test: authorization in request panel

Author: carowright

demo/models/test-api/test-api.raml

@@ -4,6 +4,64 @@ version: v2
 description: Our test API
 baseUri: https://example/
 
+securitySchemes:
+  customScheme:
+    description: |
+      A custom security scheme for authenticating requests.
+    type: x-custom
+    describedBy:
+      headers:
+        SpecialToken:
+          description: |
+            Used to send a custom token.
+          type: string
+          example: special-token
+      responses:
+        401:
+          description: |
+            Bad token.
+        403:
+  oauth_1_0:
+    description: |
+      OAuth 1.0 continues to be supported for all API requests, but OAuth 2.0 is now preferred.
+    type: OAuth 1.0
+    settings:
+      requestTokenUri: https://api.mysampleapi.com/1/oauth/request_token
+      authorizationUri: https://api.mysampleapi.com/1/oauth/authorize
+      tokenCredentialsUri: https://api.mysampleapi.com/1/oauth/access_token
+      signatures: [ 'HMAC-SHA1', 'PLAINTEXT' ]
+  oauth_2_0:
+    description: |
+      Dropbox supports OAuth 2.0 for authenticating all API requests.
+    type: OAuth 2.0
+    describedBy:
+      headers:
+        Authorization:
+          description: |
+             Used to send a valid OAuth 2 access token. Do not use
+             with the "access_token" query string parameter.
+          type: string
+      queryParameters:
+        access_token:
+          description: |
+             Used to send a valid OAuth 2 access token. Do not use with
+             the "Authorization" header.
+          type: string
+      responses:
+        401:
+          description: |
+              Bad or expired token. This can happen if the user or Dropbox
+              revoked or expired an access token. To fix, re-authenticate
+              the user.
+        403:
+          description: |
+              Bad OAuth request (wrong consumer key, bad nonce, expired
+              timestamp...). Unfortunately, re-authenticating the user won't help here.
+    settings:
+      authorizationUri: https://www.dropbox.com/1/oauth2/authorize
+      accessTokenUri: https://api.dropbox.com/1/oauth2/token
+      authorizationGrants: [ authorization_code, implicit, 'urn:ietf:params:oauth:grant-type:saml2-bearer' ]
+
 /test-headers:
   displayName: Headers
   post:
@@ -13,3 +71,16 @@ baseUri: https://example/
         example: only-if-cached
     body:
       application/json:
+/test-custom-scheme:
+  displayName: Custom security scheme
+  get:
+    securedBy: [customScheme]
+/test-oauth10-scheme:
+  displayName: Oauth 1.0 security scheme
+  get:
+    securedBy: [oauth_1_0]
+/test-oauth20-scheme:
+  displayName: Oauth 2.0 security scheme
+  get:
+    securedBy: [oauth_2_0]
+

