Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / 64ea6451fb8787823f0b0063a07e0672985e08b8 / . / full / src / test / java / de / ids_mannheim / korap / web / controller / OAuth2ControllerTest.java
blob: 1a6d89f92c413a622013996d7f5bf80bbdfbd673 [file] [log] [blame]
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]1package de.ids_mannheim.korap.web.controller;
2
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]3import static org.junit.Assert.assertEquals;
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]4import static org.junit.Assert.assertNotNull;
margaretha6f0b7382018-11-21 17:42:02 +0100[diff] [blame]5import static org.junit.Assert.assertTrue;
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]6
7import java.net.URI;
margaretha977fabe2022-04-28 09:23:47 +0200[diff] [blame]8import java.time.ZonedDateTime;
margaretha93e602e2019-08-07 15:19:56 +0200[diff] [blame]9import java.util.Set;
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]10
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]11import javax.ws.rs.client.Entity;
12import javax.ws.rs.core.Form;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]13import javax.ws.rs.core.MultivaluedMap;
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]14import javax.ws.rs.core.Response;
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]15import javax.ws.rs.core.Response.Status;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]16
17import org.apache.http.entity.ContentType;
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]18import org.apache.oltu.oauth2.common.error.OAuthError;
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]19import org.apache.oltu.oauth2.common.message.types.GrantType;
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]20import org.apache.oltu.oauth2.common.message.types.TokenType;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]21import org.junit.Test;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]22
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]23import com.fasterxml.jackson.databind.JsonNode;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]24import com.google.common.net.HttpHeaders;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]25
26import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]27import de.ids_mannheim.korap.config.Attributes;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]28import de.ids_mannheim.korap.exceptions.KustvaktException;
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]29import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
margaretha93e602e2019-08-07 15:19:56 +0200[diff] [blame]30import de.ids_mannheim.korap.oauth2.entity.AccessScope;
31import de.ids_mannheim.korap.oauth2.entity.RefreshToken;
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]32import de.ids_mannheim.korap.utils.JsonUtils;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]33
34/**
35 * @author margaretha
36 *
37 */
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]38public class OAuth2ControllerTest extends OAuth2TestBase {
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]39
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]40 public String userAuthHeader;
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]41
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]42 public OAuth2ControllerTest () throws KustvaktException {
43 userAuthHeader = HttpAuthorizationHandler
44 .createBasicAuthorizationHeaderValue("dory", "password");
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]45 }
46
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]47 @Test
48 public void testAuthorizeConfidentialClient () throws KustvaktException {
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]49 // with registered redirect URI
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]50 Response response =
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]51 requestAuthorizationCode("code", confidentialClientId, "",
52 "match_info search client_info", state, userAuthHeader);
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]53
54 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
55 response.getStatus());
56 URI redirectUri = response.getLocation();
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]57 MultivaluedMap<String, String> params =
58 getQueryParamsFromURI(redirectUri);
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]59 assertNotNull(params.getFirst("code"));
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]60 assertEquals(state, params.getFirst("state"));
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]61 assertEquals("match_info search client_info", params.getFirst("scope"));
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]62 }
63
64 @Test
65 public void testAuthorizePublicClient () throws KustvaktException {
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]66 // with registered redirect URI
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]67 String code = requestAuthorizationCode(publicClientId, userAuthHeader);
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]68 assertNotNull(code);
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]69 }
70
71 @Test
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]72 public void testAuthorizeWithRedirectUri () throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]73 Response response =
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]74 requestAuthorizationCode("code", publicClientId2,
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]75 "https://public.com/redirect", "search match_info",
76 "", userAuthHeader);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]77 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
78 response.getStatus());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]79
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]80 URI redirectUri = response.getLocation();
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]81 assertEquals("https", redirectUri.getScheme());
82 assertEquals("public.com", redirectUri.getHost());
83 assertEquals("/redirect", redirectUri.getPath());
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]84
85 String[] queryParts = redirectUri.getQuery().split("&");
86 assertTrue(queryParts[0].startsWith("code="));
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]87 assertEquals("scope=match_info+search", queryParts[1]);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]88 }
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]89
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]90 @Test
91 public void testAuthorizeWithoutScope () throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]92 Response response = requestAuthorizationCode("code",
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]93 confidentialClientId, "", "", "", userAuthHeader);
94 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
95 response.getStatus());
96
97 URI redirectUri = response.getLocation();
98 assertEquals(redirectUri.getScheme(), "https");
99 assertEquals(redirectUri.getHost(), "third.party.com");
100 assertEquals(redirectUri.getPath(), "/confidential/redirect");
101
102 String[] queryParts = redirectUri.getQuery().split("&");
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]103 assertTrue(queryParts[0].startsWith("error_description=scope+is+required"));
104 assertEquals(queryParts[1], "error=invalid_scope");
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]105 }
106
107 @Test
108 public void testAuthorizeMissingClientId () throws KustvaktException {
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]109 Response response = requestAuthorizationCode("code", "", "", "search",
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]110 "", userAuthHeader);
111 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]112 String entity = response.readEntity(String.class);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]113 JsonNode node = JsonUtils.readTree(entity);
114 assertEquals("Missing parameters: client_id",
115 node.at("/error_description").asText());
116 }
117
118 @Test
119 public void testAuthorizeMissingRedirectUri () throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]120 Response response = requestAuthorizationCode("code",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]121 publicClientId2, "", "search", state, userAuthHeader);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]122 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
123
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]124 String entity = response.readEntity(String.class);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]125 JsonNode node = JsonUtils.readTree(entity);
126 assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
127 node.at("/error").asText());
margaretha590acf62022-05-06 10:44:56 +0200[diff] [blame]128 assertEquals("Missing parameter: redirect URI",
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]129 node.at("/error_description").asText());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]130 assertEquals(state, node.at("/state").asText());
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]131 }
132
133 @Test
margaretha0034a0c2022-05-17 10:37:41 +0200[diff] [blame]134 public void testAuthorizeMissingResponseType() throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]135 Response response = requestAuthorizationCode("",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]136 confidentialClientId, "", "search", "", userAuthHeader);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]137 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
138 response.getStatus());
139
140 assertEquals("https://third.party.com/confidential/redirect?"
