Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 17:22:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

TestClientRegistrations

Browse Source 
Fixes: gh-5651
This commit is contained in:
Rob Winch 2018-08-17 22:44:19 -05:00
parent 5ddb25fff8
commit b02ce59188
21 changed files with 185 additions and 414 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/spring-security-config.gradle
View File

@ -31,6 +31,7 @@ dependencies {
testCompile project(':spring-security-cas')
testCompile project(':spring-security-test')
testCompile project(path : ':spring-security-core', configuration : 'tests')
testCompile project(path : ':spring-security-oauth2-client', configuration : 'tests')
testCompile project(path : ':spring-security-web', configuration : 'tests')
testCompile apachedsDependencies
testCompile powerMock2Dependencies

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
View File

@ -37,6 +37,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
@ -98,7 +99,8 @@ public class OAuth2ClientConfigurerTests {
@Before
public void setup() {
this.registration1 = ClientRegistration.withRegistrationId("registration-1")
this.registration1 = TestClientRegistrations.clientRegistration()
.registrationId("registration-1")
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)

67
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java
View File

@ -20,8 +20,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import static org.assertj.core.api.Assertions.assertThat;
@ -34,53 +33,17 @@ import static org.mockito.Mockito.when;
* @author Joe Grandja
*/
public class InMemoryOAuth2AuthorizedClientServiceTests {
private String registrationId1 = "registration-1";
private String registrationId2 = "registration-2";
private String registrationId3 = "registration-3";
private String principalName1 = "principal-1";
private String principalName2 = "principal-2";
private ClientRegistration registration1 = ClientRegistration.withRegistrationId(this.registrationId1)
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("user")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/user")
.userNameAttributeName("id")
.clientName("client-1")
.build();
private ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build();
private ClientRegistration registration2 = ClientRegistration.withRegistrationId(this.registrationId2)
.clientId("client-2")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/userinfo")
.jwkSetUri("https://provider.com/oauth2/keys")
.clientName("client-2")
.build();
private ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build();
private ClientRegistration registration3 = ClientRegistration.withRegistrationId(this.registrationId3)
.clientId("client-3")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("openid", "profile")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/userinfo")
.jwkSetUri("https://provider.com/oauth2/keys")
.clientName("client-3")
.build();
private ClientRegistration registration3 = TestClientRegistrations.clientRegistration()
.clientId("client-3")
.registrationId("registration-3")
.build();
private ClientRegistrationRepository clientRegistrationRepository =
new InMemoryClientRegistrationRepository(this.registration1, this.registration2, this.registration3);
@ -101,7 +64,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
@Test(expected = IllegalArgumentException.class)
public void loadAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
this.authorizedClientService.loadAuthorizedClient(this.registrationId1, null);
this.authorizedClientService.loadAuthorizedClient(this.registration1.getRegistrationId(), null);
}
@Test
@ -114,7 +77,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
@Test
public void loadAuthorizedClientWhenClientRegistrationFoundButNotAssociatedToPrincipalThenReturnNull() {
OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
this.registrationId1, "principal-not-found");
this.registration1.getRegistrationId(), "principal-not-found");
assertThat(authorizedClient).isNull();
}
@ -128,7 +91,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
this.registrationId1, this.principalName1);
this.registration1.getRegistrationId(), this.principalName1);
assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
}
@ -152,7 +115,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
this.registrationId3, this.principalName2);
this.registration3.getRegistrationId(), this.principalName2);
assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient);
}
@ -163,7 +126,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
@Test(expected = IllegalArgumentException.class)
public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() {
this.authorizedClientService.removeAuthorizedClient(this.registrationId2, null);
this.authorizedClientService.removeAuthorizedClient(this.registration3.getRegistrationId(), null);
}
@Test
@ -176,13 +139,13 @@ public class InMemoryOAuth2AuthorizedClientServiceTests {
this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication);
OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
this.registrationId2, this.principalName2);
this.registration2.getRegistrationId(), this.principalName2);
assertThat(loadedAuthorizedClient).isNotNull();
this.authorizedClientService.removeAuthorizedClient(this.registrationId2, this.principalName2);
this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2);
loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient(
this.registrationId2, this.principalName2);
this.registration2.getRegistrationId(), this.principalName2);
assertThat(loadedAuthorizedClient).isNull();
}
}

