Fixed problem with multiple desktop apps Change-Id: I3443582caecf9d386d74e4fcc9d5917a06be9499

commit: dc6d73d3e6f2e126484ab278d3b96e34399c5345 [log] [tgz]
author: Akron <nils@diewald-online.de> Wed Apr 15 16:40:04 2020 +0200
committer: margaretha <margaretha@ids-mannheim.de> Wed Feb 10 14:39:22 2021 +0100
tree: fe9aa13c4e274751b57402a02b94d8b819921f73
parent: da08015c09bd006cda6a5885eecb9aaad2593fe8 [diff]
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
index 3183beb..a8acf4e 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java

@@ -135,7 +135,7 @@
         assertNotNull(clientId);
         assertNotNull(clientSecret);
 
-        testRegisterClientNonUniqueURL();
+//        testRegisterClientNonUniqueURL();
         testResetConfidentialClientSecret(clientId, clientSecret);
 
 //        testDeregisterConfidentialClientMissingSecret(clientId);
@@ -143,6 +143,7 @@
         testDeregisterConfidentialClient(clientId);
     }
 
+    @Deprecated
     private void testRegisterClientNonUniqueURL () throws KustvaktException {
         ClientResponse response = registerConfidentialClient();
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -188,9 +189,9 @@
         assertTrue(node.at("/client_secret").isMissingNode());
 
         testResetPublicClientSecret(clientId);
-        testAccessTokenAfterDeregistration(clientId, null);
+        testAccessTokenAfterDeregistration(clientId, null,null);
     }
-
+    
     @Test
     public void testRegisterDesktopApp () throws UniformInterfaceException,
             ClientHandlerException, KustvaktException {
@@ -212,27 +213,73 @@
         testDeregisterPublicClientMissingId();
         testDeregisterPublicClient(clientId,username);
     }
+
+    @Test
+    public void testRegisterMultipleDesktopApps () throws UniformInterfaceException,
+            ClientHandlerException, KustvaktException {
+
+        // First client
+        OAuth2ClientJson json = new OAuth2ClientJson();
+        json.setName("OAuth2DesktopClient1");
+        json.setType(OAuth2ClientType.PUBLIC);
+        json.setDescription("This is a desktop test client.");
+
+        ClientResponse response = registerClient(username, json);
+
+        String entity = response.getEntity(String.class);
+        assertEquals(Status.OK.getStatusCode(), response.getStatus());
+        JsonNode node = JsonUtils.readTree(entity);
+        String clientId1 = node.at("/client_id").asText();
+        assertNotNull(clientId1);
+        assertTrue(node.at("/client_secret").isMissingNode());
+
+        // Second client
+        json = new OAuth2ClientJson();
+        json.setName("OAuth2DesktopClient2");
+        json.setType(OAuth2ClientType.PUBLIC);
+        json.setDescription("This is another desktop test client.");
+
+        response = registerClient(username, json);
+
+        entity = response.getEntity(String.class);
+        assertEquals(Status.OK.getStatusCode(), response.getStatus());
+        node = JsonUtils.readTree(entity);
+        String clientId2 = node.at("/client_id").asText();
+        assertNotNull(clientId2);
+        assertTrue(node.at("/client_secret").isMissingNode());
+
+        testResetPublicClientSecret(clientId1);
+        testAccessTokenAfterDeregistration(clientId1, null,
+                "https://OAuth2DesktopClient1.com");
+        testResetPublicClientSecret(clientId2);
+        testAccessTokenAfterDeregistration(clientId2, null,
+                "https://OAuth2DesktopClient2.com");
+    }
+    
+    
+    
     
     private void testAccessTokenAfterDeregistration (String clientId,
-            String clientSecret) throws KustvaktException {
+            String clientSecret, String redirectUri) throws KustvaktException {
         String userAuthHeader = HttpAuthorizationHandler
                 .createBasicAuthorizationHeaderValue("dory", "password");
 
-        String code =
-                requestAuthorizationCode(clientId, "", null, userAuthHeader);
+        String code = requestAuthorizationCode(clientId, "", null,
+                userAuthHeader, redirectUri);
         ClientResponse response = requestTokenWithAuthorizationCodeAndForm(
-                clientId, clientSecret, code);
+                clientId, clientSecret, code, redirectUri);
         JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
         String accessToken = node.at("/access_token").asText();
 
         response = searchWithAccessToken(accessToken);
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
-        code = requestAuthorizationCode(clientId, "", null, userAuthHeader);
+        code = requestAuthorizationCode(clientId, "", null, userAuthHeader,
+                redirectUri);
         testDeregisterPublicClient(clientId, username);
 
         response = requestTokenWithAuthorizationCodeAndForm(clientId,
-                clientSecret, code);
+                clientSecret, code, redirectUri);
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
         node = JsonUtils.readTree(response.getEntity(String.class));
         assertEquals(OAuth2Error.INVALID_CLIENT.toString(),

diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
index 91604bb..3d47f65 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java

