@Override public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange exchange) { if (this.isPrincipalAuthenticated(principal)) { return this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, principal.getName()); } else { return this.anonymousAuthorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, exchange); } }
@Override public Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange exchange) { if (this.isPrincipalAuthenticated(principal)) { return this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName()); } else { return this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, exchange); } }
@Override public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal, ServerWebExchange exchange) { if (this.isPrincipalAuthenticated(principal)) { return this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); } else { return this.anonymousAuthorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, exchange); } }
@Test public void loadAuthorizedClientWhenAnonymousPrincipalThenLoadFromAnonymousRepository() { when(this.anonymousAuthorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty()); Authentication authentication = this.createAnonymousPrincipal(); this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange).block(); verify(this.anonymousAuthorizedClientRepository).loadAuthorizedClient(this.registrationId, authentication, this.exchange); }
private Mono<OAuth2AuthorizedClient> clientCredentialsResponse(ClientRegistration clientRegistration, Authentication authentication, ServerWebExchange exchange, OAuth2AccessTokenResponse tokenResponse) { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( clientRegistration, authentication.getName(), tokenResponse.getAccessToken()); return this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, exchange) .thenReturn(authorizedClient); }
@Test public void removeAuthorizedClientWhenAnonymousPrincipalThenRemoveFromAnonymousRepository() { when(this.anonymousAuthorizedClientRepository.removeAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty()); Authentication authentication = this.createAnonymousPrincipal(); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange).block(); verify(this.anonymousAuthorizedClientRepository).removeAuthorizedClient(this.registrationId, authentication, this.exchange); }
@Before public void setUp() { this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, this.authorizedClientRepository); this.authorizedClient = mock(OAuth2AuthorizedClient.class); when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).thenReturn(Mono.just(this.authorizedClient)); }
private Mono<OAuth2AuthorizedClient> clientCredentialsResponse(ClientRegistration clientRegistration, Authentication authentication, ServerWebExchange exchange, OAuth2AccessTokenResponse tokenResponse) { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( clientRegistration, authentication.getName(), tokenResponse.getAccessToken()); return this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, exchange) .thenReturn(authorizedClient); }
@Override public Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal, ServerWebExchange exchange) { if (this.isPrincipalAuthenticated(principal)) { return this.authorizedClientService.removeAuthorizedClient(clientRegistrationId, principal.getName()); } else { return this.anonymousAuthorizedClientRepository.removeAuthorizedClient(clientRegistrationId, principal, exchange); } }
Mono<OAuth2AuthorizedClient> loadAuthorizedClient(Request request) { String clientRegistrationId = request.getClientRegistrationId(); Authentication authentication = request.getAuthentication(); ServerWebExchange exchange = request.getExchange(); return this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, authentication, exchange) .switchIfEmpty(authorizedClientNotLoaded(clientRegistrationId, authentication, exchange)); }
private Mono<OAuth2AuthorizedClient> authorizeWithClientCredentials(ClientRegistration clientRegistration, OAuth2AuthorizedClientResolver.Request request) { Authentication authentication = request.getAuthentication(); ServerWebExchange exchange = request.getExchange(); return this.authorizedClientResolver.clientCredentials(clientRegistration, authentication, exchange). flatMap(result -> this.authorizedClientRepository.saveAuthorizedClient(result, authentication, exchange) .thenReturn(result)); }
@Test public void resolveArgumentWhenOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() { when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just( TestClientRegistrations.clientRegistration().build())); when(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).thenReturn(Mono.empty()); MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class); assertThatThrownBy(() -> resolveArgument(methodParameter)) .isInstanceOf(ClientAuthorizationRequiredException.class); }
@Test public void saveAuthorizedClientWhenAnonymousPrincipalThenSaveToAnonymousRepository() { when(this.anonymousAuthorizedClientRepository.saveAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty()); Authentication authentication = this.createAnonymousPrincipal(); OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.exchange).block(); verify(this.anonymousAuthorizedClientRepository).saveAuthorizedClient(authorizedClient, authentication, this.exchange); }
Mono<OAuth2AuthorizedClient> loadAuthorizedClient(Request request) { String clientRegistrationId = request.getClientRegistrationId(); Authentication authentication = request.getAuthentication(); ServerWebExchange exchange = request.getExchange(); return this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, authentication, exchange) .switchIfEmpty(authorizedClientNotLoaded(clientRegistrationId, authentication, exchange)); }
@Test public void onAuthenticationSuccessWhenOAuth2LoginAuthenticationTokenThenSavesAuthorizedClient() { this.filter.onAuthenticationSuccess(loginToken(), this.webFilterExchange).block(); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any()); }
@Test public void filterWhenClientRegistrationIdAndServerWebExchangeFromContextThenServerWebExchangeFromContext() { OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); when(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.just(authorizedClient)); when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(Mono.just(this.registration)); ClientRequest request = ClientRequest.create(GET, URI.create("https://example.com")) .attributes(clientRegistrationId(this.registration.getRegistrationId())) .build(); this.function.filter(request, this.exchange) .subscriberContext(serverWebExchange()) .block(); verify(this.authorizedClientRepository).loadAuthorizedClient(eq(this.registration.getRegistrationId()), any(), eq(this.serverWebExchange)); }
@Test public void filterWhenMatchThenAuthorizedClientSaved() { Mono<Authentication> authentication = Mono .just(TestOAuth2AuthorizationCodeAuthenticationTokens.unauthenticated()); OAuth2AuthorizationCodeAuthenticationToken authenticated = TestOAuth2AuthorizationCodeAuthenticationTokens .authenticated(); ServerAuthenticationConverter converter = e -> authentication; this.filter = new OAuth2AuthorizationCodeGrantWebFilter( this.authenticationManager, converter, this.authorizedClientRepository); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest .get("/authorize/oauth2/code/registration-id")); DefaultWebFilterChain chain = new DefaultWebFilterChain( e -> e.getResponse().setComplete()); when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just( authenticated)); when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())) .thenReturn(Mono.empty()); this.filter.filter(exchange, chain).block(); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(AnonymousAuthenticationToken.class), any()); } }
@Test public void registeredOAuth2AuthorizedClientWhenAnonymousThenRedirects() { this.spring.register(Config.class, AuthorizedClientController.class).autowire(); ReactiveClientRegistrationRepository repository = this.spring.getContext() .getBean(ReactiveClientRegistrationRepository.class); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext().getBean(ServerOAuth2AuthorizedClientRepository.class); when(repository.findByRegistrationId(any())).thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); when(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty()); this.client.get().uri("/") .exchange() .expectStatus().is3xxRedirection(); }
private Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) { OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) authentication; OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( authenticationResult.getClientRegistration(), authenticationResult.getName(), authenticationResult.getAccessToken(), authenticationResult.getRefreshToken()); return this.authenticationSuccessHandler .onAuthenticationSuccess(webFilterExchange, authentication) .then(ReactiveSecurityContextHolder.getContext() .map(SecurityContext::getAuthentication) .defaultIfEmpty(this.anonymousToken) .flatMap(principal -> this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, webFilterExchange.getExchange())) ); } }
@Test @WithMockUser public void registeredOAuth2AuthorizedClientWhenAuthenticatedThenRedirects() { this.spring.register(Config.class, AuthorizedClientController.class).autowire(); ReactiveClientRegistrationRepository repository = this.spring.getContext() .getBean(ReactiveClientRegistrationRepository.class); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext().getBean(ServerOAuth2AuthorizedClientRepository.class); when(repository.findByRegistrationId(any())).thenReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); when(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).thenReturn(Mono.empty()); this.client.get().uri("/") .exchange() .expectStatus().is3xxRedirection(); }