-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: Authorization Grant Flow without Redirect URI #2484
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,6 +17,7 @@ | |
import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper; | ||
import org.cloudfoundry.identity.uaa.test.TestAccountSetup; | ||
import org.cloudfoundry.identity.uaa.test.UaaTestAccounts; | ||
import org.junit.Assert; | ||
import org.junit.Rule; | ||
import org.junit.Test; | ||
import org.springframework.http.HttpEntity; | ||
|
@@ -32,6 +33,7 @@ | |
import java.util.Map; | ||
|
||
import static org.junit.Assert.assertEquals; | ||
import static org.junit.Assert.assertNotNull; | ||
import static org.junit.Assert.assertThat; | ||
import static org.junit.Assert.assertTrue; | ||
import static org.hamcrest.CoreMatchers.containsString; | ||
|
@@ -192,6 +194,34 @@ public void testZoneInactive() { | |
assertEquals(HttpStatus.NOT_FOUND, result.getStatusCode()); | ||
} | ||
|
||
@Test | ||
public void testAuthorizationRequestWithoutRedirectUri() { | ||
|
||
Map<String, String> body = IntegrationTestUtils.getAuthorizationCodeTokenMap(serverRunning, | ||
testAccounts, | ||
"login", | ||
"loginsecret", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this client has only one redirect uri therefore you can omit it. |
||
testAccounts.getUserName(), | ||
testAccounts.getPassword(), | ||
null, | ||
null, | ||
null, | ||
null, | ||
false); | ||
|
||
assertNotNull("Token not received", body.get("access_token")); | ||
|
||
try { | ||
IntegrationTestUtils.getAuthorizationCodeTokenMap(serverRunning, testAccounts, "app", "appclientsecret", | ||
testAccounts.getUserName(), testAccounts.getPassword(), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the app client has 2 entries for redirect-uri thus here it does not work. These tests simply should help to know what we have already, nothing new |
||
null, null, null, null, false); | ||
} catch (AssertionError error) { | ||
// expected | ||
return; | ||
} | ||
Assert.fail("Token retrival not allowed"); | ||
} | ||
|
||
public void testSuccessfulAuthorizationCodeFlow_Internal() { | ||
AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource(); | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the purpose of this change? Is this required for the added test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it mainly is the revert of my change https://github.com/cloudfoundry/uaa/pull/2403/files#diff-d02078cfeded6b34f4eb0a68b222758f944db9bbe2fa1227249a9c782718cf09R85
the login client is used in our internal forked scenario and it was broken. Because UAA has this hidden feature of redirect uris. It means if you have only one redirect uri defined you can omit the parameter redirect_uri in authorize request.
If you have an array in the client you cannot use this feature anymore therefore removed the 2nd entry
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and create an explicit test for this hidden feature