@Test public void testInvalidEmailAddressDenied() throws IOException, ServletException { googleReturnsUserinfo(); GoogleOauthFilter googleOauthFilter = filterNotYetAuthorised(); HttpServletResponse response = mock(HttpServletResponse.class); HttpServletRequest request = request( "http", "myserver.co.uk", "webapp", "oauth.html", "state=http://myserver.co.uk/webapp/index.html?forename=brian&surname=may", "code=4/b--2fGSRhhkub2d0wg7dZoNFUXLN.EluGs0IJqNIcOl05ti8ZT3b3nc9jcwI"); FilterChain chain = mock(FilterChain.class); googleOauthFilter.doFilter(request, response, chain); // we expect a redirect to the original page. verify(response) .sendRedirect("http://myserver.co.uk/webapp/index.html?forename=brian&surname=may"); verifyZeroInteractions(chain); // now check the redirect contains a user principal. response = mock(HttpServletResponse.class); request = request("http", "myserver.co.uk", "webapp", "index.html", "forename=brian", "surname=may"); when(userManager.getValidGmailAddresses()) .thenReturn(Arrays.asList("*****@*****.**")); chain = mock(FilterChain.class); googleOauthFilter.doFilter(request, response, chain); verify(userManager).getValidGmailAddresses(); verifyNoMoreInteractions(userManager); verify(response) .sendError( HttpServletResponse.SC_FORBIDDEN, "User [email protected] is not allowed to access this resource."); }
protected void testSuccessfulLogin(List<String> validGmailAddresses) throws IOException, ServletException { googleReturnsUserinfo(); GoogleOauthFilter googleOauthFilter = filterNotYetAuthorised(); HttpServletResponse response = mock(HttpServletResponse.class); HttpServletRequest request = request( "http", "myserver.co.uk", "webapp", "oauth.html", "state=http://myserver.co.uk/webapp/index.html?forename=brian&surname=may", "code=4/b--2fGSRhhkub2d0wg7dZoNFUXLN.EluGs0IJqNIcOl05ti8ZT3b3nc9jcwI"); FilterChain chain = mock(FilterChain.class); googleOauthFilter.doFilter(request, response, chain); // we expect a redirect to the original page. verify(response) .sendRedirect("http://myserver.co.uk/webapp/index.html?forename=brian&surname=may"); verifyZeroInteractions(chain); // now check the redirect contains a user principal. response = mock(HttpServletResponse.class); request = request("http", "myserver.co.uk", "webapp", "index.html", "forename=brian", "surname=may"); when(userManager.getValidGmailAddresses()).thenReturn(validGmailAddresses); when(userManager.isUserInRole("*****@*****.**", "guitarist")).thenReturn(true); when(userManager.isUserInRole("*****@*****.**", "drummer")).thenReturn(false); RequestStoringFilterChain requestStoringFilterChain = new RequestStoringFilterChain(); googleOauthFilter.doFilter(request, response, requestStoringFilterChain); HttpServletRequest filterRequest = requestStoringFilterChain.getRequest(); verify(userManager) .createNewUserIfRequired( eq("*****@*****.**"), any(Userinfo.class), any(Credential.class)); assertNotNull("The filter chain was not called.", filterRequest); assertNotNull("The user principal was not set.", filterRequest.getUserPrincipal()); assertEquals( "The user principal had the wrong class", OauthPrincipal.class, filterRequest.getUserPrincipal().getClass()); OauthPrincipal oauthPrincipal = (OauthPrincipal) filterRequest.getUserPrincipal(); assertTrue( "The user was not found to be in the correct group.", filterRequest.isUserInRole("guitarist")); assertFalse( "The user was found to be in the wrong group.", filterRequest.isUserInRole("drummer")); assertEquals( "The user principal had the wrong email address", "*****@*****.**", oauthPrincipal.getUserinfo().getEmail()); }