test/api-console-request.test.js

@@ -5,7 +5,7 @@ import '../api-console.js';
 import {
   documentationTryItButton,
   navigationSelectEndpointMethod,
-  requestBodySection,
+  requestBodySection, requestCredentialsSection,
   requestHeadersSection,
   requestQueryParamSection, requestSendButton,
   requestUrlSection
@@ -133,6 +133,175 @@ describe('API Console request', () => {
           assert.exists(body.shadowRoot.querySelector('raw-payload-editor'));
         });
       });
+
+      describe('Authorization', () => {
+        const assertDropdownMenu = (form, name, menuLabel, value) => {
+          const menu = form.querySelector(`anypoint-dropdown-menu[name="${name}"]`);
+          assert.exists(menu);
+          assert.exists(menu.shadowRoot.querySelector('.label').innerText, menuLabel);
+          assert.exists(menu.shadowRoot.querySelector('.input-wrapper').innerText, value);
+        }
+
+        const assertMaskedInput = (form, name, inputLabel) => {
+          const input = form.querySelector(`anypoint-masked-input[name="${name}"]`);
+          assert.exists(input);
+          assert.exists(input.querySelector('label').innerText, inputLabel);
+        }
+
+        const assertInput = (form, name, inputLabel) => {
+          const input = form.querySelector(`anypoint-input[name="${name}"]`);
+          assert.exists(input);
+          assert.exists(input.querySelector('label').innerText, inputLabel);
+        }
+
+        describe('x-other', () => {
+          let credentialsSection
+
+          beforeEach(async () => {
+            await navigationSelectEndpointMethod(element, '/test-custom-scheme', 'get');
+            await aTimeout(50)
+            documentationTryItButton(element).click()
+            await aTimeout(50)
+            credentialsSection = requestCredentialsSection(element);
+          });
+
+          it(`should render credentials section`, async () => {
+            assert.exists(credentialsSection);
+          });
+
+          it(`should render auth label`, async () => {
+            assert.equal(credentialsSection.shadowRoot.querySelector('.auth-selector-label').innerText, 'x-custom');
+          });
+
+          it(`should render authorization method`, async () => {
+            const authorizationMethod = credentialsSection.shadowRoot.querySelector('api-authorization-method');
+            assert.equal(authorizationMethod.getAttribute('type'), 'custom');
+
+            const authorizationMethodTitle = authorizationMethod.shadowRoot.querySelector('.subtitle');
+            assert.equal(authorizationMethodTitle.querySelector('span').innerText, 'Scheme: customScheme');
+            assert.exists(authorizationMethodTitle.querySelector('.hint-icon'));
+          });
+
+          it(`should render scheme fields`, async () => {
+            const authorizationMethod = credentialsSection.shadowRoot.querySelector('api-authorization-method');
+            const authorizationMethodForm = authorizationMethod.shadowRoot.querySelector('form');
+            assert.equal(authorizationMethodForm.querySelector('.section-title').innerText, 'Headers');
+
+            const fields = authorizationMethodForm.querySelectorAll('.field-value');
+            assert.lengthOf(fields, 1);
+            const formItem = fields[0].querySelector('api-form-item');
+            const input = formItem.shadowRoot.querySelector('anypoint-input');
+            assert.equal(input.querySelector('label').innerText, 'SpecialToken*');
+            assert.exists(fields[0].querySelector('.hint-icon'));
+          });
+
+          describe('Request with credentials', () => {
+            beforeEach(async () => {
+              spy = sinon.spy();
+              document.body.addEventListener('api-request', spy);
+            });
+
+            it(`should add all credential headers to request`, async () => {
+              requestSendButton(element).click();
+              await nextFrame();
+
+              assert.isTrue(spy.called);
+              assert.equal(spy.getCall(0).args[0].detail.headers, 'SpecialToken: special-token');
+            });
+          });
+        })
+
+        describe('Oauth 1.0', () => {
+          let credentialsSection
+
+          beforeEach(async () => {
+            await navigationSelectEndpointMethod(element, '/test-oauth10-scheme', 'get');
+            await aTimeout(50)
+            documentationTryItButton(element).click()
+            await aTimeout(50)
+            credentialsSection = requestCredentialsSection(element);
+          });
+
+          it(`should render credentials section`, async () => {
+            assert.exists(credentialsSection);
+          });
+
+          it(`should render auth label`, async () => {
+            assert.equal(credentialsSection.shadowRoot.querySelector('.auth-selector-label').innerText, 'OAuth 1.0');
+          });
+
+          it(`should render authorization method`, async () => {
+            const authorizationMethod = credentialsSection.shadowRoot.querySelector('api-authorization-method');
