diff --git a/config/spring-security-config.gradle b/config/spring-security-config.gradle index 4891d67cc4..70cffe1689 100644 --- a/config/spring-security-config.gradle +++ b/config/spring-security-config.gradle @@ -31,6 +31,7 @@ dependencies { testCompile project(':spring-security-cas') testCompile project(':spring-security-test') testCompile project(path : ':spring-security-core', configuration : 'tests') + testCompile project(path : ':spring-security-oauth2-client', configuration : 'tests') testCompile project(path : ':spring-security-web', configuration : 'tests') testCompile apachedsDependencies testCompile powerMock2Dependencies diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java index 3e79c948a8..9bb7e1e5ad 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java @@ -37,6 +37,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver; @@ -98,7 +99,8 @@ public class OAuth2ClientConfigurerTests { @Before public void setup() { - this.registration1 = ClientRegistration.withRegistrationId("registration-1") + this.registration1 = TestClientRegistrations.clientRegistration() + .registrationId("registration-1") .clientId("client-1") .clientSecret("secret") .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java index 860dfbee6f..5868e13e8b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java @@ -20,8 +20,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AccessToken; import static org.assertj.core.api.Assertions.assertThat; @@ -34,53 +33,17 @@ import static org.mockito.Mockito.when; * @author Joe Grandja */ public class InMemoryOAuth2AuthorizedClientServiceTests { - private String registrationId1 = "registration-1"; - private String registrationId2 = "registration-2"; - private String registrationId3 = "registration-3"; private String principalName1 = "principal-1"; private String principalName2 = "principal-2"; - private ClientRegistration registration1 = ClientRegistration.withRegistrationId(this.registrationId1) - .clientId("client-1") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("user") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/user") - .userNameAttributeName("id") - .clientName("client-1") - .build(); + private ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build(); - private ClientRegistration registration2 = ClientRegistration.withRegistrationId(this.registrationId2) - .clientId("client-2") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("openid", "profile", "email") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/userinfo") - .jwkSetUri("https://provider.com/oauth2/keys") - .clientName("client-2") - .build(); + private ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build(); - private ClientRegistration registration3 = ClientRegistration.withRegistrationId(this.registrationId3) - .clientId("client-3") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("openid", "profile") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/userinfo") - .jwkSetUri("https://provider.com/oauth2/keys") - .clientName("client-3") - .build(); + private ClientRegistration registration3 = TestClientRegistrations.clientRegistration() + .clientId("client-3") + .registrationId("registration-3") + .build(); private ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1, this.registration2, this.registration3); @@ -101,7 +64,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { @Test(expected = IllegalArgumentException.class) public void loadAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { - this.authorizedClientService.loadAuthorizedClient(this.registrationId1, null); + this.authorizedClientService.loadAuthorizedClient(this.registration1.getRegistrationId(), null); } @Test @@ -114,7 +77,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { @Test public void loadAuthorizedClientWhenClientRegistrationFoundButNotAssociatedToPrincipalThenReturnNull() { OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient( - this.registrationId1, "principal-not-found"); + this.registration1.getRegistrationId(), "principal-not-found"); assertThat(authorizedClient).isNull(); } @@ -128,7 +91,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient( - this.registrationId1, this.principalName1); + this.registration1.getRegistrationId(), this.principalName1); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); } @@ -152,7 +115,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient( - this.registrationId3, this.principalName2); + this.registration3.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); } @@ -163,7 +126,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { @Test(expected = IllegalArgumentException.class) public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { - this.authorizedClientService.removeAuthorizedClient(this.registrationId2, null); + this.authorizedClientService.removeAuthorizedClient(this.registration3.getRegistrationId(), null); } @Test @@ -176,13 +139,13 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient( - this.registrationId2, this.principalName2); + this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNotNull(); - this.authorizedClientService.removeAuthorizedClient(this.registrationId2, this.principalName2); + this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); loadedAuthorizedClient = this.authorizedClientService.loadAuthorizedClient( - this.registrationId2, this.principalName2); + this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNull(); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java index 073d34230d..943aec2023 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java @@ -39,6 +39,7 @@ import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClient import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService; import org.springframework.security.oauth2.core.AuthorizationGrantType; @@ -70,19 +71,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { @Mock private ReactiveOAuth2AuthorizedClientService