/*
* Copyright 2006-2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package sparklr.common;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicReference;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.UserApprovalRequiredException;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.test.BeforeOAuth2Context;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.util.StreamUtils;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.ResponseErrorHandler;
import org.springframework.web.client.ResponseExtractor;
import sparklr.common.HttpTestUtils.UriBuilder;
/**
* @author Dave Syer
* @author Luke Taylor
*/
public abstract class AbstractEmptyAuthorizationCodeProviderTests extends AbstractIntegrationTests {
private AuthorizationCodeAccessTokenProvider accessTokenProvider;
private ClientHttpResponse tokenEndpointResponse;
@BeforeOAuth2Context
public void setupAccessTokenProvider() {
accessTokenProvider = new AuthorizationCodeAccessTokenProvider() {
private ResponseExtractor<OAuth2AccessToken> extractor = super.getResponseExtractor();
private ResponseExtractor<ResponseEntity<Void>> authExtractor = super.getAuthorizationResponseExtractor();
private ResponseErrorHandler errorHandler = super.getResponseErrorHandler();
@Override
protected ResponseErrorHandler getResponseErrorHandler() {
return new DefaultResponseErrorHandler() {
public void handleError(ClientHttpResponse response) throws IOException {
response.getHeaders();
response.getStatusCode();
tokenEndpointResponse = response;
errorHandler.handleError(response);
}
};
}
@Override
protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
return new ResponseExtractor<OAuth2AccessToken>() {
public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException {
try {
response.getHeaders();
response.getStatusCode();
tokenEndpointResponse = response;
return extractor.extractData(response);
}
catch (ResourceAccessException e) {
return null;
}
}
};
}
@Override
protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
return new ResponseExtractor<ResponseEntity<Void>>() {
public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
response.getHeaders();
response.getStatusCode();
tokenEndpointResponse = response;
return authExtractor.extractData(response);
}
};
}
};
context.setAccessTokenProvider(getAccessTokenProvider());
}
protected ResponseEntity<String> attemptToGetConfirmationPage(String clientId, String redirectUri) {
return attemptToGetConfirmationPage(clientId, redirectUri, "code");
}
protected ResponseEntity<String> attemptToGetConfirmationPage(String clientId, String redirectUri,
String responseType) {
HttpHeaders headers = getAuthenticatedHeaders();
return http.getForString(getAuthorizeUrl(clientId, redirectUri, responseType, "read"), headers);
}
private String getAuthorizeUrl(String clientId, String redirectUri, String responseType, String scope) {
UriBuilder uri = http.buildUri(authorizePath()).queryParam("state", "mystateid").queryParam("scope", scope);
if (responseType != null) {
uri.queryParam("response_type", responseType);
}
if (clientId != null) {
uri.queryParam("client_id", clientId);
}
if (redirectUri != null) {
uri.queryParam("redirect_uri", redirectUri);
}
return uri.build().toString();
}
protected HttpHeaders getAuthenticatedHeaders() {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_HTML));
headers.set("Authorization", getBasicAuthentication());
if (context.getRestTemplate() != null) {
context.getAccessTokenRequest().setHeaders(headers);
}
return headers;
}
protected String getAuthorizeUrl(String clientId, String redirectUri, String scope) {
UriBuilder uri = http.buildUri(authorizePath()).queryParam("response_type", "code")
.queryParam("state", "mystateid").queryParam("scope", scope);
if (clientId != null) {
uri.queryParam("client_id", clientId);
}
if (redirectUri != null) {
uri.queryParam("redirect_uri", redirectUri);
}
return uri.build().toString();
}
protected void approveAccessTokenGrant(String currentUri, boolean approved) {
AccessTokenRequest request = context.getAccessTokenRequest();
request.setHeaders(getAuthenticatedHeaders());
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
if (currentUri != null) {
request.setCurrentUri(currentUri);
}
String location = null;
try {
// First try to obtain the access token...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
}
catch (UserRedirectRequiredException e) {
// Expected and necessary, so that the correct state is set up in the request...
location = e.getRedirectUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
verifyAuthorizationPage(context.getRestTemplate(), location);
try {
// Now try again and the token provider will redirect for user approval...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
}
catch (UserApprovalRequiredException e) {
// Expected and necessary, so that the user can approve the grant...
location = e.getApprovalUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
// The approval (will be processed on the next attempt to obtain an access token)...
request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);
}
private void verifyAuthorizationPage(OAuth2RestTemplate restTemplate, String location) {
final AtomicReference<String> confirmationPage = new AtomicReference<String>();
AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider() {
@Override
protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
return new ResponseExtractor<ResponseEntity<Void>>() {
public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
confirmationPage.set(StreamUtils.copyToString(response.getBody(), Charset.forName("UTF-8")));
return new ResponseEntity<Void>(response.getHeaders(), response.getStatusCode());
}
};
}
};
try {
provider.obtainAuthorizationCode(restTemplate.getResource(), restTemplate.getOAuth2ClientContext()
.getAccessTokenRequest());
}
catch (UserApprovalRequiredException e) {
// ignore
}
String page = confirmationPage.get();
verifyAuthorizationPage(page);
}
protected void verifyAuthorizationPage(String page) {
}
protected AuthorizationCodeAccessTokenProvider getAccessTokenProvider() {
return accessTokenProvider;
}
protected ClientHttpResponse getTokenEndpointResponse() {
return tokenEndpointResponse;
}
protected static class MyTrustedClient extends AuthorizationCodeResourceDetails {
public MyTrustedClient(Object target) {
super();
setClientId("my-trusted-client");
setScope(Arrays.asList("read"));
setId(getClientId());
}
}
protected static class MyClientWithRegisteredRedirect extends MyTrustedClient {
public MyClientWithRegisteredRedirect(Object target) {
super(target);
setClientId("my-client-with-registered-redirect");
setPreEstablishedRedirectUri("http://anywhere?key=value");
}
}
}