Add an initial "pub lish" command.

utils/tests/pub/oauth2_test.dart

Index: utils/tests/pub/oauth2_test.dart
diff --git a/utils/tests/pub/oauth2_test.dart b/utils/tests/pub/oauth2_test.dart
new file mode 100644
index 0000000000000000000000000000000000000000..9d8463087966674c52a46e3ba623d4122c76a95c
--- /dev/null
+++ b/utils/tests/pub/oauth2_test.dart
@@ -0,0 +1,174 @@
+// Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+library oauth2_test;
+
+import 'dart:io';
+import 'dart:json';
+
+import 'test_pub.dart';
+import '../../../pkg/unittest/lib/unittest.dart';
+import '../../pub/io.dart';
+
+main() {
+  setUp(() => dir(appPath, [libPubspec("test_pkg", "1.0.0")]).scheduleCreate());
+
+  test('with no credentials.json, authenticates and saves credentials.json',
+      () {
+    var server = new ScheduledServer();
+    var pub = startPubLish(server);
+
+    expectLater(pub.nextLine(), equals('Pub needs your '
+       'authorization to upload packages on your behalf.'));
+    pub.writeLine('access code');
+
+    handleAccessTokenRequest(server, "access token");
+
+    server.handle('GET', '/packages/versions/new.json', (request, response) {

[Bob Nystrom, 2012/11/27 21:00:53]

These callbacks need to be wrapped in expectAsync or guardAsync, right?
Otherwise it will do nasty things if the test fails.

[nweiz, 2012/11/27 22:07:34]

It's actually important that they're *not*. They're already set up as part of
the schedule, so errors are piped through there to allow its cleanup code to
run. If the plain unittest code caught the error, the cleanup code wouldn't run
at all.

+      expect(request.headers.value('authorization'),
+          equals('Bearer access token'));
+
+      response.outputStream.close();
+    });
+
+    pub.kill();
+
+    credentialsFile(server, 'access token').scheduleValidate();
+
+    run();
+  });
+
+  test('with a pre-existing credentials.json does not authenticate', () {
+    var server = new ScheduledServer();
+    credentialsFile(server, 'access token').scheduleCreate();
+    var pub = startPubLish(server);
+
+    server.handle('GET', '/packages/versions/new.json', (request, response) {
+      expect(request.headers.value('authorization'),
+          equals('Bearer access token'));
+
+      response.outputStream.close();
+    });
+
+    pub.kill();
+
+    run();
+  });
+
+  test('with an expired credentials.json, refreshes and saves the refreshed '
+      'access token to credentials.json', () {
+    var server = new ScheduledServer();
+    credentialsFile(server, 'access token',
+        refreshToken: 'refresh token',
+        expiration: new Date.now().subtract(new Duration(hours: 1)))
+        .scheduleCreate();
+
+    var pub = startPubLish(server);
+
+    server.handle('POST', '/token', (request, response) {
+      return consumeInputStream(request.inputStream).transform((bytes) {
+        var body = new String.fromCharCodes(bytes);
+        expect(body, matches(
+            new RegExp(r'(^|&)refresh_token=refresh%20token(&|$)')));
+
+        response.headers.contentType = new ContentType("application", "json");
+        response.outputStream.writeString(JSON.stringify({
+          "access_token": "new access token",
+          "token_type": "bearer"
+        }));
+        response.outputStream.close();
+      });
+    });
+
+    server.handle('GET', '/packages/versions/new.json', (request, response) {
+      expect(request.headers.value('authorization'),
+          equals('Bearer new access token'));
+
+      response.outputStream.close();
+    });
+
+    pub.shouldExit();
+
+    credentialsFile(server, 'new access token', refreshToken: 'refresh token')
+        .scheduleValidate();
+
+    run();
+  });
+
+  test('with an expired credentials.json without a refresh token, '
+       'authenticates again and saves credentials.json', () {
+    var server = new ScheduledServer();
+    credentialsFile(server, 'access token',
+        expiration: new Date.now().subtract(new Duration(hours: 1)))
+        .scheduleCreate();
+
+    var pub = startPubLish(server);
+
+    expectLater(pub.nextErrLine(), equals("Pub's authorization to upload "
+          "packages has expired and can't be automatically refreshed."));
+    expectLater(pub.nextLine(), equals('Pub needs your '
+       'authorization to upload packages on your behalf.'));
+    pub.writeLine('access code');
+
+    handleAccessTokenRequest(server, "new access token");
+
+    server.handle('GET', '/packages/versions/new.json', (request, response) {
+      expect(request.headers.value('authorization'),
+          equals('Bearer new access token'));
+
+      response.outputStream.close();
+    });
+
+    pub.kill();
+
+    credentialsFile(server, 'new access token').scheduleValidate();
+
+    run();
+  });
+
+  test('with a malformed credentials.json, authenticates again and saves '
+      'credentials.json', () {
+    var server = new ScheduledServer();
+    dir(cachePath, [
+      file('credentials.json', '{bad json')
+    ]).scheduleCreate();
+
+    var pub = startPubLish(server);
+
+    expectLater(pub.nextLine(), equals('Pub needs your '
+       'authorization to upload packages on your behalf.'));
+    pub.writeLine('access code');
+
+    handleAccessTokenRequest(server, "new access token");
+
+    server.handle('GET', '/packages/versions/new.json', (request, response) {
+      expect(request.headers.value('authorization'),
+          equals('Bearer new access token'));
+
+      response.outputStream.close();
+    });
+
+    pub.kill();
+
+    credentialsFile(server, 'new access token').scheduleValidate();
+
+    run();
+  });
+}
+
+void handleAccessTokenRequest(ScheduledServer server, String accessToken) {

[Bob Nystrom, 2012/11/27 21:00:53]

What's the difference between this and the code at #69?

[nweiz, 2012/11/27 22:07:34]

That code handles a refresh request, while this code handles an initial request.
The only code difference is what body is expected.

If we had more tests that requested a refresh it might be worth unifying them,
but as is I think it makes sense for the one-off behavior change to have a
little duplication.

+  server.handle('POST', '/token', (request, response) {
+    return consumeInputStream(request.inputStream).transform((bytes) {
+      var body = new String.fromCharCodes(bytes);
+      expect(body, matches(new RegExp(r'(^|&)code=access%20code(&|$)')));
+
+      response.headers.contentType = new ContentType("application", "json");
+      response.outputStream.writeString(JSON.stringify({
+        "access_token": accessToken,
+        "token_type": "bearer"
+      }));
+      response.outputStream.close();
+    });
+  });
+}