// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/ash/printing/oauth2/authorization_zone.h"
#include <memory>
#include <string>
#include <vector>
#include "base/containers/flat_map.h"
#include "base/strings/escape.h"
#include "base/strings/strcat.h"
#include "base/strings/string_number_conversions.h"
#include "base/test/bind.h"
#include "base/test/task_environment.h"
#include "base/values.h"
#include "chrome/browser/ash/printing/oauth2/constants.h"
#include "chrome/browser/ash/printing/oauth2/mock_client_ids_database.h"
#include "chrome/browser/ash/printing/oauth2/test_authorization_server.h"
#include "chromeos/printing/uri.h"
#include "services/network/public/mojom/url_response_head.mojom.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
namespace ash {
namespace printing {
namespace oauth2 {
namespace {
class PrintingOAuth2AuthorizationZoneTest : public testing::Test {
public:
// Initializes Authorization Zone.
void CreateAuthorizationZone(const std::string& client_id) {
GURL auth_server_uri(authorization_server_uri_);
CHECK(auth_server_uri.is_valid());
EXPECT_CALL(client_ids_database_, FetchId)
.WillOnce([client_id](const GURL& url, StatusCallback callback) {
std::move(callback).Run(StatusCode::kOK, client_id);
});
authorization_zone_ = printing::oauth2::AuthorizationZone::Create(
server_.GetURLLoaderFactory(), auth_server_uri, &client_ids_database_);
}
// Simulates the authorization process in the internet browser. Returns the
// URL that the browser is redirected to at the end of the authorization
// process.
std::string SimulateAuthorization(const std::string& authorization_url,
const std::string& auth_code,
const std::string& scope) {
auto question_mark = authorization_url.find('?');
EXPECT_LT(question_mark, authorization_url.size());
const std::string auth_host_path =
authorization_url.substr(0, question_mark);
base::flat_map<std::string, std::string> params;
EXPECT_TRUE(ParseURLParameters(authorization_url.substr(question_mark + 1),
params));
EXPECT_EQ(params["scope"], scope);
return base::StrCat(
{printing::oauth2::kRedirectURI,
"?code=", base::EscapeUrlEncodedData(auth_code, true),
"&state=", base::EscapeUrlEncodedData(params["state"], true)});
}
std::string SimulateAuthorizationError(const std::string& authorization_url,
const std::string& error) {
auto question_mark = authorization_url.find('?');
EXPECT_LT(question_mark, authorization_url.size());
const std::string auth_host_path =
authorization_url.substr(0, question_mark);
base::flat_map<std::string, std::string> params;
EXPECT_TRUE(ParseURLParameters(authorization_url.substr(question_mark + 1),
params));
return base::StrCat(
{printing::oauth2::kRedirectURI,
"?error=", base::EscapeUrlEncodedData(error, true),
"&state=", base::EscapeUrlEncodedData(params["state"], true)});
}
// Simulates Metadata Request described in rfc8414, section 3.
void ProcessMetadataRequest() {
EXPECT_EQ("", server_.ReceiveGET(metadata_uri_));
auto fields = BuildMetadata(authorization_server_uri_, authorization_uri_,
token_uri_, registration_uri_);
server_.ResponseWithJSON(net::HttpStatusCode::HTTP_OK, fields);
}
// Simulates Registration Request described in rfc7591, section 3.
void ProcessRegistrationRequest(const std::string& client_id) {
base::Value::Dict fields;
EXPECT_EQ("", server_.ReceivePOSTWithJSON(registration_uri_, fields));
fields.Set("client_id", client_id);
server_.ResponseWithJSON(net::HttpStatusCode::HTTP_CREATED, fields);
}
// Simulates First Token Request described in rfc6749, sections 4.1.3-4 and 5.
void ProcessFirstTokenRequest(const std::string& auth_code,
const std::string& access_token,
const std::string& refresh_token) {
base::flat_map<std::string, std::string> params;
EXPECT_EQ("", server_.ReceivePOSTWithURLParams(token_uri_, params));
EXPECT_EQ(params["code"], auth_code);
base::Value::Dict fields;
fields.Set("access_token", access_token);
fields.Set("token_type", "bearer");
if (!refresh_token.empty()) {
fields.Set("refresh_token", refresh_token);
}
server_.ResponseWithJSON(net::HttpStatusCode::HTTP_OK, fields);
}
// The same as ProcessFirstTokenRequest(...) but with an error response.
void ProcessFirstTokenRequestError(const std::string& auth_code,
const std::string& error) {
base::flat_map<std::string, std::string> params;
EXPECT_EQ("", server_.ReceivePOSTWithURLParams(token_uri_, params));
EXPECT_EQ(params["code"], auth_code);
base::Value::Dict fields;
fields.Set("error", error);
server_.ResponseWithJSON(net::HttpStatusCode::HTTP_BAD_REQUEST, fields);
}
// Simulates Next Token Request described in rfc6749, section 6.
void ProcessNextTokenRequest(const std::string& current_refresh_token,
const std::string& access_token,
const std::string& new_refresh_token) {
base::flat_map<std::string, std::string> params;
EXPECT_EQ("", server_.ReceivePOSTWithURLParams(token_uri_, params));
EXPECT_EQ(params["refresh_token"], current_refresh_token);
base::Value::Dict fields;
fields.Set("access_token", access_token);
fields.Set("token_type", "bearer");
if (!new_refresh_token.empty()) {
fields.Set("refresh_token", new_refresh_token);
}
server_.ResponseWithJSON(net::HttpStatusCode::HTTP_OK, fields);
}
// Simulates Token Exchange Request described in rfc8693, section 2.
void ProcessTokenExchangeRequest(const chromeos::Uri& ipp_endpoint,
const std::string& access_token,
const std::string& endpoint_access_token) {
base::flat_map<std::string, std::string> params;
EXPECT_EQ("", server_.ReceivePOSTWithURLParams(token_uri_, params));
EXPECT_EQ(params["resource"], ipp_endpoint.GetNormalized());
EXPECT_EQ(params["subject_token"], access_token);
base::Value::Dict fields;
fields.Set("access_token", endpoint_access_token);
fields.Set("issued_token_type",
"urn:ietf:params:oauth:token-type:access_token");
fields.Set("token_type", "bearer");
server_.ResponseWithJSON(net::HttpStatusCode::HTTP_OK, fields);
}
// The same as ProcessTokenExchangeRequest(...) but with an error response.
void ProcessTokenExchangeRequestError(const chromeos::Uri& ipp_endpoint,
const std::string& access_token,
const std::string& error) {
base::flat_map<std::string, std::string> params;
EXPECT_EQ("", server_.ReceivePOSTWithURLParams(token_uri_, params));
EXPECT_EQ(params["resource"], ipp_endpoint.GetNormalized());
EXPECT_EQ(params["subject_token"], access_token);
base::Value::Dict fields;
fields.Set("error", error);
server_.ResponseWithJSON(net::HttpStatusCode::HTTP_BAD_REQUEST, fields);
}
protected:
const std::string authorization_server_uri_ = "https://example.com/path";
const std::string metadata_uri_ =
"https://example.com/.well-known/oauth-authorization-server/path";
const std::string authorization_uri_ = "https://example.com/authorization";
const std::string token_uri_ = "https://example.com/token";
const std::string registration_uri_ = "https://example.com/registration";
testing::NiceMock<MockClientIdsDatabase> client_ids_database_;
std::unique_ptr<printing::oauth2::AuthorizationZone> authorization_zone_;
FakeAuthorizationServer server_;
};
TEST_F(PrintingOAuth2AuthorizationZoneTest, InitializationOfRegisteredClient) {
CallbackResult cr;
CreateAuthorizationZone("clientID_abcd1234");
authorization_zone_->InitAuthorization("scope1 scope2 scope3",
BindResult(cr));
ProcessMetadataRequest();
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
const std::string authorization_url = cr.data;
// Parse and verify the returned URL.
