package io.kaif.web.v1;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Mockito.*;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.util.EnumSet;
import java.util.Optional;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import io.kaif.model.account.Account;
import io.kaif.model.clientapp.ClientAppScope;
import io.kaif.model.clientapp.ClientAppUserAccessToken;
import io.kaif.test.MvcIntegrationTests;
public class ClientAppUserAccessTokenArgumentResolverTest extends MvcIntegrationTests {
@Test
public void missingBearerToken() throws Exception {
mockMvc.perform(get("/v1/echo/current-time")//
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isUnauthorized())
.andExpect(header().string("WWW-Authenticate", "Bearer realm=\"Kaif API\""));
mockMvc.perform(get("/v1/echo/current-time")//
.header(HttpHeaders.AUTHORIZATION, "Bearer ").contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isUnauthorized())
.andExpect(header().string("WWW-Authenticate", "Bearer realm=\"Kaif API\""))
.andExpect(jsonPath("$.errors[0].status", is(401)))
.andExpect(jsonPath("$.errors[0].title",
is("missing Bearer token in Authorization header")));
}
@Test
public void invalidToken() throws Exception {
when(clientAppService.verifyAccessToken("bad-token")).thenReturn(Optional.empty());
mockMvc.perform(get("/v1/echo/current-time")//
.header(HttpHeaders.AUTHORIZATION, "Bearer bad-token")
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isUnauthorized())
.andExpect(header().string("WWW-Authenticate",
q("Bearer realm='Kaif API', error='invalid_token', error_description='invalid token'")));
}
@Test
public void insufficientScope() throws Exception {
Account account = accountCitizen("user1");
ClientAppUserAccessToken token = new ClientAppUserAccessToken(account.getAccountId(),
account.getAuthorities(),
EnumSet.of(ClientAppScope.ARTICLE),
account.getUsername() + "-client-id",
account.getUsername() + "-client-secret");
when(clientAppService.verifyAccessToken("a-token")).thenReturn(Optional.of(token));
mockMvc.perform(get("/v1/echo/current-time")//
.header(HttpHeaders.AUTHORIZATION, "Bearer a-token ")
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden())
.andExpect(header().string("WWW-Authenticate",
q("Bearer realm='Kaif API', error='insufficient_scope', error_description='require scope public', scope='public'")));
}
}