fixed unit tests affected by scope service changes

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java

@@ -110,7 +110,7 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 			client = generateClientId(client);
 		}
 
-		// for refresh tokens, ensure consistency between grant types and tokens
+		// make sure that clients with the "refresh_token" grant type have the "offline_access" scope, and vice versa
 		ensureRefreshTokenConsistency(client);
 
 		// timestamp this to right now

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -166,7 +166,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 			token.setAuthenticationHolder(authHolder);
 
 			// attach a refresh token, if this client is allowed to request them and the user gets the offline scope
-			if (client.isAllowRefresh() && scopes.contains(SystemScopeService.OFFLINE_ACCESS)) {
+			if (client.isAllowRefresh() && token.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) {
 				OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
 				JWTClaimsSet refreshClaims = new JWTClaimsSet();
 

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java

@@ -29,6 +29,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.repository.OAuth2ClientRepository;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.oauth2.service.SystemScopeService;
@@ -37,6 +38,7 @@ import org.mitre.openid.connect.service.ApprovedSiteService;
 import org.mitre.openid.connect.service.BlacklistedSiteService;
 import org.mitre.openid.connect.service.StatsService;
 import org.mitre.openid.connect.service.WhitelistedSiteService;
+import org.mockito.AdditionalAnswers;
 import org.mockito.InjectMocks;
 import org.mockito.Matchers;
 import org.mockito.Mock;
@@ -99,14 +101,35 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 			}
 		});
 
-		Mockito.when(scopeService.removeRestrictedAndReservedScopes(Matchers.anySet())).thenAnswer(new Answer<Set<String>>() {
+		Mockito.when(scopeService.fromStrings(Matchers.anySet())).thenAnswer(new Answer<Set<SystemScope>>() {
+			@Override
+			public Set<SystemScope> answer(InvocationOnMock invocation) throws Throwable {
+				Object[] args = invocation.getArguments();
+				Set<String> input = (Set<String>) args[0];
+				Set<SystemScope> output = new HashSet<>();
+				for (String scope : input) {
+					output.add(new SystemScope(scope));
+				}
+				return output;
+			}
+		});
+		
+		Mockito.when(scopeService.toStrings(Matchers.anySet())).thenAnswer(new Answer<Set<String>>() {
 			@Override
 			public Set<String> answer(InvocationOnMock invocation) throws Throwable {
 				Object[] args = invocation.getArguments();
-				return (Set<String>) args[0];
+				Set<SystemScope> input = (Set<SystemScope>) args[0];
+				Set<String> output = new HashSet<>();
+				for (SystemScope scope : input) {
+					output.add(scope.getValue());
+				}
+				return output;
 			}
 		});
 		
+		// we're not testing reserved scopes here, just pass through when it's called
+		Mockito.when(scopeService.removeReservedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg());
+
 	}
 
 	/**
@@ -117,7 +140,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 
 		// Set up a mock client.
 		ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
-		Mockito.when(client.getId()).thenReturn(12345L); // doesn't matter what id it returns
+		Mockito.when(client.getId()).thenReturn(12345L); // any non-null ID will work
 
 		service.saveNewClient(client);
 	}

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java

@@ -25,6 +25,7 @@ import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import java.util.Date;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.junit.Before;
@@ -34,6 +35,7 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.repository.AuthenticationHolderRepository;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
@@ -144,6 +146,34 @@ public class TestDefaultOAuth2ProviderTokenService {
 
 		Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(storedAuthHolder);
 
+		Mockito.when(scopeService.fromStrings(Matchers.anySet())).thenAnswer(new Answer<Set<SystemScope>>() {
+			@Override
+			public Set<SystemScope> answer(InvocationOnMock invocation) throws Throwable {
+				Object[] args = invocation.getArguments();
+				Set<String> input = (Set<String>) args[0];
+				Set<SystemScope> output = new HashSet<>();
+				for (String scope : input) {
+					output.add(new SystemScope(scope));
+				}
+				return output;
+			}
+		});
+		
+		Mockito.when(scopeService.toStrings(Matchers.anySet())).thenAnswer(new Answer<Set<String>>() {
+			@Override
+			public Set<String> answer(InvocationOnMock invocation) throws Throwable {
+				Object[] args = invocation.getArguments();
+				Set<SystemScope> input = (Set<SystemScope>) args[0];
+				Set<String> output = new HashSet<>();
+				for (SystemScope scope : input) {
+					output.add(scope.getValue());
+				}
+				return output;
+			}
+		});
+
+		// we're not testing restricted or reserved scopes here, just pass through
+		Mockito.when(scopeService.removeReservedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg());
 		Mockito.when(scopeService.removeRestrictedAndReservedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg());
 
 		Mockito.when(tokenEnhancer.enhance(Matchers.any(OAuth2AccessTokenEntity.class), Matchers.any(OAuth2Authentication.class)))