@Test
public void testFacebookAuthentication() throws Exception {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAuthenticationScheme(AuthenticationScheme.query);
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource, context);
setUpContext("facebook.token");
filter.setRestTemplate(restTemplate);
filter.setUserInfoUrl("https://graph.facebook.com/me");
filter.afterPropertiesSet();
SocialClientUserDetails user = (SocialClientUserDetails) filter.getPrincipal();
assertTrue(!user.getAuthorities().isEmpty());
}
static {
DEFAULT_RESOURCE_DETAILS.setClientId("<N/A>");
DEFAULT_RESOURCE_DETAILS.setUserAuthorizationUri("Not a URI " + "because there is no client");
DEFAULT_RESOURCE_DETAILS.setAccessTokenUri("Not a URI " + "because there is no client");
}
@Test
public void testSuccessfulAuthorizationCodeFlow() throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_HTML));
AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource();
URI uri =
serverRunning
.buildUri("/oauth/authorize")
.queryParam("response_type", "code")
.queryParam("state", "mystateid")
.queryParam("client_id", resource.getClientId())
.queryParam("redirect_uri", resource.getPreEstablishedRedirectUri())
.build();
ResponseEntity<Void> result = serverRunning.getForResponse(uri.toString(), headers);
assertEquals(HttpStatus.FOUND, result.getStatusCode());
String location = result.getHeaders().getLocation().toString();
if (result.getHeaders().containsKey("Set-Cookie")) {
String cookie = result.getHeaders().getFirst("Set-Cookie");
headers.set("Cookie", cookie);
}
ResponseEntity<String> response = serverRunning.getForString(location, headers);
// should be directed to the login screen...
assertTrue(response.getBody().contains("/login.do"));
assertTrue(response.getBody().contains("username"));
assertTrue(response.getBody().contains("password"));
MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>();
formData.add("username", testAccounts.getUserName());
formData.add("password", testAccounts.getPassword());
// Should be redirected to the original URL, but now authenticated
result = serverRunning.postForResponse("/login.do", headers, formData);
assertEquals(HttpStatus.FOUND, result.getStatusCode());
if (result.getHeaders().containsKey("Set-Cookie")) {
String cookie = result.getHeaders().getFirst("Set-Cookie");
headers.set("Cookie", cookie);
}
response = serverRunning.getForString(result.getHeaders().getLocation().toString(), headers);
if (response.getStatusCode() == HttpStatus.OK) {
// The grant access page should be returned
assertTrue(response.getBody().contains("Do you authorize"));
formData.clear();
formData.add("user_oauth_approval", "true");
result = serverRunning.postForResponse("/oauth/authorize", headers, formData);
assertEquals(HttpStatus.FOUND, result.getStatusCode());
location = result.getHeaders().getLocation().toString();
} else {
// Token cached so no need for second approval
assertEquals(HttpStatus.FOUND, response.getStatusCode());
location = response.getHeaders().getLocation().toString();
}
assertTrue(
"Wrong location: " + location,
location.matches(resource.getPreEstablishedRedirectUri() + ".*code=.+"));
formData.clear();
formData.add("client_id", resource.getClientId());
formData.add("redirect_uri", resource.getPreEstablishedRedirectUri());
formData.add("grant_type", "authorization_code");
formData.add("code", location.split("code=")[1].split("&")[0]);
HttpHeaders tokenHeaders = new HttpHeaders();
tokenHeaders.set(
"Authorization",
testAccounts.getAuthorizationHeader(resource.getClientId(), resource.getClientSecret()));
@SuppressWarnings("rawtypes")
ResponseEntity<Map> tokenResponse =
serverRunning.postForMap("/oauth/token", formData, tokenHeaders);
assertEquals(HttpStatus.OK, tokenResponse.getStatusCode());
@SuppressWarnings("unchecked")
Map<String, String> body = tokenResponse.getBody();
Jwt token = JwtHelper.decode(body.get("access_token"));
assertTrue("Wrong claims: " + token.getClaims(), token.getClaims().contains("\"aud\""));
assertTrue("Wrong claims: " + token.getClaims(), token.getClaims().contains("\"user_id\""));
}