15
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java
View File

@ -39,6 +39,7 @@ import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClient
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
@ -70,19 +71,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
@Mock
private ReactiveOAuth2AuthorizedClientService authorizedClientService;
private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri("https://api.github.com/user")
.userNameAttributeName("id")
.clientName("GitHub")
.clientId("clientId")
.jwkSetUri("https://example.com/oauth2/jwk")
.clientSecret("clientSecret");
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse
.success("code")

18
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java
View File

@ -28,8 +28,7 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@ -58,19 +57,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
String tokenUri = this.server.url("/oauth2/token").toString();
this.clientRegistration = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("https://example.com/oauth2/code/github")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri(tokenUri)
.userInfoUri("https://api.example.com/user")
.userNameAttributeName("user-name")
.clientName("GitHub")
.clientId("clientId")
.jwkSetUri("https://example.com/oauth2/jwk")
.clientSecret("clientSecret");
this.clientRegistration = TestClientRegistrations.clientRegistration()
.tokenUri(tokenUri);
}
@After

22
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
View File

@ -31,9 +31,8 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@ -79,19 +78,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
@Mock
private ReactiveJwtDecoder jwtDecoder;
private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("openid")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri("https://api.github.com/user")
.userNameAttributeName("id")
.clientName("GitHub")
.clientId("clientId")
.jwkSetUri("https://example.com/oauth2/jwk")
.clientSecret("clientSecret");
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
.scope("openid");
private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse
.success("code")
@ -178,7 +166,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
claims.put(IdTokenClaimNames.SUB, "rob");
claims.put(IdTokenClaimNames.AUD, Arrays.asList("clientId"));
claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
Instant issuedAt = Instant.now();
Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600);
Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims);
@ -200,7 +188,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
claims.put(IdTokenClaimNames.SUB, "rob");
claims.put(IdTokenClaimNames.AUD, Arrays.asList("clientId"));
claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
Instant issuedAt = Instant.now();
Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600);
Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims);

15
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcTokenValidatorTests.java
View File

@ -19,8 +19,7 @@ package org.springframework.security.oauth2.client.oidc.authentication;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
@ -38,17 +37,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
* @since 5.1
*/
public class OidcTokenValidatorTests {
private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("client-foo-bar")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationUri("https://example.com/oauth2/authorize")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.userInfoUri("https://example.com/users/me")
.clientId("client-id")
.clientName("client-name")
.clientSecret("client-secret")
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("user")
.tokenUri("https://example.com/oauth/access_token");
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
private Map<String, Object> claims = new HashMap<>();
private Instant issuedAt = Instant.now();

18
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java
View File

@ -23,10 +23,9 @@ import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
@ -57,17 +56,8 @@ public class OidcReactiveOAuth2UserServiceTests {
@Mock
private ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService;
private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("id")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationUri("https://example.com/oauth2/authorize")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.userInfoUri("https://example.com/users/me")
.clientId("client-id")
.clientName("client-name")
.clientSecret("client-secret")
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("user")
.tokenUri("https://example.com/oauth/access_token");
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
.userNameAttributeName(IdTokenClaimNames.SUB);
private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
Instant.now().plusSeconds(3600), Collections
@ -77,7 +67,7 @@ public class OidcReactiveOAuth2UserServiceTests {
"token",
Instant.now(),
Instant.now().plus(Duration.ofDays(1)),
Collections.singleton("user"));
Collections.singleton("read:user"));
private OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();