auto question_mark = authorization_url.find('?');
ASSERT_LT(question_mark, authorization_url.size());
const std::string auth_host_path = authorization_url.substr(0, question_mark);
base::flat_map<std::string, std::string> params;
ASSERT_TRUE(
ParseURLParameters(authorization_url.substr(question_mark + 1), params));
EXPECT_EQ(auth_host_path, authorization_uri_);
EXPECT_EQ(params["response_type"], "code");
EXPECT_EQ(params["response_mode"], "query");
EXPECT_EQ(params["client_id"], "clientID_abcd1234");
EXPECT_EQ(params["redirect_uri"], printing::oauth2::kRedirectURI);
EXPECT_EQ(params["scope"], "scope1 scope2 scope3");
EXPECT_FALSE(params["code_challenge"].empty());
EXPECT_EQ(params["code_challenge_method"], "S256");
EXPECT_FALSE(params["state"].empty());
}
TEST_F(PrintingOAuth2AuthorizationZoneTest,
InitializationOfUnregisteredClient) {
CallbackResult cr;
CreateAuthorizationZone("");
authorization_zone_->InitAuthorization("", BindResult(cr));
ProcessMetadataRequest();
ProcessRegistrationRequest("clientID_!@#$");
EXPECT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
const std::string authorization_url = cr.data;
// Parse and verify the returned URL.
auto question_mark = authorization_url.find('?');
ASSERT_LT(question_mark, authorization_url.size());
const std::string auth_host_path = authorization_url.substr(0, question_mark);
base::flat_map<std::string, std::string> params;
ASSERT_TRUE(
ParseURLParameters(authorization_url.substr(question_mark + 1), params));
EXPECT_EQ(params["client_id"], "clientID_!@#$");
EXPECT_EQ(params.count("scope"), 0u);
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, FirstAccessToken) {
CallbackResult cr;
chromeos::Uri ipp_endpoint("ipp://my.printer:1234/path");
CreateAuthorizationZone("clientID_!@#$");
authorization_zone_->InitAuthorization("", BindResult(cr));
ProcessMetadataRequest();
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
auto resultant_url = SimulateAuthorization(cr.data, "auth_code_123", "");
authorization_zone_->FinishAuthorization(GURL(resultant_url), BindResult(cr));
ProcessFirstTokenRequest("auth_code_123", "access_TOKEN", "refresh_TOKEN");
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
EXPECT_TRUE(cr.data.empty());
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, AuthorizationFail) {
CallbackResult cr;
chromeos::Uri ipp_endpoint("ipp://my.printer:1234/path");
CreateAuthorizationZone("clientID_!@#$");
authorization_zone_->InitAuthorization("", BindResult(cr));
ProcessMetadataRequest();
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
auto resultant_url = SimulateAuthorizationError(cr.data, "weird_problem");
authorization_zone_->FinishAuthorization(GURL(resultant_url), BindResult(cr));
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kAccessDenied);
// The error message contains "weird_problem".
EXPECT_NE(cr.data.find("weird_problem"), std::string::npos);
}
TEST_F(PrintingOAuth2AuthorizationZoneTest,
AuthorizationInvalidResponseEmptyCode) {
CallbackResult cr;
chromeos::Uri ipp_endpoint("ipp://my.printer:1234/path");
CreateAuthorizationZone("clientID_!@#$");
authorization_zone_->InitAuthorization("", BindResult(cr));
ProcessMetadataRequest();
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
// The URL the browser was redirected to has empty "code" param.
auto resultant_url = SimulateAuthorization(cr.data, "", "");
authorization_zone_->FinishAuthorization(GURL(resultant_url), BindResult(cr));
EXPECT_EQ(cr.status, printing::oauth2::StatusCode::kInvalidResponse);
// The error message contains "code".
EXPECT_NE(cr.data.find("code"), std::string::npos);
}
TEST_F(PrintingOAuth2AuthorizationZoneTest,
AuthorizationInvalidResponseNoState) {
CallbackResult cr;
chromeos::Uri ipp_endpoint("ipp://my.printer:1234/path");
CreateAuthorizationZone("clientID_!@#$");
authorization_zone_->InitAuthorization("", BindResult(cr));
ProcessMetadataRequest();
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
// The URL the browser was redirected to has missing "state" param.
std::string resultant_url = printing::oauth2::kRedirectURI;
resultant_url += "?code=authCode123";
authorization_zone_->FinishAuthorization(GURL(resultant_url), BindResult(cr));
EXPECT_EQ(cr.status, printing::oauth2::StatusCode::kInvalidResponse);
// The error message contains "state".