141 + "error_description=Missing+parameters%3A+response_type&"
142 + "error=invalid_request", response.getLocation().toString());
143 }
margaretha0034a0c2022-05-17 10:37:41 +0200[diff] [blame]144
145 @Test
146 public void testAuthorizeMissingResponseTypeWithoutClientId () throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]147 Response response = requestAuthorizationCode("",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]148 "", "", "search", "", userAuthHeader);
margaretha0034a0c2022-05-17 10:37:41 +0200[diff] [blame]149
150 assertEquals(Status.BAD_REQUEST.getStatusCode(),
151 response.getStatus());
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]152 String entity = response.readEntity(String.class);
margaretha0034a0c2022-05-17 10:37:41 +0200[diff] [blame]153 JsonNode node = JsonUtils.readTree(entity);
154
155 assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
156 node.at("/error").asText());
157 assertEquals("Missing parameters: response_type client_id",
158 node.at("/error_description").asText());
159 }
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]160
161 @Test
162 public void testAuthorizeInvalidClientId () throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]163 Response response = requestAuthorizationCode("code",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]164 "unknown-client-id", "", "search", "", userAuthHeader);
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]165 assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]166 String entity = response.readEntity(String.class);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]167 JsonNode node = JsonUtils.readTree(entity);
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]168 assertEquals(OAuth2Error.INVALID_CLIENT, node.at("/error").asText());
margaretha7da23902022-05-02 08:38:45 +0200[diff] [blame]169 assertEquals("Unknown client: unknown-client-id",
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]170 node.at("/error_description").asText());
171 }
172
173 @Test
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]174 public void testAuthorizeDifferentRedirectUri () throws KustvaktException {
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]175 String redirectUri = "https://different.uri/redirect";
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]176 Response response = requestAuthorizationCode("code",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]177 confidentialClientId, redirectUri, "search", state, userAuthHeader);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]178 testInvalidRedirectUri(response.readEntity(String.class), true,
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]179 response.getStatus());
180 }
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]181
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]182 @Test
183 public void testAuthorizeWithRedirectUriLocalhost ()
184 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]185 Response response =
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]186 requestAuthorizationCode("code", publicClientId2,
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]187 "http://localhost:1410", "search", state, userAuthHeader);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]188 testInvalidRedirectUri(response.readEntity(String.class), true,
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]189 response.getStatus()); }
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]190
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]191 @Test
192 public void testAuthorizeWithRedirectUriFragment ()
193 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]194 Response response = requestAuthorizationCode("code",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]195 publicClientId2, "http://public.com/index.html#redirect", "search",
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]196 state, userAuthHeader);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]197 testInvalidRedirectUri(response.readEntity(String.class), true,
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]198 response.getStatus());
199 }
200
201 @Test
202 public void testAuthorizeInvalidRedirectUri () throws KustvaktException {
203 // host not allowed by Apache URI Validator
204 String redirectUri = "https://public.uri/redirect";
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]205 Response response = requestAuthorizationCode("code",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]206 publicClientId2, redirectUri, "search", state, userAuthHeader);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]207 testInvalidRedirectUri(response.readEntity(String.class), true,
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]208 response.getStatus());
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]209 }
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]210
211 @Test
212 public void testAuthorizeInvalidResponseType () throws KustvaktException {
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]213 // without redirect URI in the request
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]214 Response response = requestAuthorizationCode("string",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]215 confidentialClientId, "", "search", state, userAuthHeader);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]216 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
217 response.getStatus());
218
219 assertEquals("https://third.party.com/confidential/redirect?"
220 + "error_description=Invalid+response_type+parameter+"
221 + "value&state=thisIsMyState&" + "error=invalid_request",
222 response.getLocation().toString());
223
224 // with redirect URI, and no registered redirect URI
225 response = requestAuthorizationCode("string", publicClientId2,
226 "https://public.client.com/redirect", "", state,
227 userAuthHeader);
228 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
229 response.getStatus());
230
231 assertEquals("https://public.client.com/redirect?error_description="
232 + "Invalid+response_type+parameter+value&state=thisIsMyState&"
233 + "error=invalid_request", response.getLocation().toString());
234
235 // with different redirect URI
236 String redirectUri = "https://different.uri/redirect";
237 response = requestAuthorizationCode("string", confidentialClientId,
238 redirectUri, "", state, userAuthHeader);
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]239 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
240
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]241 JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]242 assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
243 node.at("/error").asText());
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]244 assertEquals("Invalid redirect URI",
245 node.at("/error_description").asText());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]246 assertEquals(state, node.at("/state").asText());
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]247
248 // without redirect URI in the request and no registered
249 // redirect URI
250 response = requestAuthorizationCode("string", publicClientId2, "", "",
251 state, userAuthHeader);
252 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
253
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]254 node = JsonUtils.readTree(response.readEntity(String.class));
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]255 assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
256 node.at("/error").asText());
margaretha590acf62022-05-06 10:44:56 +0200[diff] [blame]257 assertEquals("Missing parameter: redirect URI",
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]258 node.at("/error_description").asText());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]259 assertEquals(state, node.at("/state").asText());
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]260 }
261
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]262 @Test
263 public void testAuthorizeInvalidScope () throws KustvaktException {
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]264 String scope = "read_address";
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]265 Response response = requestAuthorizationCode("code",
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]266 confidentialClientId, "", scope, state, userAuthHeader);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]267 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
268 response.getStatus());
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]269
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]270 assertEquals(
271 "https://third.party.com/confidential/redirect?"