16
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java
View File

@ -18,8 +18,8 @@ package org.springframework.security.oauth2.client.oidc.userinfo;
import org.junit.Test;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
@ -35,17 +35,7 @@ import static org.assertj.core.api.Assertions.*;
* @since 5.1
*/
public class OidcUserRequestUtilsTests {
private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("id")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationUri("https://example.com/oauth2/authorize")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.userInfoUri("https://example.com/users/me")
.clientId("client-id")
.clientName("client-name")
.clientSecret("client-secret")
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("user")
.tokenUri("https://example.com/oauth/access_token");
private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
Instant.now().plusSeconds(3600), Collections
@ -55,7 +45,7 @@ public class OidcUserRequestUtilsTests {
"token",
Instant.now(),
Instant.now().plus(Duration.ofDays(1)),
Collections.singleton("user"));
Collections.singleton("read:user"));
@Test
public void shouldRetrieveUserInfoWhenEndpointDefinedAndScopesOverlapThenTrue() {

14
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java
View File

@ -17,8 +17,6 @@
package org.springframework.security.oauth2.client.registration;
import org.junit.Test;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import java.util.Arrays;
import java.util.Collections;
@ -33,17 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat;
* @since 5.0
*/
public class InMemoryClientRegistrationRepositoryTests {
private ClientRegistration registration = ClientRegistration.withRegistrationId("id")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationUri("https://example.com/oauth2/authorize")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.clientId("client-id")
.clientName("client-name")
.clientSecret("client-secret")
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("user")
.tokenUri("https://example.com/oauth/access_token")
.build();
private ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
private InMemoryClientRegistrationRepository clients = new InMemoryClientRegistrationRepository(this.registration);

26
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java
View File

@ -23,8 +23,6 @@ import java.util.List;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import reactor.test.StepVerifier;
@ -34,25 +32,13 @@ import reactor.test.StepVerifier;
*/
public class InMemoryReactiveClientRegistrationRepositoryTests {
private ClientRegistration github = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri("https://api.github.com/user")
.userNameAttributeName("id")
.clientName("GitHub")
.clientId("clientId")
.clientSecret("clientSecret")
.build();
private ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
private InMemoryReactiveClientRegistrationRepository repository;
@Before
public void setup() {
this.repository = new InMemoryReactiveClientRegistrationRepository(this.github);
this.repository = new InMemoryReactiveClientRegistrationRepository(this.registration);
}
@Test
@ -84,20 +70,20 @@ public class InMemoryReactiveClientRegistrationRepositoryTests {
@Test
public void findByRegistrationIdWhenValidIdThenFound() {
StepVerifier.create(this.repository.findByRegistrationId(this.github.getRegistrationId()))
.expectNext(this.github)
StepVerifier.create(this.repository.findByRegistrationId(this.registration.getRegistrationId()))
.expectNext(this.registration)
.verifyComplete();
}
@Test
public void findByRegistrationIdWhenNotValidIdThenEmpty() {
StepVerifier.create(this.repository.findByRegistrationId(this.github.getRegistrationId() + "invalid"))
StepVerifier.create(this.repository.findByRegistrationId(this.registration.getRegistrationId() + "invalid"))
.verifyComplete();
}
@Test
public void iteratorWhenContainsGithubThenContains() {
assertThat(this.repository.iterator())
.containsOnly(this.github);
.containsOnly(this.registration);
}
}

57
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.client.registration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
/**
* @author Rob Winch
* @since 5.1
*/
public class TestClientRegistrations {
public static ClientRegistration.Builder clientRegistration() {
return ClientRegistration.withRegistrationId("registration-id")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://example.com/login/oauth/authorize")
.tokenUri("https://example.com/login/oauth/access_token")
.jwkSetUri("https://example.com/oauth2/jwk")
.userInfoUri("https://api.example.com/user")
.userNameAttributeName("id")
.clientName("Client Name")
.clientId("client-id")
.clientSecret("client-secret");
}
public static ClientRegistration.Builder clientRegistration2() {
return ClientRegistration.withRegistrationId("registration-id-2")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://example.com/login/oauth/authorize")
.tokenUri("https://example.com/login/oauth/access_token")
.userInfoUri("https://api.example.com/user")
.userNameAttributeName("id")
.clientName("Client Name")
.clientId("client-id-2")
.clientSecret("client-secret");
}
}

