/** * Creates an {@link OAuth2Credentials} object that can be used by any of the servlets. */ public static OAuth2Credentials createOAuth2Credentials(SessionConfiguration sessionConfiguration) throws Exception { // Store the users OAuth2 credentials in their home directory. File credentialDirectory = new File(System.getProperty("user.home") + File.separator + ".uber_credentials"); credentialDirectory.setReadable(true, true); credentialDirectory.setWritable(true, true); // If you'd like to store them in memory or in a DB, any DataStoreFactory can be used. AbstractDataStoreFactory dataStoreFactory = new FileDataStoreFactory(credentialDirectory); // Build an OAuth2Credentials object with your secrets. return new OAuth2Credentials.Builder() .setCredentialDataStoreFactory(dataStoreFactory) .setRedirectUri(sessionConfiguration.getRedirectUri()) .setClientSecrets(sessionConfiguration.getClientId(), sessionConfiguration.getClientSecret()) .build(); }
@Test public void getAuthorizationUrl_whenThereAreCustomScopes() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setScopes(Arrays.asList(Scope.PROFILE)) .setCustomScopes(Arrays.asList("custom")) .build(); assertTrue( "https://login.uber.com/oauth/v2/authorize?client_id=CLIENT_ID&response_type=code&scope=custom%20profile" .equals(oAuth2Credentials.getAuthorizationUrl()) || "https://login.uber.com/oauth/v2/authorize?client_id=CLIENT_ID&response_type=code&scope=profile%20custom" .equals(oAuth2Credentials.getAuthorizationUrl())); }
validate(); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials(); oAuth2Credentials.redirectUri = redirectUri;
Mockito.when(mockDataStore.get(eq("userId"))).thenReturn(new StoredCredential(credential)); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setRedirectUri("http://redirect") .setHttpTransport(mockHttpTransport) .setCredentialDataStoreFactory(mockDataStoreFactory) .setScopes(Arrays.asList(Scope.PROFILE, Scope.REQUEST)) .build();
@Test public void authenticate() throws Exception { String authorizationCode = "authorizationCode"; String expectedRequestContent = "code=authorizationCode&grant_type=authorization_code" + "&redirect_uri=http%3A%2F%2Fredirect&scope=profile+request" + "&client_id=CLIENT_ID&client_secret=CLIENT_SECRET"; OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setRedirectUri("http://redirect") .setHttpTransport(mockHttpTransport) .setScopes(Arrays.asList(Scope.PROFILE, Scope.REQUEST)) .build(); Credential credential = oAuth2Credentials.authenticate(authorizationCode, "userId"); assertEquals("Request URL did not match.", TOKEN_REQUEST_URL, mockHttpTransport.lastRequestUrl); assertEquals("Request content did not match.", expectedRequestContent, mockHttpTransport.lastRequestContent); assertEquals("Refresh token does not match.", "refreshToken", credential.getRefreshToken()); assertTrue("Expected expires_in between 0 and 3600. Was actually: " + credential.getExpiresInSeconds(), credential.getExpiresInSeconds() > 0 && credential.getExpiresInSeconds() <= 3600); assertEquals("Access token does not match.", "accessToken", credential.getAccessToken()); assertEquals("Access method (Bearer) does not match", BearerToken.authorizationHeaderAccessMethod().getClass(), credential.getMethod().getClass()); }
@Test public void authenticate_whenThereAreNoScopes() throws Exception { String authorizationCode = "authorizationCode"; String expectedRequestContent = "code=authorizationCode&grant_type=authorization_code" + "&redirect_uri=http%3A%2F%2Fredirect" + "&client_id=CLIENT_ID&client_secret=CLIENT_SECRET"; OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setRedirectUri("http://redirect") .setHttpTransport(mockHttpTransport) .build(); Credential credential = oAuth2Credentials.authenticate(authorizationCode, "userId"); assertEquals("Request URL did not match.", TOKEN_REQUEST_URL, mockHttpTransport.lastRequestUrl); assertEquals("Request content did not match.", expectedRequestContent, mockHttpTransport.lastRequestContent); assertEquals("Refresh token does not match.", "refreshToken", credential.getRefreshToken()); assertTrue("Expected expires_in between 0 and 3600. Was actually: " + credential.getExpiresInSeconds(), credential.getExpiresInSeconds() > 0 && credential.getExpiresInSeconds() <= 3600); assertEquals("Access token does not match.", "accessToken", credential.getAccessToken()); assertEquals("Access method (Bearer) does not match", BearerToken.authorizationHeaderAccessMethod().getClass(), credential.getMethod().getClass()); }