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]272 + "error_description=read_address+is+an+invalid+scope&"
273 + "state=thisIsMyState&error=invalid_scope",
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]274 response.getLocation().toString());
275 }
276
277 @Test
278 public void testAuthorizeUnsupportedTokenResponseType ()
279 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]280 Response response = requestAuthorizationCode("token",
margaretha64ea6452023-01-30 12:39:19 +0100[diff] [blame^]281 confidentialClientId, "", "search", state, userAuthHeader);
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]282 assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
283 response.getStatus());
284
285 assertEquals("https://third.party.com/confidential/redirect?"
286 + "error_description=response_type+token+is+not+"
287 + "supported&state=thisIsMyState&error=unsupported_"
288 + "response_type", response.getLocation().toString());
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]289 }
290
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]291 @Test
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]292 public void testRequestTokenAuthorizationPublic ()
293 throws KustvaktException {
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]294 String code = requestAuthorizationCode(publicClientId, userAuthHeader);
margaretha835178d2018-08-15 19:04:03 +0200[diff] [blame]295
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]296 Response response = requestTokenWithAuthorizationCodeAndForm(
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]297 publicClientId, clientSecret, code);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]298 String entity = response.readEntity(String.class);
margaretha835178d2018-08-15 19:04:03 +0200[diff] [blame]299 JsonNode node = JsonUtils.readTree(entity);
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]300
margaretha835178d2018-08-15 19:04:03 +0200[diff] [blame]301 String accessToken = node.at("/access_token").asText();
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]302
margaretha835178d2018-08-15 19:04:03 +0200[diff] [blame]303 assertEquals(TokenType.BEARER.toString(),
304 node.at("/token_type").asText());
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]305 assertEquals(31536000, node.at("/expires_in").asInt());
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]306
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]307 testRevokeToken(accessToken, publicClientId, null, ACCESS_TOKEN_TYPE);
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]308
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]309 assertTrue(node.at("/refresh_token").isMissingNode());
margaretha835178d2018-08-15 19:04:03 +0200[diff] [blame]310 }
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]311
margaretha835178d2018-08-15 19:04:03 +0200[diff] [blame]312 @Test
margarethaa452c5e2018-04-25 22:48:09 +0200[diff] [blame]313 public void testRequestTokenAuthorizationConfidential ()
314 throws KustvaktException {
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]315
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]316 String scope = "search";
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]317 Response response = requestAuthorizationCode("code",
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]318 confidentialClientId, "", scope, state, userAuthHeader);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]319 MultivaluedMap<String, String> params =
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]320 getQueryParamsFromURI(response.getLocation());
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]321 String code = params.get("code").get(0);
322 String scopes = params.get("scope").get(0);
323
margaretha20f31232018-07-09 17:49:39 +0200[diff] [blame]324 assertEquals(scopes, "search");
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]325
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]326 response = requestTokenWithAuthorizationCodeAndForm(
327 confidentialClientId, clientSecret, code);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]328 String entity = response.readEntity(String.class);
margarethaa452c5e2018-04-25 22:48:09 +0200[diff] [blame]329 JsonNode node = JsonUtils.readTree(entity);
330 assertNotNull(node.at("/access_token").asText());
331 assertNotNull(node.at("/refresh_token").asText());
332 assertEquals(TokenType.BEARER.toString(),
333 node.at("/token_type").asText());
334 assertNotNull(node.at("/expires_in").asText());
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]335
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]336 testRequestTokenWithUsedAuthorization(code);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]337
margaretha6f0b7382018-11-21 17:42:02 +0100[diff] [blame]338 String refreshToken = node.at("/refresh_token").asText();
margaretha977fabe2022-04-28 09:23:47 +0200[diff] [blame]339
340 testRefreshTokenExpiry(refreshToken);
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]341 testRequestRefreshTokenInvalidScope(confidentialClientId, refreshToken);
342 testRequestRefreshTokenInvalidClient(refreshToken);
343 testRequestRefreshTokenInvalidRefreshToken(confidentialClientId);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]344
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]345 testRequestRefreshToken(confidentialClientId, clientSecret,
346 refreshToken);
margarethaa452c5e2018-04-25 22:48:09 +0200[diff] [blame]347 }
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]348
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]349 private void testRequestTokenWithUsedAuthorization (String code)
350 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]351 Response response = requestTokenWithAuthorizationCodeAndForm(
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]352 confidentialClientId, clientSecret, code);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]353 String entity = response.readEntity(String.class);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]354
355 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
356
357 JsonNode node = JsonUtils.readTree(entity);
358 assertEquals(OAuthError.TokenResponse.INVALID_GRANT,
359 node.at("/error").asText());
360 assertEquals("Invalid authorization",
361 node.at("/error_description").asText());
362 }
363
364 @Test
365 public void testRequestTokenInvalidAuthorizationCode ()
366 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]367 Response response = requestTokenWithAuthorizationCodeAndForm(
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]368 confidentialClientId, clientSecret, "blahblah");
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]369 String entity = response.readEntity(String.class);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]370
371 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
372
373 JsonNode node = JsonUtils.readTree(entity);
374 assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
375 node.at("/error").asText());
376 }
377
378 @Test
379 public void testRequestTokenAuthorizationReplyAttack ()
380 throws KustvaktException {
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]381 String redirect_uri = "https://third.party.com/confidential/redirect";
382 String scope = "search";
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]383
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]384 Response response =
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]385 requestAuthorizationCode("code", confidentialClientId,
386 redirect_uri, scope, state, userAuthHeader);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]387 MultivaluedMap<String, String> params =