authorizedClientService; - private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("read:user") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri("https://github.com/login/oauth/access_token") - .userInfoUri("https://api.github.com/user") - .userNameAttributeName("id") - .clientName("GitHub") - .clientId("clientId") - .jwkSetUri("https://example.com/oauth2/jwk") - .clientSecret("clientSecret"); + private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration(); OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse .success("code") diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java index 5e40884187..de5577cce1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java @@ -28,8 +28,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; @@ -58,19 +57,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { String tokenUri = this.server.url("/oauth2/token").toString(); - this.clientRegistration = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("https://example.com/oauth2/code/github") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("read:user") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri(tokenUri) - .userInfoUri("https://api.example.com/user") - .userNameAttributeName("user-name") - .clientName("GitHub") - .clientId("clientId") - .jwkSetUri("https://example.com/oauth2/jwk") - .clientSecret("clientSecret"); + this.clientRegistration = TestClientRegistrations.clientRegistration() + .tokenUri(tokenUri); } @After diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java index 2b9bc3061e..c28e729109 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java @@ -31,9 +31,8 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest; import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; @@ -79,19 +78,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { @Mock private ReactiveJwtDecoder jwtDecoder; - private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("openid") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri("https://github.com/login/oauth/access_token") - .userInfoUri("https://api.github.com/user") - .userNameAttributeName("id") - .clientName("GitHub") - .clientId("clientId") - .jwkSetUri("https://example.com/oauth2/jwk") - .clientSecret("clientSecret"); + private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration() + .scope("openid"); private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse .success("code") @@ -178,7 +166,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); - claims.put(IdTokenClaimNames.AUD, Arrays.asList("clientId")); + claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); Instant issuedAt = Instant.now(); Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600); Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims); @@ -200,7 +188,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { Map claims = new HashMap<>(); claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com"); claims.put(IdTokenClaimNames.SUB, "rob"); - claims.put(IdTokenClaimNames.AUD, Arrays.asList("clientId")); + claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id")); Instant issuedAt = Instant.now(); Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600); Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcTokenValidatorTests.java index 08d4545fe7..cb95ada199 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcTokenValidatorTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcTokenValidatorTests.java @@ -19,8 +19,7 @@ package org.springframework.security.oauth2.client.oidc.authentication; import org.junit.Before; import org.junit.Test; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; import org.springframework.security.oauth2.core.oidc.OidcIdToken; @@ -38,17 +37,7 @@ import static org.assertj.core.api.Assertions.assertThatCode; * @since 5.1 */ public class OidcTokenValidatorTests { - private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("client-foo-bar") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationUri("https://example.com/oauth2/authorize") - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .userInfoUri("https://example.com/users/me") - .clientId("client-id") - .clientName("client-name") - .clientSecret("client-secret") - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("user") - .tokenUri("https://example.com/oauth/access_token"); + private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration(); private Map claims = new HashMap<>(); private Instant issuedAt = Instant.now(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java index 6da77ea8a3..880fac598f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java @@ -23,10 +23,9 @@ import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; @@ -57,17 +56,8 @@ public class OidcReactiveOAuth2UserServiceTests { @Mock private ReactiveOAuth2UserService oauth2UserService; - private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("id") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationUri("https://example.com/oauth2/authorize") - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .userInfoUri("https://example.com/users/me") - .clientId("client-id") - .clientName("client-name") - .clientSecret("client-secret") - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("user") - .tokenUri("https://example.com/oauth/access_token"); + private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration() + .userNameAttributeName(IdTokenClaimNames.SUB); private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(), Instant.now().plusSeconds(3600), Collections @@ -77,7 +67,7 @@ public class OidcReactiveOAuth2UserServiceTests { "token", Instant.now(), Instant.now().plus(Duration.ofDays(1)), - Collections.singleton("user")); + Collections.singleton("read:user")); private OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java index 9851c7fdd2..50e21c6b52 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java @@ -18,8 +18,8 @@ package org.springframework.security.oauth2.client.oidc.userinfo; import org.junit.Test; import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; import org.springframework.security.oauth2.core.oidc.OidcIdToken; @@ -35,17 +35,7 @@ import static org.assertj.core.api.Assertions.