From dc51af5b83a422592b5a9b3b715512c2035401ed Mon Sep 17 00:00:00 2001 From: William Kim Date: Thu, 20 Jun 2013 14:14:11 -0400 Subject: [PATCH] removed testing builder inner class from DefaultOAuth2ProviderTokenService. Also, added more unit tests. --- .../DefaultOAuth2ProviderTokenService.java | 38 ------- ...TestDefaultOAuth2ProviderTokenService.java | 102 +++++++++++++++++- 2 files changed, 99 insertions(+), 41 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index e3f37b4f2..0a3b67380 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -336,44 +336,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi } } - /** - * Get a builder object for this class (for tests) - * @return - */ - public static DefaultOAuth2ProviderTokenServicesBuilder makeBuilder() { - return new DefaultOAuth2ProviderTokenServicesBuilder(); - } - - /** - * Builder class for test harnesses. - */ - public static class DefaultOAuth2ProviderTokenServicesBuilder { - private DefaultOAuth2ProviderTokenService instance; - - private DefaultOAuth2ProviderTokenServicesBuilder() { - instance = new DefaultOAuth2ProviderTokenService(); - } - - public DefaultOAuth2ProviderTokenServicesBuilder setTokenRepository(OAuth2TokenRepository tokenRepository) { - instance.tokenRepository = tokenRepository; - return this; - } - - public DefaultOAuth2ProviderTokenServicesBuilder setClientDetailsService(ClientDetailsEntityService clientDetailsService) { - instance.clientDetailsService = clientDetailsService; - return this; - } - - public DefaultOAuth2ProviderTokenServicesBuilder setTokenEnhancer(TokenEnhancer tokenEnhancer) { - instance.tokenEnhancer = tokenEnhancer; - return this; - } - - public OAuth2TokenEntityService finish() { - return instance; - } - } - /* (non-Javadoc) * @see org.mitre.oauth2.service.OAuth2TokenEntityService#saveAccessToken(org.mitre.oauth2.model.OAuth2AccessTokenEntity) */ diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java index 1c6c494f3..a1e2e9744 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java @@ -16,18 +16,31 @@ ******************************************************************************/ package org.mitre.oauth2.service.impl; +import static org.hamcrest.CoreMatchers.*; import static org.junit.Assert.*; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.mitre.oauth2.model.AuthenticationHolderEntity; +import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.oauth2.model.OAuth2AccessTokenEntity; +import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.repository.OAuth2TokenRepository; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mockito.InjectMocks; import org.mockito.Mock; +import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; +import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; +import org.springframework.security.oauth2.common.exceptions.InvalidClientException; +import org.springframework.security.oauth2.provider.AuthorizationRequest; +import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.token.TokenEnhancer; +import com.google.common.collect.Sets; + /** * @author wkim * @@ -35,6 +48,10 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancer; @RunWith(MockitoJUnitRunner.class) public class TestDefaultOAuth2ProviderTokenService { + // Test Fixture: + private OAuth2Authentication authentication; + private ClientDetailsEntity client; + @Mock private OAuth2TokenRepository tokenRepository; @@ -50,9 +67,88 @@ public class TestDefaultOAuth2ProviderTokenService { @InjectMocks private DefaultOAuth2ProviderTokenService service; - @Test - public void test() { - fail("Not yet implemented"); + /** + * Set up a mock authentication and mock client to work with. + */ + @Before + public void prepare() { + Mockito.reset(tokenRepository, authenticationHolderRepository, clientDetailsService, tokenEnhancer); + + authentication = Mockito.mock(OAuth2Authentication.class); + Mockito.when(authentication.getAuthorizationRequest()).thenReturn(Mockito.mock(AuthorizationRequest.class)); + + client = Mockito.mock(ClientDetailsEntity.class); + Mockito.when(clientDetailsService.loadClientByClientId(Mockito.anyString())).thenReturn(client); } + /** + * Tests exception handling for null authentication or null authorization. + */ + @Test + public void createAccessToken_nullAuth() { + + Mockito.when(authentication.getAuthorizationRequest()).thenReturn(null); + + try { + service.createAccessToken(null); + fail("Authentication parameter is null. Excpected a AuthenticationCredentialsNotFoundException."); + } catch (AuthenticationCredentialsNotFoundException e) { + assertThat(e, is(notNullValue())); + } + + try { + service.createAccessToken(authentication); + fail("AuthorizationRequest is null. Excpected a AuthenticationCredentialsNotFoundException."); + } catch (AuthenticationCredentialsNotFoundException e) { + assertThat(e, is(notNullValue())); + } + } + + /** + * Tests exception handling for clients not found. + */ + @Test(expected = InvalidClientException.class) + public void createAccessToken_nullClient() { + + Mockito.when(clientDetailsService.loadClientByClientId(Mockito.anyString())).thenReturn(null); + + service.createAccessToken(authentication); + } + + /** + * Tests the creation of access tokens for clients that are not allowed to have refresh tokens. + */ + @Test + public void createAccessToken_noRefresh() { + + OAuth2AccessTokenEntity token = service.createAccessToken(authentication); + + Mockito.verify(clientDetailsService).loadClientByClientId(Mockito.anyString()); + Mockito.verify(authenticationHolderRepository).save(Mockito.any(AuthenticationHolderEntity.class)); + Mockito.verify(tokenEnhancer).enhance(token, authentication); + Mockito.verify(tokenRepository).saveAccessToken(token); + + Mockito.verify(tokenRepository, Mockito.never()).saveRefreshToken(Mockito.any(OAuth2RefreshTokenEntity.class)); + assertThat(token.getRefreshToken(), is(nullValue())); + } + + /** + * Tests the creation of access tokens for clients that are allowed to have refresh tokens. + */ + @Test + public void createAccessToken_yesRefresh() { + + AuthorizationRequest clientAuth = authentication.getAuthorizationRequest(); + Mockito.when(clientAuth.getScope()).thenReturn(Sets.newHashSet("offline_access")); + Mockito.when(client.isAllowRefresh()).thenReturn(true); + + OAuth2AccessTokenEntity token = service.createAccessToken(authentication); + + // Note: a refactor may be appropriate to only save refresh tokens once to the repository during creation. + Mockito.verify(tokenRepository, Mockito.atLeastOnce()).saveRefreshToken(Mockito.any(OAuth2RefreshTokenEntity.class)); + assertThat(token.getRefreshToken(), is(notNullValue())); + + } + + // TODO check expiration dates }