margarethaffb89502022-04-20 12:03:16 +0200[diff] [blame]388 getQueryParamsFromURI(response.getLocation());
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]389 String code = params.get("code").get(0);
390
391 testRequestTokenAuthorizationInvalidClient(code);
392 testRequestTokenAuthorizationInvalidRedirectUri(code);
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]393 testRequestTokenAuthorizationRevoked(code, redirect_uri);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]394 }
395
396 private void testRequestTokenAuthorizationInvalidClient (String code)
397 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]398 Response response = requestTokenWithAuthorizationCodeAndForm(
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]399 confidentialClientId, "wrong_secret", code);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]400 String entity = response.readEntity(String.class);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]401 JsonNode node = JsonUtils.readTree(entity);
402 assertEquals(OAuth2Error.INVALID_CLIENT, node.at("/error").asText());
403 }
404
405 private void testRequestTokenAuthorizationInvalidRedirectUri (String code)
406 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]407 Form tokenForm = new Form();
408 tokenForm.param("grant_type", "authorization_code");
409 tokenForm.param("client_id", confidentialClientId);
410 tokenForm.param("client_secret", "secret");
411 tokenForm.param("code", code);
412 tokenForm.param("redirect_uri", "https://blahblah.com");
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]413
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]414 Response response = requestToken(tokenForm);
415 String entity = response.readEntity(String.class);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]416 JsonNode node = JsonUtils.readTree(entity);
417 assertEquals(OAuth2Error.INVALID_GRANT, node.at("/error").asText());
418 }
419
420 private void testRequestTokenAuthorizationRevoked (String code, String uri)
421 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]422 Form tokenForm = new Form();
423 tokenForm.param("grant_type", "authorization_code");
424 tokenForm.param("client_id", confidentialClientId);
425 tokenForm.param("client_secret", "secret");
426 tokenForm.param("code", code);
427 tokenForm.param("redirect_uri", uri);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]428
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]429 Response response = requestToken(tokenForm);
430 String entity = response.readEntity(String.class);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]431 JsonNode node = JsonUtils.readTree(entity);
432 assertEquals(OAuthError.TokenResponse.INVALID_GRANT,
433 node.at("/error").asText());
434 assertEquals("Invalid authorization",
435 node.at("/error_description").asText());
436 }
437
margarethaa452c5e2018-04-25 22:48:09 +0200[diff] [blame]438 @Test
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]439 public void testRequestTokenPasswordGrantConfidentialSuper ()
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]440 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]441 Response response =
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]442 requestTokenWithDoryPassword(superClientId, clientSecret);
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]443
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]444 assertEquals(Status.OK.getStatusCode(), response.getStatus());
445
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]446 String entity = response.readEntity(String.class);
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]447 JsonNode node = JsonUtils.readTree(entity);
448 assertNotNull(node.at("/access_token").asText());
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]449 assertEquals(TokenType.BEARER.toString(),
450 node.at("/token_type").asText());
451 assertNotNull(node.at("/expires_in").asText());
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]452
margaretha977fabe2022-04-28 09:23:47 +0200[diff] [blame]453 String refresh = node.at("/refresh_token").asText();
454 RefreshToken refreshToken =
455 refreshTokenDao.retrieveRefreshToken(refresh);
margaretha93e602e2019-08-07 15:19:56 +0200[diff] [blame]456 Set<AccessScope> scopes = refreshToken.getScopes();
457 assertEquals(1, scopes.size());
458 assertEquals("[all]", scopes.toString());
margaretha977fabe2022-04-28 09:23:47 +0200[diff] [blame]459
460 testRefreshTokenExpiry(refresh);
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]461 }
462
463 @Test
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]464 public void testRequestTokenPasswordGrantConfidentialNonSuper ()
465 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]466 Response response = requestTokenWithDoryPassword(
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]467 confidentialClientId, clientSecret);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]468 String entity = response.readEntity(String.class);
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]469 assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
470
471 JsonNode node = JsonUtils.readTree(entity);
472 assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT,
473 node.at("/error").asText());
474 assertEquals("Password grant is not allowed for third party clients",
475 node.at("/error_description").asText());
476 }
477
478 @Test
479 public void testRequestTokenPasswordGrantPublic ()
480 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]481 Response response =
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]482 requestTokenWithDoryPassword(publicClientId, "");
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]483 String entity = response.readEntity(String.class);
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]484
485 assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
486
487 JsonNode node = JsonUtils.readTree(entity);
488 assertEquals(OAuth2Error.UNAUTHORIZED_CLIENT,
489 node.at("/error").asText());
490 assertEquals("Password grant is not allowed for third party clients",
491 node.at("/error_description").asText());
492 }
493
494 @Test
margaretha00c28c02018-07-05 18:09:09 +0200[diff] [blame]495 public void testRequestTokenPasswordGrantAuthorizationHeader ()
496 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]497 Form form = new Form();
498 form.param("grant_type", "password");
499 form.param("client_id", superClientId);
500 form.param("username", "dory");
501 form.param("password", "password");
margaretha00c28c02018-07-05 18:09:09 +0200[diff] [blame]502
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]503 Response response =
504 target().path(API_VERSION).path("oauth2").path("token")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]505 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]506 .header(HttpHeaders.AUTHORIZATION,
507 "Basic ZkNCYlFrQXlZekk0TnpVeE1nOnNlY3JldA==")
508 .header(HttpHeaders.CONTENT_TYPE,
509 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]510 .post(Entity.form(form));
511 String entity = response.readEntity(String.class);
margaretha00c28c02018-07-05 18:09:09 +0200[diff] [blame]512 JsonNode node = JsonUtils.readTree(entity);
513 assertNotNull(node.at("/access_token").asText());
514 assertNotNull(node.at("/refresh_token").asText());
515 assertEquals(TokenType.BEARER.toString(),
516 node.at("/token_type").asText());
517 assertNotNull(node.at("/expires_in").asText());
518 }
519
margaretha0a45be12018-07-12 15:06:30 +0200[diff] [blame]520 /**
521 * In case, client_id is specified both in Authorization header
522 * and request body, client_id in the request body is ignored.