*; * @since 5.1 */ public class OidcUserRequestUtilsTests { - private ClientRegistration.Builder registration = ClientRegistration.withRegistrationId("id") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationUri("https://example.com/oauth2/authorize") - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .userInfoUri("https://example.com/users/me") - .clientId("client-id") - .clientName("client-name") - .clientSecret("client-secret") - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("user") - .tokenUri("https://example.com/oauth/access_token"); + private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration(); OidcIdToken idToken = new OidcIdToken("token123", Instant.now(), Instant.now().plusSeconds(3600), Collections @@ -55,7 +45,7 @@ public class OidcUserRequestUtilsTests { "token", Instant.now(), Instant.now().plus(Duration.ofDays(1)), - Collections.singleton("user")); + Collections.singleton("read:user")); @Test public void shouldRetrieveUserInfoWhenEndpointDefinedAndScopesOverlapThenTrue() { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java index 7fe24984fb..efae7de7a9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java @@ -17,8 +17,6 @@ package org.springframework.security.oauth2.client.registration; import org.junit.Test; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import java.util.Arrays; import java.util.Collections; @@ -33,17 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat; * @since 5.0 */ public class InMemoryClientRegistrationRepositoryTests { - private ClientRegistration registration = ClientRegistration.withRegistrationId("id") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationUri("https://example.com/oauth2/authorize") - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .clientId("client-id") - .clientName("client-name") - .clientSecret("client-secret") - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("user") - .tokenUri("https://example.com/oauth/access_token") - .build(); + private ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); private InMemoryClientRegistrationRepository clients = new InMemoryClientRegistrationRepository(this.registration); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java index 601018c3fb..ba2ef432a4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java @@ -23,8 +23,6 @@ import java.util.List; import org.junit.Before; import org.junit.Test; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import reactor.test.StepVerifier; @@ -34,25 +32,13 @@ import reactor.test.StepVerifier; */ public class InMemoryReactiveClientRegistrationRepositoryTests { - private ClientRegistration github = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("read:user") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri("https://github.com/login/oauth/access_token") - .userInfoUri("https://api.github.com/user") - .userNameAttributeName("id") - .clientName("GitHub") - .clientId("clientId") - .clientSecret("clientSecret") - .build(); + private ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); private InMemoryReactiveClientRegistrationRepository repository; @Before public void setup() { - this.repository = new InMemoryReactiveClientRegistrationRepository(this.github); + this.repository = new InMemoryReactiveClientRegistrationRepository(this.registration); } @Test @@ -84,20 +70,20 @@ public class InMemoryReactiveClientRegistrationRepositoryTests { @Test public void findByRegistrationIdWhenValidIdThenFound() { - StepVerifier.create(this.repository.findByRegistrationId(this.github.getRegistrationId())) - .expectNext(this.github) + StepVerifier.create(this.repository.findByRegistrationId(this.registration.getRegistrationId())) + .expectNext(this.registration) .verifyComplete(); } @Test public void findByRegistrationIdWhenNotValidIdThenEmpty() { - StepVerifier.create(this.repository.findByRegistrationId(this.github.getRegistrationId() + "invalid")) + StepVerifier.create(this.repository.findByRegistrationId(this.registration.getRegistrationId() + "invalid")) .verifyComplete(); } @Test public void iteratorWhenContainsGithubThenContains() { assertThat(this.repository.iterator()) - .containsOnly(this.github); + .containsOnly(this.registration); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java new file mode 100644 index 0000000000..d7e4fc6c5a --- /dev/null +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java @@ -0,0 +1,57 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.client.registration; + +import org.springframework.security.oauth2.core.AuthorizationGrantType; +import org.springframework.security.oauth2.core.ClientAuthenticationMethod; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class TestClientRegistrations { + public static ClientRegistration.Builder clientRegistration() { + return ClientRegistration.withRegistrationId("registration-id") + .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") + .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) + .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) + .scope("read:user") + .authorizationUri("https://example.com/login/oauth/authorize") + .tokenUri("https://example.com/login/oauth/access_token") + .jwkSetUri("https://example.com/oauth2/jwk") + .userInfoUri("https://api.example.com/user") + .userNameAttributeName("id") + .clientName("Client Name") + .clientId("client-id") + .clientSecret("client-secret"); + } + + public static ClientRegistration.Builder clientRegistration2() { + return ClientRegistration.withRegistrationId("registration-id-2") + .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") + .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) + .