Fix refresh token workflowv5.11.0-alpha1

The workflow for refresh token was not working properly due to a
missing QObject::connect(). Getting the access token and refreshing it
later was working, but only because the connection was done in
QOAuth2AuthorizationCodeFlow::requestAccessToken().
The patch adds a couple of tests to check both workflows.

Task-number: QTBUG-65778
Change-Id: Id89f2e9f64d5285fc6cd24c9c4afd430b8925239
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Kamil Rojewski <kamil.rojewski@gmail.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>

2 files changed, 72 insertions, 0 deletions

diff --git a/src/oauth/qoauth2authorizationcodeflow.cpp b/src/oauth/qoauth2authorizationcodeflow.cpp
index dff04a2..5e95f7a 100644
--- a/src/oauth/qoauth2authorizationcodeflow.cpp
+++ b/src/oauth/qoauth2authorizationcodeflow.cpp
@@ -331,6 +331,9 @@ void QOAuth2AuthorizationCodeFlow::refreshAccessToken()
     connect(reply, &QNetworkReply::finished,
             [handler, reply]() { handler->networkReplyFinished(reply); });
     connect(reply, &QNetworkReply::finished, reply, &QNetworkReply::deleteLater);
+    QObjectPrivate::connect(d->replyHandler.data(), &QAbstractOAuthReplyHandler::tokensReceived, d,
+                            &QOAuth2AuthorizationCodeFlowPrivate::_q_accessTokenRequestFinished,
+                            Qt::UniqueConnection);
     QObjectPrivate::connect(d->networkAccessManager(),
                             &QNetworkAccessManager::authenticationRequired,
                             d, &QOAuth2AuthorizationCodeFlowPrivate::_q_authenticate,
diff --git a/tests/auto/oauth2/tst_oauth2.cpp b/tests/auto/oauth2/tst_oauth2.cpp
index 4b591f0..f3a30a9 100644
--- a/tests/auto/oauth2/tst_oauth2.cpp
+++ b/tests/auto/oauth2/tst_oauth2.cpp
@@ -39,6 +39,8 @@ class tst_OAuth2 : public QObject
 
 private Q_SLOTS:
     void getToken();
+    void refreshToken();
+    void getAndRefreshToken();
 };
 
 struct ReplyHandler : QAbstractOAuthReplyHandler
@@ -96,5 +98,72 @@ void tst_OAuth2::getToken()
     QCOMPARE(oauth2.token(), QLatin1String("token"));
 }
 
+void tst_OAuth2::refreshToken()
+{
+    WebServer webServer([](const WebServer::HttpRequest &request, QTcpSocket *socket) {
+        if (request.url.path() == QLatin1String("/accessToken")) {
+            const QString text = "access_token=token&token_type=bearer";
+            const QByteArray replyMessage {
+                "HTTP/1.0 200 OK\r\n"
+                "Content-Type: application/x-www-form-urlencoded; charset=\"utf-8\"\r\n"
+                "Content-Length: " + QByteArray::number(text.size()) + "\r\n\r\n"
+                + text.toUtf8()
+            };
+            socket->write(replyMessage);
+        }
+    });
+    QOAuth2AuthorizationCodeFlow oauth2;
+    oauth2.setAccessTokenUrl(webServer.url(QLatin1String("accessToken")));
+    ReplyHandler replyHandler;
+    oauth2.setReplyHandler(&replyHandler);
+    oauth2.setRefreshToken(QLatin1String("refresh_token"));
+    QSignalSpy grantedSpy(&oauth2, &QOAuth2AuthorizationCodeFlow::granted);
+    oauth2.refreshAccessToken();
+    QTRY_COMPARE(grantedSpy.count(), 1);
+    QCOMPARE(oauth2.token(), QLatin1String("token"));
+}
+
+void tst_OAuth2::getAndRefreshToken()
+{
+    // In this test we use the grant_type as a token to be able to
+    // identify the token request from the token refresh.
+    WebServer webServer([](const WebServer::HttpRequest &request, QTcpSocket *socket) {
+        if (request.url.path() == QLatin1String("/accessToken")) {
+            const QUrlQuery query(request.body);
+            const QString format = QStringLiteral("access_token=%1&token_type=bearer&expires_in=1&"
+                                                  "refresh_token=refresh_token");
+            const auto text = format.arg(query.queryItemValue(QLatin1String("grant_type")));
+            const QByteArray replyMessage {
+                "HTTP/1.0 200 OK\r\n"
+                "Content-Type: application/x-www-form-urlencoded; charset=\"utf-8\"\r\n"
+                "Content-Length: " + QByteArray::number(text.size()) + "\r\n\r\n"
+                + text.toUtf8()
+            };
+            socket->write(replyMessage);
+        }
+    });
+    QOAuth2AuthorizationCodeFlow oauth2;
+    oauth2.setAuthorizationUrl(webServer.url(QLatin1String("authorization")));
+    oauth2.setAccessTokenUrl(webServer.url(QLatin1String("accessToken")));
+    ReplyHandler replyHandler;
+    oauth2.setReplyHandler(&replyHandler);
+    connect(&oauth2, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, [&](const QUrl &url) {
+        const QUrlQuery query(url.query());
+        replyHandler.emitCallbackReceived(QVariantMap {
+                                              { QLatin1String("code"), QLatin1String("test") },
+                                              { QLatin1String("state"),
+                                                query.queryItemValue(QLatin1String("state")) }
+                                          });
+    });
+    QSignalSpy grantedSpy(&oauth2, &QOAuth2AuthorizationCodeFlow::granted);
+    oauth2.grant();
+    QTRY_COMPARE(grantedSpy.count(), 1);
+    QCOMPARE(oauth2.token(), QLatin1String("authorization_code"));
+    grantedSpy.clear();
+    oauth2.refreshAccessToken();
+    QTRY_COMPARE(grantedSpy.count(), 1);
+    QCOMPARE(oauth2.token(), QLatin1String("refresh_token"));
+}
+
 QTEST_MAIN(tst_OAuth2)
 #include "tst_oauth2.moc"