/*
* Copyright 2002-2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.provider;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.util.SerializationUtils;
import org.springframework.util.StringUtils;
/**
* @author Dave Syer
* @author Christian Hilmersson
*
*/
public class AuthorizationRequestTests {
private Map<String, String> parameters;
@Before
public void prepare() {
parameters = new HashMap<String, String>();
parameters.put("client_id", "theClient");
parameters.put("state", "XYZ123");
parameters.put("redirect_uri", "http://www.callistaenterprise.se");
}
@Test
public void testApproval() throws Exception {
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
assertFalse(authorizationRequest.isApproved());
authorizationRequest.setApproved(true);
assertTrue(authorizationRequest.isApproved());
}
/**
* Ensure that setting the scope does not alter the original request parameters.
*
* @throws Exception
*/
@Test
public void testScopeNotSetInParameters() throws Exception {
parameters.put("scope", "read,write");
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
authorizationRequest.setScope(StringUtils.commaDelimitedListToSet("foo,bar"));
assertFalse(authorizationRequest.getRequestParameters().get(OAuth2Utils.SCOPE).contains("bar"));
assertFalse(authorizationRequest.getRequestParameters().get(OAuth2Utils.SCOPE).contains("foo"));
}
/**
* Ensure that setting a single value scope which contains spaces
* will result in exploding multiple scopes.
*/
@Test
public void testSpaceSeparatedScopesAreExploded() throws Exception {
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
String multiScope = "foo bar";
authorizationRequest.setScope(Collections.singleton(multiScope));
assertEquals(authorizationRequest.getScope().size(), 2);
assertTrue(authorizationRequest.getScope().containsAll(Arrays.asList("foo", "bar")));
assertFalse(authorizationRequest.getScope().contains(multiScope));
}
/**
* Ensure that setting a single value scope which contains commas
* will result in exploding multiple scopes.
*/
@Test
public void testCommaInScopeIsAllowed() throws Exception {
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
String multiScope = "foo,bar";
authorizationRequest.setScope(Collections.singleton(multiScope));
assertEquals(authorizationRequest.getScope().size(), 1);
assertTrue(authorizationRequest.getScope().contains(multiScope));
}
@Test
public void testClientIdNotOverwitten() throws Exception {
AuthorizationRequest authorizationRequest = new AuthorizationRequest("client", Arrays.asList("read"));
parameters = new HashMap<String, String>();
parameters.put("scope", "write");
authorizationRequest.setRequestParameters(parameters);
assertEquals("client", authorizationRequest.getClientId());
assertEquals(1, authorizationRequest.getScope().size());
assertTrue(authorizationRequest.getScope().contains("read"));
assertFalse(authorizationRequest.getRequestParameters().get(OAuth2Utils.SCOPE).contains("read"));
}
@Test
public void testScopeWithSpace() throws Exception {
parameters.put("scope", "bar foo");
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
authorizationRequest.setScope(Collections.singleton("foo bar"));
assertEquals("bar foo", authorizationRequest.getRequestParameters().get(OAuth2Utils.SCOPE));
}
/**
* Tests that the construction of an AuthorizationRequest objects using
* a parameter Map maintains a sorted order of the scope.
*/
@Test
public void testScopeSortedOrder() {
// Arbitrary scope set
String scopeString = "AUTHORITY_A AUTHORITY_X AUTHORITY_B AUTHORITY_C AUTHORITY_D " +
"AUTHORITY_Y AUTHORITY_V AUTHORITY_ZZ AUTHORITY_DYV AUTHORITY_ABC AUTHORITY_BA " +
"AUTHORITY_AV AUTHORITY_AB AUTHORITY_CDA AUTHORITY_ABCD";
// Create correctly sorted scope string
Set<String> sortedSet = OAuth2Utils.parseParameterList(scopeString);
assertTrue(sortedSet instanceof SortedSet);
String sortedScopeString = OAuth2Utils.formatParameterList(sortedSet);
parameters.put("scope", scopeString);
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
authorizationRequest.setScope(sortedSet);
// Assert that the scope parameter is still sorted
String fromAR = OAuth2Utils.formatParameterList(authorizationRequest.getScope());
assertEquals(sortedScopeString, fromAR);
}
@Test
public void testRedirectUriDefaultsToMap() {
parameters.put("scope", "one two");
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
assertEquals("XYZ123", authorizationRequest.getState());
assertEquals("theClient", authorizationRequest.getClientId());
assertEquals("http://www.callistaenterprise.se", authorizationRequest.getRedirectUri());
assertEquals("http://www.callistaenterprise.se", authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI));
assertEquals("[one, two]", authorizationRequest.getScope().toString());
}
@Test
public void testSerialization() {
AuthorizationRequest authorizationRequest = createFromParameters(parameters);
AuthorizationRequest other = (AuthorizationRequest) SerializationUtils.deserialize(SerializationUtils
.serialize(authorizationRequest));
assertEquals(authorizationRequest, other);
}
private AuthorizationRequest createFromParameters(Map<String, String> authorizationParameters) {
AuthorizationRequest request = new AuthorizationRequest(authorizationParameters, Collections.<String, String> emptyMap(),
authorizationParameters.get(OAuth2Utils.CLIENT_ID),
OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.SCOPE)), null,
null, false, authorizationParameters.get(OAuth2Utils.STATE),
authorizationParameters.get(OAuth2Utils.REDIRECT_URI),
OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.RESPONSE_TYPE)));
return request;
}
}