Exemple #1
0
  @Test
  public void useAuthorizationCodeWithInalidScopesTest()
      throws InterruptedException, JSONException {
    String currentUrl =
        OauthAuthorizationPageHelper.loginAndAuthorize(
            this.getWebBaseUrl(),
            this.getClient1ClientId(),
            this.getClient1RedirectUri(),
            ScopePathType.ORCID_WORKS_CREATE.value(),
            null,
            this.getUser1UserName(),
            this.getUser1Password(),
            true,
            webDriver);
    Matcher matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
    assertTrue(matcher.find());
    String authorizationCode = matcher.group(1);
    assertFalse(PojoUtil.isEmpty(authorizationCode));

    ClientResponse tokenResponse =
        getClientResponse(
            this.getClient1ClientId(),
            this.getClient1ClientSecret(),
            ScopePathType.ORCID_WORKS_UPDATE.getContent(),
            this.getClient1RedirectUri(),
            authorizationCode);

    assertEquals(401, tokenResponse.getStatus());
    OrcidMessage result = tokenResponse.getEntity(OrcidMessage.class);
    assertNotNull(result);
    assertNotNull(result.getErrorDesc());
    assertEquals(
        "OAuth2 problem : Invalid scopes: /orcid-works/update available scopes for this code are: [/orcid-works/create]",
        result.getErrorDesc().getContent());
  }
Exemple #2
0
  /**
   * Test that asking for different scopes generates different tokens
   *
   * <p>IMPORTANT NOTE: For this test to run, the user should not have tokens for any of the
   * following scopes: - FUNDING_CREATE - AFFILIATIONS_CREATE - ORCID_WORKS_UPDATE
   */
  @Test
  public void testDifferentScopesGeneratesDifferentAccessTokens()
      throws InterruptedException, JSONException {
    // First get the authorization code
    signout();
    String currentUrl =
        OauthAuthorizationPageHelper.loginAndAuthorize(
            this.getWebBaseUrl(),
            this.getClient1ClientId(),
            this.getClient1RedirectUri(),
            ScopePathType.FUNDING_CREATE.value(),
            null,
            this.getUser1UserName(),
            this.getUser1Password(),
            true,
            webDriver);
    Matcher matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
    assertTrue(matcher.find());
    String authorizationCode = matcher.group(1);
    assertFalse(PojoUtil.isEmpty(authorizationCode));

    ClientResponse tokenResponse =
        getClientResponse(
            this.getClient1ClientId(),
            this.getClient1ClientSecret(),
            ScopePathType.FUNDING_CREATE.getContent(),
            this.getClient1RedirectUri(),
            authorizationCode);
    assertEquals(200, tokenResponse.getStatus());
    String body = tokenResponse.getEntity(String.class);
    JSONObject jsonObject = new JSONObject(body);
    String accessToken = (String) jsonObject.get("access_token");
    assertNotNull(accessToken);
    assertFalse(PojoUtil.isEmpty(accessToken));

    signout();
    // Then, ask again for permissions over other scopes.
    currentUrl =
        OauthAuthorizationPageHelper.loginAndAuthorize(
            this.getWebBaseUrl(),
            this.getClient1ClientId(),
            this.getClient1RedirectUri(),
            ScopePathType.AFFILIATIONS_CREATE.value(),
            null,
            this.getUser1UserName(),
            this.getUser1Password(),
            true,
            webDriver);
    matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
    assertTrue(matcher.find());
    authorizationCode = matcher.group(1);
    assertFalse(PojoUtil.isEmpty(authorizationCode));

    tokenResponse =
        getClientResponse(
            this.getClient1ClientId(),
            this.getClient1ClientSecret(),
            ScopePathType.AFFILIATIONS_CREATE.getContent(),
            this.getClient1RedirectUri(),
            authorizationCode);
    assertEquals(200, tokenResponse.getStatus());
    body = tokenResponse.getEntity(String.class);
    jsonObject = new JSONObject(body);
    String otherAccessToken = (String) jsonObject.get("access_token");
    assertNotNull(otherAccessToken);
    assertFalse(PojoUtil.isEmpty(otherAccessToken));

    assertFalse(otherAccessToken.equals(accessToken));

    signout();
    currentUrl =
        OauthAuthorizationPageHelper.loginAndAuthorize(
            this.getWebBaseUrl(),
            this.getClient1ClientId(),
            this.getClient1RedirectUri(),
            ScopePathType.ORCID_WORKS_UPDATE.value(),
            null,
            this.getUser1UserName(),
            this.getUser1Password(),
            true,
            webDriver);
    matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
    assertTrue(matcher.find());
    authorizationCode = matcher.group(1);
    assertFalse(PojoUtil.isEmpty(authorizationCode));

    tokenResponse =
        getClientResponse(
            this.getClient1ClientId(),
            this.getClient1ClientSecret(),
            ScopePathType.ORCID_WORKS_UPDATE.getContent(),
            this.getClient1RedirectUri(),
            authorizationCode);
    assertEquals(200, tokenResponse.getStatus());
    body = tokenResponse.getEntity(String.class);
    jsonObject = new JSONObject(body);
    String otherAccessToken2 = (String) jsonObject.get("access_token");
    assertNotNull(otherAccessToken2);
    assertFalse(PojoUtil.isEmpty(otherAccessToken2));

    assertFalse(otherAccessToken2.equals(accessToken));
    assertFalse(otherAccessToken2.equals(otherAccessToken));
  }