1 /* 2 * Copyright 2015, Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * * Neither the name of Google Inc. nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 package com.google.auth.http; 33 34 import static org.hamcrest.CoreMatchers.instanceOf; 35 import static org.junit.Assert.assertEquals; 36 import static org.junit.Assert.assertThat; 37 38 import com.google.api.client.http.GenericUrl; 39 import com.google.api.client.http.HttpHeaders; 40 import com.google.api.client.http.HttpRequest; 41 import com.google.api.client.http.HttpRequestFactory; 42 import com.google.api.client.http.HttpResponse; 43 import com.google.api.client.http.HttpTransport; 44 import com.google.auth.Credentials; 45 import com.google.auth.oauth2.MockTokenCheckingTransport; 46 import com.google.auth.oauth2.MockTokenServerTransportFactory; 47 import com.google.auth.oauth2.OAuth2Credentials; 48 import com.google.auth.oauth2.UserCredentials; 49 import java.io.IOException; 50 import org.junit.Test; 51 import org.junit.runner.RunWith; 52 import org.junit.runners.JUnit4; 53 54 /** Test case for {@link HttpCredentialsAdapter}. */ 55 @RunWith(JUnit4.class) 56 public class HttpCredentialsAdapterTest { 57 58 private static final String CLIENT_SECRET = "jakuaL9YyieakhECKL2SwZcu"; 59 private static final String CLIENT_ID = "ya29.1.AADtN_UtlxN3PuGAxrN2XQnZTVRvDyVWnYq4I6dws"; 60 private static final String REFRESH_TOKEN = "1/Tl6awhpFjkMkSJoj1xsli0H2eL5YsMgU_NKPY2TyGWY"; 61 62 @Test initialize_populatesOAuth2Credentials()63 public void initialize_populatesOAuth2Credentials() throws IOException { 64 final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; 65 final String expectedAuthorization = InternalAuthHttpConstants.BEARER_PREFIX + accessToken; 66 MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); 67 transportFactory.transport.addClient(CLIENT_ID, CLIENT_SECRET); 68 transportFactory.transport.addRefreshToken(REFRESH_TOKEN, accessToken); 69 70 OAuth2Credentials credentials = 71 UserCredentials.newBuilder() 72 .setClientId(CLIENT_ID) 73 .setClientSecret(CLIENT_SECRET) 74 .setRefreshToken(REFRESH_TOKEN) 75 .setHttpTransportFactory(transportFactory) 76 .build(); 77 78 HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(credentials); 79 HttpRequestFactory requestFactory = transportFactory.transport.createRequestFactory(); 80 HttpRequest request = requestFactory.buildGetRequest(new GenericUrl("http://foo")); 81 82 adapter.initialize(request); 83 84 HttpHeaders requestHeaders = request.getHeaders(); 85 String authorizationHeader = requestHeaders.getAuthorization(); 86 assertEquals(authorizationHeader, expectedAuthorization); 87 } 88 89 @Test initialize_populatesOAuth2Credentials_handle401()90 public void initialize_populatesOAuth2Credentials_handle401() throws IOException { 91 final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; 92 final String accessToken2 = "2/MkSJoj1xsli0AccessToken_NKPY2"; 93 94 MockTokenServerTransportFactory tokenServerTransportFactory = 95 new MockTokenServerTransportFactory(); 96 tokenServerTransportFactory.transport.addClient(CLIENT_ID, CLIENT_SECRET); 97 tokenServerTransportFactory.transport.addRefreshToken(REFRESH_TOKEN, accessToken); 98 99 OAuth2Credentials credentials = 100 UserCredentials.newBuilder() 101 .setClientId(CLIENT_ID) 102 .setClientSecret(CLIENT_SECRET) 103 .setRefreshToken(REFRESH_TOKEN) 104 .setHttpTransportFactory(tokenServerTransportFactory) 105 .build(); 106 107 credentials.refresh(); 108 HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(credentials); 109 110 HttpTransport primaryHttpTransport = 111 new MockTokenCheckingTransport(tokenServerTransportFactory.transport, REFRESH_TOKEN); 112 HttpRequestFactory requestFactory = primaryHttpTransport.createRequestFactory(); 113 HttpRequest request = requestFactory.buildGetRequest(new GenericUrl("http://foo")); 114 adapter.initialize(request); 115 116 // now switch out the access token so that the original one is invalid, 117 // requiring a refresh of the access token 118 tokenServerTransportFactory.transport.addRefreshToken(REFRESH_TOKEN, accessToken2); 119 120 HttpResponse response = request.execute(); 121 122 // make sure that the request is successful despite the invalid access token 123 assertEquals(200, response.getStatusCode()); 124 assertEquals(MockTokenCheckingTransport.SUCCESS_CONTENT, response.parseAsString()); 125 } 126 127 @Test initialize_noURI()128 public void initialize_noURI() throws IOException { 129 final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; 130 final String expectedAuthorization = InternalAuthHttpConstants.BEARER_PREFIX + accessToken; 131 MockTokenServerTransportFactory tokenServerTransportFactory = 132 new MockTokenServerTransportFactory(); 133 tokenServerTransportFactory.transport.addClient(CLIENT_ID, CLIENT_SECRET); 134 tokenServerTransportFactory.transport.addRefreshToken(REFRESH_TOKEN, accessToken); 135 136 OAuth2Credentials credentials = 137 UserCredentials.newBuilder() 138 .setClientId(CLIENT_ID) 139 .setClientSecret(CLIENT_SECRET) 140 .setRefreshToken(REFRESH_TOKEN) 141 .setHttpTransportFactory(tokenServerTransportFactory) 142 .build(); 143 144 HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(credentials); 145 HttpRequestFactory requestFactory = 146 tokenServerTransportFactory.transport.createRequestFactory(); 147 HttpRequest request = requestFactory.buildGetRequest(null); 148 149 adapter.initialize(request); 150 151 HttpHeaders requestHeaders = request.getHeaders(); 152 String authorizationHeader = requestHeaders.getAuthorization(); 153 assertEquals(authorizationHeader, expectedAuthorization); 154 } 155 156 @Test getCredentials()157 public void getCredentials() { 158 final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; 159 MockTokenServerTransportFactory tokenServerTransportFactory = 160 new MockTokenServerTransportFactory(); 161 tokenServerTransportFactory.transport.addClient(CLIENT_ID, CLIENT_SECRET); 162 tokenServerTransportFactory.transport.addRefreshToken(REFRESH_TOKEN, accessToken); 163 164 OAuth2Credentials credentials = 165 UserCredentials.newBuilder() 166 .setClientId(CLIENT_ID) 167 .setClientSecret(CLIENT_SECRET) 168 .setRefreshToken(REFRESH_TOKEN) 169 .setHttpTransportFactory(tokenServerTransportFactory) 170 .build(); 171 172 HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(credentials); 173 Credentials returnedCredentials = adapter.getCredentials(); 174 assertThat(returnedCredentials, instanceOf(Credentials.class)); 175 } 176 } 177