Use OidcIdToken.Builder

Issue gh-7592
2019-12-09 17:19:25 -07:00 · 2019-12-09 17:19:25 -07:00 · 02f161aba7
parent 64e063d948
commit 02f161aba7
7 changed files with 55 additions and 87 deletions
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@ -15,7 +15,6 @@
 */
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@ -93,6 +92,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
@ -982,8 +982,7 @@ public class OAuth2LoginConfigurerTests {
 	}
 	private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
-		OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
+		OidcIdToken idToken = idToken().build();
 			Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
 		return request -> new DefaultOidcUser(
 				Collections.singleton(new OidcUserAuthority(idToken)), idToken);
 	}
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
@ -16,12 +16,21 @@
 package org.springframework.security.oauth2.client.oidc.authentication;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import reactor.core.publisher.Mono;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
@ -42,23 +51,17 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
 import reactor.core.publisher.Mono;
-import java.security.NoSuchAlgorithmException;
+import static org.assertj.core.api.Assertions.assertThat;
-import java.time.Instant;
+import static org.assertj.core.api.Assertions.assertThatCode;
-import java.util.Arrays;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager.createHash;
@ -87,8 +90,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 			.success("code")
 			.state("state");
-	private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
+	private OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 			Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
 	private OidcAuthorizationCodeReactiveAuthenticationManager manager;
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
@ -75,9 +75,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
 			.userNameAttributeName(IdTokenClaimNames.SUB);
-	private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
+	private OidcIdToken idToken = idToken().build();
 			Instant.now().plusSeconds(3600), Collections
 			.singletonMap(IdTokenClaimNames.SUB, "sub123"));
 	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 			"token",
@ -149,7 +147,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenOAuth2UserThenUserInfoNotNull() {
 		Map<String, Object> attributes = new HashMap<>();
-		attributes.put(StandardClaimNames.SUB, "sub123");
+		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				attributes, "user");
@ -162,7 +160,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	public void loadUserWhenOAuth2UserAndUser() {
 		this.registration.userNameAttributeName("user");
 		Map<String, Object> attributes = new HashMap<>();
-		attributes.put(StandardClaimNames.SUB, "sub123");
+		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				attributes, "user");
@ -174,7 +172,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
 		Map<String, Object> attributes = new HashMap<>();
-		attributes.put(StandardClaimNames.SUB, "sub123");
+		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				attributes, "user");
@ -195,12 +193,9 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		body.put("sub", "test-subject");
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
 		OidcUserRequest request = new OidcUserRequest(
-				clientRegistration().build(), scopes("message:read", "message:write"), idToken(body));
+				clientRegistration().build(), scopes("message:read", "message:write"), idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 		assertThat(user.getAuthorities()).hasSize(3);
@ -212,12 +207,9 @@ public class OidcReactiveOAuth2UserServiceTests {
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		body.put("sub", "test-subject");
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
 		OidcUserRequest request = new OidcUserRequest(
-				clientRegistration().build(), noScopes(), idToken(body));
+				clientRegistration().build(), noScopes(), idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 		assertThat(user.getAuthorities()).hasSize(1);
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java
@ -15,23 +15,23 @@
 */
 package org.springframework.security.oauth2.client.oidc.userinfo;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
 import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 /**
 * Tests for {@link OidcUserRequest}.
@ -46,27 +46,11 @@ public class OidcUserRequestTests {
 	@Before
 	public void setUp() {
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
+		this.clientRegistration = clientRegistration().build();
 				.clientId("client-1")
 				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.redirectUriTemplate("https://client.com")
 				.scope(new LinkedHashSet<>(Arrays.asList("openid", "profile")))
 				.authorizationUri("https://provider.com/oauth2/authorization")
 				.tokenUri("https://provider.com/oauth2/token")
 				.jwkSetUri("https://provider.com/keys")
 				.clientName("Client 1")
 				.build();
 		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				"access-token-1234", Instant.now(), Instant.now().plusSeconds(60),
 				new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
-		Map<String, Object> claims = new HashMap<>();
+		this.idToken = idToken().authorizedParty(this.clientRegistration.getClientId()).build();
 		claims.put(IdTokenClaimNames.ISS, "https://provider.com");
 		claims.put(IdTokenClaimNames.SUB, "subject1");
 		claims.put(IdTokenClaimNames.AZP, "client-1");
 		this.idToken = new OidcIdToken("id-token-1234", Instant.now(),
 				Instant.now().plusSeconds(3600), claims);
 		this.additionalParameters = new HashMap<>();
 		this.additionalParameters.put("param1", "value1");
 		this.additionalParameters.put("param2", "value2");
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
@ -16,19 +16,20 @@
 package org.springframework.security.oauth2.client.oidc.userinfo;
 import org.junit.Test;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Collections;
-import static org.assertj.core.api.Assertions.*;
+import org.junit.Test;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import static org.assertj.core.api.Assertions.assertThat;
 /**
 * @author Rob Winch
@ -37,9 +38,7 @@ import static org.assertj.core.api.Assertions.*;
 public class OidcUserRequestUtilsTests {
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
-	OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
+	OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 			Instant.now().plusSeconds(3600), Collections
 			.singletonMap(IdTokenClaimNames.SUB, "sub123"));
 	OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 			"token",
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java
@ -492,12 +492,9 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		body.put("sub", "test-subject");
 		OidcUserService userService = new OidcUserService();
 		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
-				scopes("message:read", "message:write"), idToken(body));
+				scopes("message:read", "message:write"), idToken().build());
 		OidcUser user = userService.loadUser(request);
 		assertThat(user.getAuthorities()).hasSize(3);
@ -509,12 +506,9 @@ public class OidcUserServiceTests {
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
 		Map<String, Object> body = new HashMap<>();
 		body.put("id", "id");
 		body.put("sub", "test-subject");
 		OidcUserService userService = new OidcUserService();
 		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
-				noScopes(), idToken(body));
+				noScopes(), idToken().build());
 		OidcUser user = userService.loadUser(request);
 		assertThat(user.getAuthorities()).hasSize(1);
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java
@ -17,8 +17,8 @@
 package org.springframework.security.oauth2.core.oidc;
 import java.time.Instant;
-import java.util.Collections;
+
-import java.util.Map;
+import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withTokenValue;
 /**
 * Test {@link OidcIdToken}s
@ -26,14 +26,12 @@ import java.util.Map;
 * @author Josh Cummings
 */
 public class TestOidcIdTokens {
-	public static OidcIdToken idToken() {
+	public static OidcIdToken.Builder idToken() {
-		return idToken(Collections.singletonMap("id", "id"));
+		return withTokenValue("id-token")
-	}
+				.issuer("https://example.com")
-
+				.subject("subject")
-	public static OidcIdToken idToken(Map<String, Object> claims) {
+				.issuedAt(Instant.now())
-		return new OidcIdToken("token",
+				.expiresAt(Instant.now().plusSeconds(86400))
-				Instant.now(),
+				.claim("id", "id");
 				Instant.now().plusSeconds(86400),
 				claims);
 	}
 }