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) + .scope("read:user") + .authorizationUri("https://example.com/login/oauth/authorize") + .tokenUri("https://example.com/login/oauth/access_token") + .userInfoUri("https://api.example.com/user") + .userNameAttributeName("id") + .clientName("Client Name") + .clientId("client-id-2") + .clientSecret("client-secret"); + } +} diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java index be57a92114..a43da286bd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java @@ -26,9 +26,8 @@ import org.springframework.http.HttpMethod; import org.springframework.http.MediaType; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.AuthenticationMethod; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.user.OAuth2User; @@ -63,19 +62,8 @@ public class DefaultReactiveOAuth2UserServiceTests { String userInfoUri = this.server.url("/user").toString(); - this.clientRegistration = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("read:user") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri("https://github.com/login/oauth/access_token") - .userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) - .userNameAttributeName("user-name") - .clientName("GitHub") - .clientId("clientId") - .clientSecret("clientSecret"); + this.clientRegistration = TestClientRegistrations.clientRegistration() + .userInfoUri(userInfoUri); } @After @@ -118,7 +106,7 @@ public class DefaultReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoSuccessResponseThenReturnUser() throws Exception { String userInfoResponse = "{\n" + - " \"user-name\": \"user1\",\n" + + " \"id\": \"user1\",\n" + " \"first-name\": \"first\",\n" + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + @@ -131,7 +119,7 @@ public class DefaultReactiveOAuth2UserServiceTests { assertThat(user.getName()).isEqualTo("user1"); assertThat(user.getAttributes().size()).isEqualTo(6); - assertThat(user.getAttributes().get("user-name")).isEqualTo("user1"); + assertThat(user.getAttributes().get("id")).isEqualTo("user1"); assertThat(user.getAttributes().get("first-name")).isEqualTo("first"); assertThat(user.getAttributes().get("last-name")).isEqualTo("last"); assertThat(user.getAttributes().get("middle-name")).isEqualTo("middle"); @@ -150,7 +138,7 @@ public class DefaultReactiveOAuth2UserServiceTests { public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception { this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.HEADER); String userInfoResponse = "{\n" + - " \"user-name\": \"user1\",\n" + + " \"id\": \"user1\",\n" + " \"first-name\": \"first\",\n" + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + @@ -172,7 +160,7 @@ public class DefaultReactiveOAuth2UserServiceTests { public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception { this.clientRegistration.userInfoAuthenticationMethod( AuthenticationMethod.FORM); String userInfoResponse = "{\n" + - " \"user-name\": \"user1\",\n" + + " \"id\": \"user1\",\n" + " \"first-name\": \"first\",\n" + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + @@ -193,7 +181,7 @@ public class DefaultReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() throws Exception { String userInfoResponse = "{\n" + - " \"user-name\": \"user1\",\n" + + " \"id\": \"user1\",\n" + " \"first-name\": \"first\",\n" + " \"last-name\": \"last\",\n" + " \"middle-name\": \"middle\",\n" + diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java index fc665040ef..92a6c1cee0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java @@ -21,8 +21,8 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; @@ -45,32 +45,8 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { @Before public void setUp() { - this.registration1 = ClientRegistration.withRegistrationId("registration-1") - .clientId("client-1") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .scope("user") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/user") - .userNameAttributeName("id") - .clientName("client-1") - .build(); - this.registration2 = ClientRegistration.withRegistrationId("registration-2") - .clientId("client-2") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .scope("openid", "profile", "email") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/userinfo") - .jwkSetUri("https://provider.com/oauth2/keys") - .clientName("client-2") - .build(); + this.registration1 = TestClientRegistrations.clientRegistration().build(); + this.registration2 = TestClientRegistrations.clientRegistration2().build(); this.clientRegistrationRepository = new InMemoryClientRegistrationRepository( this.registration1, this.registration2); this.resolver = new DefaultOAuth2AuthorizationRequestResolver( @@ -131,7 +107,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { assertThat(authorizationRequest.getState()).isNotNull(); assertThat(authorizationRequest.getAdditionalParameters()) .containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); - assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id"); } @Test @@ -188,7 +164,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); - assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-id"); } @Test @@ -202,7 +178,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); - assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=https%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=https%3A%2F%2Fexample.com%2Flogin%2Foauth2%2Fcode%2Fregistration-id"); } @Test @@ -213,7 +189,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId()); - assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-id"); } @Test @@ -224,7 +200,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); - assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-2&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-2"); + assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id-2&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id-2"); } @Test @@ -236,7 +212,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); - assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-id"); } @Test @@ -248,6 +224,6 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); - assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-2&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-2"); + assertThat(authorizationRequest.