parent
64e063d948
commit
02f161aba7
|
@ -15,7 +15,6 @@
|
|||
*/
|
||||
package org.springframework.security.config.annotation.web.configurers.oauth2.client;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
|
@ -93,6 +92,7 @@ import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
|||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
|
||||
import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
|
@ -982,8 +982,7 @@ public class OAuth2LoginConfigurerTests {
|
|||
}
|
||||
|
||||
private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
|
||||
OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
|
||||
Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
|
||||
OidcIdToken idToken = idToken().build();
|
||||
return request -> new DefaultOidcUser(
|
||||
Collections.singleton(new OidcUserAuthority(idToken)), idToken);
|
||||
}
|
||||
|
|
|
@ -16,12 +16,21 @@
|
|||
|
||||
package org.springframework.security.oauth2.client.oidc.authentication;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
|
||||
|
@ -42,23 +51,17 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
|
|||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
|
||||
import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
|
||||
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.jwt.JwtException;
|
||||
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.time.Instant;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager.createHash;
|
||||
|
@ -87,8 +90,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
|
|||
.success("code")
|
||||
.state("state");
|
||||
|
||||
private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
|
||||
Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
|
||||
private OidcIdToken idToken = TestOidcIdTokens.idToken().build();
|
||||
|
||||
private OidcAuthorizationCodeReactiveAuthenticationManager manager;
|
||||
|
||||
|
|
|
@ -75,9 +75,7 @@ public class OidcReactiveOAuth2UserServiceTests {
|
|||
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
|
||||
.userNameAttributeName(IdTokenClaimNames.SUB);
|
||||
|
||||
private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
|
||||
Instant.now().plusSeconds(3600), Collections
|
||||
.singletonMap(IdTokenClaimNames.SUB, "sub123"));
|
||||
private OidcIdToken idToken = idToken().build();
|
||||
|
||||
private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
|
||||
"token",
|
||||
|
@ -149,7 +147,7 @@ public class OidcReactiveOAuth2UserServiceTests {
|
|||
@Test
|
||||
public void loadUserWhenOAuth2UserThenUserInfoNotNull() {
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(StandardClaimNames.SUB, "sub123");
|
||||
attributes.put(StandardClaimNames.SUB, "subject");
|
||||
attributes.put("user", "rob");
|
||||
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
|
||||
attributes, "user");
|
||||
|
@ -162,7 +160,7 @@ public class OidcReactiveOAuth2UserServiceTests {
|
|||
public void loadUserWhenOAuth2UserAndUser() {
|
||||
this.registration.userNameAttributeName("user");
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(StandardClaimNames.SUB, "sub123");
|
||||
attributes.put(StandardClaimNames.SUB, "subject");
|
||||
attributes.put("user", "rob");
|
||||
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
|
||||
attributes, "user");
|
||||
|
@ -174,7 +172,7 @@ public class OidcReactiveOAuth2UserServiceTests {
|
|||
@Test
|
||||
public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(StandardClaimNames.SUB, "sub123");
|
||||
attributes.put(StandardClaimNames.SUB, "subject");
|
||||
attributes.put("user", "rob");
|
||||
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
|
||||
attributes, "user");
|
||||
|
@ -195,12 +193,9 @@ public class OidcReactiveOAuth2UserServiceTests {
|
|||
|
||||
@Test
|
||||
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
|
||||
Map<String, Object> body = new HashMap<>();
|
||||
body.put("id", "id");
|
||||
body.put("sub", "test-subject");
|
||||
OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
|
||||
OidcUserRequest request = new OidcUserRequest(
|
||||
clientRegistration().build(), scopes("message:read", "message:write"), idToken(body));
|
||||
clientRegistration().build(), scopes("message:read", "message:write"), idToken().build());
|
||||
OidcUser user = userService.loadUser(request).block();
|
||||
|
||||
assertThat(user.getAuthorities()).hasSize(3);
|
||||
|
@ -212,12 +207,9 @@ public class OidcReactiveOAuth2UserServiceTests {
|
|||
|
||||
@Test
|
||||
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
|
||||
Map<String, Object> body = new HashMap<>();
|
||||
body.put("id", "id");
|
||||
body.put("sub", "test-subject");
|
||||
OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
|
||||
OidcUserRequest request = new OidcUserRequest(
|
||||
clientRegistration().build(), noScopes(), idToken(body));
|
||||
clientRegistration().build(), noScopes(), idToken().build());
|
||||
OidcUser user = userService.loadUser(request).block();
|
||||
|
||||
assertThat(user.getAuthorities()).hasSize(1);
|
||||
|
|
|
@ -15,23 +15,23 @@
|
|||
*/
|
||||
package org.springframework.security.oauth2.client.oidc.userinfo;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
|
||||
import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
|
||||
|
||||
/**
|
||||
* Tests for {@link OidcUserRequest}.
