From ec908bb7007f32b056519b5feebfbcb9d9ac9b85 Mon Sep 17 00:00:00 2001 From: Luander Ribeiro Date: Tue, 15 Aug 2017 22:25:01 +0200 Subject: [PATCH] Add unit tests for endpoints package Fixes gh-4499 This commit contains unit tests for the endpoints package in oauth2-core. --- ...thorizationCodeTokenRequestAttributes.java | 4 +- .../AuthorizationRequestAttributes.java | 5 +- ...deAuthorizationResponseAttributesTest.java | 31 ++++ ...izationCodeTokenRequestAttributesTest.java | 75 +++++++++ .../AuthorizationRequestAttributesTest.java | 156 ++++++++++++++++++ .../endpoint/ErrorResponseAttributesTest.java | 32 ++++ .../endpoint/TokenResponseAttributesTest.java | 70 ++++++++ 7 files changed, 368 insertions(+), 5 deletions(-) create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeAuthorizationResponseAttributesTest.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributesTest.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributesTest.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/ErrorResponseAttributesTest.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseAttributesTest.java diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributes.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributes.java index ce8443baaf..0803ffdbb2 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributes.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributes.java @@ -58,18 +58,18 @@ public final class AuthorizationCodeTokenRequestAttributes { } public Builder clientId(String clientId) { - Assert.hasText(clientId, "clientId cannot be empty"); this.authorizationCodeTokenRequest.clientId = clientId; return this; } public Builder redirectUri(String redirectUri) { - Assert.hasText(redirectUri, "redirectUri cannot be empty"); this.authorizationCodeTokenRequest.redirectUri = redirectUri; return this; } public AuthorizationCodeTokenRequestAttributes build() { + Assert.hasText(this.authorizationCodeTokenRequest.clientId, "clientId cannot be empty"); + Assert.hasText(this.authorizationCodeTokenRequest.redirectUri, "redirectUri cannot be empty"); return this.authorizationCodeTokenRequest; } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributes.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributes.java index a4ea4c0e3d..6bbda50a1a 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributes.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributes.java @@ -92,19 +92,16 @@ public final class AuthorizationRequestAttributes implements Serializable { } public Builder authorizeUri(String authorizeUri) { - Assert.hasText(authorizeUri, "authorizeUri cannot be empty"); this.authorizationRequest.authorizeUri = authorizeUri; return this; } public Builder clientId(String clientId) { - Assert.hasText(clientId, "clientId cannot be empty"); this.authorizationRequest.clientId = clientId; return this; } public Builder redirectUri(String redirectUri) { - Assert.hasText(redirectUri, "redirectUri cannot be empty"); this.authorizationRequest.redirectUri = redirectUri; return this; } @@ -121,6 +118,8 @@ public final class AuthorizationRequestAttributes implements Serializable { } public AuthorizationRequestAttributes build() { + Assert.hasText(this.authorizationRequest.clientId, "clientId cannot be empty"); + Assert.hasText(this.authorizationRequest.authorizeUri, "authorizeUri cannot be empty"); return this.authorizationRequest; } } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeAuthorizationResponseAttributesTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeAuthorizationResponseAttributesTest.java new file mode 100644 index 0000000000..0f34288a81 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeAuthorizationResponseAttributesTest.java @@ -0,0 +1,31 @@ +/* + * Copyright 2012-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.core.endpoint; + +import org.junit.Test; + +/** + * Tests {@link AuthorizationCodeAuthorizationResponseAttributes} + * + * @author Luander Ribeiro + */ +public class AuthorizationCodeAuthorizationResponseAttributesTest { + + @Test(expected = IllegalArgumentException.class) + public void constructorWhenCodeIsNullThenThrowIllegalArgumentException() { + new AuthorizationCodeAuthorizationResponseAttributes(null, "xyz"); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributesTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributesTest.java new file mode 100644 index 0000000000..f781036508 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributesTest.java @@ -0,0 +1,75 @@ +/* + * Copyright 2012-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.core.endpoint; + +import org.junit.Test; +import org.springframework.security.oauth2.core.AuthorizationGrantType; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * Tests {@link AuthorizationCodeTokenRequestAttributes} + * + * @author Luander Ribeiro + */ +public class AuthorizationCodeTokenRequestAttributesTest { + private static final String CODE = "code"; + private static final String CLIENT_ID = "client id"; + private static final String REDIRECT_URI = "http://redirect.uri/"; + + @Test(expected = IllegalArgumentException.class) + public void buildWhenCodeIsNullThenThrowIllegalArgumentException() { + AuthorizationCodeTokenRequestAttributes + .withCode(null) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() { + AuthorizationCodeTokenRequestAttributes + .withCode(CODE) + .clientId(null) + .redirectUri(REDIRECT_URI) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenRedirectUriIsNullThenThrowIllegalArgumentException() { + AuthorizationCodeTokenRequestAttributes + .withCode(CODE) + .clientId(CLIENT_ID) + .redirectUri(null) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() { + AuthorizationCodeTokenRequestAttributes + .withCode(CODE) + .redirectUri(REDIRECT_URI) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenRedirectUriNotSetThenThrowIllegalArgumentException() { + AuthorizationCodeTokenRequestAttributes + .withCode(CODE) + .clientId(CLIENT_ID) + .build(); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributesTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributesTest.java