UaaTokenUtilsTest.java example

Explorer
uaa-master
/*******************************************************************************
 * Cloud Foundry
 * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
 * <p>
 * This product is licensed to you under the Apache License, Version 2.0 (the "License").
 * You may not use this product except in compliance with the License.
 * <p>
 * This product includes a number of subcomponents with
 * separate copyright notices and license terms. Your use of these
 * subcomponents is subject to the terms and conditions of the
 * subcomponent's license, as noted in the LICENSE file.
 *******************************************************************************/
package org.cloudfoundry.identity.uaa.util;

import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants;
import org.junit.Test;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.util.StringUtils;

import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;

import static java.util.Collections.emptySet;
import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CID;
import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.SUB;
import static org.cloudfoundry.identity.uaa.util.UaaTokenUtils.hasRequiredUserAuthorities;
import static org.cloudfoundry.identity.uaa.util.UaaTokenUtils.isUserToken;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.springframework.security.oauth2.common.util.OAuth2Utils.GRANT_TYPE;

public class UaaTokenUtilsTest {

    @Test
    public void testRevocationHash() throws Exception {
        List<String> salts = new LinkedList<>();
        for (int i=0; i<3; i++) {
            salts.add(new RandomValueStringGenerator().generate());
        }
        String hash1 = UaaTokenUtils.getRevocationHash(salts);
        String hash2 = UaaTokenUtils.getRevocationHash(salts);
        assertFalse("Hash 1 should not be empty",StringUtils.isEmpty(hash1));
        assertFalse("Hash 2 should not be empty", StringUtils.isEmpty(hash2));
        assertEquals(hash1, hash2);
    }

    @Test
    public void isJwtToken() {

        RandomValueStringGenerator generator = new RandomValueStringGenerator(36);
        String regular = generator.generate();
        String jwt = generator.generate() + "." + generator.generate() + "." + generator.generate();
        assertFalse(UaaTokenUtils.isJwtToken(regular));
        assertTrue(UaaTokenUtils.isJwtToken(jwt));
    }

    @Test
    public void is_user_token() {
        Map<String, Object> claims = new HashMap();

        //no grant type - always is a user token
        assertTrue(isUserToken(claims));
        for (String grantType : Arrays.asList("password","implicit","authorization_code")) {
            claims.put(GRANT_TYPE, grantType);
            assertTrue(isUserToken(claims));
        }

        claims.put(GRANT_TYPE, "client_credentials");
        assertFalse(isUserToken(claims));

        claims.clear();

        //user_id present - must be user token
        claims.put(ClaimConstants.USER_ID, "id");
        assertTrue(isUserToken(claims));

        //no user id and no grant type present - client token if sub.equals(cid)
        claims.clear();
        claims.put(SUB, "someClientId");
        claims.put(CID, "someClientId");
        assertFalse(isUserToken(claims));
   }

    @Test
    public void required_user_groups_null_args_are_ok() throws Exception {
        assertTrue(hasRequiredUserAuthorities(null, null));
        assertTrue(hasRequiredUserAuthorities(emptySet(), null));
        assertTrue(hasRequiredUserAuthorities(null, emptySet()));
        assertTrue(hasRequiredUserAuthorities(emptySet(), emptySet()));
    }

    @Test
    public void test_required_user_authorities_invalid() throws Exception {
        List<String> requiredGroups = Arrays.asList("scope1","scope2","scope3","scope4");
        List<GrantedAuthority> userGroups = Arrays.asList(
            new SimpleGrantedAuthority("scope1"),
            new SimpleGrantedAuthority("scope2"),
            new SimpleGrantedAuthority("scope3"),
            new SimpleGrantedAuthority("scope5")
        );

        assertFalse(UaaTokenUtils.hasRequiredUserAuthorities(requiredGroups, userGroups));
    }

    @Test
    public void test_required_user_authorities_valid() throws Exception {
        List<String> requiredGroups = Arrays.asList("scope1","scope2","scope3");
        List<GrantedAuthority> userGroups = Arrays.asList(
            new SimpleGrantedAuthority("scope1"),
            new SimpleGrantedAuthority("scope2"),
            new SimpleGrantedAuthority("scope3"),
            new SimpleGrantedAuthority("scope4")
        );
        assertTrue(UaaTokenUtils.hasRequiredUserAuthorities(requiredGroups, userGroups));
    }


    @Test
    public void test_required_user_groups_invalid() throws Exception {
        List<String> requiredGroups = Arrays.asList("scope1","scope2","scope3", "scope5");
        List<String> userGroups = Arrays.asList("scope1","scope2","scope3","scope4");
        assertFalse(UaaTokenUtils.hasRequiredUserGroups(requiredGroups, userGroups));
    }

    @Test
    public void test_required_user_groups_valid() throws Exception {
        List<String> requiredGroups = Arrays.asList("scope1","scope2","scope3");
        List<String> userGroups = Arrays.asList("scope1","scope2","scope3","scope4");
        assertTrue(UaaTokenUtils.hasRequiredUserGroups(requiredGroups, userGroups));
    }

}