@Test
public void testInvalidEmailAddressDenied() throws IOException, ServletException {
googleReturnsUserinfo();
GoogleOauthFilter googleOauthFilter = filterNotYetAuthorised();
HttpServletResponse response = mock(HttpServletResponse.class);
HttpServletRequest request =
request(
"http",
"myserver.co.uk",
"webapp",
"oauth.html",
"state=http://myserver.co.uk/webapp/index.html?forename=brian&surname=may",
"code=4/b--2fGSRhhkub2d0wg7dZoNFUXLN.EluGs0IJqNIcOl05ti8ZT3b3nc9jcwI");
FilterChain chain = mock(FilterChain.class);
googleOauthFilter.doFilter(request, response, chain);
// we expect a redirect to the original page.
verify(response)
.sendRedirect("http://myserver.co.uk/webapp/index.html?forename=brian&surname=may");
verifyZeroInteractions(chain);
// now check the redirect contains a user principal.
response = mock(HttpServletResponse.class);
request =
request("http", "myserver.co.uk", "webapp", "index.html", "forename=brian", "surname=may");
when(userManager.getValidGmailAddresses())
.thenReturn(Arrays.asList("*****@*****.**"));
chain = mock(FilterChain.class);
googleOauthFilter.doFilter(request, response, chain);
verify(userManager).getValidGmailAddresses();
verifyNoMoreInteractions(userManager);
verify(response)
.sendError(
HttpServletResponse.SC_FORBIDDEN,
"User [email protected] is not allowed to access this resource.");
}
protected void testSuccessfulLogin(List<String> validGmailAddresses)
throws IOException, ServletException {
googleReturnsUserinfo();
GoogleOauthFilter googleOauthFilter = filterNotYetAuthorised();
HttpServletResponse response = mock(HttpServletResponse.class);
HttpServletRequest request =
request(
"http",
"myserver.co.uk",
"webapp",
"oauth.html",
"state=http://myserver.co.uk/webapp/index.html?forename=brian&surname=may",
"code=4/b--2fGSRhhkub2d0wg7dZoNFUXLN.EluGs0IJqNIcOl05ti8ZT3b3nc9jcwI");
FilterChain chain = mock(FilterChain.class);
googleOauthFilter.doFilter(request, response, chain);
// we expect a redirect to the original page.
verify(response)
.sendRedirect("http://myserver.co.uk/webapp/index.html?forename=brian&surname=may");
verifyZeroInteractions(chain);
// now check the redirect contains a user principal.
response = mock(HttpServletResponse.class);
request =
request("http", "myserver.co.uk", "webapp", "index.html", "forename=brian", "surname=may");
when(userManager.getValidGmailAddresses()).thenReturn(validGmailAddresses);
when(userManager.isUserInRole("*****@*****.**", "guitarist")).thenReturn(true);
when(userManager.isUserInRole("*****@*****.**", "drummer")).thenReturn(false);
RequestStoringFilterChain requestStoringFilterChain = new RequestStoringFilterChain();
googleOauthFilter.doFilter(request, response, requestStoringFilterChain);
HttpServletRequest filterRequest = requestStoringFilterChain.getRequest();
verify(userManager)
.createNewUserIfRequired(
eq("*****@*****.**"), any(Userinfo.class), any(Credential.class));
assertNotNull("The filter chain was not called.", filterRequest);
assertNotNull("The user principal was not set.", filterRequest.getUserPrincipal());
assertEquals(
"The user principal had the wrong class",
OauthPrincipal.class,
filterRequest.getUserPrincipal().getClass());
OauthPrincipal oauthPrincipal = (OauthPrincipal) filterRequest.getUserPrincipal();
assertTrue(
"The user was not found to be in the correct group.",
filterRequest.isUserInRole("guitarist"));
assertFalse(
"The user was found to be in the wrong group.", filterRequest.isUserInRole("drummer"));
assertEquals(
"The user principal had the wrong email address",
"*****@*****.**",
oauthPrincipal.getUserinfo().getEmail());
}