28
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java
View File

@ -26,9 +26,8 @@ import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.AuthenticationMethod;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.user.OAuth2User;
@ -63,19 +62,8 @@ public class DefaultReactiveOAuth2UserServiceTests {
String userInfoUri = this.server.url("/user").toString();
this.clientRegistration = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri(userInfoUri)
.userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
.userNameAttributeName("user-name")
.clientName("GitHub")
.clientId("clientId")
.clientSecret("clientSecret");
this.clientRegistration = TestClientRegistrations.clientRegistration()
.userInfoUri(userInfoUri);
}
@After
@ -118,7 +106,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
@Test
public void loadUserWhenUserInfoSuccessResponseThenReturnUser() throws Exception {
String userInfoResponse = "{\n" +
" \"user-name\": \"user1\",\n" +
" \"id\": \"user1\",\n" +
" \"first-name\": \"first\",\n" +
" \"last-name\": \"last\",\n" +
" \"middle-name\": \"middle\",\n" +
@ -131,7 +119,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
assertThat(user.getName()).isEqualTo("user1");
assertThat(user.getAttributes().size()).isEqualTo(6);
assertThat(user.getAttributes().get("user-name")).isEqualTo("user1");
assertThat(user.getAttributes().get("id")).isEqualTo("user1");
assertThat(user.getAttributes().get("first-name")).isEqualTo("first");
assertThat(user.getAttributes().get("last-name")).isEqualTo("last");
assertThat(user.getAttributes().get("middle-name")).isEqualTo("middle");
@ -150,7 +138,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.HEADER);
String userInfoResponse = "{\n" +
" \"user-name\": \"user1\",\n" +
" \"id\": \"user1\",\n" +
" \"first-name\": \"first\",\n" +
" \"last-name\": \"last\",\n" +
" \"middle-name\": \"middle\",\n" +
@ -172,7 +160,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
this.clientRegistration.userInfoAuthenticationMethod( AuthenticationMethod.FORM);
String userInfoResponse = "{\n" +
" \"user-name\": \"user1\",\n" +
" \"id\": \"user1\",\n" +
" \"first-name\": \"first\",\n" +
" \"last-name\": \"last\",\n" +
" \"middle-name\": \"middle\",\n" +
@ -193,7 +181,7 @@ public class DefaultReactiveOAuth2UserServiceTests {
@Test
public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() throws Exception {
String userInfoResponse = "{\n" +
" \"user-name\": \"user1\",\n" +
" \"id\": \"user1\",\n" +
" \"first-name\": \"first\",\n" +
" \"last-name\": \"last\",\n" +
" \"middle-name\": \"middle\",\n" +

44
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java
View File

@ -21,8 +21,8 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -45,32 +45,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
@Before
public void setUp() {
this.registration1 = ClientRegistration.withRegistrationId("registration-1")
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.scope("user")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/user")
.userNameAttributeName("id")
.clientName("client-1")
.build();
this.registration2 = ClientRegistration.withRegistrationId("registration-2")
.clientId("client-2")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/userinfo")
.jwkSetUri("https://provider.com/oauth2/keys")
.clientName("client-2")
.build();
this.registration1 = TestClientRegistrations.clientRegistration().build();
this.registration2 = TestClientRegistrations.clientRegistration2().build();
this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
this.registration1, this.registration2);
this.resolver = new DefaultOAuth2AuthorizationRequestResolver(
@ -131,7 +107,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
assertThat(authorizationRequest.getState()).isNotNull();
assertThat(authorizationRequest.getAdditionalParameters())
.containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()));
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id");
}
@Test
@ -188,7 +164,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
request.setServletPath(requestUri);
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-1");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-id");
}
@Test
@ -202,7 +178,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
request.setServletPath(requestUri);
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=https%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-1");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=https%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-id");
}
@Test
@ -213,7 +189,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
request.setServletPath(requestUri);
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId());
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-1");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-id");
}
@Test
@ -224,7 +200,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
request.setServletPath(requestUri);
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-2&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-2");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id-2&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id-2");
}
@Test
@ -236,7 +212,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
request.setServletPath(requestUri);
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-1");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-id");
}
@Test
@ -248,6 +224,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
request.setServletPath(requestUri);
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-2&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-2");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id-2&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id-2");
}
}

