Align Test Support Claims
Make all sub claims 'user' and all scopes 'read' to align with existing support for JWT Issue gh-7828 Issue gh-7789 Issue gh-7680 Issue gh-7618
This commit is contained in:
Josh Cummings
parent
30adabb685
commit
689fc9df0c
|
|
@ -79,6 +79,6 @@ public class OAuth2LoginControllerTests {
|
|||
public void indexGreetsAuthenticatedUser() {
|
||||
this.rest.mutateWith(mockOAuth2Login())
|
||||
.get().uri("/").exchange()
|
||||
.expectBody(String.class).value(containsString("test-subject"));
|
||||
.expectBody(String.class).value(containsString("user"));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -263,9 +263,9 @@ public class OAuth2LoginApplicationTests {
|
|||
public void requestWhenMockOAuth2LoginThenIndex() throws Exception {
|
||||
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("github");
|
||||
this.mvc.perform(get("/").with(oauth2Login().clientRegistration(clientRegistration)))
|
||||
.andExpect(model().attribute("userName", "test-subject"))
|
||||
.andExpect(model().attribute("userName", "user"))
|
||||
.andExpect(model().attribute("clientName", "GitHub"))
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "test-subject")));
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "user")));
|
||||
}
|
||||
|
||||
private void assertLoginPage(HtmlPage page) {
|
||||
|
|
|
|||
|
|
@ -64,9 +64,9 @@ public class OAuth2LoginControllerTests {
|
|||
@Test
|
||||
public void rootWhenAuthenticatedReturnsUserAndClient() throws Exception {
|
||||
this.mvc.perform(get("/").with(oauth2Login()))
|
||||
.andExpect(model().attribute("userName", "test-subject"))
|
||||
.andExpect(model().attribute("userName", "user"))
|
||||
.andExpect(model().attribute("clientName", "test"))
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "test-subject")));
|
||||
.andExpect(model().attribute("userAttributes", Collections.singletonMap("sub", "user")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -185,7 +185,7 @@ public class SecurityMockServerConfigurers {
|
|||
*/
|
||||
public static OAuth2LoginMutator mockOAuth2Login() {
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
|
||||
null, null, Collections.singleton("user"));
|
||||
null, null, Collections.singleton("read"));
|
||||
return new OAuth2LoginMutator(accessToken);
|
||||
}
|
||||
|
||||
|
|
@ -200,7 +200,7 @@ public class SecurityMockServerConfigurers {
|
|||
*/
|
||||
public static OidcLoginMutator mockOidcLogin() {
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
|
||||
null, null, Collections.singleton("user"));
|
||||
null, null, Collections.singleton("read"));
|
||||
return new OidcLoginMutator(accessToken);
|
||||
}
|
||||
|
||||
|
|
@ -844,7 +844,7 @@ public class SecurityMockServerConfigurers {
|
|||
|
||||
private Map<String, Object> defaultAttributes() {
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(this.nameAttributeKey, "test-subject");
|
||||
attributes.put(this.nameAttributeKey, "user");
|
||||
return attributes;
|
||||
}
|
||||
|
||||
|
|
@ -907,7 +907,7 @@ public class SecurityMockServerConfigurers {
|
|||
*/
|
||||
public OidcLoginMutator idToken(Consumer<OidcIdToken.Builder> idTokenBuilderConsumer) {
|
||||
OidcIdToken.Builder builder = OidcIdToken.withTokenValue("id-token");
|
||||
builder.subject("test-subject");
|
||||
builder.subject("user");
|
||||
idTokenBuilderConsumer.accept(builder);
|
||||
this.idToken = builder.build();
|
||||
this.oidcUser = this::defaultPrincipal;
|
||||
|
|
@ -1018,7 +1018,7 @@ public class SecurityMockServerConfigurers {
|
|||
|
||||
private OidcIdToken getOidcIdToken() {
|
||||
if (this.idToken == null) {
|
||||
return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "test-subject"));
|
||||
return new OidcIdToken("id-token", null, null, Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
|
||||
} else {
|
||||
return this.idToken;
|
||||
}
|
||||
|
|
@ -1041,7 +1041,7 @@ public class SecurityMockServerConfigurers {
|
|||
private String registrationId = "test";
|
||||
private ClientRegistration clientRegistration;
|
||||
private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
|
||||
"access-token", null, null, Collections.singleton("user"));
|
||||
"access-token", null, null, Collections.singleton("read"));
|
||||
|
||||
private ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
|
||||
new WebSessionServerOAuth2AuthorizedClientRepository();
|
||||
|
|
@ -1122,7 +1122,7 @@ public class SecurityMockServerConfigurers {
|
|||
throw new IllegalArgumentException("Please specify a ClientRegistration via one " +
|
||||
"of the clientRegistration methods");
|
||||
}
|
||||
return new OAuth2AuthorizedClient(this.clientRegistration, "test-subject", this.accessToken);
|
||||
return new OAuth2AuthorizedClient(this.clientRegistration, "user", this.accessToken);
|
||||
}
|
||||
|
||||
private ClientRegistration.Builder clientRegistrationBuilder() {
|
||||
|
|
|
|||
|
|
@ -398,7 +398,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
*/
|
||||
public static OAuth2LoginRequestPostProcessor oauth2Login() {
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
|
||||
null, null, Collections.singleton("user"));
|
||||
null, null, Collections.singleton("read"));
|
||||
return new OAuth2LoginRequestPostProcessor(accessToken);
|
||||
}
|
||||
|
||||
|
|
@ -428,7 +428,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
*/
|
||||
public static OidcLoginRequestPostProcessor oidcLogin() {
|
||||
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token",
|
||||
null, null, Collections.singleton("user"));
|
||||
null, null, Collections.singleton("read"));
|
||||
return new OidcLoginRequestPostProcessor(accessToken);
|
||||
}
|
||||
|
||||
|
|
@ -1435,7 +1435,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
|
||||
private Map<String, Object> defaultAttributes() {
|
||||
Map<String, Object> attributes = new HashMap<>();
|
||||
attributes.put(this.nameAttributeKey, "test-subject");
|
||||
attributes.put(this.nameAttributeKey, "user");
|
||||
return attributes;
|
||||
}
|
||||
|
||||
|
|
@ -1495,7 +1495,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
*/
|
||||
public OidcLoginRequestPostProcessor idToken(Consumer<OidcIdToken.Builder> idTokenBuilderConsumer) {
|
||||
OidcIdToken.Builder builder = OidcIdToken.withTokenValue("id-token");
|
||||
builder.subject("test-subject");
|
||||
builder.subject("user");
|
||||
idTokenBuilderConsumer.accept(builder);
|
||||
this.idToken = builder.build();
|
||||
this.oidcUser = this::defaultPrincipal;
|
||||
|
|
@ -1577,7 +1577,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
private OidcIdToken getOidcIdToken() {
|
||||
if (this.idToken == null) {
|
||||
return new OidcIdToken("id-token", null, null,
|
||||
Collections.singletonMap(IdTokenClaimNames.SUB, "test-subject"));
|
||||
Collections.singletonMap(IdTokenClaimNames.SUB, "user"));
|
||||
} else {
|
||||
return this.idToken;
|
||||
}
|
||||
|
|
@ -1600,7 +1600,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
private String registrationId = "test";
|
||||
private ClientRegistration clientRegistration;
|
||||
private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
|
||||
"access-token", null, null, Collections.singleton("user"));
|
||||
"access-token", null, null, Collections.singleton("read"));
|
||||
|
||||
private OAuth2ClientRequestPostProcessor() {
|
||||
}
|
||||
|
|
@ -1654,7 +1654,7 @@ public final class SecurityMockMvcRequestPostProcessors {
|
|||
"of the clientRegistration methods");
|
||||
}
|
||||
OAuth2AuthorizedClient client = new OAuth2AuthorizedClient
|
||||
(this.clientRegistration, "test-subject", this.accessToken);
|
||||
(this.clientRegistration, "user", this.accessToken);
|
||||
OAuth2AuthorizedClientRepository authorizedClientRepository =
|
||||
new HttpSessionOAuth2AuthorizedClientRepository();
|
||||
authorizedClientRepository.saveAuthorizedClient(client, null, request, new MockHttpServletResponse());
|
||||
|
|
|
|||
|
|
@ -86,9 +86,9 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
|
|||
assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
|
||||
assertThat(token.getPrincipal()).isInstanceOf(OAuth2User.class);
|
||||
assertThat(token.getPrincipal().getAttributes())
|
||||
.containsEntry("sub", "test-subject");
|
||||
.containsEntry("sub", "user");
|
||||
assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
|
||||
.contains(new SimpleGrantedAuthority("SCOPE_user"));
|
||||
.contains(new SimpleGrantedAuthority("SCOPE_read"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -134,7 +134,7 @@ public class SecurityMockServerConfigurersOAuth2LoginTests extends AbstractMockS
