Examples with OAuthCode org.apereo.cas.ticket.code.OAuthCode used on opensource projects

Search in sources :

Example 6 with OAuthCode

use of org.apereo.cas.ticket.code.OAuthCode in project cas by apereo.

the class OAuth20AccessTokenControllerTests method internalVerifyClientOK.

private void internalVerifyClientOK(final RegisteredService service, final boolean basicAuth, final boolean refreshToken, final boolean json) throws Exception {
    final Principal principal = createPrincipal();
    final OAuthCode code = addCode(principal, service);
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.GRANT_TYPE, OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
    if (basicAuth) {
        final String auth = CLIENT_ID + ':' + CLIENT_SECRET;
        final String value = Base64.encodeBase64String(auth.getBytes(StandardCharsets.UTF_8));
        mockRequest.addHeader(HttpConstants.AUTHORIZATION_HEADER, HttpConstants.BASIC_HEADER_PREFIX + value);
    } else {
        mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
        mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    }
    mockRequest.setParameter(OAuthConstants.CODE, code.getId());
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
    oAuth20AccessTokenController.handleRequestInternal(mockRequest, mockResponse);
    assertNull(oAuth20AccessTokenController.getTicketRegistry().getTicket(code.getId()));
    assertEquals(HttpStatus.SC_OK, mockResponse.getStatus());
    final String body = mockResponse.getContentAsString();
    final String accessTokenId;
    if (json) {
        assertEquals(MediaType.APPLICATION_JSON_VALUE, mockResponse.getContentType());
        assertTrue(body.contains('"' + OAuthConstants.ACCESS_TOKEN + "\":\"AT-"));
        if (refreshToken) {
            assertTrue(body.contains('"' + OAuthConstants.REFRESH_TOKEN + "\":\"RT-"));
        }
        assertTrue(body.contains('"' + OAuthConstants.EXPIRES_IN + "\":7"));
        accessTokenId = StringUtils.substringBetween(body, OAuthConstants.ACCESS_TOKEN + "\":\"", "\",\"");
    } else {
        assertEquals(MediaType.TEXT_PLAIN_VALUE, mockResponse.getContentType());
        assertTrue(body.contains(OAuthConstants.ACCESS_TOKEN + "=AT-"));
        if (refreshToken) {
            assertTrue(body.contains(OAuthConstants.REFRESH_TOKEN + "=RT-"));
        }
        assertTrue(body.contains(OAuthConstants.EXPIRES_IN + '='));
        accessTokenId = StringUtils.substringBetween(body, OAuthConstants.ACCESS_TOKEN + '=', "&");
    }
    final AccessToken accessToken = oAuth20AccessTokenController.getTicketRegistry().getTicket(accessTokenId, AccessToken.class);
    assertEquals(principal, accessToken.getAuthentication().getPrincipal());
    final int timeLeft = getTimeLeft(body, refreshToken, json);
    assertTrue(timeLeft >= TIMEOUT - 10 - DELTA);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AccessToken(org.apereo.cas.ticket.accesstoken.AccessToken) OAuthCode(org.apereo.cas.ticket.code.OAuthCode) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 7 with OAuthCode

use of org.apereo.cas.ticket.code.OAuthCode in project cas by apereo.

the class OAuth20AccessTokenControllerTests method verifyClientBadAuthorizationCode.

@Test
public void verifyClientBadAuthorizationCode() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.GRANT_TYPE, "badValue");
    final Principal principal = createPrincipal();
    final RegisteredService service = addRegisteredService();
    final OAuthCode code = addCode(principal, service);
    mockRequest.setParameter(OAuthConstants.CODE, code.getId());
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
    oAuth20AccessTokenController.handleRequestInternal(mockRequest, mockResponse);
    assertEquals(HttpStatus.SC_BAD_REQUEST, mockResponse.getStatus());
    assertEquals(ERROR_EQUALS + OAuthConstants.INVALID_REQUEST, mockResponse.getContentAsString());
}
Also used : OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) OAuthCode(org.apereo.cas.ticket.code.OAuthCode) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 8 with OAuthCode

use of org.apereo.cas.ticket.code.OAuthCode in project cas by apereo.

the class OAuth20AccessTokenControllerTests method verifyClientNoClientId.

