@Test
  public void verifyOK() throws Exception {
    final MockHttpServletRequest mockRequest =
        new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.CODE, CODE);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();

    ((OAuth20WrapperController) oauth20WrapperController)
        .getServicesManager()
        .save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));

    final Map<String, Object> map = new HashMap<>();
    map.put(NAME, VALUE);
    final List<String> list = Arrays.asList(VALUE, VALUE);
    map.put(NAME2, list);

    final Principal p = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
    final TicketGrantingTicketImpl impl =
        new TicketGrantingTicketImpl(
            TGT_ID,
            org.jasig.cas.authentication.TestUtils.getAuthentication(p),
            new NeverExpiresExpirationPolicy());

    ((OAuth20WrapperController) oauth20WrapperController)
        .getTicketRegistry()
        .addTicket(
            new ServiceTicketImpl(
                CODE,
                impl,
                org.jasig.cas.authentication.TestUtils.getService(),
                false,
                new ExpirationPolicy() {
                  private static final long serialVersionUID = -7321055962209199811L;

                  @Override
                  public boolean isExpired(final TicketState ticketState) {
                    return false;
                  }
                }));

    oauth20WrapperController.handleRequest(mockRequest, mockResponse);

    ((OAuth20WrapperController) oauth20WrapperController).getTicketRegistry().deleteTicket(CODE);

    assertEquals("text/plain", mockResponse.getContentType());
    assertEquals(200, mockResponse.getStatus());
    final String body = mockResponse.getContentAsString();

    assertTrue(
        body.startsWith(
            OAuthConstants.ACCESS_TOKEN + '=' + TGT_ID + '&' + OAuthConstants.EXPIRES + '='));
    // delta = 2 seconds
    final int delta = 2;
    final int timeLeft =
        Integer.parseInt(StringUtils.substringAfter(body, '&' + OAuthConstants.EXPIRES + '='));
    assertTrue(timeLeft >= TIMEOUT - 10 - delta);
  }
  @Test
  public void verifyExpiredServiceTicket() throws Exception {
    clearAllServices();
    final MockHttpServletRequest mockRequest =
        new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.CODE, CODE);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();

    ((OAuth20WrapperController) oauth20WrapperController)
        .getServicesManager()
        .save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));

    final Map<String, Object> map = new HashMap<>();
    map.put(NAME, VALUE);
    final List<String> list = Arrays.asList(VALUE, VALUE);
    map.put(NAME2, list);

    final Principal p = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
    final TicketGrantingTicketImpl impl =
        new TicketGrantingTicketImpl(
            TGT_ID,
            org.jasig.cas.authentication.TestUtils.getAuthentication(p),
            new NeverExpiresExpirationPolicy());

    ((OAuth20WrapperController) oauth20WrapperController)
        .getTicketRegistry()
        .addTicket(
            new ServiceTicketImpl(
                "ST1",
                impl,
                org.jasig.cas.authentication.TestUtils.getService(),
                false,
                new ExpirationPolicy() {
                  private static final long serialVersionUID = -7321055962209199811L;

                  @Override
                  public boolean isExpired(final TicketState ticketState) {
                    return true;
                  }
                }));

    oauth20WrapperController.handleRequest(mockRequest, mockResponse);
    assertEquals(400, mockResponse.getStatus());
    assertEquals("error=" + OAuthConstants.INVALID_GRANT, mockResponse.getContentAsString());
  }
  @Test
  public void verifyExpiredAccessToken() throws Exception {
    final Principal principal =
        org.jasig.cas.authentication.TestUtils.getPrincipal(ID, new HashMap<String, Object>());
    final Authentication authentication = new OAuthAuthentication(ZonedDateTime.now(), principal);
    final DefaultAccessTokenFactory expiringAccessTokenFactory = new DefaultAccessTokenFactory();
    expiringAccessTokenFactory.setExpirationPolicy(
        new ExpirationPolicy() {
          @Override
          public boolean isExpired(final TicketState ticketState) {
            return true;
          }
        });
    final AccessTokenImpl accessToken =
        (AccessTokenImpl) expiringAccessTokenFactory.create(TestUtils.getService(), authentication);
    oAuth20ProfileController.getTicketRegistry().addTicket(accessToken);

    final MockHttpServletRequest mockRequest =
        new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
    mockRequest.setParameter(OAuthConstants.ACCESS_TOKEN, accessToken.getId());
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
    assertEquals(200, mockResponse.getStatus());
    assertEquals(
        "{\"error\":\"" + OAuthConstants.EXPIRED_ACCESS_TOKEN + "\"}",
        mockResponse.getContentAsString());
  }
示例#4
0
 @Test
 public void verifyValidProxyTicketWithQueryString() throws Exception {
   assertNotNull(
       this.handler.handle(
           new HttpBasedServiceCredential(
               new URL("https://www.google.com/?test=test"),
               org.jasig.cas.authentication.TestUtils.getRegisteredService(
                   "https://some.app.edu")),
           proxyGrantingTicket));
 }
示例#5
0
  @Test
  public void verifyPasswordAsAuthenticationAttributeCanDecrypt() throws Exception {
    final Map<?, ?> attributes = renderView();
    assertTrue(attributes.containsKey(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL_CREDENTIAL));

