@Test
public void verifyOK() throws Exception {
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
mockRequest.setParameter(OAuthConstants.CODE, CODE);
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
((OAuth20WrapperController) oauth20WrapperController)
.getServicesManager()
.save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));
final Map<String, Object> map = new HashMap<>();
map.put(NAME, VALUE);
final List<String> list = Arrays.asList(VALUE, VALUE);
map.put(NAME2, list);
final Principal p = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
final TicketGrantingTicketImpl impl =
new TicketGrantingTicketImpl(
TGT_ID,
org.jasig.cas.authentication.TestUtils.getAuthentication(p),
new NeverExpiresExpirationPolicy());
((OAuth20WrapperController) oauth20WrapperController)
.getTicketRegistry()
.addTicket(
new ServiceTicketImpl(
CODE,
impl,
org.jasig.cas.authentication.TestUtils.getService(),
false,
new ExpirationPolicy() {
private static final long serialVersionUID = -7321055962209199811L;
@Override
public boolean isExpired(final TicketState ticketState) {
return false;
}
}));
oauth20WrapperController.handleRequest(mockRequest, mockResponse);
((OAuth20WrapperController) oauth20WrapperController).getTicketRegistry().deleteTicket(CODE);
assertEquals("text/plain", mockResponse.getContentType());
assertEquals(200, mockResponse.getStatus());
final String body = mockResponse.getContentAsString();
assertTrue(
body.startsWith(
OAuthConstants.ACCESS_TOKEN + '=' + TGT_ID + '&' + OAuthConstants.EXPIRES + '='));
// delta = 2 seconds
final int delta = 2;
final int timeLeft =
Integer.parseInt(StringUtils.substringAfter(body, '&' + OAuthConstants.EXPIRES + '='));
assertTrue(timeLeft >= TIMEOUT - 10 - delta);
}
@Test
public void verifyExpiredServiceTicket() throws Exception {
clearAllServices();
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
mockRequest.setParameter(OAuthConstants.CODE, CODE);
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
((OAuth20WrapperController) oauth20WrapperController)
.getServicesManager()
.save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));
final Map<String, Object> map = new HashMap<>();
map.put(NAME, VALUE);
final List<String> list = Arrays.asList(VALUE, VALUE);
map.put(NAME2, list);
final Principal p = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
final TicketGrantingTicketImpl impl =
new TicketGrantingTicketImpl(
TGT_ID,
org.jasig.cas.authentication.TestUtils.getAuthentication(p),
new NeverExpiresExpirationPolicy());
((OAuth20WrapperController) oauth20WrapperController)
.getTicketRegistry()
.addTicket(
new ServiceTicketImpl(
"ST1",
impl,
org.jasig.cas.authentication.TestUtils.getService(),
false,
new ExpirationPolicy() {
private static final long serialVersionUID = -7321055962209199811L;
@Override
public boolean isExpired(final TicketState ticketState) {
return true;
}
}));
oauth20WrapperController.handleRequest(mockRequest, mockResponse);
assertEquals(400, mockResponse.getStatus());
assertEquals("error=" + OAuthConstants.INVALID_GRANT, mockResponse.getContentAsString());
}
@Test
public void verifyExpiredAccessToken() throws Exception {
final Principal principal =
org.jasig.cas.authentication.TestUtils.getPrincipal(ID, new HashMap<String, Object>());
final Authentication authentication = new OAuthAuthentication(ZonedDateTime.now(), principal);
final DefaultAccessTokenFactory expiringAccessTokenFactory = new DefaultAccessTokenFactory();
expiringAccessTokenFactory.setExpirationPolicy(
new ExpirationPolicy() {
@Override
public boolean isExpired(final TicketState ticketState) {
return true;
}
});
final AccessTokenImpl accessToken =
(AccessTokenImpl) expiringAccessTokenFactory.create(TestUtils.getService(), authentication);
oAuth20ProfileController.getTicketRegistry().addTicket(accessToken);
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
mockRequest.setParameter(OAuthConstants.ACCESS_TOKEN, accessToken.getId());
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
assertEquals(200, mockResponse.getStatus());
assertEquals(
"{\"error\":\"" + OAuthConstants.EXPIRED_ACCESS_TOKEN + "\"}",
mockResponse.getContentAsString());
}
@Test
public void verifyValidProxyTicketWithQueryString() throws Exception {
assertNotNull(
this.handler.handle(
new HttpBasedServiceCredential(
new URL("https://www.google.com/?test=test"),
org.jasig.cas.authentication.TestUtils.getRegisteredService(
