Search in sources :

Example 16 with OrcidOAuth2Authentication

use of org.orcid.core.oauth.OrcidOAuth2Authentication in project ORCID-Source by ORCID.

the class OauthRegistrationControllerTest method testStripHtmlFromNames.

@SuppressWarnings("unchecked")
@Test
public void testStripHtmlFromNames() throws UnsupportedEncodingException {
    HttpSession session = mock(HttpSession.class);
    RequestInfoForm rf = new RequestInfoForm();
    RedirectView mv = new RedirectView();
    when(servletRequest.getSession()).thenReturn(session);
    when(servletRequest.getSession().getAttribute("requestInfoForm")).thenReturn(rf);
    when(authorizationEndpoint.approveOrDeny(Matchers.anyMap(), Matchers.anyMap(), Matchers.any(SessionStatus.class), Matchers.any(Principal.class))).thenReturn(mv);
    when(authenticationManager.authenticate(Matchers.any(Authentication.class))).thenAnswer(new Answer<Authentication>() {

        @Override
        public Authentication answer(InvocationOnMock invocation) throws Throwable {
            OrcidOAuth2Authentication mockedAuthentication = mock(OrcidOAuth2Authentication.class);
            return mockedAuthentication;
        }
    });
    Text email = Text.valueOf(System.currentTimeMillis() + "@test.orcid.org");
    OauthRegistrationForm reg = new OauthRegistrationForm();
    org.orcid.pojo.ajaxForm.Visibility fv = new org.orcid.pojo.ajaxForm.Visibility();
    fv.setVisibility(org.orcid.jaxb.model.v3.dev1.common.Visibility.PUBLIC);
    reg.setActivitiesVisibilityDefault(fv);
    reg.setEmail(email);
    reg.setEmailConfirm(email);
    reg.setFamilyNames(Text.valueOf("<button onclick=\"alert('hello')\">Family Name</button>"));
    reg.setGivenNames(Text.valueOf("<button onclick=\"alert('hello')\">Given Names</button>"));
    reg.setPassword(Text.valueOf("1234abcd"));
    reg.setPasswordConfirm(Text.valueOf("1234abcd"));
    reg.setValNumClient(2L);
    reg.setValNumServer(4L);
    reg.setApproved(true);
    Checkbox c = new Checkbox();
    c.setValue(true);
    reg.setTermsOfUse(c);
    reg.setCreationType(Text.valueOf(CreationMethod.DIRECT.value()));
    reg.setPersistentTokenEnabled(true);
    oauthRegistrationController.registerAndAuthorize(servletRequest, servletResponse, reg);
    ArgumentCaptor<HttpServletRequest> argument1 = ArgumentCaptor.forClass(HttpServletRequest.class);
    ArgumentCaptor<Registration> argument2 = ArgumentCaptor.forClass(Registration.class);
    ArgumentCaptor<Boolean> argument3 = ArgumentCaptor.forClass(Boolean.class);
    ArgumentCaptor<Locale> argument4 = ArgumentCaptor.forClass(Locale.class);
    ArgumentCaptor<String> argument5 = ArgumentCaptor.forClass(String.class);
    verify(registrationController).createMinimalRegistration(argument1.capture(), argument2.capture(), argument3.capture(), argument4.capture(), argument5.capture());
    assertNotNull(argument2.getValue());
    Registration registration = argument2.getValue();
    assertEquals(email.getValue(), registration.getEmail().getValue());
    assertEquals("Given Names", registration.getGivenNames().getValue());
    assertEquals("Family Name", registration.getFamilyNames().getValue());
}
Also used : Locale(java.util.Locale) HttpServletRequest(javax.servlet.http.HttpServletRequest) OauthRegistrationForm(org.orcid.pojo.ajaxForm.OauthRegistrationForm) Checkbox(org.orcid.pojo.ajaxForm.Checkbox) Registration(org.orcid.pojo.ajaxForm.Registration) SessionStatus(org.springframework.web.bind.support.SessionStatus) RequestInfoForm(org.orcid.pojo.ajaxForm.RequestInfoForm) HttpSession(javax.servlet.http.HttpSession) Text(org.orcid.pojo.ajaxForm.Text) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) Authentication(org.springframework.security.core.Authentication) InvocationOnMock(org.mockito.invocation.InvocationOnMock) RedirectView(org.springframework.web.servlet.view.RedirectView) Principal(java.security.Principal) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Aggregations

OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)16 HashSet (java.util.HashSet)11 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)10 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)9 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)8 Test (org.junit.Test)7 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)7 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)7 DBUnitTest (org.orcid.test.DBUnitTest)6 GrantedAuthority (org.springframework.security.core.GrantedAuthority)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)6 OrcidOauth2UserAuthentication (org.orcid.core.oauth.OrcidOauth2UserAuthentication)5 OrcidMessage (org.orcid.jaxb.model.message.OrcidMessage)5 Authentication (org.springframework.security.core.Authentication)5 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)5 Transactional (org.springframework.transaction.annotation.Transactional)5 Rollback (org.springframework.test.annotation.Rollback)4 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)3 Date (java.util.Date)2 Visibility (org.orcid.jaxb.model.message.Visibility)2