Search in sources :

Example 66 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseValidThenAuthorizationRequestRemoved.

@Test
public void doFilterWhenAuthorizationResponseValidThenAuthorizationRequestRemoved() throws Exception {
    String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
    String state = "state";
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    request.addParameter(OAuth2ParameterNames.CODE, "code");
    request.addParameter(OAuth2ParameterNames.STATE, state);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.setUpAuthorizationRequest(request, response, this.registration2, state);
    this.setUpAuthenticationResult(this.registration2);
    this.filter.doFilter(request, response, filterChain);
    assertThat(this.authorizationRequestRepository.loadAuthorizationRequest(request)).isNull();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 67 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError.

// gh-5251
@Test
public void doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError() throws Exception {
    String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
    String state = "state";
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    request.addParameter(OAuth2ParameterNames.CODE, "code");
    request.addParameter(OAuth2ParameterNames.STATE, "state");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    // @formatter:off
    ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found").clientId("client-1").clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("{baseUrl}/login/oauth2/code/{registrationId}").scope("user").authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token").userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1").build();
    // @formatter:on
    this.setUpAuthorizationRequest(request, response, registrationNotFound, state);
    this.filter.doFilter(request, response, filterChain);
    ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
    verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
    assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
    OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
    assertThat(authenticationException.getError().getErrorCode()).isEqualTo("client_registration_not_found");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) AuthenticationException(org.springframework.security.core.AuthenticationException) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 68 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseInvalidThenInvalidRequestError.

@Test
public void doFilterWhenAuthorizationResponseInvalidThenInvalidRequestError() throws Exception {
    String requestUri = "/login/oauth2/code/" + this.registration1.getRegistrationId();
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    // NOTE:
    // A valid Authorization Response contains either a 'code' or 'error' parameter.
    // Don't set it to force an invalid Authorization Response.
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
    verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
    assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
    OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
    assertThat(authenticationException.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) AuthenticationException(org.springframework.security.core.AuthenticationException) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 69 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method doFilterWhenCustomFilterProcessesUrlThenFilterProcesses.

@Test
public void doFilterWhenCustomFilterProcessesUrlThenFilterProcesses() throws Exception {
    String filterProcessesUrl = "/login/oauth2/custom/*";
    this.filter = spy(new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, this.authorizedClientRepository, filterProcessesUrl));
    this.filter.setAuthenticationManager(this.authenticationManager);
    String requestUri = "/login/oauth2/custom/" + this.registration2.getRegistrationId();
    String state = "state";
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    request.addParameter(OAuth2ParameterNames.CODE, "code");
    request.addParameter(OAuth2ParameterNames.STATE, state);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.setUpAuthorizationRequest(request, response, this.registration2, state);
    this.setUpAuthenticationResult(this.registration2);
    this.filter.doFilter(request, response, filterChain);
    verifyZeroInteractions(filterChain);
    verify(this.filter).attemptAuthentication(any(HttpServletRequest.class), any(HttpServletResponse.class));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 70 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseHasDefaultPort443ThenRedirectUriMatchingExcludesPort.

// gh-5890
@Test
public void doFilterWhenAuthorizationResponseHasDefaultPort443ThenRedirectUriMatchingExcludesPort() throws Exception {
    String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
    String state = "state";
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setScheme("https");
    request.setServerName("example.com");
    request.setServerPort(443);
    request.setServletPath(requestUri);
    request.addParameter(OAuth2ParameterNames.CODE, "code");
    request.addParameter(OAuth2ParameterNames.STATE, "state");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.setUpAuthorizationRequest(request, response, this.registration2, state);
    this.setUpAuthenticationResult(this.registration2);
    this.filter.doFilter(request, response, filterChain);
    ArgumentCaptor<Authentication> authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class);
    verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture());
    OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor.getValue();
    OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange().getAuthorizationRequest();
    OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange().getAuthorizationResponse();
    String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2";
    assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri);
    assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) FilterChain(jakarta.servlet.FilterChain) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

FilterChain (jakarta.servlet.FilterChain)141 Test (org.junit.jupiter.api.Test)134 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)103 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)102 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)68 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)54 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)35 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)32 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)29 ServletRequest (jakarta.servlet.ServletRequest)25 ServletResponse (jakarta.servlet.ServletResponse)25 Authentication (org.springframework.security.core.Authentication)23 MockFilterChain (org.springframework.mock.web.MockFilterChain)20 ServletException (jakarta.servlet.ServletException)16 StandardCharsets (java.nio.charset.StandardCharsets)16 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)16 IOException (java.io.IOException)15 BeforeEach (org.junit.jupiter.api.BeforeEach)14 FileCopyUtils (org.springframework.util.FileCopyUtils)14 Arrays (java.util.Arrays)11