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id-2&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id-2"); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java index 1578dd2cdf..12eb34d556 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java @@ -21,8 +21,7 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AccessToken; import javax.servlet.http.HttpSession; @@ -38,37 +37,15 @@ import static org.mockito.Mockito.mock; * @author Joe Grandja */ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { - private String registrationId1 = "registration-1"; - private String registrationId2 = "registration-2"; private String principalName1 = "principalName-1"; - private ClientRegistration registration1 = ClientRegistration.withRegistrationId(this.registrationId1) - .clientId("client-1") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("user") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/user") - .userNameAttributeName("id") - .clientName("client-1") - .build(); + private ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build(); - private ClientRegistration registration2 = ClientRegistration.withRegistrationId(this.registrationId2) - .clientId("client-2") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("openid", "profile", "email") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/userinfo") - .jwkSetUri("https://provider.com/oauth2/keys") - .clientName("client-2") - .build(); + private ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build(); + + private String registrationId1 = this.registration1.getRegistrationId(); + + private String registrationId2 = this.registration2.getRegistrationId(); private HttpSessionOAuth2AuthorizedClientRepository authorizedClientRepository = new HttpSessionOAuth2AuthorizedClientRepository(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java index fa834f919e..9c40b76d85 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java @@ -38,8 +38,7 @@ import org.springframework.security.oauth2.client.authentication.OAuth2Authoriza import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2Error; @@ -82,19 +81,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { @Before public void setup() { - this.registration1 = ClientRegistration.withRegistrationId("registration-1") - .clientId("client-1") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/callback/client-1") - .scope("user") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/user") - .userNameAttributeName("id") - .clientName("client-1") - .build(); + this.registration1 = TestClientRegistrations.clientRegistration().build(); this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1); this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository); this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java index adf0ccc4e4..27ad7c6e17 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java @@ -24,8 +24,8 @@ import org.springframework.security.oauth2.client.ClientAuthorizationRequiredExc import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.util.ClassUtils; @@ -60,41 +60,12 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { @Before public void setUp() { - this.registration1 = ClientRegistration.withRegistrationId("registration-1") - .clientId("client-1") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .scope("user") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/user") - .userNameAttributeName("id") - .clientName("client-1") - .build(); - this.registration2 = ClientRegistration.withRegistrationId("registration-2") - .clientId("client-2") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .scope("openid", "profile", "email") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/userinfo") - .jwkSetUri("https://provider.com/oauth2/keys") - .clientName("client-2") - .build(); - this.registration3 = ClientRegistration.withRegistrationId("registration-3") - .clientId("client-3") + this.registration1 = TestClientRegistrations.clientRegistration().build(); + this.registration2 = TestClientRegistrations.clientRegistration2().build(); + this.registration3 = TestClientRegistrations.clientRegistration() + .registrationId("registration-3") .authorizationGrantType(AuthorizationGrantType.IMPLICIT) .redirectUriTemplate("{baseUrl}/authorize/oauth2/implicit/{registrationId}") - .scope("openid", "profile", "email") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/userinfo") - .clientName("client-3") .build(); this.clientRegistrationRepository = new InMemoryClientRegistrationRepository( this.registration1, this.registration2, this.registration3); @@ -180,7 +151,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id"); } @Test @@ -216,7 +187,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=token&client_id=client-3&scope=openid\\+profile\\+email&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fimplicit%2Fregistration-3"); + assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=token&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fimplicit%2Fregistration-3"); } @Test @@ -254,7 +225,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id"); } @Test @@ -272,7 +243,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); - assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-1"); + assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Fauthorize%2Foauth2%2Fcode%2Fregistration-id"); verify(this.requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -327,7 +298,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1&idp=https%3A%2F%2Fother.provider.com"); + assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id&idp=https%3A%2F%2Fother.provider.com"); } // gh-4911, gh-5244 @@ -368,6 +339,6 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { verifyZeroInteractions(filterChain); - assertThat(response.getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?response_type=code&client_id=client-1&scope=user&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-1&login_hint=user@provider\\.com"); + assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?response_type=code&client_id=client-id&scope=read%3Auser&state=.