extend tests for client_auth_method in refresh token

cloudfoundry · Jul 6, 2023 · df727dc · df727dc
1 parent 021fc4f
commit df727dc
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/.../cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java b/.../cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java
@@ -21,6 +21,7 @@
 import static org.cloudfoundry.identity.uaa.oauth.TokenTestSupport.GRANT_TYPE;
 import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE;
 import static org.cloudfoundry.identity.uaa.util.JwtTokenSignedByThisUAATest.CLIENT_ID;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -67,12 +68,12 @@ public void setup() {
     when(clientDetailsService.loadClientByClientId(eq(requestingClient.getClientId()), anyString())).thenReturn(requestingClient);
     when(authorizationCodeServices.consumeAuthorizationCode("1234")).thenReturn(authentication);
     when(authentication.getOAuth2Request()).thenReturn(oAuth2Request);
-    when(oAuth2Request.getRequestParameters()).thenReturn(requestParameters);
     requestParameters = new HashMap<>();
     requestParameters.put(GRANT_TYPE, TokenConstants.GRANT_TYPE_USER_TOKEN);
     requestParameters.put(CLIENT_ID, requestingClient.getClientId());
     requestParameters.put("code", "1234");
     requestParameters.put(PkceValidationService.CODE_VERIFIER, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM");
+    when(oAuth2Request.getRequestParameters()).thenReturn(requestParameters);
     tokenRequest = new UserTokenGranterTest.PublicTokenRequest();
     tokenRequest.setRequestParameters(requestParameters);
 
@@ -84,4 +85,14 @@ void getOAuth2Authentication() throws PkceValidationException {
     when(pkceValidationService.checkAndValidate(any(), any(), any())).thenReturn(false);
     assertThrows(InvalidGrantException.class, () -> granter.getOAuth2Authentication(requestingClient, tokenRequest));
   }
+
+  @Test
+  void getOAuth2AuthenticationMethod() throws PkceValidationException {
+    HashMap authMap = new HashMap();
+    authMap.put(ClaimConstants.CLIENT_AUTH_METHOD, "none");
+    when(pkceValidationService.checkAndValidate(any(), any(), any())).thenReturn(true);
+    when(oAuth2Request.getExtensions()).thenReturn(authMap);
+    when(oAuth2Request.createOAuth2Request(any())).thenReturn(oAuth2Request);
+    assertNotNull(granter.getOAuth2Authentication(requestingClient, tokenRequest));
+  }
 }
diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java
@@ -33,10 +33,12 @@
 import org.junit.jupiter.params.provider.ValueSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.NoSuchClientException;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.TokenRequest;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.TestPropertySource;
@@ -69,6 +71,8 @@
 import static org.junit.Assert.assertThat;
 import static org.junit.jupiter.api.Assertions.assertAll;
 import static org.junit.jupiter.api.Assumptions.assumeTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 @DisplayName("Uaa Token Services Tests")
 @DefaultTestContext
@@ -275,9 +279,16 @@ void happyCase() {
             UaaUser uaaUser = jdbcUaaUserDatabase.retrieveUserByName("admin", "uaa");
             refreshToken = refreshTokenCreator.createRefreshToken(uaaUser, refreshTokenRequestData, null);
             assertThat(refreshToken, is(notNullValue()));
+            OAuth2Authentication authentication = mock(OAuth2Authentication.class);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+            OAuth2Request auth2Request = mock(OAuth2Request.class);
+            when(authentication.getOAuth2Request()).thenReturn(auth2Request);
+            when(auth2Request.getExtensions()).thenReturn(Map.of(ClaimConstants.CLIENT_AUTH_METHOD, "client_secret_basic"));
             OAuth2AccessToken refreshedToken = tokenServices.refreshAccessToken(this.refreshToken.getValue(), new TokenRequest(new HashMap<>(), "jku_test", Lists.newArrayList("openid", "user_attributes"), GRANT_TYPE_REFRESH_TOKEN));
 
             assertThat(refreshedToken, is(notNullValue()));
+            Map<String, Object> claims = UaaTokenUtils.getClaims(refreshedToken.getValue());
+            assertThat(claims, hasKey(ClaimConstants.CLIENT_AUTH_METHOD));
         }
 
         @MethodSource("org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests#dates")