@@ -79,7 +79,32 @@
                 .fromUri(redirectUri).build().getQueryParams();
         return params.getFirst("code");
     }
+    
+    protected String requestAuthorizationCode (String clientId,
+            String clientSecret, String scope, String authHeader, 
+            String redirect_uri) throws KustvaktException {
 
+        MultivaluedMap<String, String> form = new MultivaluedMapImpl();
+        form.add("response_type", "code");
+        form.add("client_id", clientId);
+        form.add("client_secret", clientSecret);
+        if (scope != null) {
+            form.add("scope", scope);
+        }
+        if (redirect_uri!=null){
+            form.add("redirect_uri", redirect_uri);
+        }
+
+        ClientResponse response = requestAuthorizationCode(form, authHeader);
+        assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
+                response.getStatus());
+        URI redirectUri = response.getLocation();
+
+        MultiValueMap<String, String> params = UriComponentsBuilder
+                .fromUri(redirectUri).build().getQueryParams();
+        return params.getFirst("code");
+    }
+    
     protected ClientResponse requestToken (MultivaluedMap<String, String> form)
             throws KustvaktException {
         return resource().path(API_VERSION).path("oauth2").path("token")
@@ -105,6 +130,25 @@
                         ContentType.APPLICATION_FORM_URLENCODED)
                 .entity(form).post(ClientResponse.class);
     }
+    
+    protected ClientResponse requestTokenWithAuthorizationCodeAndForm (
+            String clientId, String clientSecret, String code,
+            String redirectUri) throws KustvaktException {
+
+        MultivaluedMap<String, String> form = new MultivaluedMapImpl();
+        form.add("grant_type", "authorization_code");
+        form.add("client_id", clientId);
+        form.add("client_secret", clientSecret);
+        form.add("code", code);
+        if (redirectUri!=null){
+            form.add("redirect_uri", redirectUri);
+        }
+
+        return resource().path(API_VERSION).path("oauth2").path("token")
+                .header(HttpHeaders.CONTENT_TYPE,
+                        ContentType.APPLICATION_FORM_URLENCODED)
+                .entity(form).post(ClientResponse.class);
+    }
 
     // client credentials in authorization header
     protected JsonNode requestTokenWithAuthorizationCodeAndHeader (String clientId,

diff --git a/full/src/test/resources/log4j2-test.properties b/full/src/test/resources/log4j2-test.properties
index dc7dc8f..c80f94c 100644
--- a/full/src/test/resources/log4j2-test.properties
+++ b/full/src/test/resources/log4j2-test.properties

@@ -1,8 +1,8 @@
-appenders = console
-appender.console.type = Console
-appender.console.name = STDOUT
-appender.console.layout.type = PatternLayout
-appender.console.layout.pattern = %d{yyyy-MM-dd, HH:mm:ss} %C{6} - %M%n %-5p: %m%n
+#appenders = console
+#appender.console.type = Console
+#appender.console.name = STDOUT
+#appender.console.layout.type = PatternLayout
+#appender.console.layout.pattern = %d{yyyy-MM-dd, HH:mm:ss} %C{6} - %M%n %-5p: %m%n
 
 #appender.file.type = File
 #appender.file.name = ERRORLOG
@@ -14,12 +14,12 @@
 rootLogger.appenderRefs = stdout
 rootLogger.appenderRef.stdout.ref = STDOUT
 
-loggers=console
-logger.console.name=com.sun.jersey.test.framework.spi.container
-logger.console.level = info
-logger.console.appenderRefs = stdout
-logger.console.appenderRef.file.ref = STDOUT
-logger.console.additivity=false
+#loggers=console
+#logger.console.name=com.sun.jersey.test.framework.spi.container
+#logger.console.level = info
+#logger.console.appenderRefs = stdout
+#logger.console.appenderRef.file.ref = STDOUT
+#logger.console.additivity=false
 
 #loggers=file
 #logger.file.name=com.sun.jersey.test.framework.spi.container
commit	dc6d73d3e6f2e126484ab278d3b96e34399c5345	[log] [tgz]
author	Akron <nils@diewald-online.de>	Wed Apr 15 16:40:04 2020 +0200
committer	margaretha <margaretha@ids-mannheim.de>	Wed Feb 10 14:39:22 2021 +0100
tree	fe9aa13c4e274751b57402a02b94d8b819921f73
parent	da08015c09bd006cda6a5885eecb9aaad2593fe8 [diff]