@Test
public void useAuthorizationCodeWithInalidScopesTest()
throws InterruptedException, JSONException {
String currentUrl =
OauthAuthorizationPageHelper.loginAndAuthorize(
this.getWebBaseUrl(),
this.getClient1ClientId(),
this.getClient1RedirectUri(),
ScopePathType.ORCID_WORKS_CREATE.value(),
null,
this.getUser1UserName(),
this.getUser1Password(),
true,
webDriver);
Matcher matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
assertTrue(matcher.find());
String authorizationCode = matcher.group(1);
assertFalse(PojoUtil.isEmpty(authorizationCode));
ClientResponse tokenResponse =
getClientResponse(
this.getClient1ClientId(),
this.getClient1ClientSecret(),
ScopePathType.ORCID_WORKS_UPDATE.getContent(),
this.getClient1RedirectUri(),
authorizationCode);
assertEquals(401, tokenResponse.getStatus());
OrcidMessage result = tokenResponse.getEntity(OrcidMessage.class);
assertNotNull(result);
assertNotNull(result.getErrorDesc());
assertEquals(
"OAuth2 problem : Invalid scopes: /orcid-works/update available scopes for this code are: [/orcid-works/create]",
result.getErrorDesc().getContent());
}
@Test(expected = InvalidScopeException.class)
public void testInvalidCredentialsScopes() throws Exception {
ClientDetailsEntity clientDetailsEntity = new ClientDetailsEntity();
Set<ClientScopeEntity> scopes = new HashSet<ClientScopeEntity>(2);
scopes.add(new ClientScopeEntity(ScopePathType.ORCID_WORKS_UPDATE.value()));
scopes.add(new ClientScopeEntity(ScopePathType.ORCID_BIO_READ_LIMITED.value()));
clientDetailsEntity.setClientScopes(scopes);
String orcid = "2875-8158-1475-6194";
when(clientDetailsService.loadClientByClientId(orcid)).thenReturn(clientDetailsEntity);
OrcidClientCredentialsChecker checker =
new OrcidClientCredentialsChecker(clientDetailsService, oAuth2RequestFactory);
Set<String> requestedScopes =
new HashSet<String>(Arrays.asList(ScopePathType.ORCID_WORKS_UPDATE.value()));
checker.validateCredentials(
"client_credentials",
new TokenRequest(
Collections.<String, String>emptyMap(), orcid, requestedScopes, "client_credentials"));
}
/**
* Test that asking for different scopes generates different tokens
*
* <p>IMPORTANT NOTE: For this test to run, the user should not have tokens for any of the
* following scopes: - FUNDING_CREATE - AFFILIATIONS_CREATE - ORCID_WORKS_UPDATE
*/
@Test
public void testDifferentScopesGeneratesDifferentAccessTokens()
throws InterruptedException, JSONException {
// First get the authorization code
signout();
String currentUrl =
OauthAuthorizationPageHelper.loginAndAuthorize(
this.getWebBaseUrl(),
this.getClient1ClientId(),
this.getClient1RedirectUri(),
ScopePathType.FUNDING_CREATE.value(),
null,
this.getUser1UserName(),
this.getUser1Password(),
true,
webDriver);
Matcher matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
assertTrue(matcher.find());
String authorizationCode = matcher.group(1);
assertFalse(PojoUtil.isEmpty(authorizationCode));
ClientResponse tokenResponse =
getClientResponse(
this.getClient1ClientId(),
this.getClient1ClientSecret(),
ScopePathType.FUNDING_CREATE.getContent(),
this.getClient1RedirectUri(),
authorizationCode);
assertEquals(200, tokenResponse.getStatus());
String body = tokenResponse.getEntity(String.class);
JSONObject jsonObject = new JSONObject(body);
String accessToken = (String) jsonObject.get("access_token");
assertNotNull(accessToken);
assertFalse(PojoUtil.isEmpty(accessToken));
signout();
// Then, ask again for permissions over other scopes.
currentUrl =
OauthAuthorizationPageHelper.loginAndAuthorize(
this.getWebBaseUrl(),
this.getClient1ClientId(),
this.getClient1RedirectUri(),
ScopePathType.AFFILIATIONS_CREATE.value(),
null,
this.getUser1UserName(),
this.getUser1Password(),
true,
webDriver);
matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
assertTrue(matcher.find());
authorizationCode = matcher.group(1);
assertFalse(PojoUtil.isEmpty(authorizationCode));
tokenResponse =
getClientResponse(
this.getClient1ClientId(),
this.getClient1ClientSecret(),
ScopePathType.AFFILIATIONS_CREATE.getContent(),
this.getClient1RedirectUri(),
authorizationCode);
assertEquals(200, tokenResponse.getStatus());
body = tokenResponse.getEntity(String.class);
jsonObject = new JSONObject(body);
String otherAccessToken = (String) jsonObject.get("access_token");
assertNotNull(otherAccessToken);
assertFalse(PojoUtil.isEmpty(otherAccessToken));
assertFalse(otherAccessToken.equals(accessToken));
signout();
currentUrl =
OauthAuthorizationPageHelper.loginAndAuthorize(
this.getWebBaseUrl(),
this.getClient1ClientId(),
this.getClient1RedirectUri(),
ScopePathType.ORCID_WORKS_UPDATE.value(),
null,
this.getUser1UserName(),
this.getUser1Password(),
true,
webDriver);
matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl);
assertTrue(matcher.find());
authorizationCode = matcher.group(1);
assertFalse(PojoUtil.isEmpty(authorizationCode));
tokenResponse =
getClientResponse(
this.getClient1ClientId(),
this.getClient1ClientSecret(),
ScopePathType.ORCID_WORKS_UPDATE.getContent(),
this.getClient1RedirectUri(),
authorizationCode);
assertEquals(200, tokenResponse.getStatus());
body = tokenResponse.getEntity(String.class);
jsonObject = new JSONObject(body);
String otherAccessToken2 = (String) jsonObject.get("access_token");
assertNotNull(otherAccessToken2);
assertFalse(PojoUtil.isEmpty(otherAccessToken2));
assertFalse(otherAccessToken2.equals(accessToken));
assertFalse(otherAccessToken2.equals(otherAccessToken));
}
