use of org.apereo.cas.ticket.code.OAuth20DefaultCode in project cas by apereo.
the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationPlainWithSecretTransmittedByFormAuthn.
@Test
public void verifyAuthenticationPlainWithSecretTransmittedByFormAuthn() throws Exception {
val credentials = new UsernamePasswordCredentials("client", "ABCD123");
val request = new MockHttpServletRequest();
ticketRegistry.addTicket(new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), "ABCD123", "plain", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE));
request.addParameter(OAuth20Constants.CLIENT_ID, "client");
request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
request.addParameter(OAuth20Constants.CLIENT_SECRET, "secret");
request.addParameter(OAuth20Constants.CODE, "CODE-1234567890");
val ctx = new JEEContext(request, new MockHttpServletResponse());
authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
assertNotNull(credentials.getUserProfile());
assertEquals("client", credentials.getUserProfile().getId());
}
use of org.apereo.cas.ticket.code.OAuth20DefaultCode in project cas by apereo.
the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationHashedWithSecretTransmittedByFormAuthn.
@Test
public void verifyAuthenticationHashedWithSecretTransmittedByFormAuthn() throws Exception {
val hash = EncodingUtils.encodeUrlSafeBase64(DigestUtils.rawDigestSha256("ABCD123"));
val credentials = new UsernamePasswordCredentials("client", "ABCD123");
val request = new MockHttpServletRequest();
val ticket = new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), hash, "s256", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
ticketRegistry.addTicket(ticket);
request.addParameter(OAuth20Constants.CLIENT_ID, "client");
request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
request.addParameter(OAuth20Constants.CLIENT_SECRET, "secret");
request.addParameter(OAuth20Constants.CODE, ticket.getId());
val ctx = new JEEContext(request, new MockHttpServletResponse());
authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
assertNotNull(credentials.getUserProfile());
assertEquals("client", credentials.getUserProfile().getId());
}
use of org.apereo.cas.ticket.code.OAuth20DefaultCode in project cas by apereo.
the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationHashedWithSecretTransmittedByBasicFormAuthn.
@Test
public void verifyAuthenticationHashedWithSecretTransmittedByBasicFormAuthn() throws Exception {
val hash = EncodingUtils.encodeUrlSafeBase64(DigestUtils.rawDigestSha256("ABCD123"));
val credentials = new UsernamePasswordCredentials("client", "ABCD123");
val request = new MockHttpServletRequest();
val ticket = new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), hash, "s256", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
ticketRegistry.addTicket(ticket);
request.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("client:secret"));
request.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("client:secret"));
request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
request.addParameter(OAuth20Constants.CODE, ticket.getId());
val ctx = new JEEContext(request, new MockHttpServletResponse());
authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
assertNotNull(credentials.getUserProfile());
assertEquals("client", credentials.getUserProfile().getId());
}
Aggregations