{15,}&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fregistration-id&login_hint=user@provider\\.com"); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index 1546a5b396..677fc99c25 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -35,6 +35,7 @@ import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuth import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; @@ -80,32 +81,8 @@ public class OAuth2LoginAuthenticationFilterTests { @Before public void setUp() { - this.registration1 = ClientRegistration.withRegistrationId("registration-1") - .clientId("client-1") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("user") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/user") - .userNameAttributeName("id") - .clientName("client-1") - .build(); - this.registration2 = ClientRegistration.withRegistrationId("registration-2") - .clientId("client-2") - .clientSecret("secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}") - .scope("openid", "profile", "email") - .authorizationUri("https://provider.com/oauth2/authorize") - .tokenUri("https://provider.com/oauth2/token") - .userInfoUri("https://provider.com/oauth2/userinfo") - .jwkSetUri("https://provider.com/oauth2/keys") - .clientName("client-2") - .build(); + this.registration1 = TestClientRegistrations.clientRegistration().build(); + this.registration2 = TestClientRegistrations.clientRegistration2().build(); this.clientRegistrationRepository = new InMemoryClientRegistrationRepository( this.registration1, this.registration2); this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java index d19d1ee386..99df5b92b2 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -38,8 +38,7 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; @@ -77,18 +76,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { private MockExchangeFunction exchange = new MockExchangeFunction(); - private ClientRegistration github = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("read:user") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri("https://github.com/login/oauth/access_token") - .userInfoUri("https://api.github.com/user") - .userNameAttributeName("id") - .clientName("GitHub") - .clientId("clientId") - .clientSecret("clientSecret") + private ClientRegistration registration = TestClientRegistrations.clientRegistration() .build(); private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -108,7 +96,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenAuthorizedClientThenAuthorizationHeader() { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -121,7 +109,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing") @@ -154,7 +142,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -171,8 +159,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { assertThat(requests).hasSize(2); ClientRequest request0 = requests.get(0); - assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0"); - assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token"); + assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token"); assertThat(request0.method()).isEqualTo(HttpMethod.POST); assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token"); @@ -203,7 +191,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -218,8 +206,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { assertThat(requests).hasSize(2); ClientRequest request0 = requests.get(0); - assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0"); - assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token"); + assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token"); assertThat(request0.method()).isEqualTo(HttpMethod.POST); assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token"); @@ -234,7 +222,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenRefreshTokenNullThenShouldRefreshFalse() { this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -257,7 +245,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServerOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientService); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt(), this.accessToken.getExpiresAt()); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java index 378b8dcac6..4e448d2cca 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -47,9 +47,8 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; @@ -105,18 +104,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { private Authentication authentication; - private ClientRegistration github = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("read:user") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri("https://github.com/login/oauth/access_token") - .userInfoUri("https://api.github.com/user") - .userNameAttributeName("id") - .clientName("GitHub") - .clientId("clientId") - .clientSecret("clientSecret") + private ClientRegistration registration = TestClientRegistrations.clientRegistration() .build(); private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -170,7 +158,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void defaultRequestOAuth2AuthorizedClientWhenOAuth2AuthorizationClientAndClientIdThenNotOverride() { this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); oauth2AuthorizedClient(authorizedClient).accept(this.result); Map attrs = getDefaultRequestAttributes(); @@ -213,7 +201,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2User user = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(user, authorities, "id"); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient); authentication(token).accept(this.result); @@ -243,7 +231,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2User user = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(user, authorities, "id"); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient); authentication(token).accept(this.result); @@ -260,7 +248,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository); OAuth2User user = mock(OAuth2User.class); List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(authorizedClient); clientRegistrationId("id").accept(this.result); @@ -292,7 +280,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenAuthorizedClientThenAuthorizationHeader() { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -305,7 +293,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .header(HttpHeaders.AUTHORIZATION, "Existing") @@ -337,7 +325,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -352,8 +340,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { assertThat(requests).hasSize(2); ClientRequest request0 = requests.get(0); - assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0"); - assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token"); + assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token"); assertThat(request0.method()).isEqualTo(HttpMethod.POST); assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token"); @@ -383,7 +371,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", issuedAt, refreshTokenExpiresAt); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -398,8 +386,8 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { assertThat(requests).hasSize(2); ClientRequest request0 = requests.get(0); - assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0"); - assertThat(request0.url().toASCIIString()).isEqualTo("https://github.com/login/oauth/access_token"); + assertThat(request0.