From bb6bb81dbcfc8c1d835c437bedaa70e51f2e966f Mon Sep 17 00:00:00 2001
From: Sofia Ang <sofia.ang@paymaya.com>
Date: Tue, 25 Oct 2016 16:12:11 +0800
Subject: [PATCH] Add new tests which asserts that `user_id` should not be
 present in the introspection response if there's no user authentication
 available

---
 ...stDefaultIntrospectionResultAssembler.java | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
index c4e1e1ce9..aa754592a 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
@@ -178,6 +178,31 @@ public class TestDefaultIntrospectionResultAssembler {
 		assertThat(result, is(equalTo(expected)));
 	}
 
+	@Test
+    public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
+        // given
+        OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
+                oauth2Authentication(oauth2Request("clientId"), null));
+
+        Set<String> authScopes = scopes("foo", "bar", "baz");
+
+        // when
+        Map<String, Object> result = assembler.assembleFrom(accessToken, null, authScopes);
+
+
+        // then `user_id` should not be present
+        Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
+                .put("sub", "clientId")
+                .put("exp", 123L)
+                .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
+                .put("scope", "bar foo")
+                .put("active", Boolean.TRUE)
+                .put("client_id", "clientId")
+                .put("token_type", "Bearer")
+                .build();
+        assertThat(result, is(equalTo(expected)));
+    }
+
 	@Test
 	public void shouldAssembleExpectedResultForRefreshToken() throws ParseException {
 
@@ -258,6 +283,30 @@ public class TestDefaultIntrospectionResultAssembler {
 		assertThat(result, is(equalTo(expected)));
 	}
 
+    @Test
+    public void shouldAssembleExpectedResultForRefreshTokenWithoutUserAuthentication() throws ParseException {
+        // given
+        OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
+                oauth2Authentication(oauth2Request("clientId", scopes("foo",  "bar")), null));
+
+        Set<String> authScopes = scopes("foo", "bar", "baz");
+
+        // when
+        Map<String, Object> result = assembler.assembleFrom(refreshToken, null, authScopes);
+
+
+        // then `user_id` should not be present
+        Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
+                .put("sub", "clientId")
+                .put("scope", "bar foo")
+                .put("active", Boolean.TRUE)
+                .put("client_id", "clientId")
+                .build();
+        assertThat(result, is(equalTo(expected)));
+    }
+
+
+
 	private UserInfo userInfo(String sub) {
 		UserInfo userInfo = mock(UserInfo.class);
 		given(userInfo.getSub()).willReturn(sub);