From 02f161aba7ff4f4cbef2f6fa1f9281986eaa8f14 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Mon, 9 Dec 2019 17:19:25 -0700 Subject: [PATCH] Use OidcIdToken.Builder Issue gh-7592 --- .../client/OAuth2LoginConfigurerTests.java | 5 +-- ...odeReactiveAuthenticationManagerTests.java | 26 +++++++------ .../OidcReactiveOAuth2UserServiceTests.java | 20 +++------- .../oidc/userinfo/OidcUserRequestTests.java | 38 ++++++------------- .../userinfo/OidcUserRequestUtilsTests.java | 23 ++++++----- .../oidc/userinfo/OidcUserServiceTests.java | 10 +---- .../oauth2/core/oidc/TestOidcIdTokens.java | 20 +++++----- 7 files changed, 55 insertions(+), 87 deletions(-) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java index 8b35e92581..48274c5e08 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java @@ -15,7 +15,6 @@ */ package org.springframework.security.config.annotation.web.configurers.oauth2.client; -import java.time.Instant; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -93,6 +92,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken; import static org.springframework.security.oauth2.jwt.TestJwts.jwt; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; @@ -982,8 +982,7 @@ public class OAuth2LoginConfigurerTests { } private static OAuth2UserService createOidcUserService() { - OidcIdToken idToken = new OidcIdToken("token123", Instant.now(), - Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123")); + OidcIdToken idToken = idToken().build(); return request -> new DefaultOidcUser( Collections.singleton(new OidcUserAuthority(idToken)), idToken); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java index 1c71ca4734..5e19ab8569 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java @@ -16,12 +16,21 @@ package org.springframework.security.oauth2.client.oidc.authentication; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.ArgumentCaptor; import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; +import reactor.core.publisher.Mono; + import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.crypto.keygen.Base64StringKeyGenerator; @@ -42,23 +51,17 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; import org.springframework.security.oauth2.core.oidc.OidcIdToken; +import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens; import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames; import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.JwtException; import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder; -import reactor.core.publisher.Mono; -import java.security.NoSuchAlgorithmException; -import java.time.Instant; -import java.util.Arrays; -import java.util.Base64; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import static org.assertj.core.api.Assertions.*; +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; +import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager.createHash; @@ -87,8 +90,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .success("code") .state("state"); - private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(), - Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123")); + private OidcIdToken idToken = TestOidcIdTokens.idToken().build(); private OidcAuthorizationCodeReactiveAuthenticationManager manager; diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java index 0876c48247..e84e9f38dd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java @@ -75,9 +75,7 @@ public class OidcReactiveOAuth2UserServiceTests { private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration() .userNameAttributeName(IdTokenClaimNames.SUB); - private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(), - Instant.now().plusSeconds(3600), Collections - .singletonMap(IdTokenClaimNames.SUB, "sub123")); + private OidcIdToken idToken = idToken().build(); private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", @@ -149,7 +147,7 @@ public class OidcReactiveOAuth2UserServiceTests { @Test public void loadUserWhenOAuth2UserThenUserInfoNotNull() { Map attributes = new HashMap<>(); - attributes.put(StandardClaimNames.SUB, "sub123"); + attributes.put(StandardClaimNames.SUB, "subject"); attributes.put("user", "rob"); OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); @@ -162,7 +160,7 @@ public class OidcReactiveOAuth2UserServiceTests { public void loadUserWhenOAuth2UserAndUser() { this.registration.userNameAttributeName("user"); Map attributes = new HashMap<>(); - attributes.put(StandardClaimNames.SUB, "sub123"); + attributes.put(StandardClaimNames.SUB, "subject"); attributes.put("user", "rob"); OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); @@ -174,7 +172,7 @@ public class OidcReactiveOAuth2UserServiceTests { @Test public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() { Map attributes = new HashMap<>(); - attributes.put(StandardClaimNames.SUB, "sub123"); + attributes.put(StandardClaimNames.SUB, "subject"); attributes.put("user", "rob"); OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), attributes, "user"); @@ -195,12 +193,9 @@ public class OidcReactiveOAuth2UserServiceTests { @Test public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() { - Map body = new HashMap<>(); - body.put("id", "id"); - body.put("sub", "test-subject"); OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService(); OidcUserRequest request = new OidcUserRequest( - clientRegistration().build(), scopes("message:read", "message:write"), idToken(body)); + clientRegistration().build(), scopes("message:read", "message:write"), idToken().build()); OidcUser user = userService.loadUser(request).block(); assertThat(user.getAuthorities()).hasSize(3); @@ -212,12 +207,9 @@ public class OidcReactiveOAuth2UserServiceTests { @Test public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() { - Map body = new HashMap<>(); - body.put("id", "id"); - body.put("sub", "test-subject"); OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService(); OidcUserRequest request = new OidcUserRequest( - clientRegistration().build(), noScopes(), idToken(body)); + clientRegistration().build(), noScopes(), idToken().build()); OidcUser user = userService.loadUser(request).block(); assertThat(user.getAuthorities()).hasSize(1); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java index 770bb0e028..b1e2b5481b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java @@ -15,23 +15,23 @@ */ package org.springframework.security.oauth2.client.oidc.userinfo; -import org.junit.Before; -import org.junit.Test; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; -import org.springframework.security.oauth2.core.oidc.OidcIdToken; - import java.time.Instant; import java.util.Arrays; import java.util.HashMap; import java.util.LinkedHashSet; import java.util.Map; +import org.junit.Before; +import org.junit.Test; + +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; + import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration; +import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken; /** * Tests for {@link OidcUserRequest}. @@ -46,27 +46,11 @@ public class OidcUserRequestTests { @Before public void setUp() { - this.clientRegistration = ClientRegistration.withRegistrationId("registration-1") - .clientId("client-1") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("https://client.com") - .scope(new LinkedHashSet<>(Arrays.asList("openid", "profile"))) - .authorizationUri("https://provider.com/oauth2/authorization") - .tokenUri("https://provider.com/oauth2/token") - .jwkSetUri("https://provider.com/keys") - .clientName("Client 1") - .build(); + this.clientRegistration = clientRegistration().build(); this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", Instant.now(), Instant.now().plusSeconds(60), new LinkedHashSet<>(Arrays.asList("scope1", "scope2"))); - Map claims = new HashMap<>(); - claims.put(IdTokenClaimNames.ISS, "https://provider.com"); - claims.put(IdTokenClaimNames.SUB, "subject1"); - claims.put(IdTokenClaimNames.AZP, "client-1"); - this.idToken = new OidcIdToken("id-token-1234", Instant.now(), - Instant.now().plusSeconds(3600), claims); + this.idToken = idToken().authorizedParty(this.clientRegistration.getClientId()).build(); this.additionalParameters = new HashMap<>(); this.additionalParameters.put("param1", "value1"); this.additionalParameters.put("param2", "value2"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java index 53ca0a094a..f5270813f7 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java @@ -16,19 +16,20 @@ package org.springframework.security.oauth2.client.oidc.userinfo; -import org.junit.Test; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.client.registration.TestClientRegistrations; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; -import org.springframework.security.oauth2.core.oidc.OidcIdToken; - import java.time.Duration; import java.time.Instant; import java.util.Collections; -import static org.assertj.core.api.Assertions.*; +import org.junit.Test; + +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; +import org.springframework.security.oauth2.core.AuthorizationGrantType; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; +import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens; + +import static org.assertj.core.api.Assertions.assertThat; /** * @author Rob Winch @@ -37,9 +38,7 @@ import static org.assertj.core.api.Assertions.*; public class OidcUserRequestUtilsTests { private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration(); - OidcIdToken idToken = new OidcIdToken("token123", Instant.now(), - Instant.now().plusSeconds(3600), Collections - .singletonMap(IdTokenClaimNames.SUB, "sub123")); + OidcIdToken idToken = TestOidcIdTokens.idToken().build(); OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java index 6b414375ec..8a5a495d7a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java @@ -492,12 +492,9 @@ public class OidcUserServiceTests { @Test public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() { - Map body = new HashMap<>(); - body.put("id", "id"); - body.put("sub", "test-subject"); OidcUserService userService = new OidcUserService(); OidcUserRequest request = new OidcUserRequest(clientRegistration().build(), - scopes("message:read", "message:write"), idToken(body)); + scopes("message:read", "message:write"), idToken().build()); OidcUser user = userService.loadUser(request); assertThat(user.getAuthorities()).hasSize(3); @@ -509,12 +506,9 @@ public class OidcUserServiceTests { @Test public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() { - Map body = new HashMap<>(); - body.put("id", "id"); - body.put("sub", "test-subject"); OidcUserService userService = new OidcUserService(); OidcUserRequest request = new OidcUserRequest(clientRegistration().build(), - noScopes(), idToken(body)); + noScopes(), idToken().build()); OidcUser user = userService.loadUser(request); assertThat(user.getAuthorities()).hasSize(1); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java index a99020ed26..a866554f54 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java @@ -17,8 +17,8 @@ package org.springframework.security.oauth2.core.oidc; import java.time.Instant; -import java.util.Collections; -import java.util.Map; + +import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withTokenValue; /** * Test {@link OidcIdToken}s @@ -26,14 +26,12 @@ import java.util.Map; * @author Josh Cummings */ public class TestOidcIdTokens { - public static OidcIdToken idToken() { - return idToken(Collections.singletonMap("id", "id")); - } - - public static OidcIdToken idToken(Map claims) { - return new OidcIdToken("token", - Instant.now(), - Instant.now().plusSeconds(86400), - claims); + public static OidcIdToken.Builder idToken() { + return withTokenValue("id-token") + .issuer("https://example.com") + .subject("subject") + .issuedAt(Instant.now()) + .expiresAt(Instant.now().plusSeconds(86400)) + .claim("id", "id"); } }