use of org.springframework.security.oauth2.provider.ServerRunning.UriBuilder in project spring-security-oauth by spring-projects.
the class AuthorizationCodeProviderTests method testInvalidScopeInAuthorizationRequest.
@Test
public void testInvalidScopeInAuthorizationRequest() throws Exception {
// Need to use the client with a redirect because "my-less-trusted-client" has no registered scopes
String cookie = loginAndGrabCookie();
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_HTML));
headers.set("Cookie", cookie);
String scope = "bogus";
String redirectUri = "http://anywhere?key=value";
String clientId = "my-client-with-registered-redirect";
UriBuilder uri = serverRunning.buildUri("/sparklr2/oauth/authorize").queryParam("response_type", "code").queryParam("state", "mystateid").queryParam("scope", scope);
if (clientId != null) {
uri.queryParam("client_id", clientId);
}
if (redirectUri != null) {
uri.queryParam("redirect_uri", redirectUri);
}
ResponseEntity<String> response = serverRunning.getForString(uri.pattern(), headers, uri.params());
assertEquals(HttpStatus.FOUND, response.getStatusCode());
String location = response.getHeaders().getLocation().toString();
assertTrue(location.startsWith("http://anywhere"));
assertTrue(location.contains("error=invalid_scope"));
assertFalse(location.contains("redirect_uri="));
}
use of org.springframework.security.oauth2.provider.ServerRunning.UriBuilder in project spring-security by spring-projects.
the class DefaultOAuth2AuthorizationRequestResolverTests method resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter.
@Test
public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() {
ClientRegistration clientRegistration = this.oidcRegistration;
String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId();
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
request.setServletPath(requestUri);
this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> {
uriBuilder.queryParam("param1", "value1");
return uriBuilder.build();
}));
OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=openid&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1");
}
use of org.springframework.security.oauth2.provider.ServerRunning.UriBuilder in project spring-security by spring-projects.
the class OAuth2ClientSpecTests method oauth2ClientWhenCustomObjectsThenUsed.
@Test
public void oauth2ClientWhenCustomObjectsThenUsed() {
this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, AuthorizedClientController.class).autowire();
OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class);
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
ServerRequestCache requestCache = config.requestCache;
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().redirectUri("/authorize/oauth2/code/registration-id").build();
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().redirectUri("/authorize/oauth2/code/registration-id").build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(this.registration, authorizationExchange, accessToken);
given(authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(authorizationRequest));
given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
given(manager.authenticate(any())).willReturn(Mono.just(result));
given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
// @formatter:off
this.client.get().uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id").queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state").build()).exchange().expectStatus().is3xxRedirection();
// @formatter:on
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(requestCache).getRedirectUri(any());
}
use of org.springframework.security.oauth2.provider.ServerRunning.UriBuilder in project spring-security by spring-projects.
the class OAuth2ClientSpecTests method oauth2ClientWhenCustomObjectsInLambdaThenUsed.
@Test
public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() {
this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, AuthorizedClientController.class).autowire();
OAuth2ClientInLambdaCustomConfig config = this.spring.getContext().getBean(OAuth2ClientInLambdaCustomConfig.class);
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = config.authorizationRequestRepository;
ServerRequestCache requestCache = config.requestCache;
OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().redirectUri("/authorize/oauth2/code/registration-id").build();
OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().redirectUri("/authorize/oauth2/code/registration-id").build();
OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken(this.registration, authorizationExchange, accessToken);
given(authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(authorizationRequest));
given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
given(manager.authenticate(any())).willReturn(Mono.just(result));
given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request")));
// @formatter:off
this.client.get().uri((uriBuilder) -> uriBuilder.path("/authorize/oauth2/code/registration-id").queryParam(OAuth2ParameterNames.CODE, "code").queryParam(OAuth2ParameterNames.STATE, "state").build()).exchange().expectStatus().is3xxRedirection();
// @formatter:on
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(requestCache).getRedirectUri(any());
}
use of org.springframework.security.oauth2.provider.ServerRunning.UriBuilder in project spring-security by spring-projects.
the class DefaultServerOAuth2AuthorizationRequestResolverTests method resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter.
@Test
public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() {
given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build()));
this.resolver.setAuthorizationRequestCustomizer((customizer) -> customizer.authorizationRequestUri((uriBuilder) -> {
uriBuilder.queryParam("param1", "value1");
return uriBuilder.build();
}));
OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id");
assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1");
}
Aggregations