use of org.apereo.cas.ticket.code.OAuthCode in project cas by apereo.
the class OAuth20AccessTokenControllerTests method verifyClientWrongSecret.
@Test
public void verifyClientWrongSecret() throws Exception {
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, WRONG_CLIENT_SECRET);
mockRequest.setParameter(OAuthConstants.GRANT_TYPE, OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
final Principal principal = createPrincipal();
final RegisteredService service = addRegisteredService();
final OAuthCode code = addCode(principal, service);
mockRequest.setParameter(OAuthConstants.CODE, code.getId());
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
oAuth20AccessTokenController.handleRequestInternal(mockRequest, mockResponse);
assertEquals(HttpStatus.SC_UNAUTHORIZED, mockResponse.getStatus());
assertEquals(ERROR_EQUALS + OAuthConstants.INVALID_REQUEST, mockResponse.getContentAsString());
}
Aggregations