|
body:
|
||||||
|
-
|
||||||
|
key: expires_in
|
||||||
|
valueType: integer
|
||||||
|
-
|
||||||
|
key: access_token
|
||||||
|
valueRegex: /([a-zA-Z0-9]*)/
|
||||||
|
-
|
||||||
|
key: token_type
|
||||||
|
value: Bearer
|
85
tests/fuzz/grant-password.yml
Normal file
85
tests/fuzz/grant-password.yml
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
url: 'http://localhost:8000/other_grants.php/access_token'
|
||||||
|
request:
|
||||||
|
method: POST
|
||||||
|
body:
|
||||||
|
-
|
||||||
|
key: client_id
|
||||||
|
value: testclient
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 401
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_client
|
||||||
|
body.message: "Client authentication failed."
|
||||||
|
-
|
||||||
|
key: client_secret
|
||||||
|
value: secret
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 401
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_client
|
||||||
|
body.message: "Client authentication failed."
|
||||||
|
-
|
||||||
|
key: username
|
||||||
|
value: alex
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"username\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 401
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_client
|
||||||
|
body.message: "Client authentication failed."
|
||||||
|
-
|
||||||
|
key: password
|
||||||
|
value: whisky
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"password\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 401
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_client
|
||||||
|
body.message: "Client authentication failed."
|
||||||
|
-
|
||||||
|
key: grant_type
|
||||||
|
value: password
|
||||||
|
missing:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: invalid_request
|
||||||
|
body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
|
||||||
|
invalid:
|
||||||
|
response.statusCode: 400
|
||||||
|
headers.content-type: "application/json"
|
||||||
|
body.error: unsupported_grant_type
|
||||||
|
#body.message: "The authorization grant type XXX is not supported by the authorization server."
|
||||||
|
response:
|
||||||
|
statusCode: 200
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
|
body:
|
||||||
|
-
|
||||||
|
key: expires_in
|
||||||
|
valueType: integer
|
||||||
|
-
|
||||||
|
key: access_token
|
||||||
|
valueRegex: /([a-zA-Z0-9]*)/
|
||||||
|
-
|
||||||
|
key: token_type
|
||||||
|
value: Bearer
|
@ -4,7 +4,9 @@ request:
|
|||||||
response:
|
response:
|
||||||
statusCode: 400
|
statusCode: 400
|
||||||
headers:
|
headers:
|
||||||
Content-type: application/json
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
body:
|
body:
|
||||||
-
|
-
|
||||||
key: error
|
key: error
|
||||||
|
@ -2,13 +2,15 @@ url: 'http://localhost:8000/api.php/tokeninfo?access_token=foobar'
|
|||||||
request:
|
request:
|
||||||
method: GET
|
method: GET
|
||||||
response:
|
response:
|
||||||
statusCode: 400
|
statusCode: 401
|
||||||
headers:
|
headers:
|
||||||
Content-type: application/json
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
body:
|
body:
|
||||||
-
|
-
|
||||||
key: error
|
key: error
|
||||||
value: "invalid_request"
|
value: "access_denied"
|
||||||
-
|
-
|
||||||
key: message
|
key: message
|
||||||
value: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter."
|
value: "The resource owner or authorization server denied the request."
|
@ -8,7 +8,9 @@ request:
|
|||||||
response:
|
response:
|
||||||
statusCode: 401
|
statusCode: 401
|
||||||
headers:
|
headers:
|
||||||
Content-type: application/json
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
body:
|
body:
|
||||||
-
|
-
|
||||||
key: error
|
key: error
|
||||||
|
26
tests/fuzz/tokeninfo-valid-token-header.yml
Normal file
26
tests/fuzz/tokeninfo-valid-token-header.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
url: 'http://localhost:8000/api.php/tokeninfo'
|
||||||
|
request:
|
||||||
|
method: GET
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Authorization
|
||||||
|
value: "Bearer iamgod"
|
||||||
|
response:
|
||||||
|
statusCode: 200
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
|
body:
|
||||||
|
-
|
||||||
|
key: owner_id
|
||||||
|
value: testclient
|
||||||
|
-
|
||||||
|
key: owner_type
|
||||||
|
value: client
|
||||||
|
-
|
||||||
|
key: access_token
|
||||||
|
value: iamgod
|
||||||
|
-
|
||||||
|
key: client_id
|
||||||
|
value: testclient
|
@ -1,14 +1,12 @@
|
|||||||
url: 'http://localhost:8000/api.php/tokeninfo'
|
url: 'http://localhost:8000/api.php/tokeninfo?access_token=iamgod'
|
||||||
request:
|
request:
|
||||||
method: GET
|
method: GET
|
||||||
headers:
|
|
||||||
-
|
|
||||||
key: Authorization
|
|
||||||
value: "Bearer iamgod"
|
|
||||||
response:
|
response:
|
||||||
statusCode: 200
|
statusCode: 200
|
||||||
headers:
|
headers:
|
||||||
Content-type: application/json
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
body:
|
body:
|
||||||
-
|
-
|
||||||
key: owner_id
|
key: owner_id
|
||||||
|
32
tests/fuzz/users-token-iamalex.yml
Normal file
32
tests/fuzz/users-token-iamalex.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
url: 'http://localhost:8000/api.php/users'
|
||||||
|
request:
|
||||||
|
method: GET
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Authorization
|
||||||
|
value: Bearer iamalex
|
||||||
|
response:
|
||||||
|
statusCode: 200
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
|
body:
|
||||||
|
-
|
||||||
|
key: 0.username
|
||||||
|
value: alexbilbie
|
||||||
|
-
|
||||||
|
key: 0.name
|
||||||
|
value: Alex Bilbie
|
||||||
|
-
|
||||||
|
key: 0.photo
|
||||||
|
valueType: string
|
||||||
|
-
|
||||||
|
key: 1.username
|
||||||
|
value: philsturgeon
|
||||||
|
-
|
||||||
|
key: 1.name
|
||||||
|
value: Phil Sturgeon
|
||||||
|
-
|
||||||
|
key: 1.photo
|
||||||
|
valueType: string
|
32
tests/fuzz/users-token-iamphil.yml
Normal file
32
tests/fuzz/users-token-iamphil.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
url: 'http://localhost:8000/api.php/users'
|
||||||
|
request:
|
||||||
|
method: GET
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Authorization
|
||||||
|
value: Bearer iamphil
|
||||||
|
response:
|
||||||
|
statusCode: 200
|
||||||
|
headers:
|
||||||
|
-
|
||||||
|
key: Content-type
|
||||||
|
value: application/json
|
||||||
|
body:
|
||||||
|
-
|
||||||
|
key: 0.username
|
||||||
|
value: alexbilbie
|
||||||
|
-
|
||||||
|
key: 0.name
|
||||||
|
value: Alex Bilbie
|
||||||
|
-
|
||||||
|
key: 0.email
|
||||||
|
valueType: string
|
||||||
|
-
|
||||||
|
key: 1.username
|
||||||
|
value: philsturgeon
|
||||||
|
-
|
||||||
|
key: 1.name
|
||||||
|
value: Phil Sturgeon
|
||||||
|
-
|
||||||
|
key: 1.email
|
||||||
|
valueType: string
|
Loading…
Reference in New Issue
Block a user