Search in sources :

Example 1 with OrcidOauth2ClientAuthentication

use of org.orcid.core.oauth.OrcidOauth2ClientAuthentication in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method testReissuedAccessTokenHasUpdatedExpiration.

@Test
public void testReissuedAccessTokenHasUpdatedExpiration() throws InterruptedException {
    Date earliestExpiry = oneHoursTime();
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date latestExpiry = oneHoursTime();
    assertNotNull(oauth2AccessToken);
    assertFalse(oauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(oauth2AccessToken.getExpiration().after(latestExpiry));
    Thread.sleep(1000);
    earliestExpiry = oneHoursTime();
    OAuth2AccessToken reissuedOauth2AccessToken = tokenServices.createAccessToken(authentication);
    latestExpiry = oneHoursTime();
    assertNotNull(reissuedOauth2AccessToken);
    assertFalse(reissuedOauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(reissuedOauth2AccessToken.getExpiration().after(latestExpiry));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 2 with OrcidOauth2ClientAuthentication

use of org.orcid.core.oauth.OrcidOauth2ClientAuthentication in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method tokenExpireIn20YearsTest.

/**
     * Check that the token created with a persistent code will expire within 20 years
     * */
@Test
public void tokenExpireIn20YearsTest() throws InterruptedException {
    Date in20years = twentyYearsTime();
    Thread.sleep(2000);
    Map<String, String> requestParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    requestParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    requestParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    requestParameters.put("code", "code1");
    requestParameters.put(OrcidOauth2Constants.IS_PERSISTENT, "true");
    OAuth2Request request = new OAuth2Request(requestParameters, clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date tokenExpiration = oauth2AccessToken.getExpiration();
    //The token expires in 20 years
    assertFalse(in20years.after(tokenExpiration));
    in20years = twentyYearsTime();
    //Confirm the token expires in 20 years
    assertFalse(tokenExpiration.after(in20years));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 3 with OrcidOauth2ClientAuthentication

use of org.orcid.core.oauth.OrcidOauth2ClientAuthentication in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method testCreateAddWorkAccessToken.

@Test
public void testCreateAddWorkAccessToken() {
    Date earliestExpiry = oneHoursTime();
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date latestExpiry = oneHoursTime();
    assertNotNull(oauth2AccessToken);
    assertFalse(oauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(oauth2AccessToken.getExpiration().after(latestExpiry));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 4 with OrcidOauth2ClientAuthentication

use of org.orcid.core.oauth.OrcidOauth2ClientAuthentication in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method testCreateReadLimitedAccessToken.

@Test
public void testCreateReadLimitedAccessToken() {
    Date earliestExpiry = oneHoursTime();
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-profile/read-limited");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date latestExpiry = oneHoursTime();
    assertNotNull(oauth2AccessToken);
    assertFalse(oauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(oauth2AccessToken.getExpiration().after(latestExpiry));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 5 with OrcidOauth2ClientAuthentication

use of org.orcid.core.oauth.OrcidOauth2ClientAuthentication in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method tokenExpireInAnHourTest.

/**
     * Check that the token created with a non persistent code will expire within an hour 
     * */
@Test
public void tokenExpireInAnHourTest() throws InterruptedException {
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    authorizationParameters.put("code", "code2");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date tokenExpiration = oauth2AccessToken.getExpiration();
    Thread.sleep(2000);
    //The token expires in less than one hour
    assertFalse(tokenExpiration.after(oneHoursTime()));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Aggregations

Date (java.util.Date)5 HashMap (java.util.HashMap)5 Test (org.junit.Test)5 OrcidOauth2ClientAuthentication (org.orcid.core.oauth.OrcidOauth2ClientAuthentication)5 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)5 DBUnitTest (org.orcid.test.DBUnitTest)5 Authentication (org.springframework.security.core.Authentication)5 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)5 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)5