523 *
524 * @throws KustvaktException
525 */
526 @Test
527 public void testRequestTokenPasswordGrantDifferentClientIds ()
528 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]529 Form form = new Form();
530 form.param("grant_type", "password");
531 form.param("client_id", "9aHsGW6QflV13ixNpez");
532 form.param("username", "dory");
533 form.param("password", "password");
margaretha0a45be12018-07-12 15:06:30 +0200[diff] [blame]534
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]535 Response response =
536 target().path(API_VERSION).path("oauth2").path("token")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]537 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]538 .header(HttpHeaders.AUTHORIZATION,
539 "Basic ZkNCYlFrQXlZekk0TnpVeE1nOnNlY3JldA==")
540 .header(HttpHeaders.CONTENT_TYPE,
541 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]542 .post(Entity.form(form));
543 String entity = response.readEntity(String.class);
margaretha0a45be12018-07-12 15:06:30 +0200[diff] [blame]544 JsonNode node = JsonUtils.readTree(entity);
545 assertNotNull(node.at("/access_token").asText());
546 assertNotNull(node.at("/refresh_token").asText());
547 assertEquals(TokenType.BEARER.toString(),
548 node.at("/token_type").asText());
549 assertNotNull(node.at("/expires_in").asText());
550 }
551
margaretha00c28c02018-07-05 18:09:09 +0200[diff] [blame]552 @Test
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]553 public void testRequestTokenPasswordGrantMissingClientSecret ()
554 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]555 Response response =
margaretha230effb2018-11-29 17:28:18 +0100[diff] [blame]556 requestTokenWithDoryPassword(confidentialClientId, "");
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]557 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]558
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]559 String entity = response.readEntity(String.class);
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]560 JsonNode node = JsonUtils.readTree(entity);
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]561 assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]562 node.at("/error").asText());
margaretha7da23902022-05-02 08:38:45 +0200[diff] [blame]563 assertEquals("Missing parameter: client_secret",
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]564 node.at("/error_description").asText());
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]565 }
566
567 @Test
568 public void testRequestTokenPasswordGrantMissingClientId ()
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]569 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]570 Response response =
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]571 requestTokenWithDoryPassword(null, clientSecret);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]572 String entity = response.readEntity(String.class);
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]573 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
574
575 JsonNode node = JsonUtils.readTree(entity);
576 assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
577 node.at("/error").asText());
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]578 assertEquals("Missing parameters: client_id",
margaretha6374f722018-04-17 18:45:57 +0200[diff] [blame]579 node.at("/error_description").asText());
580 }
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]581
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]582 @Test
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]583 public void testRequestTokenClientCredentialsGrant ()
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]584 throws KustvaktException {
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]585
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]586 Form form = new Form();
587 form.param("grant_type", "client_credentials");
588 form.param("client_id", confidentialClientId);
589 form.param("client_secret", "secret");
590 Response response = requestToken(form);
591 String entity = response.readEntity(String.class);
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]592 assertEquals(Status.OK.getStatusCode(), response.getStatus());
593
594 JsonNode node = JsonUtils.readTree(entity);
595 // length?
596 assertNotNull(node.at("/access_token").asText());
597 assertNotNull(node.at("/refresh_token").asText());
598 assertEquals(TokenType.BEARER.toString(),
599 node.at("/token_type").asText());
600 assertNotNull(node.at("/expires_in").asText());
601 }
602
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]603 /**
604 * Client credentials grant is only allowed for confidential
605 * clients.
