Fix issues in endpoint

MarcialRosales · MarcialRosales · commit 9605c964537b · 2025-07-15T07:07:07.000+02:00
related to accepted content type
diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_oauth_introspect.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_oauth_introspect.erl
@@ -7,33 +7,39 @@
 
 -module(rabbit_mgmt_wm_oauth_introspect).
 
--export([init/2, to_json/2, content_types_provided/2, is_authorized/2]).
+-export([init/2, 
+        is_authorized/2, allowed_methods/2]).
+-export([variances/2]).
 -include("rabbit_mgmt.hrl").
 
+-include_lib("rabbitmq_management_agent/include/rabbit_mgmt_records.hrl").
+
 %%--------------------------------------------------------------------
 
-init(Req, State) ->
-    {cowboy_rest, rabbit_mgmt_headers:set_no_cache_headers(
-        rabbit_mgmt_headers:set_common_permission_headers(Req, ?MODULE), ?MODULE), State}.
+init(Req, _) ->
+    Ret = {cowboy_rest, rabbit_mgmt_headers:set_common_permission_headers(Req, ?MODULE), #context{}},
+    rabbit_log:debug("init rabbit_mgmt_wm_oauth_introspect"),
+    Ret.
+%{cowboy_rest, rabbit_mgmt_headers:set_no_cache_headers(
+%        rabbit_mgmt_headers:set_common_permission_headers(Req, ?MODULE), ?MODULE), State}.
 
 allowed_methods(ReqData, Context) ->
     {[<<"POST">>, <<"OPTIONS">>], ReqData, Context}.
 
 variances(Req, Context) ->
     {[<<"accept-encoding">>, <<"origin">>], Req, Context}.
 
-content_types_provided(ReqData, Context) ->
-    {rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
-
-to_json(ReqData, Context) ->
+is_authorized(ReqData, Context) ->
+    rabbit_log:debug("to_json rabbit_mgmt_wm_oauth_introspect"),
     case cowboy_req:parse_header(<<"authorization">>, ReqData) of
         {bearer, Token} ->             
-            rabbit_mgmt_util:reply(
-              maps:from_list(oauth2_client:introspect_token(Token)),
-              ReqData, Context);
+            case oauth2_client:introspect_token(Token) of 
+                {error, Reason} -> 
+                    rabbit_log:error("Failed to introspect token due to ~p", [Reason]),
+                    rabbit_mgmt_util:bad_request(<<"Cannot introspect tokenr">>, ReqData, Context);
+                JwtToken -> 
+                    rabbit_mgmt_util:reply(JwtToken,ReqData, Context)
+            end;
         _ -> 
             rabbit_mgmt_util:bad_request(<<"Opaque token not found in authorization header">>, ReqData, Context)
     end.
-               
-is_authorized(ReqData, Context) ->
-    {true, ReqData, Context}.
diff --git a/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl b/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl
@@ -14,6 +14,22 @@
 -import(rabbit_mgmt_test_util, [req/5]).
 -compile(export_all).
 
+-import(rabbit_mgmt_test_util, [assert_list/2, assert_item/2, test_item/2,
+                                assert_keys/2, assert_no_keys/2,
+                                decode_body/1,
+                                http_get/2, http_get/3, http_get/5,
+                                http_get_no_auth/3,
+                                http_get_no_decode/5,
+                                http_put/4, http_put/6,
+                                http_post/4, http_post/6,
+                                http_post_json/4,
+                                http_upload_raw/8,
+                                http_delete/3, http_delete/4, http_delete/5,
+                                http_put_raw/4, http_post_accept_json/4,
+                                req/4, auth_header/2,
+                                assert_permanent_redirect/3,
+                                uri_base_from/2, format_for_upload/1,
+                                amqp_port/1, req/6]).
 all() ->
     [
      {group, without_any_settings},
@@ -36,6 +52,7 @@ groups() ->
     [
       {run_with_broker, [], [
         {verify_introspection_endpoint, [], [
+          test_login,
           introspect_opaque_token_returns_active_jwt_token
         ]}        
       ]},
@@ -897,9 +914,50 @@ should_return_mgt_oauth_resource_a_with_token_endpoint_params_1(Config) ->
   assertEqual_on_attribute_for_oauth_resource_server(authSettings(),
     Config, a, oauth_token_endpoint_params, token_params_1).
 
-introspect_opaque_token_returns_active_jwt_token(Config) ->  
-  _Result = req(Config, 0, post, "/introspect", [{"Authorization", "Bearer active"}]).
-
+test_login(Config) ->
+    http_put(Config, "/users/myuser", [{password, <<"myuser">>},
+                                       {tags,     <<"management">>}], {group, '2xx'}),
+    %% Let's do a post without any other form of authorization
+    {ok, {{_, CodeAct, _}, Headers, _}} =
+        req(Config, 0, post, "/login",
+            [{"content-type", "application/x-www-form-urlencoded"}],
+            <<"username=myuser&password=myuser">>),
+    ?assertEqual(200, CodeAct),
+
+        %% Extract the authorization header
+    Cookie = list_to_binary(proplists:get_value("set-cookie", Headers)),
+    [_, Auth] = binary:split(Cookie, <<"=">>, []),
+
+    %% Request the overview with the auth obtained
+    {ok, {{_, CodeAct1, _}, _, _}} =
+        req(Config, get, "/overview", [{"Authorization", "Basic " ++ binary_to_list(Auth)}]),
+    ?assertEqual(200, CodeAct1),
+
+    %% Let's request a login with an unknown user
+    {ok, {{_, CodeAct2, _}, Headers2, _}} =
+        req(Config, 0, post, "/login",
+            [{"content-type", "application/x-www-form-urlencoded"}],
+            <<"username=misteryusernumber1&password=myuser">>),
+    ?assertEqual(401, CodeAct2),
+    ?assert(not proplists:is_defined("set-cookie", Headers2)),
+
+    http_delete(Config, "/users/myuser", {group, '2xx'}),
+    passed.
+
+
+introspect_opaque_token_returns_active_jwt_token(Config) -> 
+  Result2 = req(Config, 0, post, "/auth/introspect", [
+    {"Authorization", "Bearer active"}, {"Accept", "application/json"}], []),
+    
+  ct:log("Result: ~p", [Result2]).
+%  _Result2 = httpc:request(post, {uri_base_from(Config, 0, "auth/introspect"), 
+%    [{"Authorization", "Bearer active"}]}, [], []).
+ 
+uri_base_from(Config, Node, Base) ->
+    Port = rabbit_ct_broker_helpers:get_node_config(Config, Node, tcp_port_mgmt),
+    Prefix = "/api",
+    Uri = list_to_binary(lists:flatten(io_lib:format("http://localhost:~w~ts/~ts", [Port, Prefix, Base]))),
+    binary_to_list(Uri).
 
 %% -------------------------------------------------------------------
 %% Utility/helper functions
