@Test public void testInvalidRefreshToken() { Map<String, String> map = new HashMap<>(); map.put("grant_type", "refresh_token"); AuthorizationRequest authorizationRequest = new AuthorizationRequest(map, null, null, null, null, null, false, null, null, null); String refreshTokenValue = "dasdasdasdasdas"; try { tokenServices.refreshAccessToken(refreshTokenValue, tokenSupport.requestFactory.createTokenRequest(authorizationRequest, "refresh_token")); fail("Expected Exception was not thrown"); } catch (InvalidTokenException e) { assertThat(e.getMessage(), not(containsString(refreshTokenValue))); } }
@Test public void testLoadAuthenticationWithAnExpiredToken() { BaseClientDetails shortExpiryClient = tokenSupport.defaultClient; shortExpiryClient.setAccessTokenValiditySeconds(1); tokenSupport.clientDetailsService.setClientDetailsStore( IdentityZoneHolder.get().getId(), Collections.singletonMap(CLIENT_ID, shortExpiryClient) ); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); assertThat(accessToken, validFor(is(1))); when(tokenSupport.timeService.getCurrentTimeMillis()).thenReturn(2001L); try { tokenServices.loadAuthentication(accessToken.getValue()); fail("Expected Exception was not thrown"); } catch (InvalidTokenException e) { assertThat(e.getMessage(), not(containsString(accessToken.getValue()))); } }
fail("Expected Exception was not thrown"); } catch (InvalidTokenException e) { assertThat(e.getMessage(), not(containsString(accessToken.getRefreshToken().getValue())));
fail("Approval has been revoked"); } catch (InvalidTokenException x) { assertThat("Exception should be about approvals", x.getMessage().contains("some requested scopes are not approved"));
@Test public void testClientSecret_Added_Token_Validation_Still_Works() { tokenSupport.defaultClient.setClientSecret(SECRET); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_PASSWORD); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); //normal token validation tokenServices.loadAuthentication(accessToken.getValue()); //add a 2nd secret tokenSupport.defaultClient.setClientSecret(tokenSupport.defaultClient.getClientSecret() + " newsecret"); tokenServices.loadAuthentication(accessToken.getValue()); //generate a token when we have two secrets OAuth2AccessToken accessToken2 = tokenServices.createAccessToken(authentication); //remove the 1st secret tokenSupport.defaultClient.setClientSecret("newsecret"); try { tokenServices.loadAuthentication(accessToken.getValue()); fail("Token should fail to validate on the revocation signature"); } catch (InvalidTokenException e) { assertTrue(e.getMessage().contains("revocable signature mismatch")); } tokenServices.loadAuthentication(accessToken2.getValue()); OAuth2AccessToken accessToken3 = tokenServices.createAccessToken(authentication); tokenServices.loadAuthentication(accessToken3.getValue()); }
@Test void validateOldTokenAfterDeleteClientSecret() throws Exception { String clientId = "testclient" + generator.generate(); String scopes = "space.*.developer,space.*.admin,org.*.reader,org.123*.admin,*.*,*"; setUpClients(clientId, scopes, scopes, GRANT_TYPES, true); String body = mockMvc.perform(post("/oauth/token") .accept(MediaType.APPLICATION_JSON_VALUE) .with(httpBasic(clientId, SECRET)) .param("grant_type", "client_credentials") .param("client_id", clientId) .param("client_secret", SECRET)) .andExpect(status().isOk()) .andReturn().getResponse().getContentAsString(); Map<String, Object> bodyMap = JsonUtils.readValue(body, new TypeReference<Map<String, Object>>() { }); String access_token = (String) bodyMap.get("access_token"); assertNotNull(access_token); clientDetailsService.addClientSecret(clientId, "newSecret", IdentityZoneHolder.get().getId()); clientDetailsService.deleteClientSecret(clientId, IdentityZoneHolder.get().getId()); MockHttpServletResponse response = mockMvc.perform(post("/check_token") .header("Authorization", "Basic " + new String(Base64.encode("app:appclientsecret".getBytes()))) .param("token", access_token)) .andExpect(status().isBadRequest()) .andReturn().getResponse(); InvalidTokenException tokenRevokedException = JsonUtils.readValue(response.getContentAsString(), TokenRevokedException.class); assertEquals("invalid_token", tokenRevokedException.getOAuth2ErrorCode()); assertEquals("revocable signature mismatch", tokenRevokedException.getMessage()); }
@ExceptionHandler @ResponseStatus(HttpStatus.BAD_REQUEST) @ResponseBody public AuthenticationError handleClientAuthenticationException(InvalidTokenException ex, HttpServletRequest request) { return new AuthenticationError("invalid_token", ex.getMessage()); }