|
|||
@Test
|
||||
public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
|
||||
OAuth2User oauth2User = new DefaultOAuth2User(
|
||||
AuthorityUtils.createAuthorityList("SCOPE_user"),
|
||||
AuthorityUtils.createAuthorityList("SCOPE_read"),
|
||||
Collections.singletonMap("sub", "subject"),
|
||||
"sub");
|
||||
|
||||
|
|
|
|||
|
|
@ -86,9 +86,9 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
|
|||
assertThat(token.getAuthorizedClientRegistrationId()).isEqualTo("test");
|
||||
assertThat(token.getPrincipal()).isInstanceOf(OidcUser.class);
|
||||
assertThat(token.getPrincipal().getAttributes())
|
||||
.containsEntry("sub", "test-subject");
|
||||
.containsEntry("sub", "user");
|
||||
assertThat((Collection<GrantedAuthority>) token.getPrincipal().getAuthorities())
|
||||
.contains(new SimpleGrantedAuthority("SCOPE_user"));
|
||||
.contains(new SimpleGrantedAuthority("SCOPE_read"));
|
||||
assertThat(((OidcUser) token.getPrincipal()).getIdToken().getTokenValue())
|
||||
.isEqualTo("id-token");
|
||||
}
|
||||
|
|
@ -150,7 +150,7 @@ public class SecurityMockServerConfigurersOidcLoginTests extends AbstractMockSer
|
|||
@Test
|
||||
public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
|
||||
OidcUser oidcUser = new DefaultOidcUser(
|
||||
AuthorityUtils.createAuthorityList("SCOPE_user"), idToken().build());
|
||||
AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
|
||||
|
||||
this.client.mutateWith(mockOidcLogin()
|
||||
.idToken(i -> i.subject("foo"))
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
|
|||
throws Exception {
|
||||
|
||||
this.mvc.perform(get("/name").with(oauth2Login()))
|
||||
.andExpect(content().string("test-subject"));
|
||||
.andExpect(content().string("user"));
|
||||
this.mvc.perform(get("/admin/id-token/name").with(oauth2Login()))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
|
@ -120,7 +120,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
|
|||
@Test
|
||||
public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception {
|
||||
OAuth2User oauth2User = new DefaultOAuth2User(
|
||||
AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_user"),
|
||||
AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"),
|
||||
Collections.singletonMap("custom-attribute", "test-subject"),
|
||||
"custom-attribute");
|
||||
this.mvc.perform(get("/attributes/custom-attribute")
|
||||
|
|
@ -142,7 +142,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
|
|||
@Test
|
||||
public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
|
||||
OAuth2User oauth2User = new DefaultOAuth2User(
|
||||
AuthorityUtils.createAuthorityList("SCOPE_user"),
|
||||
AuthorityUtils.createAuthorityList("SCOPE_read"),
|
||||
Collections.singletonMap("username", "user"),
|
||||
"username");
|
||||
|
||||
|
|
@ -167,7 +167,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
|
|||
http
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
|
||||
.anyRequest().hasAuthority("SCOPE_user")
|
||||
.anyRequest().hasAuthority("SCOPE_read")
|
||||
).oauth2Login();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
|
|||
throws Exception {
|
||||
|
||||
this.mvc.perform(get("/name").with(oidcLogin()))
|
||||
.andExpect(content().string("test-subject"));
|
||||
.andExpect(content().string("user"));
|
||||
this.mvc.perform(get("/admin/id-token/name").with(oidcLogin()))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
|
@ -133,7 +133,7 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
|
|||
@Test
|
||||
public void oidcLoginWhenOidcUserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
|
||||
OidcUser oidcUser = new DefaultOidcUser(
|
||||
AuthorityUtils.createAuthorityList("SCOPE_user"), idToken().build());
|
||||
AuthorityUtils.createAuthorityList("SCOPE_read"), idToken().build());
|
||||
|
||||
this.mvc.perform(get("/id-token/sub")
|
||||
.with(oidcLogin()
|
||||
|
|
@ -156,7 +156,7 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
|
|||
http
|
||||
.authorizeRequests()
|
||||
.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
|
||||
.anyRequest().hasAuthority("SCOPE_user")
|
||||
.anyRequest().hasAuthority("SCOPE_read")
|
||||
.and()
|
||||
.oauth2Login();
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue