Use OidcIdToken.Builder

Issue gh-7592
This commit is contained in:
Josh Cummings 2019-12-09 17:19:25 -07:00
parent 64e063d948
commit 02f161aba7
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
7 changed files with 55 additions and 87 deletions

View File

@ -15,7 +15,6 @@
*/
package org.springframework.security.config.annotation.web.configurers.oauth2.client;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@ -93,6 +92,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
@ -982,8 +982,7 @@ public class OAuth2LoginConfigurerTests {
}
private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
OidcIdToken idToken = idToken().build();
return request -> new DefaultOidcUser(
Collections.singleton(new OidcUserAuthority(idToken)), idToken);
}

View File

@ -16,12 +16,21 @@
package org.springframework.security.oauth2.client.oidc.authentication;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import reactor.core.publisher.Mono;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
@ -42,23 +51,17 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import reactor.core.publisher.Mono;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import static org.assertj.core.api.Assertions.*;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatCode;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager.createHash;
@ -87,8 +90,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
.success("code")
.state("state");
private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
private OidcIdToken idToken = TestOidcIdTokens.idToken().build();
private OidcAuthorizationCodeReactiveAuthenticationManager manager;

View File

@ -75,9 +75,7 @@ public class OidcReactiveOAuth2UserServiceTests {
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
.userNameAttributeName(IdTokenClaimNames.SUB);
private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
Instant.now().plusSeconds(3600), Collections
.singletonMap(IdTokenClaimNames.SUB, "sub123"));
private OidcIdToken idToken = idToken().build();
private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
"token",
@ -149,7 +147,7 @@ public class OidcReactiveOAuth2UserServiceTests {
@Test
public void loadUserWhenOAuth2UserThenUserInfoNotNull() {
Map<String, Object> attributes = new HashMap<>();
attributes.put(StandardClaimNames.SUB, "sub123");
attributes.put(StandardClaimNames.SUB, "subject");
attributes.put("user", "rob");
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
attributes, "user");
@ -162,7 +160,7 @@ public class OidcReactiveOAuth2UserServiceTests {
public void loadUserWhenOAuth2UserAndUser() {
this.registration.userNameAttributeName("user");
Map<String, Object> attributes = new HashMap<>();
attributes.put(StandardClaimNames.SUB, "sub123");
attributes.put(StandardClaimNames.SUB, "subject");
attributes.put("user", "rob");
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
attributes, "user");
@ -174,7 +172,7 @@ public class OidcReactiveOAuth2UserServiceTests {
@Test
public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
Map<String, Object> attributes = new HashMap<>();
attributes.put(StandardClaimNames.SUB, "sub123");
attributes.put(StandardClaimNames.SUB, "subject");
attributes.put("user", "rob");
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
attributes, "user");
@ -195,12 +193,9 @@ public class OidcReactiveOAuth2UserServiceTests {
@Test
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
Map<String, Object> body = new HashMap<>();
body.put("id", "id");
body.put("sub", "test-subject");
OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
OidcUserRequest request = new OidcUserRequest(
clientRegistration().build(), scopes("message:read", "message:write"), idToken(body));
clientRegistration().build(), scopes("message:read", "message:write"), idToken().build());
OidcUser user = userService.loadUser(request).block();
assertThat(user.getAuthorities()).hasSize(3);
@ -212,12 +207,9 @@ public class OidcReactiveOAuth2UserServiceTests {
@Test
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
Map<String, Object> body = new HashMap<>();
body.put("id", "id");
body.put("sub", "test-subject");
OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
OidcUserRequest request = new OidcUserRequest(
clientRegistration().build(), noScopes(), idToken(body));
clientRegistration().build(), noScopes(), idToken().build());
OidcUser user = userService.loadUser(request).block();
assertThat(user.getAuthorities()).hasSize(1);

View File

@ -15,23 +15,23 @@
*/
package org.springframework.security.oauth2.client.oidc.userinfo;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import java.time.Instant;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
/**
* Tests for {@link OidcUserRequest}.
@ -46,27 +46,11 @@ public class OidcUserRequestTests {
@Before
public void setUp() {
this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("https://client.com")
.scope(new LinkedHashSet<>(Arrays.asList("openid", "profile")))
.authorizationUri("https://provider.com/oauth2/authorization")
.tokenUri("https://provider.com/oauth2/token")
.jwkSetUri("https://provider.com/keys")
.clientName("Client 1")
.build();
this.clientRegistration = clientRegistration().build();
this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
"access-token-1234", Instant.now(), Instant.now().plusSeconds(60),
new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.ISS, "https://provider.com");
claims.put(IdTokenClaimNames.SUB, "subject1");
claims.put(IdTokenClaimNames.AZP, "client-1");
this.idToken = new OidcIdToken("id-token-1234", Instant.now(),
Instant.now().plusSeconds(3600), claims);
this.idToken = idToken().authorizedParty(this.clientRegistration.getClientId()).build();
this.additionalParameters = new HashMap<>();
this.additionalParameters.put("param1", "value1");
this.additionalParameters.put("param2", "value2");

View File

@ -16,19 +16,20 @@
package org.springframework.security.oauth2.client.oidc.userinfo;
import org.junit.Test;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import java.time.Duration;
import java.time.Instant;
import java.util.Collections;
import static org.assertj.core.api.Assertions.*;
import org.junit.Test;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Rob Winch
@ -37,9 +38,7 @@ import static org.assertj.core.api.Assertions.*;
public class OidcUserRequestUtilsTests {
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
Instant.now().plusSeconds(3600), Collections
.singletonMap(IdTokenClaimNames.SUB, "sub123"));
OidcIdToken idToken = TestOidcIdTokens.idToken().build();
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
"token",

View File

@ -492,12 +492,9 @@ public class OidcUserServiceTests {
@Test
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
Map<String, Object> body = new HashMap<>();
body.put("id", "id");
body.put("sub", "test-subject");
OidcUserService userService = new OidcUserService();
OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
scopes("message:read", "message:write"), idToken(body));
scopes("message:read", "message:write"), idToken().build());
OidcUser user = userService.loadUser(request);
assertThat(user.getAuthorities()).hasSize(3);
@ -509,12 +506,9 @@ public class OidcUserServiceTests {
@Test
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
Map<String, Object> body = new HashMap<>();
body.put("id", "id");
body.put("sub", "test-subject");
OidcUserService userService = new OidcUserService();
OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
noScopes(), idToken(body));
noScopes(), idToken().build());
OidcUser user = userService.loadUser(request);
assertThat(user.getAuthorities()).hasSize(1);

View File

@ -17,8 +17,8 @@
package org.springframework.security.oauth2.core.oidc;
import java.time.Instant;
import java.util.Collections;
import java.util.Map;
import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withTokenValue;
/**
* Test {@link OidcIdToken}s
@ -26,14 +26,12 @@ import java.util.Map;
* @author Josh Cummings
*/
public class TestOidcIdTokens {
public static OidcIdToken idToken() {
return idToken(Collections.singletonMap("id", "id"));
}
public static OidcIdToken idToken(Map<String, Object> claims) {
return new OidcIdToken("token",
Instant.now(),
Instant.now().plusSeconds(86400),
claims);
public static OidcIdToken.Builder idToken() {
return withTokenValue("id-token")
.issuer("https://example.com")
.subject("subject")
.issuedAt(Instant.now())
.expiresAt(Instant.now().plusSeconds(86400))
.claim("id", "id");
}
}