EXPECT_NE(cr.data.find("state"), std::string::npos);
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, FirstAccessTokenFail) {
CallbackResult cr;
chromeos::Uri ipp_endpoint("ipp://my.printer:1234/path");
CreateAuthorizationZone("clientID_!@#$");
authorization_zone_->InitAuthorization("", BindResult(cr));
ProcessMetadataRequest();
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
auto resultant_url = SimulateAuthorization(cr.data, "auth_code_123", "");
authorization_zone_->FinishAuthorization(GURL(resultant_url), BindResult(cr));
ProcessFirstTokenRequestError("auth_code_123", "my unknown error");
EXPECT_EQ(cr.status, printing::oauth2::StatusCode::kAccessDenied);
// The error message contains "my unknown error".
EXPECT_NE(cr.data.find("my unknown error"), std::string::npos);
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, TokenRefresh) {
CallbackResult cr;
chromeos::Uri ipp_endpoint("ipp://my.printer:1234/path");
CreateAuthorizationZone("clientID_!@#$");
authorization_zone_->InitAuthorization("", BindResult(cr));
ProcessMetadataRequest();
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
auto resultant_url = SimulateAuthorization(cr.data, "auth_code_123", "");
authorization_zone_->FinishAuthorization(GURL(resultant_url), BindResult(cr));
ProcessFirstTokenRequest("auth_code_123", "access_TOKEN", "refresh_TOKEN");
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
authorization_zone_->GetEndpointAccessToken(ipp_endpoint, "", BindResult(cr));
ProcessTokenExchangeRequest(ipp_endpoint, "access_TOKEN",
"endpoint_token_24$#D");
ASSERT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
authorization_zone_->MarkEndpointAccessTokenAsExpired(ipp_endpoint,
"endpoint_token_24$#D");
authorization_zone_->GetEndpointAccessToken(ipp_endpoint, "", BindResult(cr));
ProcessTokenExchangeRequestError(ipp_endpoint, "access_TOKEN",
"invalid_grant");
ProcessNextTokenRequest("refresh_TOKEN", "access_token2_w5%",
"refresh_token2_1dh");
ProcessTokenExchangeRequest(ipp_endpoint, "access_token2_w5%",
"endpoint_token2_E46h");
EXPECT_EQ(cr.status, printing::oauth2::StatusCode::kOK);
EXPECT_EQ(cr.data, "endpoint_token2_E46h");
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, ParallelRequestsWithScopes) {
CallbackResult cr_ia1;
CallbackResult cr_ia2;
CallbackResult cr_ia3;
chromeos::Uri ipp_endpoint_1("ipp://my.printer:1234/path");
chromeos::Uri ipp_endpoint_2("ipp://my.other_printer:123/path");
CreateAuthorizationZone("clientID");
authorization_zone_->InitAuthorization("scope0", BindResult(cr_ia1));
authorization_zone_->InitAuthorization("scope1 scope2", BindResult(cr_ia2));
authorization_zone_->InitAuthorization("scope2", BindResult(cr_ia3));
ProcessMetadataRequest();
ASSERT_EQ(cr_ia1.status, printing::oauth2::StatusCode::kOK);
ASSERT_EQ(cr_ia2.status, printing::oauth2::StatusCode::kOK);
ASSERT_EQ(cr_ia3.status, printing::oauth2::StatusCode::kOK);
auto auth_url_1 = SimulateAuthorization(cr_ia1.data, "auth_code_1", "scope0");
auto auth_url_2 =
SimulateAuthorization(cr_ia2.data, "auth_code_2", "scope1 scope2");
auto auth_url_3 = SimulateAuthorization(cr_ia3.data, "auth_code_3", "scope2");
authorization_zone_->FinishAuthorization(GURL(auth_url_3),
BindResult(cr_ia3));
authorization_zone_->FinishAuthorization(GURL(auth_url_1),
BindResult(cr_ia1));
authorization_zone_->FinishAuthorization(GURL(auth_url_2),
BindResult(cr_ia2));
ProcessFirstTokenRequest("auth_code_3", "acc_token_3", "ref_token_3");
ProcessFirstTokenRequest("auth_code_1", "acc_token_1", "ref_token_1");
ProcessFirstTokenRequest("auth_code_2", "acc_token_2", "ref_token_2");
ASSERT_EQ(cr_ia1.status, printing::oauth2::StatusCode::kOK);
ASSERT_EQ(cr_ia2.status, printing::oauth2::StatusCode::kOK);
ASSERT_EQ(cr_ia3.status, printing::oauth2::StatusCode::kOK);
authorization_zone_->GetEndpointAccessToken(ipp_endpoint_1, "scope0",
BindResult(cr_ia1));
authorization_zone_->GetEndpointAccessToken(ipp_endpoint_2, "scope1",
BindResult(cr_ia2));
authorization_zone_->GetEndpointAccessToken(ipp_endpoint_1, "scope2 scope1",
BindResult(cr_ia3));
ProcessTokenExchangeRequest(ipp_endpoint_1, "acc_token_1", "end_token_1");
ProcessTokenExchangeRequest(ipp_endpoint_2, "acc_token_2", "end_token_2");
// The third GetEndpointAccessToken(...) call used the first token as the
// first one.
EXPECT_EQ(cr_ia1.status, printing::oauth2::StatusCode::kOK);
EXPECT_EQ(cr_ia2.status, printing::oauth2::StatusCode::kOK);
EXPECT_EQ(cr_ia3.status, printing::oauth2::StatusCode::kOK);
EXPECT_EQ(cr_ia1.data, "end_token_1");
EXPECT_EQ(cr_ia2.data, "end_token_2");
EXPECT_EQ(cr_ia3.data, "end_token_1");
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, ParallelInitializations) {
CreateAuthorizationZone("clientID");
std::vector<CallbackResult> crs(kMaxNumberOfSessions + 1);
// Too many initializations. The oldest one is going to be rejected.
for (auto& cr : crs) {
authorization_zone_->InitAuthorization("scope", BindResult(cr));
}
EXPECT_EQ(crs[0].status, printing::oauth2::StatusCode::kTooManySessions);
ProcessMetadataRequest();
for (size_t i = 1; i < crs.size(); ++i) {
EXPECT_EQ(crs[i].status, printing::oauth2::StatusCode::kOK);
}
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, ParallelAuthorizations) {
CreateAuthorizationZone("clientID");
std::vector<CallbackResult> crs(kMaxNumberOfSessions + 1);
// Call the first InitAuthorization(...) to go through initialization.
authorization_zone_->InitAuthorization("", BindResult(crs[0]));
ProcessMetadataRequest();
ASSERT_EQ(crs[0].status, printing::oauth2::StatusCode::kOK);
// Call InitAuthorization(...) kMaxNumberOfSessions times.
for (size_t i = 1; i < crs.size(); ++i) {
authorization_zone_->InitAuthorization("", BindResult(crs[i]));
ASSERT_EQ(crs[i].status, printing::oauth2::StatusCode::kOK);
}
// Call all corresponding FinishAuthorization(...).
for (size_t i = 0; i < crs.size(); ++i) {
auto auth_url = SimulateAuthorization(
crs[i].data, "auth_code_" + base::NumberToString(i), "");
authorization_zone_->FinishAuthorization(GURL(auth_url),
BindResult(crs[i]));
}
// The first call to FinishAuthorization(...) failed because the pending
// authorization is missing (was removed as the oldest one). Other calls
// succeeded.
EXPECT_EQ(crs[0].status, printing::oauth2::StatusCode::kNoMatchingSession);
for (size_t i = 1; i < crs.size(); ++i) {
const std::string si = base::NumberToString(i);
ProcessFirstTokenRequest("auth_code_" + si, "acc_token_" + si,
"ref_token_" + si);
EXPECT_EQ(crs[i].status, printing::oauth2::StatusCode::kOK);
}
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, ParallelFirstTokenRequests) {
CreateAuthorizationZone("clientID");
std::vector<CallbackResult> crs(kMaxNumberOfSessions + 1);
// Complete the first authorization and get an endpoint access token.
authorization_zone_->InitAuthorization("scope0", BindResult(crs[0]));
ProcessMetadataRequest();
ASSERT_EQ(crs[0].status, printing::oauth2::StatusCode::kOK);
auto auth_url_0 = SimulateAuthorization(crs[0].data, "auth_code_0", "scope0");
authorization_zone_->FinishAuthorization(GURL(auth_url_0),
BindResult(crs[0]));
ProcessFirstTokenRequest("auth_code_0", "acc_token_0", "ref_token_0");
ASSERT_EQ(crs[0].status, printing::oauth2::StatusCode::kOK);
authorization_zone_->GetEndpointAccessToken(chromeos::Uri("ipp://whatever:1"),
"scope0", BindResult(crs[0]));
ProcessTokenExchangeRequest(chromeos::Uri("ipp://whatever:1"), "acc_token_0",
"xxx");
EXPECT_EQ(crs[0].status, printing::oauth2::StatusCode::kOK);
// Start kMaxNumberOfSessions other sessions (with different scope).
