github-mirrors/oauth-playground-server
1
0
Fork 0
mirror of https://github.com/ysoftdevs/oauth-playground-server.git synced 2026-01-18 17:47:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor tests

Browse Source
This commit is contained in:
Dusan Jakub
2023-09-19 22:18:08 +02:00
parent 507242b4ca
commit 24159f7dcb
2 changed files with 66 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
View File

@@ -12,7 +12,6 @@ import com.ysoft.geecon.repo.UsersRepo;
import io.quarkus.test.common.http.TestHTTPResource;
import io.quarkus.test.junit.QuarkusTest;
import jakarta.inject.Inject;
import org.jsoup.Connection;
import org.jsoup.nodes.Document;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@@ -43,14 +42,15 @@ public class AuthCodeGrantTest {
@Test
public void authCodeGrant() throws IOException {
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT);
LoginScreen loginScreen = flow.start(Map.of("scope", "scope1 scope2"));
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT)
.scope("scope1 scope2");
LoginScreen loginScreen = flow.start().expectLogin();
ConsentScreen consentScreen = loginScreen.submit("bob", "password").expectSuccess();
assertThat(consentScreen.getScopes(), is(List.of("scope1", "scope2")));
Document submit = consentScreen.submit();
flow.parseAndValidateRedirect(submit.connection().response());
flow.expectSuccessfulRedirect(submit.connection().response());
assertThat(flow.getCode(), is(notNullValue()));
assertThat(flow.getAccessToken(), is(nullValue()));
@@ -61,37 +61,41 @@ public class AuthCodeGrantTest {
@Test
public void authCodeGrant_invalidResponseType() throws IOException {
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT);
Connection.Response response = flow.startExpectError(Map.of("response_type", ""));
Map<String, String> query = flow.parseAndValidateRedirectError(response);
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT)
.param("response_type", "");
Map<String, String> query = flow.start().expectErrorRedirect();
assertThat(query.get("error"), is(ErrorResponse.Error.unsupported_response_type.name()));
}
@Test
public void implicitGrant() throws IOException {
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT);
LoginScreen loginScreen = flow.start(Map.of("response_type", "token", "scope", "scope1 scope2"));
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT)
.param("response_type", "token")
.scope("scope1 scope2");
LoginScreen loginScreen = flow.start().expectLogin();
ConsentScreen consentScreen = loginScreen.submit("bob", "password").expectSuccess();
assertThat(consentScreen.getScopes(), is(List.of("scope1", "scope2")));
Document submit = consentScreen.submit();
flow.parseAndValidateRedirect(submit.connection().response());
flow.expectSuccessfulRedirect(submit.connection().response());
assertThat(flow.getAccessToken(), is(notNullValue()));
}
@Test
public void authCodeGrantWithPkce() throws IOException {
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT);
flow.setPkce("PnRLncOTibrwxaBmBYm4QC89u0m4mz518sk1WFKjxnc", "bbb");
LoginScreen loginScreen = flow.start(Map.of("scope", "scope1 scope2"));
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT)
.pkce("PnRLncOTibrwxaBmBYm4QC89u0m4mz518sk1WFKjxnc", "bbb")
.scope("scope1 scope2");
LoginScreen loginScreen = flow.start().expectLogin();
ConsentScreen consentScreen = loginScreen.submit("bob", "password").expectSuccess();
assertThat(consentScreen.getScopes(), is(List.of("scope1", "scope2")));
Document submit = consentScreen.submit();
flow.parseAndValidateRedirect(submit.connection().response());
flow.expectSuccessfulRedirect(submit.connection().response());
assertThat(flow.getCode(), is(notNullValue()));
assertThat(flow.getAccessToken(), is(nullValue()));

96
src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java
View File

@@ -28,66 +28,56 @@ public class AuthorizationCodeFlow {
private String accessToken;
private String idToken;
private Map<String, String> query;
public AuthorizationCodeFlow(String authUrl, OAuthClient client) {
this.authUrl = authUrl;
this.client = client;
query = new HashMap<>();
query.put("client_id", client.clientId());
query.put("redirect_uri", client.redirectUri());
query.put("state", state);
}
public LoginScreen start(Map<String, String> additionalData) throws IOException {
var data = defaultQuery();
if (additionalData != null) {
data.putAll(additionalData);
}
public AuthorizationCodeFlow param(String key, String value) {
query.put(key, value);
return this;
}
Document login = Jsoup.connect(authUrl)
.data(data)
public Result start() throws IOException {
Document document = Jsoup.connect(authUrl)
.followRedirects(false)
.data(query)
.get();
return new LoginScreen(login);
return new Result() {
@Override
public LoginScreen expectLogin() {
return new LoginScreen(document);
}
@Override
public Map<String, String> expectErrorRedirect() {
var response = document.connection().response();
Map<String, String> query = expectRedirect(response);
assertThat(query.get("error"), is(notNullValue()));
assertThat(query.get("error_description"), is(notNullValue()));
return query;
}
};
}
public Connection.Response startExpectError(Map<String, String> additionalData) throws IOException {
var data = defaultQuery();
if (additionalData != null) {
data.putAll(additionalData);
}
return Jsoup.connect(authUrl)
.followRedirects(false)
.data(data)
.get()
.connection()
.response();
}
private Map<String, String> defaultQuery() {
var map = new HashMap<String, String>();
map.put("client_id", client.clientId());
map.put("redirect_uri", client.redirectUri());
map.put("state", state);
if (codeChallenge != null) {
map.put("code_challenge", codeChallenge);
map.put("code_challenge_method", "S256");
}
return map;
}
public void parseAndValidateRedirect(Connection.Response response) {
assertThat(response.statusCode(), is(303));
assertThat(response.header("location"), startsWith(client.redirectUri()));
URI location = URI.create(Objects.requireNonNull(response.header("location")));
Map<String, String> query = URLEncodedUtils.parse(location.getQuery(), Charset.defaultCharset())
.stream().collect(Collectors.toMap(NameValuePair::getName, NameValuePair::getValue));
assertThat(query.get("state"), is(state));
public void expectSuccessfulRedirect(Connection.Response response) {
Map<String, String> query = expectRedirect(response);
code = query.get("code");
accessToken = query.get("access_token");
idToken = query.get("id_token");
}
public Map<String, String> parseAndValidateRedirectError(Connection.Response response) {
private Map<String, String> expectRedirect(Connection.Response response) {
assertThat(response.statusCode(), is(303));
assertThat(response.header("location"), startsWith(client.redirectUri()));
@@ -96,8 +86,6 @@ public class AuthorizationCodeFlow {
.stream().collect(Collectors.toMap(NameValuePair::getName, NameValuePair::getValue));
assertThat(query.get("state"), is(state));
assertThat(query.get("error"), is(notNullValue()));
assertThat(query.get("error_description"), is(notNullValue()));
return query;
}
@@ -121,8 +109,20 @@ public class AuthorizationCodeFlow {
return idToken;
}
public void setPkce(String codeChallenge, String codeVerifier) {
this.codeChallenge = codeChallenge;
public AuthorizationCodeFlow pkce(String codeChallenge, String codeVerifier) {
query.put("code_challenge", codeChallenge);
query.put("code_challenge_method", "S256");
this.codeVerifier = codeVerifier;
return this;
}
public AuthorizationCodeFlow scope(String scope) {
return param("scope", scope);
}
public interface Result {
LoginScreen expectLogin();
Map<String, String> expectErrorRedirect();
}
}