Search in sources :

Example 6 with OAuth20DefaultCode

use of org.apereo.cas.ticket.code.OAuth20DefaultCode in project cas by apereo.

the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationPlainWithSecretTransmittedByFormAuthn.

@Test
public void verifyAuthenticationPlainWithSecretTransmittedByFormAuthn() throws Exception {
    val credentials = new UsernamePasswordCredentials("client", "ABCD123");
    val request = new MockHttpServletRequest();
    ticketRegistry.addTicket(new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), "ABCD123", "plain", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE));
    request.addParameter(OAuth20Constants.CLIENT_ID, "client");
    request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
    request.addParameter(OAuth20Constants.CLIENT_SECRET, "secret");
    request.addParameter(OAuth20Constants.CODE, "CODE-1234567890");
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
    assertEquals("client", credentials.getUserProfile().getId());
}
Also used : lombok.val(lombok.val) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy) ArrayList(java.util.ArrayList) JEEContext(org.pac4j.core.context.JEEContext) OAuth20DefaultCode(org.apereo.cas.ticket.code.OAuth20DefaultCode) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Example 7 with OAuth20DefaultCode

use of org.apereo.cas.ticket.code.OAuth20DefaultCode in project cas by apereo.

the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationHashedWithSecretTransmittedByFormAuthn.

@Test
public void verifyAuthenticationHashedWithSecretTransmittedByFormAuthn() throws Exception {
    val hash = EncodingUtils.encodeUrlSafeBase64(DigestUtils.rawDigestSha256("ABCD123"));
    val credentials = new UsernamePasswordCredentials("client", "ABCD123");
    val request = new MockHttpServletRequest();
    val ticket = new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), hash, "s256", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
    ticketRegistry.addTicket(ticket);
    request.addParameter(OAuth20Constants.CLIENT_ID, "client");
    request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
    request.addParameter(OAuth20Constants.CLIENT_SECRET, "secret");
    request.addParameter(OAuth20Constants.CODE, ticket.getId());
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
    assertEquals("client", credentials.getUserProfile().getId());
}
Also used : lombok.val(lombok.val) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy) JEEContext(org.pac4j.core.context.JEEContext) OAuth20DefaultCode(org.apereo.cas.ticket.code.OAuth20DefaultCode) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Example 8 with OAuth20DefaultCode

use of org.apereo.cas.ticket.code.OAuth20DefaultCode in project cas by apereo.

the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationHashedWithSecretTransmittedByBasicFormAuthn.

@Test
public void verifyAuthenticationHashedWithSecretTransmittedByBasicFormAuthn() throws Exception {
    val hash = EncodingUtils.encodeUrlSafeBase64(DigestUtils.rawDigestSha256("ABCD123"));
    val credentials = new UsernamePasswordCredentials("client", "ABCD123");
    val request = new MockHttpServletRequest();
    val ticket = new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), hash, "s256", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
    ticketRegistry.addTicket(ticket);
    request.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("client:secret"));
    request.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("client:secret"));
    request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
    request.addParameter(OAuth20Constants.CODE, ticket.getId());
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
    assertEquals("client", credentials.getUserProfile().getId());
}
Also used : lombok.val(lombok.val) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy) JEEContext(org.pac4j.core.context.JEEContext) OAuth20DefaultCode(org.apereo.cas.ticket.code.OAuth20DefaultCode) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Aggregations

lombok.val (lombok.val)8 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)8 OAuth20DefaultCode (org.apereo.cas.ticket.code.OAuth20DefaultCode)8 HardTimeoutExpirationPolicy (org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy)8 Test (org.junit.jupiter.api.Test)8 JEEContext (org.pac4j.core.context.JEEContext)8 UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)8 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)8 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3