for (size_t i = 1; i < crs.size(); ++i) {
const std::string si = base::NumberToString(i);
authorization_zone_->InitAuthorization("", BindResult(crs[i]));
ASSERT_EQ(crs[i].status, printing::oauth2::StatusCode::kOK);
auto auth_url = SimulateAuthorization(crs[i].data, "auth_code_" + si, "");
authorization_zone_->FinishAuthorization(GURL(auth_url),
BindResult(crs[i]));
ProcessFirstTokenRequest("auth_code_" + si, "acc_token_" + si,
"ref_token_" + si);
EXPECT_EQ(crs[i].status, printing::oauth2::StatusCode::kOK);
}
// The first session was closed because it was the oldest one and max allowed
// number of sessions was reached.
authorization_zone_->GetEndpointAccessToken(chromeos::Uri("ipp://whatever:2"),
"scope0", BindResult(crs[0]));
EXPECT_EQ(crs[0].status, printing::oauth2::StatusCode::kAuthorizationNeeded);
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, CancellationDuringInitialization) {
CreateAuthorizationZone("clientID");
CallbackResult cr_0;
CallbackResult cr_1;
// Try to start two sessions and cancel before the first response from the
// server returns.
authorization_zone_->InitAuthorization("scope0", BindResult(cr_0));
authorization_zone_->InitAuthorization("scope1", BindResult(cr_1));
authorization_zone_->MarkAuthorizationZoneAsUntrusted();
EXPECT_EQ(cr_0.status, StatusCode::kUntrustedAuthorizationServer);
EXPECT_EQ(cr_1.status, StatusCode::kUntrustedAuthorizationServer);
// Response from the server should not trigger anything.
ProcessMetadataRequest();
EXPECT_EQ(cr_0.status, StatusCode::kUntrustedAuthorizationServer);
EXPECT_EQ(cr_1.status, StatusCode::kUntrustedAuthorizationServer);
}
TEST_F(PrintingOAuth2AuthorizationZoneTest, CancelExistingSessions) {
CreateAuthorizationZone("clientID");
CallbackResult cr_0;
CallbackResult cr_1;
// Start two sessions and send request for the first access token.
authorization_zone_->InitAuthorization("scope0", BindResult(cr_0));
authorization_zone_->InitAuthorization("scope1", BindResult(cr_1));
ProcessMetadataRequest();
ASSERT_EQ(cr_0.status, printing::oauth2::StatusCode::kOK);
ASSERT_EQ(cr_1.status, printing::oauth2::StatusCode::kOK);
auto auth_url_0 = SimulateAuthorization(cr_0.data, "auth_code_0", "scope0");
auto auth_url_1 = SimulateAuthorization(cr_1.data, "auth_code_1", "scope1");
authorization_zone_->FinishAuthorization(GURL(auth_url_0), BindResult(cr_0));
authorization_zone_->FinishAuthorization(GURL(auth_url_1), BindResult(cr_1));
// Get the access token for the first session and ask for an endpoint access
// token.
ProcessFirstTokenRequest("auth_code_0", "acc_token_0", "ref_token_0");
ASSERT_EQ(cr_0.status, printing::oauth2::StatusCode::kOK);
authorization_zone_->GetEndpointAccessToken(chromeos::Uri("ipp://printer0"),
"scope0", BindResult(cr_0));
// Cancel the zone. All pending callbacks should return.
authorization_zone_->MarkAuthorizationZoneAsUntrusted();
EXPECT_EQ(cr_0.status, StatusCode::kUntrustedAuthorizationServer);
EXPECT_EQ(cr_1.status, StatusCode::kUntrustedAuthorizationServer);
}
} // namespace
} // namespace oauth2
} // namespace printing
} // namespace ash
Codebase Browser
chromium