37
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java
View File

@ -21,8 +21,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import javax.servlet.http.HttpSession;
@ -38,37 +37,15 @@ import static org.mockito.Mockito.mock;
* @author Joe Grandja
*/
public class HttpSessionOAuth2AuthorizedClientRepositoryTests {
private String registrationId1 = "registration-1";
private String registrationId2 = "registration-2";
private String principalName1 = "principalName-1";
private ClientRegistration registration1 = ClientRegistration.withRegistrationId(this.registrationId1)
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("user")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/user")
.userNameAttributeName("id")
.clientName("client-1")
.build();
private ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build();
private ClientRegistration registration2 = ClientRegistration.withRegistrationId(this.registrationId2)
.clientId("client-2")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/userinfo")
.jwkSetUri("https://provider.com/oauth2/keys")
.clientName("client-2")
.build();
private ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build();
private String registrationId1 = this.registration1.getRegistrationId();
private String registrationId2 = this.registration2.getRegistrationId();
private HttpSessionOAuth2AuthorizedClientRepository authorizedClientRepository =
new HttpSessionOAuth2AuthorizedClientRepository();

17
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java
View File

@ -38,8 +38,7 @@ import org.springframework.security.oauth2.client.authentication.OAuth2Authoriza
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
@ -82,19 +81,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests {
@Before
public void setup() {
this.registration1 = ClientRegistration.withRegistrationId("registration-1")
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/callback/client-1")
.scope("user")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/user")
.userNameAttributeName("id")
.clientName("client-1")
.build();
this.registration1 = TestClientRegistrations.clientRegistration().build();
this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1);
this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository);
this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService);

51
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java
View File

@ -24,8 +24,8 @@ import org.springframework.security.oauth2.client.ClientAuthorizationRequiredExc
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.util.ClassUtils;
@ -60,41 +60,12 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
@Before
public void setUp() {
this.registration1 = ClientRegistration.withRegistrationId("registration-1")
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.scope("user")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/user")
.userNameAttributeName("id")
.clientName("client-1")
.build();
this.registration2 = ClientRegistration.withRegistrationId("registration-2")
.clientId("client-2")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/userinfo")
.jwkSetUri("https://provider.com/oauth2/keys")
.clientName("client-2")
.build();
this.registration3 = ClientRegistration.withRegistrationId("registration-3")
.clientId("client-3")
this.registration1 = TestClientRegistrations.clientRegistration().build();
this.registration2 = TestClientRegistrations.clientRegistration2().build();
this.registration3 = TestClientRegistrations.clientRegistration()
.registrationId("registration-3")
.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
.redirectUriTemplate("{baseUrl}/authorize/oauth2/implicit/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/userinfo")
.clientName("client-3")
.build();
this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
this.registration1, this.registration2, this.registration3);
@ -180,7 +151,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
verifyZeroInteractions(filterChain);
assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1");
assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id");
}
@Test
@ -216,7 +187,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
verifyZeroInteractions(filterChain);
assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=token&client_id=client-3&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fimplicit%2Fregistration-3");
assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=token&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fimplicit%2Fregistration-3");
}
@Test
@ -254,7 +225,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
verifyZeroInteractions(filterChain);
assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1");
assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id");
}
@Test
@ -272,7 +243,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-1");
assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-id");
verify(this.requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
}
@ -327,7 +298,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
verifyZeroInteractions(filterChain);
assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1&idp=https%3A%2F%2Fother.provider.com");
assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id&idp=https%3A%2F%2Fother.provider.com");
}
// gh-4911, gh-5244
@ -368,6 +339,6 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
verifyZeroInteractions(filterChain);
assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1&login_hint=user@provider\\.com");
assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id&login_hint=user@provider\\.com");
}
}