606 */
607 @Test
608 public void testRequestTokenClientCredentialsGrantPublic ()
609 throws KustvaktException {
610
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]611 Form form = new Form();
612 form.param("grant_type", "client_credentials");
613 form.param("client_id", publicClientId);
614 form.param("client_secret", "");
615 Response response = requestToken(form);
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]616
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]617 String entity = response.readEntity(String.class);
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]618 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
619 JsonNode node = JsonUtils.readTree(entity);
620 assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
621 node.at("/error").asText());
622 assertEquals("Missing parameters: client_secret",
623 node.at("/error_description").asText());
624 }
625
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]626 @Test
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]627 public void testRequestTokenClientCredentialsGrantReducedScope ()
628 throws KustvaktException {
629
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]630 Form form = new Form();
631 form.param("grant_type", "client_credentials");
632 form.param("client_id", confidentialClientId);
633 form.param("client_secret", "secret");
634 form.param("scope", "preferred_username client_info");
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]635
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]636 Response response = requestToken(form);
637 String entity = response.readEntity(String.class);
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]638 assertEquals(Status.OK.getStatusCode(), response.getStatus());
639
640 JsonNode node = JsonUtils.readTree(entity);
641 // length?
642 assertNotNull(node.at("/access_token").asText());
643 assertNotNull(node.at("/refresh_token").asText());
644 assertEquals(TokenType.BEARER.toString(),
645 node.at("/token_type").asText());
646 assertNotNull(node.at("/expires_in").asText());
margaretha9c78e1a2018-06-27 14:12:35 +0200[diff] [blame]647 assertEquals("client_info", node.at("/scope").asText());
margarethabe4c5c92018-05-03 18:55:49 +0200[diff] [blame]648 }
649
650 @Test
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]651 public void testRequestTokenMissingGrantType () throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]652 Form form = new Form();
653 Response response = requestToken(form);
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]654 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
655
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]656 String entity = response.readEntity(String.class);
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]657 JsonNode node = JsonUtils.readTree(entity);
658 assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
659 node.at("/error").asText());
660 }
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]661
662 @Test
margarethafb027f92018-04-23 20:00:13 +0200[diff] [blame]663 public void testRequestTokenUnsupportedGrant () throws KustvaktException {
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]664
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]665 Form form = new Form();
666 form.param("grant_type", "blahblah");
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]667
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]668 Response response =
669 target().path(API_VERSION).path("oauth2").path("token")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]670 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]671 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
672 .header(HttpHeaders.CONTENT_TYPE,
673 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]674 .post(Entity.form(form));
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]675
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]676 String entity = response.readEntity(String.class);
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]677 assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
678
679 JsonNode node = JsonUtils.readTree(entity);
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]680 assertEquals("Invalid grant_type parameter value",
margaretha05122312018-04-16 15:01:34 +0200[diff] [blame]681 node.get("error_description").asText());
margarethaf839dde2018-04-16 17:52:57 +0200[diff] [blame]682 assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
683 node.get("error").asText());
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]684 }
685
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]686 private void testRequestRefreshTokenInvalidScope (String clientId,
687 String refreshToken) throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]688 Form form = new Form();
689 form.param("grant_type", GrantType.REFRESH_TOKEN.toString());
690 form.param("client_id", clientId);
691 form.param("client_secret", clientSecret);
692 form.param("refresh_token", refreshToken);
693 form.param("scope", "search serialize_query");
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]694
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]695 Response response =
696 target().path(API_VERSION).path("oauth2").path("token")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]697 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]698 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
699 .header(HttpHeaders.CONTENT_TYPE,
700 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]701 .post(Entity.form(form));
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]702
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]703 String entity = response.readEntity(String.class);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]704 JsonNode node = JsonUtils.readTree(entity);
705 assertEquals(OAuth2Error.INVALID_SCOPE, node.at("/error").asText());
706 }
707
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]708 private void testRequestRefreshToken (String clientId, String clientSecret,
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]709 String refreshToken) throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]710 Form form = new Form();
711 form.param("grant_type", GrantType.REFRESH_TOKEN.toString());
712 form.param("client_id", clientId);
713 form.param("client_secret", clientSecret);
714 form.param("refresh_token", refreshToken);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]715
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]716 Response response =
717 target().path(API_VERSION).path("oauth2").path("token")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]718 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]719 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
720 .header(HttpHeaders.CONTENT_TYPE,
721 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]722 .post(Entity.form(form));
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]723
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]724 String entity = response.readEntity(String.class);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]725 assertEquals(Status.OK.getStatusCode(), response.getStatus());
726
727 JsonNode node = JsonUtils.readTree(entity);
728 assertNotNull(node.at("/access_token").asText());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]729
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]730 String newRefreshToken = node.at("/refresh_token").asText();
731 assertNotNull(newRefreshToken);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]732 assertEquals(TokenType.BEARER.toString(),
733 node.at("/token_type").asText());
734 assertNotNull(node.at("/expires_in").asText());
margaretha6f0b7382018-11-21 17:42:02 +0100[diff] [blame]735
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]736 assertTrue(!newRefreshToken.equals(refreshToken));
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]737
