diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index f52d33945d..965b89d098 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -43,6 +43,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResp import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; @@ -51,6 +52,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; +import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.web.util.UriComponents; @@ -74,10 +76,11 @@ import static org.mockito.Mockito.when; /** * Integration tests for the OAuth 2.0 client filters {@link OAuth2AuthorizationRequestRedirectFilter} - * and {@link OAuth2LoginAuthenticationFilter}. - * These filters work together to realize the Authorization Code Grant flow. + * and {@link OAuth2LoginAuthenticationFilter}. These filters work together to realize + * OAuth 2.0 Login leveraging the Authorization Code Grant flow. * * @author Joe Grandja + * @since 5.0 */ @RunWith(SpringRunner.class) @SpringBootTest @@ -92,18 +95,9 @@ public class OAuth2LoginApplicationTests { @Autowired private ClientRegistrationRepository clientRegistrationRepository; - private ClientRegistration googleClientRegistration; - private ClientRegistration githubClientRegistration; - private ClientRegistration facebookClientRegistration; - private ClientRegistration oktaClientRegistration; - @Before public void setup() { this.webClient.getCookieManager().clearCookies(); - this.googleClientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); - this.githubClientRegistration = this.clientRegistrationRepository.findByRegistrationId("github"); - this.facebookClientRegistration = this.clientRegistrationRepository.findByRegistrationId("facebook"); - this.oktaClientRegistration = this.clientRegistrationRepository.findByRegistrationId("okta"); } @Test @@ -122,7 +116,9 @@ public class OAuth2LoginApplicationTests { public void requestAuthorizeGitHubClientWhenLinkClickedThenStatusRedirectForAuthorization() throws Exception { HtmlPage page = this.webClient.getPage("/"); - HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, this.githubClientRegistration); + ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("github"); + + HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, clientRegistration); assertThat(clientAnchorElement).isNotNull(); WebResponse response = this.followLinkDisableRedirects(clientAnchorElement); @@ -135,16 +131,16 @@ public class OAuth2LoginApplicationTests { UriComponents uriComponents = UriComponentsBuilder.fromUri(URI.create(authorizeRedirectUri)).build(); String requestUri = uriComponents.getScheme() + "://" + uriComponents.getHost() + uriComponents.getPath(); - assertThat(requestUri).isEqualTo(this.githubClientRegistration.getProviderDetails().getAuthorizationUri().toString()); + assertThat(requestUri).isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri()); Map params = uriComponents.getQueryParams().toSingleValueMap(); assertThat(params.get(OAuth2ParameterNames.RESPONSE_TYPE)).isEqualTo(OAuth2AuthorizationResponseType.CODE.getValue()); - assertThat(params.get(OAuth2ParameterNames.CLIENT_ID)).isEqualTo(this.githubClientRegistration.getClientId()); - String redirectUri = AUTHORIZE_BASE_URL + "/" + this.githubClientRegistration.getRegistrationId(); + assertThat(params.get(OAuth2ParameterNames.CLIENT_ID)).isEqualTo(clientRegistration.getClientId()); + String redirectUri = AUTHORIZE_BASE_URL + "/" + clientRegistration.getRegistrationId(); assertThat(URLDecoder.decode(params.get(OAuth2ParameterNames.REDIRECT_URI), "UTF-8")).isEqualTo(redirectUri); assertThat(URLDecoder.decode(params.get(OAuth2ParameterNames.SCOPE), "UTF-8")) - .isEqualTo(this.githubClientRegistration.getScopes().stream().collect(Collectors.joining(" "))); + .isEqualTo(clientRegistration.getScopes().stream().collect(Collectors.joining(" "))); assertThat(params.get(OAuth2ParameterNames.STATE)).isNotNull(); } @@ -152,7 +148,9 @@ public class OAuth2LoginApplicationTests { public void requestAuthorizeClientWhenInvalidClientThenStatusBadRequest() throws Exception { HtmlPage page = this.webClient.getPage("/"); - HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, this.googleClientRegistration); + ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); + + HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, clientRegistration); assertThat(clientAnchorElement).isNotNull(); clientAnchorElement.setAttribute("href", clientAnchorElement.getHrefAttribute() + "-invalid"); @@ -170,7 +168,9 @@ public class OAuth2LoginApplicationTests { public void requestAuthorizationCodeGrantWhenValidAuthorizationResponseThenDisplayIndexPage() throws Exception { HtmlPage page = this.webClient.getPage("/"); - HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, this.githubClientRegistration); + ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("github"); + + HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, clientRegistration); assertThat(clientAnchorElement).isNotNull(); WebResponse response = this.followLinkDisableRedirects(clientAnchorElement); @@ -199,9 +199,11 @@ public class OAuth2LoginApplicationTests { URL loginPageUrl = page.getBaseURL(); URL loginErrorPageUrl = new URL(loginPageUrl.toString() + "?error"); + ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); + String code = "auth-code"; String state = "state"; - String redirectUri = AUTHORIZE_BASE_URL + "/" + this.googleClientRegistration.getRegistrationId(); + String redirectUri = AUTHORIZE_BASE_URL + "/" + clientRegistration.getRegistrationId(); String authorizationResponseUri = UriComponentsBuilder.fromHttpUrl(redirectUri) @@ -227,13 +229,15 @@ public class OAuth2LoginApplicationTests { URL loginPageUrl = page.getBaseURL(); URL loginErrorPageUrl = new URL(loginPageUrl.toString() + "?error"); - HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, this.googleClientRegistration); + ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); + + HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, clientRegistration); assertThat(clientAnchorElement).isNotNull(); this.followLinkDisableRedirects(clientAnchorElement); String code = "auth-code"; String state = "invalid-state"; - String redirectUri = AUTHORIZE_BASE_URL + "/" + this.githubClientRegistration.getRegistrationId(); + String redirectUri = AUTHORIZE_BASE_URL + "/" + clientRegistration.getRegistrationId(); String authorizationResponseUri = UriComponentsBuilder.fromHttpUrl(redirectUri) @@ -255,7 +259,9 @@ public class OAuth2LoginApplicationTests { URL loginPageUrl = page.getBaseURL(); URL loginErrorPageUrl = new URL(loginPageUrl.toString() + "?error"); - HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, this.googleClientRegistration); + ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); + + HtmlAnchor clientAnchorElement = this.getClientAnchorElement(page, clientRegistration); assertThat(clientAnchorElement).isNotNull(); WebResponse response = this.followLinkDisableRedirects(clientAnchorElement); @@ -291,21 +297,26 @@ public class OAuth2LoginApplicationTests { List clientAnchorElements = page.getAnchors(); assertThat(clientAnchorElements.size()).isEqualTo(expectedClients); + ClientRegistration googleClientRegistration = this.clientRegistrationRepository.findByRegistrationId("google"); + ClientRegistration githubClientRegistration = this.clientRegistrationRepository.findByRegistrationId("github"); + ClientRegistration facebookClientRegistration = this.clientRegistrationRepository.findByRegistrationId("facebook"); + ClientRegistration oktaClientRegistration = this.clientRegistrationRepository.findByRegistrationId("okta"); + String baseAuthorizeUri = AUTHORIZATION_BASE_URI + "/"; - String googleClientAuthorizeUri = baseAuthorizeUri + this.googleClientRegistration.getRegistrationId(); - String githubClientAuthorizeUri = baseAuthorizeUri + this.githubClientRegistration.getRegistrationId(); - String facebookClientAuthorizeUri = baseAuthorizeUri + this.facebookClientRegistration.getRegistrationId(); - String oktaClientAuthorizeUri = baseAuthorizeUri + this.oktaClientRegistration.getRegistrationId(); + String googleClientAuthorizeUri = baseAuthorizeUri + googleClientRegistration.getRegistrationId(); + String githubClientAuthorizeUri = baseAuthorizeUri + githubClientRegistration.getRegistrationId(); + String facebookClientAuthorizeUri = baseAuthorizeUri + facebookClientRegistration.getRegistrationId(); + String oktaClientAuthorizeUri = baseAuthorizeUri + oktaClientRegistration.getRegistrationId(); for (int i=0; i clientAnchorElement = page.getAnchors().stream() .filter(e -> e.asText().equals(clientRegistration.getClientName())).findFirst(); - return (clientAnchorElement.isPresent() ? clientAnchorElement.get() : null); + return (clientAnchorElement.orElse(null)); } private WebResponse followLinkDisableRedirects(HtmlAnchor anchorElement) throws Exception { @@ -353,7 +364,7 @@ public class OAuth2LoginApplicationTests { .accessTokenResponseClient(this.mockAccessTokenResponseClient()) .and() .userInfoEndpoint() - .userService(this.mockUserInfoService()); + .userService(this.mockUserService()); } // @formatter:on @@ -363,12 +374,12 @@ public class OAuth2LoginApplicationTests { .expiresIn(60 * 1000) .build(); - OAuth2AccessTokenResponseClient mock = mock(OAuth2AccessTokenResponseClient.class); - when(mock.getTokenResponse(any())).thenReturn(accessTokenResponse); - return mock; + OAuth2AccessTokenResponseClient tokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); + when(tokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse); + return tokenResponseClient; } - private OAuth2UserService mockUserInfoService() { + private OAuth2UserService mockUserService() { Map attributes = new HashMap<>(); attributes.put("id", "joeg"); attributes.put("first-name", "Joe"); @@ -381,9 +392,9 @@ public class OAuth2LoginApplicationTests { DefaultOAuth2User user = new DefaultOAuth2User(authorities, attributes, "email"); - OAuth2UserService mock = mock(OAuth2UserService.class); - when(mock.loadUser(any())).thenReturn(user); - return mock; + OAuth2UserService userService = mock(OAuth2UserService.class); + when(userService.loadUser(any())).thenReturn(user); + return userService; } }