+            assert.equal(authorizationMethod.getAttribute('type'), 'oauth 1');
+          });
+
+          it(`should render scheme fields`, async () => {
+            const authorizationMethod = credentialsSection.shadowRoot.querySelector('api-authorization-method');
+            const authorizationMethodForm = authorizationMethod.shadowRoot.querySelector('form');
+
+            assertDropdownMenu(authorizationMethodForm, 'authTokenMethod', 'Authorization token method', 'POST')
+            assertDropdownMenu(authorizationMethodForm, 'authParamsLocation', 'Oauth parameters location', 'Authorization header')
+            assertDropdownMenu(authorizationMethodForm, 'signatureMethod', 'Signature method', 'HMAC-SHA1')
+
+            assertMaskedInput(authorizationMethodForm, 'consumerKey', 'Consumer key')
+            assertMaskedInput(authorizationMethodForm, 'consumerSecret', 'Consumer secret')
+            assertMaskedInput(authorizationMethodForm, 'token', 'Token')
+            assertMaskedInput(authorizationMethodForm, 'tokenSecret', 'Token secret')
+            assertMaskedInput(authorizationMethodForm, 'realm', 'Realm')
+
+            assertInput(authorizationMethodForm, 'requestTokenUri', 'Request token URI')
+            assertInput(authorizationMethodForm, 'accessTokenUri', 'Token Authorization URI')
+            assertInput(authorizationMethodForm, 'authorizationUri', 'User authorization dialog URI')
+            assertInput(authorizationMethodForm, 'redirectUri', 'Redirect URI')
+            assertInput(authorizationMethodForm, 'timestamp', 'Timestamp')
+            assertInput(authorizationMethodForm, 'nonce', 'Nonce')
+
+            assert.exists(authorizationMethod.shadowRoot.querySelector('.auth-button'));
+          });
+        })
+
+        describe('Oauth 2.0', () => {
+          let credentialsSection
+
+          beforeEach(async () => {
+            await navigationSelectEndpointMethod(element, '/test-oauth20-scheme', 'get');
+            await aTimeout(50)
+            documentationTryItButton(element).click()
+            await aTimeout(50)
+            credentialsSection = requestCredentialsSection(element);
+          });
+
+          it(`should render credentials section`, async () => {
+            assert.exists(credentialsSection);
+          });
+
+          it(`should render auth label`, async () => {
+            assert.equal(credentialsSection.shadowRoot.querySelector('.auth-selector-label').innerText, 'OAuth 2.0');
+          });
+
+          it(`should render authorization method`, async () => {
+            const authorizationMethod = credentialsSection.shadowRoot.querySelector('api-authorization-method');
+            assert.equal(authorizationMethod.getAttribute('type'), 'oauth 2');
+          });
+
+          it(`should render scheme fields`, async () => {
+            const authorizationMethod = credentialsSection.shadowRoot.querySelector('api-authorization-method');
+            const authorizationMethodForm = authorizationMethod.shadowRoot.querySelector('form');
+
+            assertDropdownMenu(authorizationMethodForm, 'grantType', 'Response type', 'Access token')
+            assertMaskedInput(authorizationMethodForm, 'clientId', 'Client id')
+            assertInput(authorizationMethodForm, 'authorizationUri', 'Authorization URI')
+
+            const scopes = authorizationMethod.shadowRoot.querySelector('oauth2-scope-selector');
+            assert.exists(scopes);
+            assert.equal(scopes.shadowRoot.querySelector('.form-label').innerText, 'Scopes');
+            assert.exists(scopes.shadowRoot.querySelector('.scope-input'));
+
+            assert.exists(authorizationMethod.shadowRoot.querySelector('.redirect-section span').innerText, 'https://auth.advancedrestclient.com/oauth-popup.html');
+            assert.exists(authorizationMethod.shadowRoot.querySelector('.auth-button'));
+          });
+        })
+      });
     });
   });
 });

test/testHelper.d.ts

@@ -36,4 +36,5 @@ export declare function requestUrlSection(element: ApiConsole): Element|null;
 export declare function requestQueryParamSection(element: ApiConsole): Element|null;
 export declare function requestHeadersSection(element: ApiConsole): Element|null;
 export declare function requestBodySection(element: ApiConsole): Element|null;
+export declare function requestCredentialsSection(element: ApiConsole): Element|null;
 export declare function requestSendButton(element: ApiConsole): Element|null;

test/testHelper.js

@@ -133,6 +133,11 @@ export const requestBodySection = (element) => {
   return editor.shadowRoot.querySelector('api-body-editor');
 }
 
+export const requestCredentialsSection = (element) => {
+  const editor = requestEditor(element);
+  return editor.shadowRoot.querySelector('api-authorization');
+}
+
 export const requestSendButton = (element) => {
   const editor = requestEditor(element);
   return editor.shadowRoot.querySelector('.send-button');