    final String encodedPsw =
        (String) attributes.get(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL_CREDENTIAL);
    final String password = decryptCredential(encodedPsw);
    final UsernamePasswordCredential creds =
        org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword();
    assertEquals(password, creds.getPassword());
  }
示例#6
0
 @Test
 public void verifyNonValidProxyTicket() throws Exception {
   final SimpleHttpClientFactoryBean clientFactory = new SimpleHttpClientFactoryBean();
   clientFactory.setAcceptableCodes(new int[] {900});
   final HttpClient httpClient = clientFactory.getObject();
   this.handler.setHttpClient(httpClient);
   assertNull(
       this.handler.handle(
           new HttpBasedServiceCredential(
               new URL("http://www.rutgers.edu"),
               org.jasig.cas.authentication.TestUtils.getRegisteredService(
                   "https://some.app.edu")),
           proxyGrantingTicket));
 }
示例#7
0
  @Test
  public void verifyEncodeDecodeTGTImpl() throws Exception {
    final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
    final AuthenticationBuilder bldr =
        new DefaultAuthenticationBuilder(
            new DefaultPrincipalFactory()
                .createPrincipal("user", Collections.unmodifiableMap(this.principalAttributes)));
    bldr.setAttributes(Collections.unmodifiableMap(this.principalAttributes));
    bldr.setAuthenticationDate(new DateTime());
    bldr.addCredential(new BasicCredentialMetaData(userPassCredential));
    bldr.addFailure("error", AccountNotFoundException.class);
    bldr.addSuccess(
        "authn",
        new DefaultHandlerResult(
            new AcceptUsersAuthenticationHandler(),
            new BasicCredentialMetaData(userPassCredential)));

    final TicketGrantingTicket parent =
        new TicketGrantingTicketImpl(
            TGT_ID,
            org.jasig.cas.authentication.TestUtils.getService(),
            null,
            bldr.build(),
            new NeverExpiresExpirationPolicy());

    final TicketGrantingTicket expectedTGT =
        new TicketGrantingTicketImpl(
            TGT_ID,
            org.jasig.cas.services.TestUtils.getService(),
            null,
            bldr.build(),
            new NeverExpiresExpirationPolicy());

    final ServiceTicket ticket =
        expectedTGT.grantServiceTicket(
            ST_ID,
            org.jasig.cas.services.TestUtils.getService(),
            new NeverExpiresExpirationPolicy(),
            false,
            true);
    CachedData result = transcoder.encode(expectedTGT);
    final TicketGrantingTicket resultTicket = (TicketGrantingTicket) transcoder.decode(result);

    assertEquals(expectedTGT, resultTicket);
    result = transcoder.encode(ticket);
    final ServiceTicket resultStTicket = (ServiceTicket) transcoder.decode(result);
    assertEquals(ticket, resultStTicket);
  }
  @Test
  public void verifyOKWithAuthorizationHeader() throws Exception {
    final Map<String, Object> map = new HashMap<>();
    map.put(NAME, VALUE);
    final List<String> list = Arrays.asList(VALUE, VALUE);
    map.put(NAME2, list);

    final Principal principal = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
    final Authentication authentication = new OAuthAuthentication(ZonedDateTime.now(), principal);
    final AccessTokenImpl accessToken =
        (AccessTokenImpl) accessTokenFactory.create(TestUtils.getService(), authentication);
    oAuth20ProfileController.getTicketRegistry().addTicket(accessToken);

    final MockHttpServletRequest mockRequest =
        new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.PROFILE_URL);
    mockRequest.addHeader("Authorization", OAuthConstants.BEARER_TOKEN + ' ' + accessToken.getId());
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
    assertEquals(200, mockResponse.getStatus());
    assertEquals(CONTENT_TYPE, mockResponse.getContentType());

    final ObjectMapper mapper = new ObjectMapper();

    final String expected =
        "{\"id\":\""
            + ID
            + "\",\"attributes\":[{\""
            + NAME
            + "\":\""
            + VALUE
            + "\"},{\""
            + NAME2
            + "\":[\""
            + VALUE
            + "\",\""
            + VALUE
            + "\"]}]}";
    final JsonNode expectedObj = mapper.readTree(expected);
    final JsonNode receivedObj = mapper.readTree(mockResponse.getContentAsString());
    assertEquals(expectedObj.get("id").asText(), receivedObj.get("id").asText());

    final JsonNode expectedAttributes = expectedObj.get("attributes");
    final JsonNode receivedAttributes = receivedObj.get("attributes");

    assertEquals(
        expectedAttributes.findValue(NAME).asText(), receivedAttributes.findValue(NAME).asText());
    assertEquals(expectedAttributes.findValues(NAME2), receivedAttributes.findValues(NAME2));
  }