|
|
|
@ -16,8 +16,13 @@
|
|
|
|
******************************************************************************/
|
|
|
|
******************************************************************************/
|
|
|
|
package org.mitre.oauth2.service.impl;
|
|
|
|
package org.mitre.oauth2.service.impl;
|
|
|
|
|
|
|
|
|
|
|
|
import static org.hamcrest.CoreMatchers.*;
|
|
|
|
import static org.hamcrest.CoreMatchers.equalTo;
|
|
|
|
import static org.junit.Assert.*;
|
|
|
|
import static org.hamcrest.CoreMatchers.is;
|
|
|
|
|
|
|
|
import static org.hamcrest.CoreMatchers.notNullValue;
|
|
|
|
|
|
|
|
import static org.hamcrest.CoreMatchers.nullValue;
|
|
|
|
|
|
|
|
import static org.junit.Assert.assertThat;
|
|
|
|
|
|
|
|
import static org.junit.Assert.assertTrue;
|
|
|
|
|
|
|
|
import static org.junit.Assert.fail;
|
|
|
|
|
|
|
|
|
|
|
|
import java.util.Date;
|
|
|
|
import java.util.Date;
|
|
|
|
import java.util.Set;
|
|
|
|
import java.util.Set;
|
|
|
|
@ -38,6 +43,7 @@ import org.mockito.Mockito;
|
|
|
|
import org.mockito.runners.MockitoJUnitRunner;
|
|
|
|
import org.mockito.runners.MockitoJUnitRunner;
|
|
|
|
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
|
|
|
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
|
|
|
|
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
|
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
|
|
|
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
|
|
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
|
|
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
|
|
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
|
|
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
|
|
|
@ -310,8 +316,7 @@ public class TestDefaultOAuth2ProviderTokenService {
|
|
|
|
assertThat(token.getScope(), equalTo(lessScope));
|
|
|
|
assertThat(token.getScope(), equalTo(lessScope));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Note: attempt at upscoping may throw an exception in future implementation.
|
|
|
|
@Test(expected = InvalidScopeException.class)
|
|
|
|
@Test
|
|
|
|
|
|
|
|
public void refreshAccessToken_requestingMoreScope() {
|
|
|
|
public void refreshAccessToken_requestingMoreScope() {
|
|
|
|
|
|
|
|
|
|
|
|
Set<String> moreScope = Sets.newHashSet(storedScope);
|
|
|
|
Set<String> moreScope = Sets.newHashSet(storedScope);
|
|
|
|
@ -320,27 +325,21 @@ public class TestDefaultOAuth2ProviderTokenService {
|
|
|
|
|
|
|
|
|
|
|
|
Mockito.when(authRequest.getScope()).thenReturn(moreScope);
|
|
|
|
Mockito.when(authRequest.getScope()).thenReturn(moreScope);
|
|
|
|
|
|
|
|
|
|
|
|
OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, authRequest);
|
|
|
|
service.refreshAccessToken(refreshTokenValue, authRequest);
|
|
|
|
|
|
|
|
|
|
|
|
assertThat(token.getScope(), not(equalTo(moreScope)));
|
|
|
|
|
|
|
|
assertThat(token.getScope(), equalTo(storedScope));
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Tests the case where only some of the valid scope values are being requested along with
|
|
|
|
* Tests the case where only some of the valid scope values are being requested along with
|
|
|
|
* other extra unauthorized scope values.
|
|
|
|
* other extra unauthorized scope values.
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
@Test
|
|
|
|
@Test(expected = InvalidScopeException.class)
|
|
|
|
public void refreshAccessToken_requestingMixedScope() {
|
|
|
|
public void refreshAccessToken_requestingMixedScope() {
|
|
|
|
|
|
|
|
|
|
|
|
Set<String> mixedScope = Sets.newHashSet("openid", "profile", "address", "phone"); // no email or offline_access
|
|
|
|
Set<String> mixedScope = Sets.newHashSet("openid", "profile", "address", "phone"); // no email or offline_access
|
|
|
|
|
|
|
|
|
|
|
|
Mockito.when(authRequest.getScope()).thenReturn(mixedScope);
|
|
|
|
Mockito.when(authRequest.getScope()).thenReturn(mixedScope);
|
|
|
|
|
|
|
|
|
|
|
|
OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, authRequest);
|
|
|
|
service.refreshAccessToken(refreshTokenValue, authRequest);
|
|
|
|
|
|
|
|
|
|
|
|
// Current behavior is to simply return the set scope values stored in the initial authorization.
|
|
|
|
|
|
|
|
assertThat(token.getScope(), equalTo(storedScope));
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@Test
|
|
|
|
|
William Kim
12 years ago