Skip to content

Add request token with code example to DefaultAuthorizationServerApplicationTests #1976

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Add request token with code example to DefaultAuthorizationServerApplicationTests #1976

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 45 additions & 6 deletions ...-authorizationserver/src/test/java/sample/DefaultAuthorizationServerApplicationTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,6 @@
*/
package sample;

import java.io.IOException;

import org.htmlunit.Page;
import org.htmlunit.WebClient;
import org.htmlunit.WebResponse;
Expand All @@ -27,15 +25,23 @@
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.HttpStatus;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.web.util.UriComponentsBuilder;

import java.io.IOException;
import java.net.URL;

import static org.assertj.core.api.Assertions.assertThat;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

/**
* Integration tests for the sample Authorization Server.
Expand All @@ -59,12 +65,14 @@ public class DefaultAuthorizationServerApplicationTests {

@Autowired
private WebClient webClient;
@Autowired
private MockMvc mockMvc;

@BeforeEach
public void setUp() {
this.webClient.getOptions().setThrowExceptionOnFailingStatusCode(true);
this.webClient.getOptions().setRedirectEnabled(true);
this.webClient.getCookieManager().clearCookies(); // log out
this.webClient.getCookieManager().clearCookies(); // log out
}

@Test
Expand All @@ -75,7 +83,7 @@ public void whenLoginSuccessfulThenDisplayNotFoundError() throws IOException {

this.webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
WebResponse signInResponse = signIn(page, "user1", "password").getWebResponse();
assertThat(signInResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND.value()); // there is no "default" index page
assertThat(signInResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND.value()); // there is no "default" index page
}

@Test
Expand All @@ -97,7 +105,7 @@ public void whenNotLoggedInAndRequestingTokenThenRedirectsToLogin() throws IOExc
}

@Test
public void whenLoggingInAndRequestingTokenThenRedirectsToClientApplication() throws IOException {
public void whenLoggingInAndRequestingTokenThenRedirectsToClientApplication() throws Exception {
// Log in
this.webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
this.webClient.getOptions().setRedirectEnabled(false);
Expand All @@ -110,6 +118,37 @@ public void whenLoggingInAndRequestingTokenThenRedirectsToClientApplication() th
String location = response.getResponseHeaderValue("location");
assertThat(location).startsWith(REDIRECT_URI);
assertThat(location).contains("code=");


// ==============================================================================================
// The following token request should be performed by the client application,
// eg: a web application, a mobile app, etc.
// ==============================================================================================

// get code parameter value form location
String query = new URL(location).getQuery();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The purpose of this test is to ensure the Authorization Response (with code) is redirected back to the client application after sending the Authorization Request. The Access Token request is not meant to be used in this test.

String[] kAndV = query.split("&");
String code = null;
for (String kv : kAndV) {
if (kv.startsWith("code=")) {
code = kv.replace("code=", "");
break;
}
}
assertThat(code).isNotNull();

// Request token with code
mockMvc.perform(post("/oauth2/token")
// for OAuth2AuthorizationCodeAuthenticationConverter
.formField("grant_type", "authorization_code")
.formField("client_id", "messaging-client")
.formField("code", code)
.formField("redirect_uri", REDIRECT_URI)
// for BasicAuthenticationFilter
.with(httpBasic("messaging-client","secret")))
.andDo(print())
.andExpect(status().isOk())
.andExpect(jsonPath("$.access_token").exists());
}

private static <P extends Page> P signIn(HtmlPage page, String username, String password) throws IOException {
Expand Down