@Test
public void verifyExpiredAccessToken() throws Exception {
final Principal principal =
org.jasig.cas.authentication.TestUtils.getPrincipal(ID, new HashMap<String, Object>());
final Authentication authentication = new OAuthAuthentication(ZonedDateTime.now(), principal);
final DefaultAccessTokenFactory expiringAccessTokenFactory = new DefaultAccessTokenFactory();
expiringAccessTokenFactory.setExpirationPolicy(
new ExpirationPolicy() {
@Override
public boolean isExpired(final TicketState ticketState) {
return true;
}
});
final AccessTokenImpl accessToken =
(AccessTokenImpl) expiringAccessTokenFactory.create(TestUtils.getService(), authentication);
oAuth20ProfileController.getTicketRegistry().addTicket(accessToken);
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
mockRequest.setParameter(OAuthConstants.ACCESS_TOKEN, accessToken.getId());
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
assertEquals(200, mockResponse.getStatus());
assertEquals(
"{\"error\":\"" + OAuthConstants.EXPIRED_ACCESS_TOKEN + "\"}",
mockResponse.getContentAsString());
}
@Test
public void verifyNoGivenAccessToken() throws Exception {
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
assertEquals(200, mockResponse.getStatus());
assertEquals(CONTENT_TYPE, mockResponse.getContentType());
assertEquals(
"{\"error\":\"" + OAuthConstants.MISSING_ACCESS_TOKEN + "\"}",
mockResponse.getContentAsString());
}
@Test
public void verifyNoExistingAccessToken() throws Exception {
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
mockRequest.setParameter(OAuthConstants.ACCESS_TOKEN, "DOES NOT EXIST");
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
assertEquals(200, mockResponse.getStatus());
assertEquals(CONTENT_TYPE, mockResponse.getContentType());
assertEquals(
"{\"error\":\"" + OAuthConstants.EXPIRED_ACCESS_TOKEN + "\"}",
mockResponse.getContentAsString());
}
@Test
public void verifyOKWithAuthorizationHeader() throws Exception {
final Map<String, Object> map = new HashMap<>();
map.put(NAME, VALUE);
final List<String> list = Arrays.asList(VALUE, VALUE);
map.put(NAME2, list);
final Principal principal = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
final Authentication authentication = new OAuthAuthentication(ZonedDateTime.now(), principal);
final AccessTokenImpl accessToken =
(AccessTokenImpl) accessTokenFactory.create(TestUtils.getService(), authentication);
oAuth20ProfileController.getTicketRegistry().addTicket(accessToken);
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
mockRequest.addHeader("Authorization", OAuthConstants.BEARER_TOKEN + ' ' + accessToken.getId());
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
assertEquals(200, mockResponse.getStatus());
assertEquals(CONTENT_TYPE, mockResponse.getContentType());
final ObjectMapper mapper = new ObjectMapper();
final String expected =
"{\"id\":\""
+ ID
+ "\",\"attributes\":[{\""
+ NAME
+ "\":\""
+ VALUE
+ "\"},{\""
+ NAME2
+ "\":[\""
+ VALUE
+ "\",\""
+ VALUE
+ "\"]}]}";
final JsonNode expectedObj = mapper.readTree(expected);
final JsonNode receivedObj = mapper.readTree(mockResponse.getContentAsString());
assertEquals(expectedObj.get("id").asText(), receivedObj.get("id").asText());
final JsonNode expectedAttributes = expectedObj.get("attributes");
final JsonNode receivedAttributes = receivedObj.get("attributes");
assertEquals(
expectedAttributes.findValue(NAME).asText(), receivedAttributes.findValue(NAME).asText());
assertEquals(expectedAttributes.findValues(NAME2), receivedAttributes.findValues(NAME2));
}