29
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java
View File

@ -35,6 +35,7 @@ import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuth
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
@ -80,32 +81,8 @@ public class OAuth2LoginAuthenticationFilterTests {
@Before
public void setUp() {
this.registration1 = ClientRegistration.withRegistrationId("registration-1")
.clientId("client-1")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("user")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/user")
.userNameAttributeName("id")
.clientName("client-1")
.build();
this.registration2 = ClientRegistration.withRegistrationId("registration-2")
.clientId("client-2")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://provider.com/oauth2/authorize")
.tokenUri("https://provider.com/oauth2/token")
.userInfoUri("https://provider.com/oauth2/userinfo")
.jwkSetUri("https://provider.com/oauth2/keys")
.clientName("client-2")
.build();
this.registration1 = TestClientRegistrations.clientRegistration().build();
this.registration2 = TestClientRegistrations.clientRegistration2().build();
this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
this.registration1, this.registration2);
this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository);

36
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java
View File

@ -38,8 +38,7 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@ -77,18 +76,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
private MockExchangeFunction exchange = new MockExchangeFunction();
private ClientRegistration github = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri("https://api.github.com/user")
.userNameAttributeName("id")
.clientName("GitHub")
.clientId("clientId")
.clientSecret("clientSecret")
private ClientRegistration registration = TestClientRegistrations.clientRegistration()
.build();
private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
@ -108,7 +96,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
@Test
public void filterWhenAuthorizedClientThenAuthorizationHeader() {
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -121,7 +109,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
@Test
public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.header(HttpHeaders.AUTHORIZATION, "Existing")
@ -154,7 +142,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService);
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken, refreshToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -171,8 +159,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
assertThat(requests).hasSize(2);
ClientRequest request0 = requests.get(0);
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0");
assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token");
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token");
assertThat(request0.method()).isEqualTo(HttpMethod.POST);
assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token");
@ -203,7 +191,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService);
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken, refreshToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -218,8 +206,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
assertThat(requests).hasSize(2);
ClientRequest request0 = requests.get(0);
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0");
assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token");
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token");
assertThat(request0.method()).isEqualTo(HttpMethod.POST);
assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token");
@ -234,7 +222,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
public void filterWhenRefreshTokenNullThenShouldRefreshFalse() {
this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -257,7 +245,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests {
this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService);
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt(), this.accessToken.getExpiresAt());
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken, refreshToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))

44
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java
View File

@ -47,9 +47,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
@ -105,18 +104,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
private Authentication authentication;
private ClientRegistration github = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri("https://api.github.com/user")
.userNameAttributeName("id")
.clientName("GitHub")
.clientId("clientId")
.clientSecret("clientSecret")
private ClientRegistration registration = TestClientRegistrations.clientRegistration()
.build();
private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
@ -170,7 +158,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
@Test
public void defaultRequestOAuth2AuthorizedClientWhenOAuth2AuthorizationClientAndClientIdThenNotOverride() {
this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
oauth2AuthorizedClient(authorizedClient).accept(this.result);
Map<String, Object> attrs = getDefaultRequestAttributes();
@ -213,7 +201,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
OAuth2User user = mock(OAuth2User.class);
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(user, authorities, "id");
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient);
authentication(token).accept(this.result);
@ -243,7 +231,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
OAuth2User user = mock(OAuth2User.class);
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(user, authorities, "id");
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient);
authentication(token).accept(this.result);
@ -260,7 +248,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository);
OAuth2User user = mock(OAuth2User.class);
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient);
clientRegistrationId("id").accept(this.result);
@ -292,7 +280,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
@Test
public void filterWhenAuthorizedClientThenAuthorizationHeader() {
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -305,7 +293,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
@Test
public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() {
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.header(HttpHeaders.AUTHORIZATION, "Existing")
@ -337,7 +325,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository);
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken, refreshToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -352,8 +340,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
assertThat(requests).hasSize(2);
ClientRequest request0 = requests.get(0);
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0");
assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token");
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token");
assertThat(request0.method()).isEqualTo(HttpMethod.POST);
assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token");
@ -383,7 +371,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository);
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken, refreshToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -398,8 +386,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
assertThat(requests).hasSize(2);
ClientRequest request0 = requests.get(0);
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0");
assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token");
assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=");
assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token");
assertThat(request0.method()).isEqualTo(HttpMethod.POST);
assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token");
@ -414,7 +402,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
public void filterWhenRefreshTokenNullThenShouldRefreshFalse() {
this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))
@ -437,7 +425,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests {
this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository);
OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt(), this.accessToken.getExpiresAt());
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github,
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration,
"principalName", this.accessToken, refreshToken);
ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com"))
.attributes(oauth2AuthorizedClient(authorizedClient))

