Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-08 03:32:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Clock Skew Tests

Browse Source 
Fixes gh-7511

Co-authored-by: Isaac Cummings <josh.cummings+zac@gmail.com>
This commit is contained in:
Everett Irwin 2019-10-16 12:08:22 -06:00 committed by Josh Cummings
parent 264daec697
commit 6ad328f909
3 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsOAuth2AuthorizedClientProviderTests.java
View File

@ -153,4 +153,22 @@ public class ClientCredentialsOAuth2AuthorizedClientProviderTests {
.build(); .build();
assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
} }
@Test
public void authorizeWhenClientCredentialsAndTokenNotExpiredByClockSkewThenNotReauthorize() {
ClientCredentialsOAuth2AuthorizedClientProvider authorizedClientProvider =
new ClientCredentialsOAuth2AuthorizedClientProvider();
authorizedClientProvider.setClockSkew(Duration.ofHours(24));
Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
OAuth2AccessToken expiredToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token",
issuedAt, issuedAt.plus(Duration.ofHours(1)));
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
this.clientRegistration, this.principal.getName(), expiredToken);
OAuth2AuthorizationContext authorizationContext =
OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
.principal(this.principal)
.build();
assertThat(authorizedClientProvider.authorize(authorizationContext)).isNull();
}
} }

21
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java
View File

@ -187,4 +187,25 @@ public class PasswordOAuth2AuthorizedClientProviderTests {
.build(); .build();
assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull(); assertThat(this.authorizedClientProvider.authorize(authorizationContext)).isNull();
} }
@Test
public void authorizeWhenPasswordAndAuthorizedWithoutRefreshTokenAndTokenNotExpiredByClockSkewThenNotReauthorize() {
PasswordOAuth2AuthorizedClientProvider authorizedClientProvider =
new PasswordOAuth2AuthorizedClientProvider();
authorizedClientProvider.setClockSkew(Duration.ofHours(24));
Instant issuedAt = Instant.now().minus(Duration.ofDays(1));
Instant expiresAt = issuedAt.plus(Duration.ofMinutes(60));
OAuth2AccessToken accessToken = new OAuth2AccessToken(
OAuth2AccessToken.TokenType.BEARER, "access-token-expired", issuedAt, expiresAt);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(
this.clientRegistration, this.principal.getName(), accessToken); // without refresh token
OAuth2AuthorizationContext authorizationContext =
OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
.attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, "username")
.attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, "password")
.principal(this.principal)
.build();
assertThat(authorizedClientProvider.authorize(authorizationContext)).isNull();
}
} }

15
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java
View File

@ -135,6 +135,21 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests {
assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull(); assertThat(this.authorizedClientProvider.authorize(authorizationContext).block()).isNull();
} }
@Test
public void authorizeWhenAuthorizedAndAccessTokenNotExpiredByClockSkewThenNotReauthorize() {
RefreshTokenReactiveOAuth2AuthorizedClientProvider authorizedClientProvider
= new RefreshTokenReactiveOAuth2AuthorizedClientProvider();
authorizedClientProvider.setClockSkew(Duration.ofHours(24));
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(),
this.authorizedClient.getAccessToken(), this.authorizedClient.getRefreshToken());
OAuth2AuthorizationContext authorizationContext =
OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient)
.principal(this.principal)
.build();
assertThat(authorizedClientProvider.authorize(authorizationContext).block()).isNull();
}
@Test @Test
public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() { public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() {
OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse()