SECOAUTH-178: Added unit tests for OAuth2AccessToken Serializer/Deserializer

Author: rwinch

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/BaseOAuth2AccessTokenJacksonTest.java

@@ -0,0 +1,84 @@
+/*
+ * Copyright 2006-2010 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.springframework.security.oauth2.common;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+
+import java.util.Date;
+import java.util.Set;
+import java.util.TreeSet;
+
+import org.codehaus.jackson.map.ObjectMapper;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
+
+/**
+ * Base class for testing Jackson serialization and deserialization of {@link OAuth2AccessToken}.
+ *
+ * @author Rob Winch
+ */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ System.class })
+abstract class BaseOAuth2AccessTokenJacksonTest {
+	protected static final String ACCESS_TOKEN_EMPTYSCOPE = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10,\"scope\":\"\"}";
+
+	protected static final String ACCESS_TOKEN_MULTISCOPE = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10,\"scope\":\"read write\"}";
+
+	protected static final String ACCESS_TOKEN_NOSCOPE = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10}";
+
+	protected static final String ACCESS_TOKEN_NOREFRESH = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"expires_in\":10}";
+
+	protected static final String ACCESS_TOKEN_SINGLESCOPE = "{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10,\"scope\":\"write\"}";
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	@Mock
+	protected Date expiration;
+
+	protected OAuth2AccessToken accessToken;
+
+	protected ObjectMapper mapper;
+
+	public BaseOAuth2AccessTokenJacksonTest() {
+		super();
+	}
+
+	@Before
+	public void setUp() {
+		mockStatic(System.class);
+		long now = 1323123715041L;
+		when(System.currentTimeMillis()).thenReturn(now);
+		when(expiration.before(any(Date.class))).thenReturn(false);
+		when(expiration.getTime()).thenReturn(now + 10000);
+
+		accessToken = new OAuth2AccessToken("token-value");
+		accessToken.setExpiration(expiration);
+		mapper = new ObjectMapper();
+		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-value");
+		accessToken.setRefreshToken(refreshToken);
+		Set<String> scope = new TreeSet<String>();
+		scope.add("read");
+		scope.add("write");
+		accessToken.setScope(scope);
+	}
+}

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/TestOAuth2AccessTokenDeserializer.java

@@ -0,0 +1,98 @@
+/*
+ * Copyright 2011 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.springframework.security.oauth2.common;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.HashSet;
+
+import org.codehaus.jackson.JsonGenerationException;
+import org.codehaus.jackson.map.JsonMappingException;
+import org.junit.Test;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+
+/**
+ * Tests deserialization of an {@link OAuth2AccessToken} using jackson.
+ *
+ * @author Rob Winch
+ */
+@PrepareForTest(OAuth2AccessTokenDeserializer.class)
+public class TestOAuth2AccessTokenDeserializer extends BaseOAuth2AccessTokenJacksonTest {
+
+	@Test
+	public void readValueNoRefresh() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.setRefreshToken(null);
+		accessToken.setScope(null);
+		OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_NOREFRESH, OAuth2AccessToken.class);
+		assertTokenEquals(accessToken,actual);
+	}
+
+	@Test
+	public void readValueWithRefresh() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.setScope(null);
+		OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_NOSCOPE, OAuth2AccessToken.class);
+		assertTokenEquals(accessToken,actual);
+	}
+
+	@Test
+	public void readValueWithSingleScopes() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.getScope().remove(accessToken.getScope().iterator().next());
+		OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_SINGLESCOPE, OAuth2AccessToken.class);
+		assertTokenEquals(accessToken,actual);
+	}
+
+	@Test
+	public void readValueWithEmptyStringScope() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.setScope(new HashSet<String>());
+		OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_EMPTYSCOPE, OAuth2AccessToken.class);
+		assertTokenEquals(accessToken,actual);
+	}
+
+	@Test
+	public void readValueWithMultiScopes() throws Exception {
+		OAuth2AccessToken actual = mapper.readValue(ACCESS_TOKEN_MULTISCOPE, OAuth2AccessToken.class);
+		assertTokenEquals(accessToken,actual);
+	}
+
+	@Test
+	public void readValueWithMac() throws Exception {
+		accessToken.setTokenType("mac");
+		String encodedToken = ACCESS_TOKEN_MULTISCOPE.replace("bearer", accessToken.getTokenType());
+		OAuth2AccessToken actual = mapper.readValue(encodedToken, OAuth2AccessToken.class);
+		assertTokenEquals(accessToken,actual);
+	}
+
+	private static void assertTokenEquals(OAuth2AccessToken expected, OAuth2AccessToken actual) {
+		assertEquals(expected.getTokenType(), actual.getTokenType());
+		assertEquals(expected.getValue(), actual.getValue());
+
+		OAuth2RefreshToken expectedRefreshToken = expected.getRefreshToken();
+		if (expectedRefreshToken == null) {
+			assertNull(actual.getRefreshToken());
+		}
+		else {
+			assertEquals(expectedRefreshToken.getValue(), actual.getRefreshToken().getValue());
+		}
+		assertEquals(expected.getScope(), actual.getScope());
+		Date expectedExpiration = expected.getExpiration();
+		if (expectedExpiration == null) {
+			assertNull(actual.getExpiration());
+		}
+		else {
+			assertEquals(expectedExpiration.getTime(), actual.getExpiration().getTime());
+		}
+	}
+}