new file mode 100644 index 0000000000..16e9867f8c --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestAttributesTest.java @@ -0,0 +1,156 @@ +/* + * Copyright 2012-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.core.endpoint; + +import org.junit.Test; + +import java.util.Collections; +import java.util.Set; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; + +/** + * Tests {@link AuthorizationRequestAttributes} + * + * @author Luander Ribeiro + */ +public class AuthorizationRequestAttributesTest { + private static final String AUTHORIZE_URI = "http://authorize.uri/"; + private static final String CLIENT_ID = "client id"; + private static final String REDIRECT_URI = "http://redirect.uri/"; + private static final Set SCOPES = Collections.singleton("scope"); + private static final String STATE = "xyz"; + + @Test(expected = IllegalArgumentException.class) + public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() { + AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(null) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .state(STATE) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenAuthorizeUriNotSetThenThrowIllegalArgumentException() { + AuthorizationRequestAttributes.withAuthorizationCode() + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .state(STATE) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() { + AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(null) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .state(STATE) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() { + AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .state(STATE) + .build(); + } + + @Test + public void buildWhenGetResponseTypeIsCalledThenReturnCode() { + AuthorizationRequestAttributes attributes; + attributes = AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .state(STATE) + .build(); + + assertThat(attributes.getResponseType()).isEqualTo(ResponseType.CODE); + } + + @Test + public void buildWhenRedirectUriIsNullThenDoesNotThrowAnyException() { + assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(CLIENT_ID) + .redirectUri(null) + .scopes(SCOPES) + .state(STATE) + .build()).doesNotThrowAnyException(); + } + + @Test + public void buildWhenRedirectUriNotSetThenDoesNotThrowAnyException() { + assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(CLIENT_ID) + .scopes(SCOPES) + .state(STATE) + .build()).doesNotThrowAnyException(); + } + + @Test + public void buildWhenScopesIsNullThenDoesNotThrowAnyException() { + assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .scopes(null) + .state(STATE) + .build()).doesNotThrowAnyException(); + } + + @Test + public void buildWhenScopesNotSetThenDoesNotThrowAnyException() { + assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .state(STATE) + .build()).doesNotThrowAnyException(); + } + + @Test + public void buildWhenStateIsNullThenDoesNotThrowAnyException() { + assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .state(null) + .build()).doesNotThrowAnyException(); + } + + @Test + public void buildWhenStateNotSetThenDoesNotThrowAnyException() { + assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode() + .authorizeUri(AUTHORIZE_URI) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .build()).doesNotThrowAnyException(); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/ErrorResponseAttributesTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/ErrorResponseAttributesTest.java new file mode 100644 index 0000000000..dbe9904d42 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/ErrorResponseAttributesTest.java @@ -0,0 +1,32 @@ +/* + * Copyright 2012-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.core.endpoint; + +import org.junit.Test; + +/** + * Tests {@link ErrorResponseAttributes} + * + * @author Luander Ribeiro + */ +public class ErrorResponseAttributesTest { + + @Test(expected = IllegalArgumentException.class) + public void withErrorCodeWhenCodeIsNullThenThrowIllegalArgumentException() { + ErrorResponseAttributes.withErrorCode(null) + .build(); + } +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseAttributesTest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseAttributesTest.java new file mode 100644 index 0000000000..1e689fe5ec --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseAttributesTest.java @@ -0,0 +1,70 @@ +/* + * Copyright 2012-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.core.endpoint; + +import org.junit.Test; +import org.springframework.security.oauth2.core.AccessToken; + +import java.util.Collections; + +/** + * Tests {@link TokenResponseAttributes} + * + * @author Luander Ribeiro + */ +public class TokenResponseAttributesTest { + + private static final String TOKEN = "token"; + private static final long INVALID_EXPIRES_IN = -1L; + private static final long EXPIRES_IN = System.currentTimeMillis(); + + @Test(expected = IllegalArgumentException.class) + public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() { + TokenResponseAttributes.withToken(null) + .expiresIn(EXPIRES_IN) + .additionalParameters(Collections.emptyMap()) + .scopes(Collections.emptySet()) + .tokenType(AccessToken.TokenType.BEARER) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenExpiresInIsNegativeThenThrowIllegalArgumentException() { + TokenResponseAttributes.withToken(TOKEN) + .expiresIn(INVALID_EXPIRES_IN) + .additionalParameters(Collections.emptyMap()) + .scopes(Collections.emptySet()) + .tokenType(AccessToken.TokenType.BEARER) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenTokenTypeIsInvalidThenThrowIllegalArgumentException() { + TokenResponseAttributes.withToken(TOKEN) + .expiresIn(EXPIRES_IN) + .additionalParameters(Collections.emptyMap()) + .tokenType(null) + .build(); + } + + @Test(expected = IllegalArgumentException.class) + public void buildWhenTokenTypeNotSetThenThrowIllegalArgumentException() { + TokenResponseAttributes.withToken(TOKEN) + .expiresIn(EXPIRES_IN) + .additionalParameters(Collections.emptyMap()) + .build(); + } +}