From e13a0dc03c6fc77a8a7fc7d9e388f9ea60b02c8e Mon Sep 17 00:00:00 2001
From: Patrick Peng Sun <patrick@lawipac.com>
Date: Thu, 6 Jul 2017 16:55:48 +1000
Subject: [PATCH] test unauthorized case.

---
 main.go        | 12 ++++++++++--
 server_test.go | 23 +++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index 56f4bd1..9965f13 100644
--- a/main.go
+++ b/main.go
@@ -60,6 +60,7 @@ func setupHTTPHandler() {
 	http.HandleFunc("/MP_verify_6JqVkftKr39GMakA.txt", mpDomainAuthSecret)
 	http.HandleFunc("/profile_newly_register", initialRegistrationHandler)
 	http.HandleFunc("/iapi/getAccessToken", supplyAccessToken)
+	http.HandleFunc("/iapi/createQr", iapiCreateQrCode)
 	http.ListenAndServe(":65500", nil)
 }
 
@@ -103,12 +104,19 @@ func dumpReuestHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func supplyAccessToken(w http.ResponseWriter, r *http.Request) {
-	logRequestDebug(httputil.DumpRequest(r, true))
+	//logRequestDebug(httputil.DumpRequest(r, true))
 	if checkSignatureByToken(r, IntraAPIConfig.CRMSecrete) {
 		atk, _ := GetAccessToken()
 		fmt.Fprint(w, atk)
 	} else {
-		fmt.Fprint(w, "errortoken")
+		w.WriteHeader(401)
+		fmt.Fprint(w, "unauthorized")
+	}
+}
+
+func iapiCreateQrCode(w http.ResponseWriter, r *http.Request) {
+	if !checkSignatureByToken(r, IntraAPIConfig.CRMSecrete) {
+		fmt.Fprint(w, "unauthorized")
 	}
 
 }
diff --git a/server_test.go b/server_test.go
index 9f501c6..faf66b1 100644
--- a/server_test.go
+++ b/server_test.go
@@ -76,6 +76,19 @@ func TestGetAccesstoken(t *testing.T) {
 	log.Printf("TestGetAccesstoken got: [%s] ", m)
 	AssertEqual(t, m != errorResponse, true, "Signature check failed, error response")
 	AssertEqual(t, m, expected, "token incorrect")
+
+}
+
+func TestGetAccesstokenUnAuthorized(t *testing.T) {
+	req := buildReqGetAccessTokenUnAuthorized()
+	rr, _ := getHTTPResponse(req, supplyAccessToken)
+	errorResponse := "unauthorized"
+	m := rr.Body.String()
+	expected, _ := GetAccessToken()
+	log.Printf("TestGetAccesstoken got: [%s] ", m)
+	AssertEqual(t, m, errorResponse, "should be unauthorized")
+	AssertEqual(t, m != expected, true, "token should not be returned")
+
 }
 
 func getHTTPResponse(req *http.Request, handler http.HandlerFunc) (rr *httptest.ResponseRecorder, err error) {
@@ -168,6 +181,16 @@ func buildReqGetAccessToken() *http.Request {
 	return req
 }
 
+func buildReqGetAccessTokenUnAuthorized() *http.Request {
+	req, err := http.NewRequest("GET", "/iapi/getAccessToken", nil)
+	if err != nil {
+		log.Fatal(err)
+	}
+	//buildReqCommonSignature(req, IntraAPIConfig.CRMSecrete)
+	buildReqCommonHeader(req)
+	return req
+}
+
 func buildSignature(token string) (signature, timestamp, nonce string) {
 	timestamp = fmt.Sprintf("%d", int32(time.Now().Unix()))
 	nonce = "1461107899" //a randome string cut from previous wechat request