OAuth 2.0 authorization and token exchange
Add tests for TLS verification enforcement
Test that exchange_code raises Invalid_argument when the Requests.t
handle has verify_tls:false. Also test the Requests.verify_tls getter
returns the correct value for default and explicit false.
+28
-1
+1
-1
test/dune
+1
-1
test/dune
+27
test/test_regressions.ml
+27
test/test_regressions.ml
···
304
304
| Error _ -> ()
305
305
| Ok _ -> Alcotest.fail "expected Error for relative URI"
306
306
307
+
(* ── TLS verification enforcement ────────────────────────────────── *)
308
+
309
+
let test_exchange_code_rejects_verify_tls_false () =
310
+
Eio_main.run @@ fun env ->
311
+
Eio.Switch.run @@ fun sw ->
312
+
let http = Requests.v ~sw ~verify_tls:false env in
313
+
let raised = ref false in
314
+
(try
315
+
ignore
316
+
(Oauth.exchange_code http Oauth.Github ~client_id:"x" ~client_secret:"y"
317
+
~code:"z"
318
+
~redirect_uri:(redir "https://example.com/cb")
319
+
())
320
+
with Invalid_argument _ -> raised := true);
321
+
Alcotest.(check bool) "raises Invalid_argument" true !raised
322
+
323
+
let test_verify_tls_getter () =
324
+
Eio_main.run @@ fun env ->
325
+
Eio.Switch.run @@ fun sw ->
326
+
let secure = Requests.v ~sw env in
327
+
let insecure = Requests.v ~sw ~verify_tls:false env in
328
+
Alcotest.(check bool) "default is true" true (Requests.verify_tls secure);
329
+
Alcotest.(check bool) "false when set" false (Requests.verify_tls insecure)
330
+
307
331
let suite =
308
332
( "regressions",
309
333
[
···
358
382
test_redirect_uri_rejects_fragment;
359
383
Alcotest.test_case "redirect_uri rejects no scheme" `Quick
360
384
test_redirect_uri_rejects_no_scheme;
385
+
Alcotest.test_case "exchange_code rejects verify_tls:false" `Quick
386
+
test_exchange_code_rejects_verify_tls_false;
387
+
Alcotest.test_case "verify_tls getter" `Quick test_verify_tls_getter;
361
388
] )