spring-security-oauth2/src/test/java/org/springframework/security/oauth2/common/TestOAuth2AccessTokenSerializer.java

@@ -0,0 +1,92 @@
+package org.springframework.security.oauth2.common;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+
+import org.codehaus.jackson.JsonGenerationException;
+import org.codehaus.jackson.map.JsonMappingException;
+import org.junit.Test;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+
+/**
+ * Tests serialization of an {@link OAuth2AccessToken} using jackson.
+ *
+ * @author Rob Winch
+ */
+@PrepareForTest(OAuth2AccessTokenSerializer.class)
+public class TestOAuth2AccessTokenSerializer extends BaseOAuth2AccessTokenJacksonTest {
+
+	@Test
+	public void writeValueAsStringNoRefresh() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.setRefreshToken(null);
+		accessToken.setScope(null);
+		String encodedAccessToken = mapper.writeValueAsString(accessToken);
+		assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_NOREFRESH, encodedAccessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithRefresh() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.setScope(null);
+		String encodedAccessToken = mapper.writeValueAsString(accessToken);
+		assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_NOSCOPE, encodedAccessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithEmptyScope() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.getScope().clear();
+		String encodedAccessToken = mapper.writeValueAsString(accessToken);
+		assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_NOSCOPE, encodedAccessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithSingleScopes() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.getScope().remove(accessToken.getScope().iterator().next());
+		String encodedAccessToken = mapper.writeValueAsString(accessToken);
+		assertEquals(BaseOAuth2AccessTokenJacksonTest.ACCESS_TOKEN_SINGLESCOPE, encodedAccessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithNullScope() throws JsonGenerationException, JsonMappingException, IOException {
+		thrown.expect(JsonMappingException.class);
+		thrown.expectMessage("Scopes cannot be null or empty. Got [null]");
+
+		accessToken.getScope().clear();
+		accessToken.getScope().add(null);
+		mapper.writeValueAsString(accessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithEmptyStringScope() throws JsonGenerationException, JsonMappingException,
+			IOException {
+		thrown.expect(JsonMappingException.class);
+		thrown.expectMessage("Scopes cannot be null or empty. Got []");
+
+		accessToken.getScope().clear();
+		accessToken.getScope().add("");
+		mapper.writeValueAsString(accessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithQuoteInScope() throws JsonGenerationException, JsonMappingException, IOException {
+		accessToken.getScope().add("\"");
+		String encodedAccessToken = mapper.writeValueAsString(accessToken);
+		assertEquals(
+				"{\"access_token\":\"token-value\",\"token_type\":\"bearer\",\"refresh_token\":\"refresh-value\",\"expires_in\":10,\"scope\":\"\\\" read write\"}",
+				encodedAccessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithMultiScopes() throws JsonGenerationException, JsonMappingException, IOException {
+		String encodedAccessToken = mapper.writeValueAsString(accessToken);
+		assertEquals(ACCESS_TOKEN_MULTISCOPE, encodedAccessToken);
+	}
+
+	@Test
+	public void writeValueAsStringWithMac() throws Exception {
+		accessToken.setTokenType("mac");
+		String expectedEncodedAccessToken = ACCESS_TOKEN_MULTISCOPE.replace("bearer", accessToken.getTokenType());
+		String encodedAccessToken = mapper.writeValueAsString(accessToken);
+		assertEquals(expectedEncodedAccessToken, encodedAccessToken);
+	}
+}