DefaultAccessTokenConverterTests.java

/*
 * Copyright 2013-2014 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package org.springframework.security.oauth2.provider.token;

import java.util.*;

import org.junit.Before;
import org.junit.Test;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.RequestTokenFactory;


import static java.util.Collections.singleton;
import static java.util.Collections.singletonMap;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;

/**
 * @author Dave Syer
 *
 */
public class DefaultAccessTokenConverterTests {

	private String ROLE_CLIENT = "ROLE_CLIENT";
	private String ROLE_USER = "ROLE_USER";

	private DefaultAccessTokenConverter converter = new DefaultAccessTokenConverter();

	private UsernamePasswordAuthenticationToken userAuthentication = new UsernamePasswordAuthenticationToken("foo",
			"bar", singleton(new SimpleGrantedAuthority(ROLE_USER)));

	private OAuth2Request request;

	@Before
	public void init() {
		request = RequestTokenFactory.createOAuth2Request(null, "id",
				AuthorityUtils.commaSeparatedStringToAuthorityList(ROLE_CLIENT), true, singleton("read"),
				singleton("resource"), null, null, null);
	}

	@Test
	public void extractAuthentication() {
		DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
		OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
		token.setScope(authentication.getOAuth2Request().getScope());
		Map<String, ?> map = converter.convertAccessToken(token, authentication);
		assertTrue(map.containsKey(AccessTokenConverter.AUD));
		assertTrue(map.containsKey(AccessTokenConverter.SCOPE));
		assertTrue(map.containsKey(AccessTokenConverter.AUTHORITIES));
		assertEquals(singleton(ROLE_USER), map.get(AccessTokenConverter.AUTHORITIES));
		OAuth2Authentication extracted = converter.extractAuthentication(map);
		assertTrue(extracted.getOAuth2Request().getResourceIds().contains("resource"));
		assertEquals("[ROLE_USER]", extracted.getAuthorities().toString());
	}

	@Test
	public void extractAuthenticationFromClientToken() {
		DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
		OAuth2Authentication authentication = new OAuth2Authentication(request, null);
		token.setScope(authentication.getOAuth2Request().getScope());
		Map<String, ?> map = converter.convertAccessToken(token, authentication);
		assertTrue(map.containsKey(AccessTokenConverter.AUD));
		assertTrue(map.containsKey(AccessTokenConverter.SCOPE));
		assertTrue(map.containsKey(AccessTokenConverter.AUTHORITIES));
		assertEquals(singleton(ROLE_CLIENT), map.get(AccessTokenConverter.AUTHORITIES));
		OAuth2Authentication extracted = converter.extractAuthentication(map);
		assertTrue(extracted.getOAuth2Request().getResourceIds().contains("resource"));
		assertEquals("[ROLE_CLIENT]", extracted.getAuthorities().toString());
	}

	@Test
	public void extractAuthenticationFromClientTokenSingleValuedAudience() {
		DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
		OAuth2Authentication authentication = new OAuth2Authentication(request, null);
		token.setScope(authentication.getOAuth2Request().getScope());
		Map<String, Object> map = new LinkedHashMap<String, Object>(converter.convertAccessToken(token, authentication));
		@SuppressWarnings("unchecked")
		Object aud = ((Collection<Object>)map.get(AccessTokenConverter.AUD)).iterator().next();
		map.put(AccessTokenConverter.AUD, aud);
		assertTrue(map.containsKey(AccessTokenConverter.AUD));
		OAuth2Authentication extracted = converter.extractAuthentication(map);
		assertEquals("["+aud+"]", extracted.getOAuth2Request().getResourceIds().toString());
	}

	// gh-745
	@Test
	public void extractAuthenticationSingleScopeString() {
		String scope = "read";
		Map<String, Object> tokenAttrs = new HashMap<String, Object>();
		tokenAttrs.put(AccessTokenConverter.SCOPE, scope);
		OAuth2Authentication authentication = converter.extractAuthentication(tokenAttrs);
		assertEquals(Collections.singleton(scope), authentication.getOAuth2Request().getScope());
	}

	// gh-745
	@Test
	public void extractAuthenticationMultiScopeCollection() {
		Set<String> scopes = new HashSet<String>(Arrays.asList("read", "write", "read-write"));
		Map<String, Object> tokenAttrs = new HashMap<String, Object>();
		tokenAttrs.put(AccessTokenConverter.SCOPE, scopes);
		OAuth2Authentication authentication = converter.extractAuthentication(tokenAttrs);
		assertEquals(scopes, authentication.getOAuth2Request().getScope());
	}

	// gh-836 (passes incidentally per gh-745)
	@Test
	public void extractAuthenticationMultiScopeString() {
		String scopes = "read write read-write";
		assertEquals(new HashSet<String>(Arrays.asList(scopes.split(" "))),
						converter.extractAuthentication(singletonMap(AccessTokenConverter.SCOPE,
										scopes)).getOAuth2Request().getScope());
	}

	// gh-745
	@Test
	public void extractAccessTokenSingleScopeString() {
		String scope = "read";
		Map<String, Object> tokenAttrs = new HashMap<String, Object>();
		tokenAttrs.put(AccessTokenConverter.SCOPE, scope);
		OAuth2AccessToken accessToken = converter.extractAccessToken("token-value", tokenAttrs);
		assertEquals(Collections.singleton(scope), accessToken.getScope());
	}

	// gh-745
	@Test
	public void extractAccessTokenMultiScopeCollection() {
		Set<String> scopes = new HashSet<String>(Arrays.asList("read", "write", "read-write"));
		Map<String, Object> tokenAttrs = new HashMap<String, Object>();
		tokenAttrs.put(AccessTokenConverter.SCOPE, scopes);
		OAuth2AccessToken accessToken = converter.extractAccessToken("token-value", tokenAttrs);
		assertEquals(scopes, accessToken.getScope());
	}

	// gh-836
	@Test
	public void extractAccessTokenMultiScopeString() {
		String scopes = "read write read-write";
		assertEquals(new HashSet<String>(Arrays.asList(scopes.split(" "))),
						converter.extractAccessToken("token-value",
										singletonMap(AccessTokenConverter.SCOPE, scopes)).getScope());
	}

}