/**
* =============================================================================
*
* ORCID (R) Open Source
* http://orcid.org
*
* Copyright (c) 2012-2014 ORCID, Inc.
* Licensed under an MIT-Style License (MIT)
* http://orcid.org/open-source-license
*
* This copyright and license information (including a link to the full license)
* shall be included in its entirety in all copies or substantial portion of
* the software.
*
* =============================================================================
*/
package org.orcid.core.security.visibility.aop;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
import static org.mockito.Mockito.when;
import java.util.Arrays;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.orcid.core.BaseTest;
import org.orcid.jaxb.model.message.ScopePathType;
import org.orcid.persistence.dao.OrcidOauth2TokenDetailDao;
public class OrcidApiAuthorizationSecurityAspectTest extends BaseTest {
private final String clientId = "APP-0001";
private final String userOrcid = "0000-0000-0000-0001";
OrcidApiAuthorizationSecurityAspect orcidApiAuthorizationSecurityAspect;
@Mock
private OrcidOauth2TokenDetailDao mockedOrcidOauth2TokenDetailDao;
@Before
public void setup() {
if(orcidApiAuthorizationSecurityAspect == null) {
orcidApiAuthorizationSecurityAspect = new OrcidApiAuthorizationSecurityAspect();
}
MockitoAnnotations.initMocks(this);
orcidApiAuthorizationSecurityAspect.setOrcidOauth2TokenDetailDao(mockedOrcidOauth2TokenDetailDao);
}
@Test
public void testActivitiesReadLimitedScopes() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/activities/read-limited"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
@Test
public void testActivitiesUpdateScopes() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/activities/update"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
@Test
public void testWorksReadLimitedScopes() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/orcid-works/read-limited"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
@Test
public void testFundingReadLimitedScopes() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/funding/read-limited"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
@Test
public void testAffiliationsReadLimitedScopes() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/affiliations/read-limited"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
}
@Test
public void testOrcidBioScopes() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/orcid-bio/read-limited"));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/orcid-bio/external-identifiers/create"));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
}
@Test
public void testOrcidProfileReadLimitedScope() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/orcid-profile/read-limited"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
@Test
public void testPersonReadLimitedScope() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/person/read-limited"));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
@Test
public void testPersonUpdateScope() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/person/update"));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
@Test
public void testCombineSomeScopes() {
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/person/update", "/orcid-works/update"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/person/update", "/orcid-works/update", "/funding/read-limited"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertFalse(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
when(mockedOrcidOauth2TokenDetailDao.findAvailableScopesByUserAndClientId(clientId, userOrcid)).thenReturn(Arrays.asList("/person/update", "/orcid-works/update", "/funding/read-limited", "/activities/read-limited"));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.ORCID_WORKS_READ_LIMITED.getContent(), ScopePathType.ORCID_WORKS_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.FUNDING_READ_LIMITED.getContent(), ScopePathType.FUNDING_UPDATE.getContent()));
assertTrue(orcidApiAuthorizationSecurityAspect.hasScopeEnabled(clientId, userOrcid, ScopePathType.AFFILIATIONS_READ_LIMITED.getContent(), ScopePathType.AFFILIATIONS_UPDATE.getContent()));
}
}