"https://some.app.edu")),
proxyGrantingTicket));
}
@Test
public void verifyPasswordAsAuthenticationAttributeCanDecrypt() throws Exception {
final Map<?, ?> attributes = renderView();
assertTrue(attributes.containsKey(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL_CREDENTIAL));
final String encodedPsw =
(String) attributes.get(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL_CREDENTIAL);
final String password = decryptCredential(encodedPsw);
final UsernamePasswordCredential creds =
org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword();
assertEquals(password, creds.getPassword());
}
@Test
public void verifyNonValidProxyTicket() throws Exception {
final SimpleHttpClientFactoryBean clientFactory = new SimpleHttpClientFactoryBean();
clientFactory.setAcceptableCodes(new int[] {900});
final HttpClient httpClient = clientFactory.getObject();
this.handler.setHttpClient(httpClient);
assertNull(
this.handler.handle(
new HttpBasedServiceCredential(
new URL("http://www.rutgers.edu"),
org.jasig.cas.authentication.TestUtils.getRegisteredService(
"https://some.app.edu")),
proxyGrantingTicket));
}
@Test
public void verifyEncodeDecodeTGTImpl() throws Exception {
final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
final AuthenticationBuilder bldr =
new DefaultAuthenticationBuilder(
new DefaultPrincipalFactory()
.createPrincipal("user", Collections.unmodifiableMap(this.principalAttributes)));
bldr.setAttributes(Collections.unmodifiableMap(this.principalAttributes));
bldr.setAuthenticationDate(new DateTime());
bldr.addCredential(new BasicCredentialMetaData(userPassCredential));
bldr.addFailure("error", AccountNotFoundException.class);
bldr.addSuccess(
"authn",
new DefaultHandlerResult(
new AcceptUsersAuthenticationHandler(),
new BasicCredentialMetaData(userPassCredential)));
final TicketGrantingTicket parent =
new TicketGrantingTicketImpl(
TGT_ID,
org.jasig.cas.authentication.TestUtils.getService(),
null,
bldr.build(),
new NeverExpiresExpirationPolicy());
final TicketGrantingTicket expectedTGT =
new TicketGrantingTicketImpl(
TGT_ID,
org.jasig.cas.services.TestUtils.getService(),
null,
bldr.build(),
new NeverExpiresExpirationPolicy());
final ServiceTicket ticket =
expectedTGT.grantServiceTicket(
ST_ID,
org.jasig.cas.services.TestUtils.getService(),
new NeverExpiresExpirationPolicy(),
false,
true);
CachedData result = transcoder.encode(expectedTGT);
final TicketGrantingTicket resultTicket = (TicketGrantingTicket) transcoder.decode(result);
assertEquals(expectedTGT, resultTicket);
result = transcoder.encode(ticket);
final ServiceTicket resultStTicket = (ServiceTicket) transcoder.decode(result);
assertEquals(ticket, resultStTicket);
}
@Test
public void verifyOKWithAuthorizationHeader() throws Exception {
final Map<String, Object> map = new HashMap<>();
map.put(NAME, VALUE);
final List<String> list = Arrays.asList(VALUE, VALUE);
map.put(NAME2, list);
final Principal principal = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
final Authentication authentication = new OAuthAuthentication(ZonedDateTime.now(), principal);
final AccessTokenImpl accessToken =
(AccessTokenImpl) accessTokenFactory.create(TestUtils.getService(), authentication);
oAuth20ProfileController.getTicketRegistry().addTicket(accessToken);
final MockHttpServletRequest mockRequest =
new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
mockRequest.addHeader("Authorization", OAuthConstants.BEARER_TOKEN + ' ' + accessToken.getId());
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
assertEquals(200, mockResponse.getStatus());
assertEquals(CONTENT_TYPE, mockResponse.getContentType());
final ObjectMapper mapper = new ObjectMapper();
final String expected =
"{\"id\":\""
+ ID
+ "\",\"attributes\":[{\""
+ NAME
+ "\":\""
+ VALUE
+ "\"},{\""
+ NAME2
+ "\":[\""
+ VALUE
+ "\",\""
+ VALUE
+ "\"]}]}";
final JsonNode expectedObj = mapper.readTree(expected);
final JsonNode receivedObj = mapper.readTree(mockResponse.getContentAsString());
assertEquals(expectedObj.get("id").asText(), receivedObj.get("id").asText());
final JsonNode expectedAttributes = expectedObj.get("attributes");
final JsonNode receivedAttributes = receivedObj.get("attributes");
assertEquals(
expectedAttributes.findValue(NAME).asText(), receivedAttributes.findValue(NAME).asText());
assertEquals(expectedAttributes.findValues(NAME2), receivedAttributes.findValues(NAME2));
}
