From 650dbdb074fa781e8c6444b83b19ba062f50dafb Mon Sep 17 00:00:00 2001
From: Dusan Jakub <dusan.jakub@ysoft.com>
Date: Mon, 18 Sep 2023 15:50:08 +0200
Subject: [PATCH] test of Auth Code Grant flow

---
 pom.xml                                       |  2 +-
 .../java/com/ysoft/geecon/dto/AuthParams.java |  2 +-
 .../com/ysoft/geecon/AuthCodeGrantTest.java   | 93 +++++++++++++++++++
 3 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100644 src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java

diff --git a/pom.xml b/pom.xml
index 020bd3f..11a5ce6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -67,7 +67,7 @@
     <dependency>
       <groupId>org.jsoup</groupId>
       <artifactId>jsoup</artifactId>
-      <version>1.10.2</version>
+      <version>1.15.4</version>
     </dependency>
   </dependencies>
   <build>
diff --git a/src/main/java/com/ysoft/geecon/dto/AuthParams.java b/src/main/java/com/ysoft/geecon/dto/AuthParams.java
index 3c1c630..927fd4a 100644
--- a/src/main/java/com/ysoft/geecon/dto/AuthParams.java
+++ b/src/main/java/com/ysoft/geecon/dto/AuthParams.java
@@ -7,7 +7,7 @@ import java.util.List;
 
 public class AuthParams {
     public List<ResponseType> getResponseTypes() {
-        return responseType == null ? List.of() : Arrays.stream(responseType.split(" "))
+        return responseType == null ? List.of(ResponseType.code) : Arrays.stream(responseType.split(" "))
                 .map(ResponseType::valueOf)
                 .toList();
     }
diff --git a/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java b/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
new file mode 100644
index 0000000..0cec71e
--- /dev/null
+++ b/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
@@ -0,0 +1,93 @@
+package com.ysoft.geecon;
+
+import com.ysoft.geecon.dto.OAuthClient;
+import com.ysoft.geecon.dto.User;
+import com.ysoft.geecon.repo.ClientsRepo;
+import com.ysoft.geecon.repo.UsersRepo;
+import io.quarkus.test.common.http.TestHTTPResource;
+import io.quarkus.test.junit.QuarkusTest;
+import jakarta.inject.Inject;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.utils.URLEncodedUtils;
+import org.jsoup.Connection;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.nodes.FormElement;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.io.IOException;
+import java.net.URI;
+import java.nio.charset.Charset;
+import java.util.Map;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import static io.restassured.RestAssured.given;
+import static io.restassured.http.ContentType.JSON;
+import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+@QuarkusTest
+public class AuthCodeGrantTest {
+    @Inject
+    ClientsRepo clientsRepo;
+    @Inject
+    UsersRepo usersRepo;
+
+    @TestHTTPResource("auth")
+    String authUrl;
+
+    @BeforeEach
+    void beforeAll() {
+        clientsRepo.register(new OAuthClient("myclient", "", null, "https://myserver:8888/success"));
+        usersRepo.register(new User("bob", "password"));
+    }
+
+    @Test
+    public void authCodeGrant() throws IOException {
+        String state = "test state is not random";
+        FormElement login = Jsoup.connect(authUrl)
+                .data("client_id", "myclient")
+                .data("redirect_uri", "https://myserver:8888/success")
+                .data("state", state)
+                .data("scope", "scope1 scope2")
+                .get().forms().get(0);
+        login.getElementsByAttributeValue("name", "username").val("bob");
+        login.getElementsByAttributeValue("name", "password").val("password");
+
+        Document consentsDoc = login.submit().post();
+        FormElement consents = consentsDoc.expectForm("form");
+
+        consents.expectFirst("input[name=scope][value=scope1]");
+        consents.expectFirst("input[name=scope][value=scope2]");
+
+        Document success = consents.submit().followRedirects(false).post();
+        Connection.Response response = success.connection().response();
+        assertThat(response.statusCode(), is(303));
+        assertThat(response.header("location"), startsWith("https://myserver:8888/success"));
+
+        URI location = URI.create(Objects.requireNonNull(response.header("location")));
+        Map<String, String> query = URLEncodedUtils.parse(location.getQuery(), Charset.defaultCharset())
+                .stream().collect(Collectors.toMap(NameValuePair::getName, NameValuePair::getValue));
+
+        assertThat(query.get("state"), is(state));
+        assertThat(query.get("code"), is(notNullValue()));
+
+        given()
+                .formParam("grant_type", "authorization_code")
+                .formParam("client_id", "myclient")
+                .formParam("redirect_uri", "https://myserver:8888/success")
+                .formParam("code", query.get("code"))
+                .when()
+                .post("/auth/token")
+                .then()
+                .statusCode(200)
+                .contentType(JSON)
+                .body("token_type", is("Bearer"))
+                .body("expires_in", is(notNullValue()))
+                .body("access_token", is(notNullValue()))
+                .body("refresh_token", is(notNullValue()));
+    }
+
+}
\ No newline at end of file