@Test public void getWhenUsingDefaultsWithBearerTokenInTwoParametersThenInvalidRequest() throws Exception { this.spring.register(JwkSetUriConfig.class).autowire(); MultiValueMap<String, String> params = new LinkedMultiValueMap<>(); params.add("access_token", "token1"); params.add("access_token", "token2"); this.mvc.perform(get("/") .params(params)) .andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); }
@Test public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { this.spring.register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class).autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); when(decoder.decode(anyString())).thenReturn(JWT); this.mvc.perform(get("/authenticated") .with(bearerToken(JWT_TOKEN)) .param("access_token", JWT_TOKEN)) .andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); }
@Test public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class).autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); when(decoder.decode(anyString())).thenReturn(JWT); this.mvc.perform(post("/authenticated") .param("access_token", JWT_TOKEN) .with(bearerToken(JWT_TOKEN)) .with(csrf())) .andExpect(status().isBadRequest()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, containsString("invalid_request"))); }
@Test void silentAuthentication_withBadClientId() throws Exception { mockMvc.perform( get("/oauth/authorize?response_type=id_token&scope=openid&client_id=bogus&prompt=none&redirect_uri=http://example.com/**") ).andExpect(status().isBadRequest()); }
@Test void silentAuthentication_withoutClientId() throws Exception { mockMvc.perform( get("/oauth/authorize?response_type=id_token&scope=openid&prompt=none&redirect_uri=http://example.com/**") ).andExpect(status().isBadRequest()); }
@Test void test_Create_User_More_Than_One_Email() throws Exception { ScimUser scimUser = getScimUser(); String secondEmail = "joe@" + generator.generate().toLowerCase() + ".com"; scimUser.addEmail(secondEmail); createUserAndReturnResult(scimUser, scimReadWriteToken, null, null) .andExpect(status().isBadRequest()); }
@Test public void lookupUsingOnlyOrigin() throws Exception { String filter = "origin eq \"uaa\""; MockHttpServletRequestBuilder post = post("/ids/Users") .header("Authorization", "Bearer " + scimLookupIdUserToken) .accept(APPLICATION_JSON) .param("filter", filter) .param("startIndex", String.valueOf(1)) .param("count", String.valueOf(50)); getMockMvc().perform(post) .andExpect(status().isBadRequest()); }
@Test public void lookupIdFromUsernameWithInvalidFilter() throws Exception { String username = UaaTestAccounts.standard(null).getUserName(); MockHttpServletRequestBuilder post = getIdLookupRequest(scimLookupIdUserToken, username, "sw"); getMockMvc().perform(post) .andExpect(status().isBadRequest()); post = getIdLookupRequest(scimLookupIdUserToken, username, "co"); getMockMvc().perform(post) .andExpect(status().isBadRequest()); }
@Test public void testHttpStatus() throws Exception { this.mockMvc.perform(get("/created")).andExpect(status().isCreated()); this.mockMvc.perform(get("/createdWithComposedAnnotation")).andExpect(status().isCreated()); this.mockMvc.perform(get("/badRequest")).andExpect(status().isBadRequest()); }
@Test public void testChangingAPasswordWithABadRequest() throws Exception { MockHttpServletRequestBuilder post = post("/password_change") .contentType(APPLICATION_JSON) .content("{\"new_password\":\"new_secret\"}") .accept(APPLICATION_JSON); mockMvc.perform(post) .andExpect(status().isBadRequest()); }
@Test void testForcePasswordExpireAccountExternalUser() throws Exception { ScimUser user = createUser(uaaAdminToken); user.setOrigin("NOT_UAA"); updateUser(uaaAdminToken, HttpStatus.OK.value(), user); UserAccountStatus alteredAccountStatus = new UserAccountStatus(); alteredAccountStatus.setPasswordChangeRequired(true); updateAccountStatus(user, alteredAccountStatus) .andExpect(status().isBadRequest()); assertFalse(usersRepository.checkPasswordChangeIndividuallyRequired(user.getId(), IdentityZoneHolder.get().getId())); }
@Test void testUpdateStatusCannotLock() throws Exception { ScimUser user = createUser(uaaAdminToken); UserAccountStatus alteredAccountStatus = new UserAccountStatus(); alteredAccountStatus.setLocked(true); updateAccountStatus(user, alteredAccountStatus) .andExpect(status().isBadRequest()); attemptLogin(user) .andExpect(redirectedUrl("/")); }
@Test void testGenerateCodeWithNullExpiresAt() throws Exception { ExpiringCode code = new ExpiringCode(null, null, "{}", null); String requestBody = JsonUtils.writeValueAsString(code); MockHttpServletRequestBuilder post = post("/Codes") .header("Authorization", "Bearer " + loginToken) .contentType(APPLICATION_JSON) .accept(MediaType.APPLICATION_JSON) .content(requestBody); mockMvc.perform(post) .andExpect(status().isBadRequest()); }
@Test public void getWhenUsingDefaultsWithBearerTokenInTwoPlacesThenInvalidRequest() throws Exception { this.spring.register(JwkSetUriConfig.class).autowire(); this.mvc.perform(get("/") .with(bearerToken("token")) .with(bearerToken("token").asParam())) .andExpect(status().isBadRequest()) .andExpect(invalidRequestHeader("Found multiple bearer tokens in the request")); }
@Test public void testLimitedScopesWithoutMember() throws Exception { IdentityZone zone = MockMvcUtils.createZoneUsingWebRequest(getMockMvc(), identityClientToken); ScimGroup group = new ScimGroup("zones." + zone.getId() + ".admin"); MockHttpServletRequestBuilder post = post("/Groups/zones") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .header("Authorization", "Bearer " + identityClientToken) .content(JsonUtils.writeValueAsBytes(group)); getMockMvc().perform(post) .andExpect(status().isBadRequest()); }
@Test void testTryMultipleStatusUpdatesWithInvalidLock() throws Exception { ScimUser user = createUser(uaaAdminToken); UserAccountStatus alteredAccountStatus = new UserAccountStatus(); alteredAccountStatus.setPasswordChangeRequired(true); alteredAccountStatus.setLocked(true); updateAccountStatus(user, alteredAccountStatus) .andExpect(status().isBadRequest()); assertFalse(usersRepository.checkPasswordChangeIndividuallyRequired(user.getId(), IdentityZoneHolder.get().getId())); attemptLogin(user) .andExpect(redirectedUrl("/")); }
@Test void test_InZone_ClientWrite_Failure_with_Secret_Too_Long() throws Exception { String subdomain = generator.generate(); MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null); result.getIdentityZone().getConfig().setClientSecretPolicy(new ClientSecretPolicy(0, 5, 0, 0, 0, 0, 6)); MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); }
@Test void test_InZone_ClientWrite_Failure_with_Min_Length_Secret() throws Exception { String subdomain = generator.generate(); MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null); result.getIdentityZone().getConfig().setClientSecretPolicy(new ClientSecretPolicy(7, 255, 0, 0, 0, 0, 6)); MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); }
@Test void test_InZone_ClientWrite_Failure_with_Secret_Requires_Uppercase_Character() throws Exception { String subdomain = generator.generate(); MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null); result.getIdentityZone().getConfig().setClientSecretPolicy(new ClientSecretPolicy(0, 255, 1, 0, 0, 0, 6)); MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); }
@Test void test_InZone_ClientWrite_Failure_with_Secret_Requires_Special_Character() throws Exception { String subdomain = generator.generate(); MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null); result.getIdentityZone().getConfig().setClientSecretPolicy(new ClientSecretPolicy(0, 255, 0, 0, 0, 1, 6)); MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); }