use of org.springframework.web.servlet.View in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testAuthorizationCodeWithTrickyEncodedQueryParams.
@Test
public void testAuthorizationCodeWithTrickyEncodedQueryParams() throws Exception {
endpoint.setAuthorizationCodeServices(new StubAuthorizationCodeServices());
model.put("authorizationRequest", getAuthorizationRequest("foo", "http://anywhere.com/path?foo=b%20%3D&bar=f%20$", null, null, Collections.singleton("code")));
View result = endpoint.approveOrDeny(Collections.singletonMap(OAuth2Utils.USER_OAUTH_APPROVAL, "true"), model, sessionStatus, principal);
assertEquals("http://anywhere.com/path?foo=b%20%3D&bar=f%20$&code=thecode", ((RedirectView) result).getUrl());
}
use of org.springframework.web.servlet.View in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testApproveOrDeny.
@Test
public void testApproveOrDeny() throws Exception {
AuthorizationRequest request = getAuthorizationRequest("foo", "http://anywhere.com", null, null, Collections.singleton("code"));
request.setApproved(true);
Map<String, String> approvalParameters = new HashMap<String, String>();
approvalParameters.put("user_oauth_approval", "true");
model.put("authorizationRequest", request);
View result = endpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal);
assertTrue("Wrong view: " + result, ((RedirectView) result).getUrl().startsWith("http://anywhere.com"));
}
use of org.springframework.web.servlet.View in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testAuthorizationCodeWithTrickyQueryParams.
@Test
public void testAuthorizationCodeWithTrickyQueryParams() throws Exception {
endpoint.setAuthorizationCodeServices(new StubAuthorizationCodeServices());
model.put("authorizationRequest", getAuthorizationRequest("foo", "http://anywhere.com?foo=b =&bar=f $", null, null, Collections.singleton("code")));
View result = endpoint.approveOrDeny(Collections.singletonMap(OAuth2Utils.USER_OAUTH_APPROVAL, "true"), model, sessionStatus, principal);
String url = ((RedirectView) result).getUrl();
assertEquals("http://anywhere.com?foo=b%20=&bar=f%20$&code=thecode", url);
MultiValueMap<String, String> params = UriComponentsBuilder.fromHttpUrl(url).build().getQueryParams();
assertEquals("[b%20=]", params.get("foo").toString());
assertEquals("[f%20$]", params.get("bar").toString());
}
use of org.springframework.web.servlet.View in project cas by apereo.
the class OAuth20AuthorizeControllerTests method verifyCodeRedirectToClientWithState.
@Test
public void verifyCodeRedirectToClientWithState() throws Exception {
clearAllServices();
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.AUTHORIZE_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.RESPONSE_TYPE, OAuth20ResponseTypes.CODE.name().toLowerCase());
mockRequest.setServerName(CAS_SERVER);
mockRequest.setServerPort(CAS_PORT);
mockRequest.setScheme(CAS_SCHEME);
mockRequest.setParameter(OAuthConstants.STATE, STATE);
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
final OAuthRegisteredService service = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
service.setBypassApprovalPrompt(true);
oAuth20AuthorizeEndpointController.getServicesManager().save(service);
final CasProfile profile = new CasProfile();
profile.setId(ID);
final Map<String, Object> attributes = new HashMap<>();
attributes.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
attributes.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
profile.addAttributes(attributes);
final MockHttpSession session = new MockHttpSession();
mockRequest.setSession(session);
session.putValue(Pac4jConstants.USER_PROFILES, profile);
final ModelAndView modelAndView = oAuth20AuthorizeEndpointController.handleRequestInternal(mockRequest, mockResponse);
final View view = modelAndView.getView();
assertTrue(view instanceof RedirectView);
final RedirectView redirectView = (RedirectView) view;
final String redirectUrl = redirectView.getUrl();
assertTrue(redirectUrl.startsWith(REDIRECT_URI + "?code=OC-"));
final String code = StringUtils.substringBefore(StringUtils.substringAfter(redirectUrl, "?code="), "&state=");
final OAuthCode oAuthCode = (OAuthCode) oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(code);
assertNotNull(oAuthCode);
final Principal principal = oAuthCode.getAuthentication().getPrincipal();
assertEquals(ID, principal.getId());
final Map<String, Object> principalAttributes = principal.getAttributes();
assertEquals(attributes.size(), principalAttributes.size());
assertEquals(FIRST_NAME, principalAttributes.get(FIRST_NAME_ATTRIBUTE));
}
use of org.springframework.web.servlet.View in project cas by apereo.
the class OAuth20AuthorizeControllerTests method verifyTokenRedirectToClientWithState.
@Test
public void verifyTokenRedirectToClientWithState() throws Exception {
clearAllServices();
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.AUTHORIZE_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.RESPONSE_TYPE, OAuth20ResponseTypes.TOKEN.name().toLowerCase());
mockRequest.setServerName(CAS_SERVER);
mockRequest.setServerPort(CAS_PORT);
mockRequest.setScheme(CAS_SCHEME);
mockRequest.setParameter(OAuthConstants.STATE, STATE);
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
final OAuthRegisteredService service = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
service.setBypassApprovalPrompt(true);
oAuth20AuthorizeEndpointController.getServicesManager().save(service);
final CasProfile profile = new CasProfile();
profile.setId(ID);
final Map<String, Object> attributes = new HashMap<>();
attributes.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
attributes.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
profile.addAttributes(attributes);
final MockHttpSession session = new MockHttpSession();
mockRequest.setSession(session);
session.putValue(Pac4jConstants.USER_PROFILES, profile);
final ModelAndView modelAndView = oAuth20AuthorizeEndpointController.handleRequestInternal(mockRequest, mockResponse);
final View view = modelAndView.getView();
assertTrue(view instanceof RedirectView);
final RedirectView redirectView = (RedirectView) view;
final String redirectUrl = redirectView.getUrl();
assertTrue(redirectUrl.startsWith(REDIRECT_URI + "#access_token="));
assertTrue(redirectUrl.contains('&' + OAuthConstants.STATE + '=' + STATE));
final String code = StringUtils.substringBetween(redirectUrl, "#access_token=", "&token_type=bearer");
final AccessToken accessToken = (AccessToken) oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(code);
assertNotNull(accessToken);
final Principal principal = accessToken.getAuthentication().getPrincipal();
assertEquals(ID, principal.getId());
final Map<String, Object> principalAttributes = principal.getAttributes();
assertEquals(attributes.size(), principalAttributes.size());
assertEquals(FIRST_NAME, principalAttributes.get(FIRST_NAME_ATTRIBUTE));
}
Aggregations