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + assertThat(request0.url().toASCIIString()).isEqualTo("https://example.com/login/oauth/access_token"); assertThat(request0.method()).isEqualTo(HttpMethod.POST); assertThat(getBody(request0)).isEqualTo("grant_type=refresh_token&refresh_token=refresh-token"); @@ -414,7 +402,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenRefreshTokenNullThenShouldRefreshFalse() { this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) @@ -437,7 +425,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function = new ServletOAuth2AuthorizedClientExchangeFilterFunction(this.authorizedClientRepository); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt(), this.accessToken.getExpiresAt()); - OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.github, + OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(oauth2AuthorizedClient(authorizedClient)) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java index c6e0f51b6c..7dd49f2ae5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java @@ -24,8 +24,7 @@ import org.mockito.junit.MockitoJUnitRunner; import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.test.web.reactive.server.FluxExchangeResult; import org.springframework.test.web.reactive.server.WebTestClient; @@ -54,19 +53,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Mock private ServerAuthorizationRequestRepository authzRequestRepository; - private ClientRegistration github = ClientRegistration.withRegistrationId("github") - .redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}") - .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .scope("read:user") - .authorizationUri("https://github.com/login/oauth/authorize") - .tokenUri("https://github.com/login/oauth/access_token") - .userInfoUri("https://api.github.com/user") - .userNameAttributeName("id") - .clientName("GitHub") - .clientId("clientId") - .clientSecret("clientSecret") - .build(); + private ClientRegistration registration = TestClientRegistrations.clientRegistration().build(); private OAuth2AuthorizationRequestRedirectWebFilter filter; @@ -79,8 +66,8 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { FilteringWebHandler webHandler = new FilteringWebHandler(e -> e.getResponse().setComplete(), Arrays.asList(this.filter)); this.client = WebTestClient.bindToWebHandler(webHandler).build(); - when(this.clientRepository.findByRegistrationId(this.github.getRegistrationId())).thenReturn( - Mono.just(this.github)); + when(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())).thenReturn( + Mono.just(this.registration)); when(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).thenReturn( Mono.empty()); } @@ -118,19 +105,19 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenDoesMatchThenClientRegistrationRepositoryNotSubscribed() { FluxExchangeResult result = this.client.get() - .uri("https://example.com/oauth2/authorization/github").exchange() + .uri("https://example.com/oauth2/authorization/registration-id").exchange() .expectStatus().is3xxRedirection().returnResult(String.class); result.assertWithDiagnostics(() -> { URI location = result.getResponseHeaders().getLocation(); assertThat(location) .hasScheme("https") - .hasHost("github.com") + .hasHost("example.com") .hasPath("/login/oauth/authorize") .hasParameter("response_type", "code") - .hasParameter("client_id", "clientId") + .hasParameter("client_id", "client-id") .hasParameter("scope", "read:user") .hasParameter("state") - .hasParameter("redirect_uri", "https://example.com/login/oauth2/code/github"); + .hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id"); }); verify(this.authzRequestRepository).saveAuthorizationRequest(any(), any()); } @@ -139,25 +126,26 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenDoesMatchThenResolveRedirectUriExpandedExcludesQueryString() { FluxExchangeResult result = this.client.get() - .uri("https://example.com/oauth2/authorization/github?foo=bar").exchange() + .uri("https://example.com/oauth2/authorization/registration-id?foo=bar").exchange() .expectStatus().is3xxRedirection().returnResult(String.class); result.assertWithDiagnostics(() -> { URI location = result.getResponseHeaders().getLocation(); assertThat(location) .hasScheme("https") - .hasHost("github.com") + .hasHost("example.com") .hasPath("/login/oauth/authorize") .hasParameter("response_type", "code") - .hasParameter("client_id", "clientId") + .hasParameter("client_id", "client-id") .hasParameter("scope", "read:user") .hasParameter("state") - .hasParameter("redirect_uri", "https://example.com/login/oauth2/code/github"); + .hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id"); }); } @Test public void filterWhenExceptionThenRedirected() { - FilteringWebHandler webHandler = new FilteringWebHandler(e -> Mono.error(new ClientAuthorizationRequiredException(this.github.getRegistrationId())), Arrays.asList(this.filter)); + FilteringWebHandler webHandler = new FilteringWebHandler(e -> Mono.error(new ClientAuthorizationRequiredException(this.registration + .getRegistrationId())), Arrays.asList(this.filter)); this.client = WebTestClient.bindToWebHandler(webHandler).build(); FluxExchangeResult result = this.client.get() .uri("https://example.com/foo").exchange()