root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Fix authorization server smoke test 

Change from spring-projects/spring-authorization-server#1468

See gh-38696
This commit is contained in:
Brian Clozel 2023-12-19 11:32:19 +01:00
parent 561c7f749b
commit c4150dff09
1 changed files with 30 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-oauth2-authorization-server/src/test/java/smoketest/oauth2/server/SampleOAuth2AuthorizationServerApplicationTests.java
View File

@ -39,7 +39,8 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata;
import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration; import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration;
import org.springframework.web.util.UriComponentsBuilder; import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@ -103,13 +104,13 @@ class SampleOAuth2AuthorizationServerApplicationTests {
void validTokenRequestShouldReturnTokenResponse() { void validTokenRequestShouldReturnTokenResponse() {
HttpHeaders headers = new HttpHeaders(); HttpHeaders headers = new HttpHeaders();
headers.setBasicAuth("messaging-client", "secret"); headers.setBasicAuth("messaging-client", "secret");
HttpEntity<Object> request = new HttpEntity<>(headers); headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
String requestUri = UriComponentsBuilder.fromUriString("/token") MultiValueMap<String, Object> body = new LinkedMultiValueMap<>();
.queryParam(OAuth2ParameterNames.CLIENT_ID, "messaging-client") body.add(OAuth2ParameterNames.CLIENT_ID, "messaging-client");
.queryParam(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) body.add(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
.queryParam(OAuth2ParameterNames.SCOPE, "message.read+message.write") body.add(OAuth2ParameterNames.SCOPE, "message.read message.write");
.toUriString(); HttpEntity<Object> request = new HttpEntity<>(body, headers);
ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange(requestUri, HttpMethod.POST, request, ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange("/token", HttpMethod.POST, request,
MAP_TYPE_REFERENCE); MAP_TYPE_REFERENCE);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK); assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
Map<String, Object> tokenResponse = Objects.requireNonNull(entity.getBody()); Map<String, Object> tokenResponse = Objects.requireNonNull(entity.getBody());
@ -123,13 +124,13 @@ class SampleOAuth2AuthorizationServerApplicationTests {
@Test @Test
void anonymousTokenRequestShouldReturnUnauthorized() { void anonymousTokenRequestShouldReturnUnauthorized() {
HttpHeaders headers = new HttpHeaders(); HttpHeaders headers = new HttpHeaders();
HttpEntity<Object> request = new HttpEntity<>(headers); headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
String requestUri = UriComponentsBuilder.fromUriString("/token") MultiValueMap<String, Object> body = new LinkedMultiValueMap<>();
.queryParam(OAuth2ParameterNames.CLIENT_ID, "messaging-client") body.add(OAuth2ParameterNames.CLIENT_ID, "messaging-client");
.queryParam(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) body.add(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
.queryParam(OAuth2ParameterNames.SCOPE, "message.read+message.write") body.add(OAuth2ParameterNames.SCOPE, "message.read message.write");
.toUriString(); HttpEntity<Object> request = new HttpEntity<>(body, headers);
ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange(requestUri, HttpMethod.POST, request, ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange("/token", HttpMethod.POST, request,
MAP_TYPE_REFERENCE); MAP_TYPE_REFERENCE);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
} }
@ -137,14 +138,14 @@ class SampleOAuth2AuthorizationServerApplicationTests {
@Test @Test
void anonymousTokenRequestWithAcceptHeaderAllShouldReturnUnauthorized() { void anonymousTokenRequestWithAcceptHeaderAllShouldReturnUnauthorized() {
HttpHeaders headers = new HttpHeaders(); HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setAccept(List.of(MediaType.ALL)); headers.setAccept(List.of(MediaType.ALL));
HttpEntity<Object> request = new HttpEntity<>(headers); MultiValueMap<String, Object> body = new LinkedMultiValueMap<>();
String requestUri = UriComponentsBuilder.fromUriString("/token") body.add(OAuth2ParameterNames.CLIENT_ID, "messaging-client");
.queryParam(OAuth2ParameterNames.CLIENT_ID, "messaging-client") body.add(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
.queryParam(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) body.add(OAuth2ParameterNames.SCOPE, "message.read message.write");
.queryParam(OAuth2ParameterNames.SCOPE, "message.read+message.write") HttpEntity<Object> request = new HttpEntity<>(body, headers);
.toUriString(); ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange("/token", HttpMethod.POST, request,
ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange(requestUri, HttpMethod.POST, request,
MAP_TYPE_REFERENCE); MAP_TYPE_REFERENCE);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
} }
@ -152,14 +153,14 @@ class SampleOAuth2AuthorizationServerApplicationTests {
@Test @Test
void anonymousTokenRequestWithAcceptHeaderTextHtmlShouldRedirectToLogin() { void anonymousTokenRequestWithAcceptHeaderTextHtmlShouldRedirectToLogin() {
HttpHeaders headers = new HttpHeaders(); HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setAccept(List.of(MediaType.TEXT_HTML)); headers.setAccept(List.of(MediaType.TEXT_HTML));
HttpEntity<Object> request = new HttpEntity<>(headers); MultiValueMap<String, Object> body = new LinkedMultiValueMap<>();
String requestUri = UriComponentsBuilder.fromUriString("/token") body.add(OAuth2ParameterNames.CLIENT_ID, "messaging-client");
.queryParam(OAuth2ParameterNames.CLIENT_ID, "messaging-client") body.add(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
.queryParam(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()) body.add(OAuth2ParameterNames.SCOPE, "message.read message.write");
.queryParam(OAuth2ParameterNames.SCOPE, "message.read+message.write") HttpEntity<Object> request = new HttpEntity<>(body, headers);
.toUriString(); ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange("/token", HttpMethod.POST, request,
ResponseEntity<Map<String, Object>> entity = this.restTemplate.exchange(requestUri, HttpMethod.POST, request,
MAP_TYPE_REFERENCE); MAP_TYPE_REFERENCE);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
assertThat(entity.getHeaders().getLocation()).isEqualTo(URI.create("http://localhost:" + this.port + "/login")); assertThat(entity.getHeaders().getLocation()).isEqualTo(URI.create("http://localhost:" + this.port + "/login"));