@Test public void loadCredential() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setRedirectUri("http://redirect") .setHttpTransport(mockHttpTransport) .setScopes(Arrays.asList(Scope.PROFILE, Scope.REQUEST)) .build(); oAuth2Credentials.authenticate("authorizationCode", "userId"); Credential credential = oAuth2Credentials.loadCredential("userId"); assertEquals("Refresh token does not match.", "refreshToken", credential.getRefreshToken()); assertTrue("Expected expires_in between 0 and 3600. Was actually: " + credential.getExpiresInSeconds(), credential.getExpiresInSeconds() > 0 && credential.getExpiresInSeconds() <= 3600); assertEquals("Access token does not match.", "accessToken", credential.getAccessToken()); assertEquals("Access method (Bearer) does not match", BearerToken.authorizationHeaderAccessMethod().getClass(), credential.getMethod().getClass()); }
@Test public void clearCredential() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setRedirectUri("http://redirect") .setHttpTransport(mockHttpTransport) .setScopes(Arrays.asList(Scope.PROFILE, Scope.REQUEST)) .build(); oAuth2Credentials.authenticate("authorizationCode", "userId"); Credential credential = oAuth2Credentials.loadCredential("userId"); assertNotNull(credential); oAuth2Credentials.clearCredential("userId"); credential = oAuth2Credentials.loadCredential("userId"); assertNull(credential); }
@Test public void authenticate_whenCantAuthenticate_shouldThrowException() throws Exception { exception.expect(AuthException.class); exception.expectCause(any(IOException.class)); String authorizationCode = "authorizationCode"; mockHttpTransport.setHttpResponseContent("failed"); mockHttpTransport.setHttpStatusCode(403); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setRedirectUri("http://redirect") .setHttpTransport(mockHttpTransport) .build(); oAuth2Credentials.authenticate(authorizationCode, "userId"); }
@Test public void getAuthorizationUrl_whenThereIsAnEmptyScopeList() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setScopes(new ArrayList<Scope>()) .build(); assertEquals("https://login.uber.com/oauth/v2/authorize?client_id=CLIENT_ID&response_type=code", oAuth2Credentials.getAuthorizationUrl()); }
@Test public void getAuthorizationUrl() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setScopes(Arrays.asList(Scope.PROFILE, Scope.REQUEST, Scope.HISTORY)) .build(); assertEquals("https://login.uber.com/oauth/v2/authorize?client_id=CLIENT_ID" + "&response_type=code&scope=history%20profile%20request", oAuth2Credentials.getAuthorizationUrl()); }
@Test public void build_whenThereAreNoClientSecrets() throws Exception { exception.expect(IllegalStateException.class); exception.expectMessage(containsString("Client ID and secret")); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .build(); }
@Test public void build_whenClientSecretsAreNull() throws Exception { exception.expect(IllegalStateException.class); exception.expectMessage(containsString("Client ID and secret")); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets(null, null) .build(); }
@Test public void getAuthorizationUrl_whenThereAreNoScopes() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .build(); assertEquals("https://login.uber.com/oauth/v2/authorize?client_id=CLIENT_ID&response_type=code", oAuth2Credentials.getAuthorizationUrl()); }
@Test public void build_whenClientIdIsNull() throws Exception { exception.expect(IllegalStateException.class); exception.expectMessage(containsString("Client ID and secret")); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets(null, "CLIENT_SECRET") .build(); }
@Test public void getAuthorizationUrl_whenThereAreDuplicateCustomScopes() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setScopes(Arrays.asList(Scope.PROFILE)) .setCustomScopes(Arrays.asList("profile")) .build(); assertEquals("https://login.uber.com/oauth/v2/authorize?client_id=CLIENT_ID&response_type=code&scope=profile", oAuth2Credentials.getAuthorizationUrl()); }
@Test public void build_whenClientSecretIsNull() throws Exception { exception.expect(IllegalStateException.class); exception.expectMessage(containsString("Client ID and secret")); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", null) .build(); }
/** * Creates an {@link OAuth2Credentials} object that can be used by any of the servlets. * * Throws an {@throws IOException} when no client ID or secret found in secrets.properties */ static OAuth2Credentials createOAuth2Credentials(SessionConfiguration config) throws IOException { return new OAuth2Credentials.Builder() .setCredentialDataStoreFactory(MemoryDataStoreFactory.getDefaultInstance()) .setRedirectUri(config.getRedirectUri()) .setScopes(config.getScopes()) .setClientSecrets(config.getClientId(), config.getClientSecret()) .build(); }
@Test public void getAuthorizationUrl_whenThereIsARedirectUri() throws Exception { OAuth2Credentials oAuth2Credentials = new OAuth2Credentials.Builder() .setClientSecrets("CLIENT_ID", "CLIENT_SECRET") .setRedirectUri("https://localhost:8181/OAuth2Callback") .setScopes(Arrays.asList(Scope.PROFILE)) .setCustomScopes(Arrays.asList("profile")) .build(); assertEquals("https://login.uber.com/oauth/v2/authorize?client_id=CLIENT_ID" + "&response_type=code&scope=profile&redirect_uri=https%3A%2F%2Flocalhost%3A8181%2FOAuth2Callback", oAuth2Credentials.getAuthorizationUrl()); }