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]738 testRequestTokenWithRevokedRefreshToken(clientId, clientSecret,
739 refreshToken);
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]740
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]741 testRevokeToken(newRefreshToken, clientId, clientSecret,
742 REFRESH_TOKEN_TYPE);
743 testRequestTokenWithRevokedRefreshToken(clientId, clientSecret,
744 newRefreshToken);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]745 }
746
747 private void testRequestRefreshTokenInvalidClient (String refreshToken)
748 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]749 Form form = new Form();
750 form.param("grant_type", GrantType.REFRESH_TOKEN.toString());
751 form.param("client_id", "iBr3LsTCxOj7D2o0A5m");
752 form.param("refresh_token", refreshToken);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]753
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]754 Response response =
755 target().path(API_VERSION).path("oauth2").path("token")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]756 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]757 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
758 .header(HttpHeaders.CONTENT_TYPE,
759 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]760 .post(Entity.form(form));
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]761
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]762 String entity = response.readEntity(String.class);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]763 JsonNode node = JsonUtils.readTree(entity);
764 assertEquals(OAuth2Error.INVALID_CLIENT, node.at("/error").asText());
765 }
766
767 private void testRequestRefreshTokenInvalidRefreshToken (String clientId)
768 throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]769 Form form = new Form();
770 form.param("grant_type", GrantType.REFRESH_TOKEN.toString());
771 form.param("client_id", clientId);
772 form.param("client_secret", clientSecret);
773 form.param("refresh_token", "Lia8s8w8tJeZSBlaQDrYV8ion3l");
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]774
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]775 Response response =
776 target().path(API_VERSION).path("oauth2").path("token")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]777 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]778 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
779 .header(HttpHeaders.CONTENT_TYPE,
780 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]781 .post(Entity.form(form));
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]782
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]783 String entity = response.readEntity(String.class);
margaretha03b82862018-07-12 20:09:26 +0200[diff] [blame]784 JsonNode node = JsonUtils.readTree(entity);
785 assertEquals(OAuth2Error.INVALID_GRANT, node.at("/error").asText());
786 }
787
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]788 private JsonNode requestTokenList (String userAuthHeader, String tokenType,
789 String clientId) throws KustvaktException {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]790 Form form = new Form();
791 form.param("super_client_id", superClientId);
792 form.param("super_client_secret", clientSecret);
793 form.param("token_type", tokenType);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]794
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]795 if (clientId != null && !clientId.isEmpty()) {
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]796 form.param("client_id", clientId);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]797 }
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]798
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]799 Response response = target().path(API_VERSION).path("oauth2")
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]800 .path("token").path("list")
abcpro1241bc4f2022-11-07 20:13:57 +0000[diff] [blame]801 .request()
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]802 .header(Attributes.AUTHORIZATION, userAuthHeader)
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]803 .header(HttpHeaders.CONTENT_TYPE,
804 ContentType.APPLICATION_FORM_URLENCODED)
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]805 .post(Entity.form(form));
margarethaf0085122018-08-16 16:19:53 +0200[diff] [blame]806
margarethadc515072018-08-03 17:01:19 +0200[diff] [blame]807 assertEquals(Status.OK.getStatusCode(), response.getStatus());
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]808
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]809 String entity = response.readEntity(String.class);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]810 return JsonUtils.readTree(entity);
811 }
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]812
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]813 private JsonNode requestTokenList (String userAuthHeader, String tokenType)
814 throws KustvaktException {
815 return requestTokenList(userAuthHeader, tokenType, null);
margaretha7497adf2019-11-26 13:13:57 +0100[diff] [blame]816 }
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]817
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]818 @Test
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]819 public void testListRefreshTokenConfidentialClient ()
820 throws KustvaktException {
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]821 String username = "gurgle";
822 String password = "pwd";
823 userAuthHeader = HttpAuthorizationHandler
824 .createBasicAuthorizationHeaderValue(username, password);
825
826 // super client
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]827 Response response = requestTokenWithPassword(superClientId,
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]828 clientSecret, username, password);
829 assertEquals(Status.OK.getStatusCode(), response.getStatus());
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]830 JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]831 String refreshToken1 = node.at("/refresh_token").asText();
832
833 // client 1
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]834 String code =
835 requestAuthorizationCode(confidentialClientId, userAuthHeader);
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]836 response = requestTokenWithAuthorizationCodeAndForm(
837 confidentialClientId, clientSecret, code);
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]838 assertEquals(Status.OK.getStatusCode(), response.getStatus());
839
840 // client 2
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]841 code = requestAuthorizationCode(confidentialClientId2,
842 clientRedirectUri, userAuthHeader);
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]843 response = requestTokenWithAuthorizationCodeAndForm(
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]844 confidentialClientId2, clientSecret, code, clientRedirectUri);
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]845 assertEquals(Status.OK.getStatusCode(), response.getStatus());
846
847 // list
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]848 node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE);
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]849 assertEquals(2, node.size());
margaretha4f4b9ab2021-04-30 17:33:21 +0200[diff] [blame]850 assertEquals(confidentialClientId, node.at("/0/client_id").asText());
851 assertEquals(confidentialClientId2, node.at("/1/client_id").asText());
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]852
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]853 // client 1
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]854 code = requestAuthorizationCode(confidentialClientId, userAuthHeader);
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]855 response = requestTokenWithAuthorizationCodeAndForm(
856 confidentialClientId, clientSecret, code);
857 assertEquals(Status.OK.getStatusCode(), response.getStatus());
858
margaretha7497adf2019-11-26 13:13:57 +0100[diff] [blame]859 // another user
860 String darlaAuthHeader = HttpAuthorizationHandler
861 .createBasicAuthorizationHeaderValue("darla", "pwd");
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]862
863 // test listing clients
864 node = requestTokenList(darlaAuthHeader, REFRESH_TOKEN_TYPE);
865 assertEquals(0, node.size());
866
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]867 // client 1
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]868 code = requestAuthorizationCode(confidentialClientId, darlaAuthHeader);
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]869 assertEquals(Status.OK.getStatusCode(), response.getStatus());
870 response = requestTokenWithAuthorizationCodeAndForm(
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]871 confidentialClientId, clientSecret, code);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]872
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]873 node = JsonUtils.readTree(response.readEntity(String.class));
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]874 String refreshToken5 = node.at("/refresh_token").asText();
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]875
876 // list all refresh tokens
877 node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE);
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]878 assertEquals(3, node.size());
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]879
880 // list refresh tokens from client 1
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]881 node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE,
882 confidentialClientId);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]883 assertEquals(2, node.size());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]884
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]885 testRevokeToken(refreshToken1, superClientId, clientSecret,
886 REFRESH_TOKEN_TYPE);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]887 testRevokeToken(node.at("/0/token").asText(), confidentialClientId,
margaretha0afd44a2020-02-05 10:49:21 +0100[diff] [blame]888 clientSecret, REFRESH_TOKEN_TYPE);
889 testRevokeToken(node.at("/1/token").asText(), confidentialClientId2,
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]890 clientSecret, REFRESH_TOKEN_TYPE);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]891
892 node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE);
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]893 assertEquals(1, node.size());
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]894
895 testRevokeTokenViaSuperClient(node.at("/0/token").asText(),
896 userAuthHeader);
897 node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE);
margaretha7497adf2019-11-26 13:13:57 +0100[diff] [blame]898 assertEquals(0, node.size());
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]899
margaretha7497adf2019-11-26 13:13:57 +0100[diff] [blame]900 // try revoking a token belonging to another user
901 // should not return any errors
902 testRevokeTokenViaSuperClient(refreshToken5, userAuthHeader);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]903 node = requestTokenList(darlaAuthHeader, REFRESH_TOKEN_TYPE);
margaretha7497adf2019-11-26 13:13:57 +0100[diff] [blame]904 assertEquals(1, node.size());
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]905
margaretha7497adf2019-11-26 13:13:57 +0100[diff] [blame]906 testRevokeTokenViaSuperClient(refreshToken5, darlaAuthHeader);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]907 node = requestTokenList(darlaAuthHeader, REFRESH_TOKEN_TYPE);
margaretha7497adf2019-11-26 13:13:57 +0100[diff] [blame]908 assertEquals(0, node.size());
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]909 }
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]910
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]911 @Test
912 public void testListTokenPublicClient () throws KustvaktException {
913 String username = "nemo";
914 String password = "pwd";
915 userAuthHeader = HttpAuthorizationHandler
916 .createBasicAuthorizationHeaderValue(username, password);
917
918 // access token 1
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]919 String code = requestAuthorizationCode(publicClientId, userAuthHeader);
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]920 Response response = requestTokenWithAuthorizationCodeAndForm(
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]921 publicClientId, "", code);
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]922 assertEquals(Status.OK.getStatusCode(), response.getStatus());
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]923 JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]924 String accessToken1 = node.at("/access_token").asText();
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]925
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]926 // access token 2
margarethad67b4272022-04-11 17:34:19 +0200[diff] [blame]927 code = requestAuthorizationCode(publicClientId, userAuthHeader);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]928 response = requestTokenWithAuthorizationCodeAndForm(publicClientId, "",
929 code);
930 assertEquals(Status.OK.getStatusCode(), response.getStatus());
abcpro173fe8f22022-11-08 19:56:52 +0000[diff] [blame]931 node = JsonUtils.readTree(response.readEntity(String.class));
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]932 String accessToken2 = node.at("/access_token").asText();
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]933
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]934 // list access tokens
935 node = requestTokenList(userAuthHeader, ACCESS_TOKEN_TYPE);
936 assertEquals(2, node.size());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]937
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]938 // list refresh tokens
939 node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE);
940 assertEquals(0, node.size());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]941
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]942 testRevokeTokenViaSuperClient(accessToken1, userAuthHeader);
943 node = requestTokenList(userAuthHeader, ACCESS_TOKEN_TYPE);
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]944 // System.out.println(node);
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]945 assertEquals(1, node.size());
margaretha4f4b9ab2021-04-30 17:33:21 +0200[diff] [blame]946 assertEquals(accessToken2, node.at("/0/token").asText());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]947 assertTrue(node.at("/0/scope").size() > 0);
margaretha4f4b9ab2021-04-30 17:33:21 +0200[diff] [blame]948 assertNotNull(node.at("/0/created_date").asText());
949 assertNotNull(node.at("/0/expires_in").asLong());
950 assertNotNull(node.at("/0/user_authentication_time").asText());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]951
margaretha4f4b9ab2021-04-30 17:33:21 +0200[diff] [blame]952 assertEquals(publicClientId, node.at("/0/client_id").asText());
953 assertNotNull(node.at("/0/client_name").asText());
954 assertNotNull(node.at("/0/client_description").asText());
955 assertNotNull(node.at("/0/client_url").asText());
margaretha9436ebe2022-04-22 11:48:37 +0200[diff] [blame]956
margaretha35074692021-03-26 18:11:59 +0100[diff] [blame]957 testRevokeTokenViaSuperClient(accessToken2, userAuthHeader);
958 node = requestTokenList(userAuthHeader, ACCESS_TOKEN_TYPE);
959 assertEquals(0, node.size());
margaretha43aceb52019-11-21 12:58:53 +0100[diff] [blame]960 }
margaretha977fabe2022-04-28 09:23:47 +0200[diff] [blame]961
962 private void testRefreshTokenExpiry (String refreshToken)
963 throws KustvaktException {
964 RefreshToken token = refreshTokenDao.retrieveRefreshToken(refreshToken);
965 ZonedDateTime expiry = token.getCreatedDate().plusYears(1);
966 assertTrue(expiry.equals(token.getExpiryDate()));
967 }
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame]968}