AuthorizePromptNoneEntryPointTest.java example

Explorer
uaa-master
/*
 * ****************************************************************************
 *     Cloud Foundry
 *     Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
 *
 *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
 *     You may not use this product except in compliance with the License.
 *
 *     This product includes a number of subcomponents with
 *     separate copyright notices and license terms. Your use of these
 *     subcomponents is subject to the terms and conditions of the
 *     subcomponent's license, as noted in the LICENSE file.
 * ****************************************************************************
 */

package org.cloudfoundry.identity.uaa.oauth;

import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;

import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.same;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.reset;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.springframework.util.StringUtils.hasText;

@RunWith(Parameterized.class)
public class AuthorizePromptNoneEntryPointTest {

    private static final String REDIRECT_URI = "http://sub.domain.com/callback?oauth=true";
    private static final String HTTP_SOME_OTHER_SITE_CALLBACK = "http://some.other.site/callback";
    private final SessionAuthenticationException authException = new SessionAuthenticationException("");
    private AuthenticationFailureHandler failureHandler;
    private AuthenticationEntryPoint entryPoint;
    private BaseClientDetails client;
    private MockHttpServletRequest request;
    private MockHttpServletResponse response;
    private ClientDetailsService clientDetailsService;
    private RedirectResolver redirectResolver;

    private final String responseType;
    private final String redirectHash;
    private final String redirectUrl;

    public AuthorizePromptNoneEntryPointTest(String responseType, String redirectHash) {
        this.responseType = responseType;
        this.redirectHash = redirectHash;
        redirectUrl = REDIRECT_URI + redirectHash;
    }

    @Parameterized.Parameters(name = "{index}: {0} {1}")
    public static Collection<Object[]> parameters() {
        return Arrays.asList(new Object[][]{
            {"code", ""},
            {"token", ""},
            {"id_token", ""},
            {"token id_token", ""},
            {"code", "#frag"},
            {"token", "#frag"},
            {"id_token", "#frag"},
            {"token id_token", "#frag"}
        });
    }

    @Before
    public void setup() {
        client = new BaseClientDetails("id", "", "openid", "authorization_code", "", redirectUrl);
        clientDetailsService = mock(ClientDetailsService.class);
        redirectResolver = mock(RedirectResolver.class);
        failureHandler = mock(AuthenticationFailureHandler.class);

        when(clientDetailsService.loadClientByClientId(eq(client.getClientId()))).thenReturn(client);
        when(redirectResolver.resolveRedirect(eq(redirectUrl), same(client))).thenReturn(redirectUrl);
        when(redirectResolver.resolveRedirect(eq(HTTP_SOME_OTHER_SITE_CALLBACK), same(client))).thenThrow(new RedirectMismatchException(""));

        entryPoint = new AuthorizePromptNoneEntryPoint(failureHandler, clientDetailsService, redirectResolver);

        request = new MockHttpServletRequest("GET", "/oauth/authorize");
        request.setParameter(OAuth2Utils.CLIENT_ID, client.getClientId());
        request.setParameter(OAuth2Utils.RESPONSE_TYPE, responseType);
        response = new MockHttpServletResponse();
    }

    @Test
    public void test_missing_client_id() throws Exception {
        request.removeParameter(OAuth2Utils.CLIENT_ID);
        entryPoint.commence(request, response, authException);
        assertEquals(HttpStatus.BAD_REQUEST.value(), response.getStatus());
    }

    @Test
    public void test_missing_redirect_uri() throws Exception {
        client.setRegisteredRedirectUri(Collections.emptySet());
        entryPoint.commence(request, response, authException);
        assertEquals(HttpStatus.BAD_REQUEST.value(), response.getStatus());
    }

    @Test
    public void test_client_not_found() throws Exception {
        reset(clientDetailsService);
        when(clientDetailsService.loadClientByClientId(anyString())).thenThrow(new NoSuchClientException("not found"));
        entryPoint.commence(request, response, authException);
        assertEquals(HttpStatus.BAD_REQUEST.value(), response.getStatus());
    }

    @Test
    public void test_redirect_mismatch() throws Exception {
        request.setParameter(OAuth2Utils.REDIRECT_URI, HTTP_SOME_OTHER_SITE_CALLBACK);
        entryPoint.commence(request, response, authException);
        assertEquals(HttpStatus.BAD_REQUEST.value(), response.getStatus());
    }

    @Test
    public void test_redirect_contains_error() throws Exception {
        request.setParameter(OAuth2Utils.REDIRECT_URI, redirectUrl);
        entryPoint.commence(request, response, authException);
        assertEquals(HttpStatus.FOUND.value(), response.getStatus());
        String paramValue = "error=login_required";
        String expectedRedirect = REDIRECT_URI + (responseType.equals("code") ? "&" + paramValue + redirectHash : (hasText(redirectHash) ? redirectHash + "&" : "#") + paramValue);
        assertEquals(expectedRedirect, response.getHeader("Location"));
    }

    @Test
    public void test_failure_handler_is_invoked() throws Exception {
        request.setParameter(OAuth2Utils.REDIRECT_URI, redirectUrl);
        entryPoint.commence(request, response, authException);
        verify(failureHandler, times(1)).onAuthenticationFailure(same(request), same(response), same(authException));
    }



}