From 3a7083c7e967ee33a0daef2788928edb85abf506 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Tue, 7 Aug 2018 21:49:19 -0500 Subject: [PATCH] Add Tests For OAuth2 Fixes: gh-5699 --- .../spring-security-oauth2-client.gradle | 1 + ...AuthorizationCodeAuthenticationTokens.java | 47 +++++++++++++++++++ .../oauth2/core/TestOAuth2AccessTokens.java | 33 +++++++++++++ .../oauth2/core/TestOAuth2RefreshTokens.java | 31 ++++++++++++ .../TestOAuth2AccessTokenResponses.java | 30 ++++++++++++ .../TestOAuth2AuthorizationExchanges.java | 30 ++++++++++++ .../TestOAuth2AuthorizationRequests.java | 39 +++++++++++++++ .../TestOAuth2AuthorizationResponses.java | 36 ++++++++++++++ 8 files changed, 247 insertions(+) create mode 100644 oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java diff --git a/oauth2/oauth2-client/spring-security-oauth2-client.gradle b/oauth2/oauth2-client/spring-security-oauth2-client.gradle index 188582aa64..76a3006591 100644 --- a/oauth2/oauth2-client/spring-security-oauth2-client.gradle +++ b/oauth2/oauth2-client/spring-security-oauth2-client.gradle @@ -11,6 +11,7 @@ dependencies { optional 'io.projectreactor:reactor-core' optional 'org.springframework:spring-webflux' + testCompile project(path: ':spring-security-oauth2-core', configuration: 'tests') testCompile powerMock2Dependencies testCompile 'com.squareup.okhttp3:mockwebserver' testCompile 'com.fasterxml.jackson.core:jackson-databind' diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java new file mode 100644 index 0000000000..e551e94baf --- /dev/null +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/TestOAuth2AuthorizationCodeAuthenticationTokens.java @@ -0,0 +1,47 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.client.authentication; + +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.OAuth2RefreshToken; +import org.springframework.security.oauth2.core.TestOAuth2AccessTokens; +import org.springframework.security.oauth2.core.TestOAuth2RefreshTokens; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; +import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestOAuth2AuthorizationCodeAuthenticationTokens { + + public static OAuth2AuthorizationCodeAuthenticationToken unauthenticated() { + ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); + OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success(); + return new OAuth2AuthorizationCodeAuthenticationToken(registration, exchange); + } + + public static OAuth2AuthorizationCodeAuthenticationToken authenticated() { + ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); + OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success(); + OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); + OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken(); + return new OAuth2AuthorizationCodeAuthenticationToken(registration, exchange, accessToken, refreshToken); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java new file mode 100644 index 0000000000..bcad6de54f --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2AccessTokens.java @@ -0,0 +1,33 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core; + +import java.time.Duration; +import java.time.Instant; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestOAuth2AccessTokens { + public static OAuth2AccessToken noScopes() { + return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, + "no-scopes", + Instant.now(), + Instant.now().plus(Duration.ofDays(1))); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java new file mode 100644 index 0000000000..d66a413055 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/TestOAuth2RefreshTokens.java @@ -0,0 +1,31 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core; + +import java.time.Duration; +import java.time.Instant; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestOAuth2RefreshTokens { + public static OAuth2RefreshToken refreshToken() { + return new OAuth2RefreshToken("refresh-token", Instant.now(), + Instant.now().plus(Duration.ofDays(1))); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java new file mode 100644 index 0000000000..4f953afea1 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java @@ -0,0 +1,30 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core.endpoint; + +import org.springframework.security.oauth2.core.OAuth2AccessToken; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestOAuth2AccessTokenResponses { + public static OAuth2AccessTokenResponse.Builder accessTokenResponse() { + return OAuth2AccessTokenResponse.withToken("token") + .tokenType(OAuth2AccessToken.TokenType.BEARER); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java new file mode 100644 index 0000000000..6fcd371224 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationExchanges.java @@ -0,0 +1,30 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core.endpoint; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestOAuth2AuthorizationExchanges { + + public static OAuth2AuthorizationExchange success() { + OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().build(); + OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); + return new OAuth2AuthorizationExchange(request, response); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java new file mode 100644 index 0000000000..6b10c24343 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationRequests.java @@ -0,0 +1,39 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core.endpoint; + +import java.util.HashMap; +import java.util.Map; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestOAuth2AuthorizationRequests { + public static OAuth2AuthorizationRequest.Builder request() { + String registrationId = "registration-id"; + String clientId = "client-id"; + Map additionalParameters = new HashMap<>(); + additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, registrationId); + return OAuth2AuthorizationRequest.authorizationCode() + .authorizationUri("https://example.com/login/oauth/authorize") + .clientId(clientId) + .redirectUri("https://example.com/authorize/oauth2/code/registration-id") + .state("state") + .additionalParameters(additionalParameters); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java new file mode 100644 index 0000000000..d43f6b93a7 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AuthorizationResponses.java @@ -0,0 +1,36 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core.endpoint; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestOAuth2AuthorizationResponses { + + public static OAuth2AuthorizationResponse.Builder success() { + return OAuth2AuthorizationResponse.success("authorization-code") + .state("state") + .redirectUri("https://example.com/authorize/oauth2/code/registration-id"); + } + + public static OAuth2AuthorizationResponse.Builder error() { + return OAuth2AuthorizationResponse.error("error") + .redirectUri("https://example.com/authorize/oauth2/code/registration-id") + .errorUri("https://example.com/error"); + } +}