40
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java
View File

@ -24,8 +24,7 @@ import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.test.web.reactive.server.FluxExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
@ -54,19 +53,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
@Mock
private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authzRequestRepository;
private ClientRegistration github = ClientRegistration.withRegistrationId("github")
.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("read:user")
.authorizationUri("https://github.com/login/oauth/authorize")
.tokenUri("https://github.com/login/oauth/access_token")
.userInfoUri("https://api.github.com/user")
.userNameAttributeName("id")
.clientName("GitHub")
.clientId("clientId")
.clientSecret("clientSecret")
.build();
private ClientRegistration registration = TestClientRegistrations.clientRegistration().build();
private OAuth2AuthorizationRequestRedirectWebFilter filter;
@ -79,8 +66,8 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
FilteringWebHandler webHandler = new FilteringWebHandler(e -> e.getResponse().setComplete(), Arrays.asList(this.filter));
this.client = WebTestClient.bindToWebHandler(webHandler).build();
when(this.clientRepository.findByRegistrationId(this.github.getRegistrationId())).thenReturn(
Mono.just(this.github));
when(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())).thenReturn(
Mono.just(this.registration));
when(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).thenReturn(
Mono.empty());
}
@ -118,19 +105,19 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
@Test
public void filterWhenDoesMatchThenClientRegistrationRepositoryNotSubscribed() {
FluxExchangeResult<String> result = this.client.get()
.uri("https://example.com/oauth2/authorization/github").exchange()
.uri("https://example.com/oauth2/authorization/registration-id").exchange()
.expectStatus().is3xxRedirection().returnResult(String.class);
result.assertWithDiagnostics(() -> {
URI location = result.getResponseHeaders().getLocation();
assertThat(location)
.hasScheme("https")
.hasHost("github.com")
.hasHost("example.com")
.hasPath("/login/oauth/authorize")
.hasParameter("response_type", "code")
.hasParameter("client_id", "clientId")
.hasParameter("client_id", "client-id")
.hasParameter("scope", "read:user")
.hasParameter("state")
.hasParameter("redirect_uri", "https://example.com/login/oauth2/code/github");
.hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id");
});
verify(this.authzRequestRepository).saveAuthorizationRequest(any(), any());
}
@ -139,25 +126,26 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests {
@Test
public void filterWhenDoesMatchThenResolveRedirectUriExpandedExcludesQueryString() {
FluxExchangeResult<String> result = this.client.get()
.uri("https://example.com/oauth2/authorization/github?foo=bar").exchange()
.uri("https://example.com/oauth2/authorization/registration-id?foo=bar").exchange()
.expectStatus().is3xxRedirection().returnResult(String.class);
result.assertWithDiagnostics(() -> {
URI location = result.getResponseHeaders().getLocation();
assertThat(location)
.hasScheme("https")
.hasHost("github.com")
.hasHost("example.com")
.hasPath("/login/oauth/authorize")
.hasParameter("response_type", "code")
.hasParameter("client_id", "clientId")
.hasParameter("client_id", "client-id")
.hasParameter("scope", "read:user")
.hasParameter("state")
.hasParameter("redirect_uri", "https://example.com/login/oauth2/code/github");
.hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id");
});
}
@Test
public void filterWhenExceptionThenRedirected() {
FilteringWebHandler webHandler = new FilteringWebHandler(e -> Mono.error(new ClientAuthorizationRequiredException(this.github.getRegistrationId())), Arrays.asList(this.filter));
FilteringWebHandler webHandler = new FilteringWebHandler(e -> Mono.error(new ClientAuthorizationRequiredException(this.registration
.getRegistrationId())), Arrays.asList(this.filter));
this.client = WebTestClient.bindToWebHandler(webHandler).build();
FluxExchangeResult<String> result = this.client.get()
.uri("https://example.com/foo").exchange()