|
||||
|
@ -46,27 +46,11 @@ public class OidcUserRequestTests {
|
|||
|
||||
@Before
|
||||
public void setUp() {
|
||||
this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
|
||||
.clientId("client-1")
|
||||
.clientSecret("secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
|
||||
.redirectUriTemplate("https://client.com")
|
||||
.scope(new LinkedHashSet<>(Arrays.asList("openid", "profile")))
|
||||
.authorizationUri("https://provider.com/oauth2/authorization")
|
||||
.tokenUri("https://provider.com/oauth2/token")
|
||||
.jwkSetUri("https://provider.com/keys")
|
||||
.clientName("Client 1")
|
||||
.build();
|
||||
this.clientRegistration = clientRegistration().build();
|
||||
this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
|
||||
"access-token-1234", Instant.now(), Instant.now().plusSeconds(60),
|
||||
new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
|
||||
Map<String, Object> claims = new HashMap<>();
|
||||
claims.put(IdTokenClaimNames.ISS, "https://provider.com");
|
||||
claims.put(IdTokenClaimNames.SUB, "subject1");
|
||||
claims.put(IdTokenClaimNames.AZP, "client-1");
|
||||
this.idToken = new OidcIdToken("id-token-1234", Instant.now(),
|
||||
Instant.now().plusSeconds(3600), claims);
|
||||
this.idToken = idToken().authorizedParty(this.clientRegistration.getClientId()).build();
|
||||
this.additionalParameters = new HashMap<>();
|
||||
this.additionalParameters.put("param1", "value1");
|
||||
this.additionalParameters.put("param2", "value2");
|
||||
|
|
|
@ -16,19 +16,20 @@
|
|||
|
||||
package org.springframework.security.oauth2.client.oidc.userinfo;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
|
@ -37,9 +38,7 @@ import static org.assertj.core.api.Assertions.*;
|
|||
public class OidcUserRequestUtilsTests {
|
||||
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
|
||||
|
||||
OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
|
||||
Instant.now().plusSeconds(3600), Collections
|
||||
.singletonMap(IdTokenClaimNames.SUB, "sub123"));
|
||||
OidcIdToken idToken = TestOidcIdTokens.idToken().build();
|
||||
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
|
||||
"token",
|
||||
|
|
|
@ -492,12 +492,9 @@ public class OidcUserServiceTests {
|
|||
|
||||
@Test
|
||||
public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
|
||||
Map<String, Object> body = new HashMap<>();
|
||||
body.put("id", "id");
|
||||
body.put("sub", "test-subject");
|
||||
OidcUserService userService = new OidcUserService();
|
||||
OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
|
||||
scopes("message:read", "message:write"), idToken(body));
|
||||
scopes("message:read", "message:write"), idToken().build());
|
||||
OidcUser user = userService.loadUser(request);
|
||||
|
||||
assertThat(user.getAuthorities()).hasSize(3);
|
||||
|
@ -509,12 +506,9 @@ public class OidcUserServiceTests {
|
|||
|
||||
@Test
|
||||
public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
|
||||
Map<String, Object> body = new HashMap<>();
|
||||
body.put("id", "id");
|
||||
body.put("sub", "test-subject");
|
||||
OidcUserService userService = new OidcUserService();
|
||||
OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
|
||||
noScopes(), idToken(body));
|
||||
noScopes(), idToken().build());
|
||||
OidcUser user = userService.loadUser(request);
|
||||
|
||||
assertThat(user.getAuthorities()).hasSize(1);
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
package org.springframework.security.oauth2.core.oidc;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withTokenValue;
|
||||
|
||||
/**
|
||||
* Test {@link OidcIdToken}s
|
||||
|
@ -26,14 +26,12 @@ import java.util.Map;
|
|||
* @author Josh Cummings
|
||||
*/
|
||||
public class TestOidcIdTokens {
|
||||
public static OidcIdToken idToken() {
|
||||
return idToken(Collections.singletonMap("id", "id"));
|
||||
}
|
||||
|
||||
public static OidcIdToken idToken(Map<String, Object> claims) {
|
||||
return new OidcIdToken("token",
|
||||
Instant.now(),
|
||||
Instant.now().plusSeconds(86400),
|
||||
claims);
|
||||
public static OidcIdToken.Builder idToken() {
|
||||
return withTokenValue("id-token")
|
||||
.issuer("https://example.com")
|
||||
.subject("subject")
|
||||
.issuedAt(Instant.now())
|
||||
.expiresAt(Instant.now().plusSeconds(86400))
|
||||
.claim("id", "id");
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue