Source Code of org.springframework.security.oauth2.provider.request.DefaultAuthorizationRequestFactoryTests

/*
 * Copyright 2006-2011 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package org.springframework.security.oauth2.provider.request;

import static org.junit.Assert.assertEquals;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;

/**
 * @author Dave Syer
 *
 */
public class DefaultAuthorizationRequestFactoryTests {

  private BaseClientDetails client = new BaseClientDetails();

  private DefaultOAuth2RequestFactory factory = new DefaultOAuth2RequestFactory(new ClientDetailsService() {
    public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception {
      return client;
    }
  });

  @Before
  public void start() {
    client.setClientId("foo");
    client.setScope(Collections.singleton("bar"));
    client.setResourceIds(Arrays.asList("bar"));
  }

  @After
  public void close() {
    SecurityContextHolder.clearContext();
  }

  @Test
  public void testCreateAuthorizationRequest() {
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
  }

  @Test
  public void testCreateTokenRequest() {
    TokenRequest request = factory.createTokenRequest(Collections.singletonMap("client_id", "foo"), client);
    assertEquals("foo", request.getClientId());
  }

  @Test
  public void testCreateAuthorizationRequestWithDefaultScopes() {
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("[bar]", request.getScope().toString());
  }

  @Test
  public void testCreateAuthorizationRequestWithUserRoles() {
    factory.setCheckUserScopes(true);
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
    assertEquals("[bar]", request.getScope().toString());
  }

  @Test
  public void testCreateAuthorizationThenOAuth2RequestWithGrantType() {
    factory.setCheckUserScopes(true);
    Map<String,String> parameters = new HashMap<String, String>();
    parameters.put("client_id", "foo");
    parameters.put("response_type", "token");
    OAuth2Request request = factory.createAuthorizationRequest(parameters).createOAuth2Request();
    assertEquals("implicit", request.getGrantType());
  }

  @Test
  public void testCreateTokenThenOAuth2RequestWithGrantType() {
    factory.setCheckUserScopes(true);
    AuthorizationRequest auth = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    OAuth2Request request = factory.createTokenRequest(auth, "password").createOAuth2Request(client);
    assertEquals("password", request.getGrantType());
    assertEquals("[bar]", request.getResourceIds().toString());
  }

  @Test
  public void testCreateAuthorizationRequestWhenUserNotPermitted() {
    SecurityContextHolder.getContext().setAuthentication(
        new UsernamePasswordAuthenticationToken("user", "N/A", AuthorityUtils
            .commaSeparatedStringToAuthorityList("ROLE_BAR")));
    factory.setCheckUserScopes(true);
    client.setScope(Collections.singleton("foo"));
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
    assertEquals("[]", request.getScope().toString());
  }

}