github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add new tests which asserts that `user_id` should not be present in the introspection response if there's no user authentication available

pull/1079/merge
Sofia Ang 2016-10-25 16:12:11 +08:00 committed by Justin Richer
parent 52da5e769a
commit bb6bb81dbc
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
View File

@ -178,6 +178,31 @@ public class TestDefaultIntrospectionResultAssembler {
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
oauth2Authentication(oauth2Request("clientId"), null));
Set<String> authScopes = scopes("foo", "bar", "baz");
// when
Map<String, Object> result = assembler.assembleFrom(accessToken, null, authScopes);
// then `user_id` should not be present
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "clientId")
.put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("scope", "bar foo")
.put("active", Boolean.TRUE)
.put("client_id", "clientId")
.put("token_type", "Bearer")
.build();
assertThat(result, is(equalTo(expected)));
}
@Test @Test
public void shouldAssembleExpectedResultForRefreshToken() throws ParseException { public void shouldAssembleExpectedResultForRefreshToken() throws ParseException {
@ -258,6 +283,30 @@ public class TestDefaultIntrospectionResultAssembler {
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
@Test
public void shouldAssembleExpectedResultForRefreshTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
oauth2Authentication(oauth2Request("clientId", scopes("foo", "bar")), null));
Set<String> authScopes = scopes("foo", "bar", "baz");
// when
Map<String, Object> result = assembler.assembleFrom(refreshToken, null, authScopes);
// then `user_id` should not be present
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "clientId")
.put("scope", "bar foo")
.put("active", Boolean.TRUE)
.put("client_id", "clientId")
.build();
assertThat(result, is(equalTo(expected)));
}
private UserInfo userInfo(String sub) { private UserInfo userInfo(String sub) {
UserInfo userInfo = mock(UserInfo.class); UserInfo userInfo = mock(UserInfo.class);
given(userInfo.getSub()).willReturn(sub); given(userInfo.getSub()).willReturn(sub);