@Test
public void verifyClientNoClientId() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.GRANT_TYPE, OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
    final Principal principal = createPrincipal();
    final RegisteredService service = addRegisteredService();
    final OAuthCode code = addCode(principal, service);
    mockRequest.setParameter(OAuthConstants.CODE, code.getId());
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
    oAuth20AccessTokenController.handleRequestInternal(mockRequest, mockResponse);
    assertEquals(HttpStatus.SC_UNAUTHORIZED, mockResponse.getStatus());
    assertEquals(ERROR_EQUALS + OAuthConstants.INVALID_REQUEST, mockResponse.getContentAsString());
}
Also used : OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) OAuthCode(org.apereo.cas.ticket.code.OAuthCode) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 9 with OAuthCode

use of org.apereo.cas.ticket.code.OAuthCode in project cas by apereo.

the class OAuth20AccessTokenControllerTests method verifyClientNoRedirectUri.

@Test
public void verifyClientNoRedirectUri() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.GRANT_TYPE, OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
    final Principal principal = createPrincipal();
    final RegisteredService service = addRegisteredService();
    final OAuthCode code = addCode(principal, service);
    mockRequest.setParameter(OAuthConstants.CODE, code.getId());
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
    oAuth20AccessTokenController.handleRequestInternal(mockRequest, mockResponse);
    assertEquals(HttpStatus.SC_BAD_REQUEST, mockResponse.getStatus());
    assertEquals(ERROR_EQUALS + OAuthConstants.INVALID_REQUEST, mockResponse.getContentAsString());
}
Also used : OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) OAuthCode(org.apereo.cas.ticket.code.OAuthCode) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 10 with OAuthCode

use of org.apereo.cas.ticket.code.OAuthCode in project cas by apereo.

the class OAuth20AccessTokenControllerTests method verifyClientExpiredCode.

@Test
public void verifyClientExpiredCode() throws Exception {
    final RegisteredService registeredService = getRegisteredService(REDIRECT_URI, CLIENT_SECRET);
    servicesManager.save(registeredService);
    final Map<String, Object> map = new HashMap<>();
    map.put(NAME, VALUE);
    final List<String> list = Arrays.asList(VALUE, VALUE);
    map.put(NAME2, list);
    final Principal principal = CoreAuthenticationTestUtils.getPrincipal(ID, map);
    final Authentication authentication = getAuthentication(principal);
    final DefaultOAuthCodeFactory expiringOAuthCodeFactory = new DefaultOAuthCodeFactory(new AlwaysExpiresExpirationPolicy());
    final WebApplicationServiceFactory factory = new WebApplicationServiceFactory();
    final Service service = factory.createService(registeredService.getServiceId());
    final OAuthCode code = expiringOAuthCodeFactory.create(service, authentication);
    oAuth20AccessTokenController.getTicketRegistry().addTicket(code);
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.CODE, code.getId());
    mockRequest.setParameter(OAuthConstants.GRANT_TYPE, OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
    servicesManager.save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
    oAuth20AccessTokenController.handleRequestInternal(mockRequest, mockResponse);
    assertEquals(HttpStatus.SC_BAD_REQUEST, mockResponse.getStatus());
    assertEquals(ERROR_EQUALS + OAuthConstants.INVALID_GRANT, mockResponse.getContentAsString());
}
Also used : OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) AlwaysExpiresExpirationPolicy(org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy) OAuthCode(org.apereo.cas.ticket.code.OAuthCode) Authentication(org.apereo.cas.authentication.Authentication) WebApplicationServiceFactory(org.apereo.cas.authentication.principal.WebApplicationServiceFactory) DefaultOAuthCodeFactory(org.apereo.cas.ticket.code.DefaultOAuthCodeFactory) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

OAuthCode (org.apereo.cas.ticket.code.OAuthCode)16 Principal (org.apereo.cas.authentication.principal.Principal)13 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)13 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)13 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)13 Test (org.junit.Test)12 RegisteredService (org.apereo.cas.services.RegisteredService)10 HashMap (java.util.HashMap)4 CasProfile (org.pac4j.cas.profile.CasProfile)3 MockHttpSession (org.springframework.mock.web.MockHttpSession)3 ModelAndView (org.springframework.web.servlet.ModelAndView)3 View (org.springframework.web.servlet.View)3 RedirectView (org.springframework.web.servlet.view.RedirectView)3 Authentication (org.apereo.cas.authentication.Authentication)2 Service (org.apereo.cas.authentication.principal.Service)2 WebApplicationServiceFactory (org.apereo.cas.authentication.principal.WebApplicationServiceFactory)2 OAuthToken (org.apereo.cas.ticket.OAuthToken)1 AccessToken (org.apereo.cas.ticket.accesstoken.AccessToken)1 DefaultOAuthCodeFactory (org.apereo.cas.ticket.code.DefaultOAuthCodeFactory)1 RefreshToken (org.apereo.cas.ticket.refreshtoken.RefreshToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial