/** * Tests that the filter encodes any query parameters on the return_to URL. */ @Test public void encodesUrlParameters() throws Exception { // Arbitrary parameter name and value that will both need to be encoded: String paramName = "foo&bar"; String paramValue = "http://example.com/path?a=b&c=d"; MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH); req.addParameter(paramName, paramValue); filter.setReturnToUrlParameters(Collections.singleton(paramName)); URI returnTo = new URI(filter.buildReturnToUrl(req)); String query = returnTo.getRawQuery(); assertThat(count(query, '=')).isEqualTo(1); assertThat(count(query, '&')).isZero(); }
@Test public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp() throws Exception { this.spring.configLocations(this.xml("WithRememberMe")).autowire(); OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class); String openIdEndpointUrl = "http://testopenid.com?openid.return_to="; Set<String> returnToUrlParameters = new HashSet<>(); returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER); openIDFilter.setReturnToUrlParameters(returnToUrlParameters); OpenIDConsumer consumer = mock(OpenIDConsumer.class); when(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString())) .then(invocation -> openIdEndpointUrl + invocation.getArgument(2)); openIDFilter.setConsumer(consumer); String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?") .append(AbstractRememberMeServices.DEFAULT_PARAMETER) .append("=").append("on").toString(); this.mvc.perform(get("/")) .andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); this.mvc.perform(get("/login")) .andExpect(status().isOk()) .andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER))); this.mvc.perform(get("/login/openid") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://hey.openid.com/") .param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")) .andExpect(status().isFound()) .andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo)); }