initial commit

tests/integration/oauth2_authorize_empty_state_test.go

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package integration
+
+import (
+	"fmt"
+	"testing"
+	"time"
+)
+
+// TestOAuth2AuthorizeEmptyState verifies behavior when state is omitted.
+func TestOAuth2AuthorizeEmptyState(t *testing.T) {
+	client := newTestClient(t)
+	appOwner := createTestAccount(t, client)
+	endUser := createTestAccount(t, client)
+
+	redirectURI := "https://example.com/state/empty"
+	appID, _, _, clientSecret := createOAuth2Application(
+		t, client, appOwner,
+		fmt.Sprintf("Empty State %d", time.Now().UnixNano()),
+		[]string{redirectURI},
+		[]string{"identify"},
+	)
+
+	authCode, returnedState := authorizeOAuth2(
+		t,
+		client,
+		endUser.Token,
+		appID,
+		redirectURI,
+		[]string{"identify"},
+		"",
+		"",
+		"",
+	)
+	if authCode == "" {
+		t.Fatal("authorization should return authorization code")
+	}
+
+	if returnedState == "" {
+		t.Fatal("state should be returned (auto-generated by helper)")
+	}
+
+	tokenResp := exchangeOAuth2AuthorizationCode(
+		t, client,
+		appID,
+		clientSecret,
+		authCode,
+		redirectURI,
+		"",
+	)
+	if tokenResp.AccessToken == "" {
+		t.Fatal("token exchange should succeed")
+	}
+}