cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Adding logout tests
Date Wed, 12 Apr 2017 16:42:37 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 06c608431 -> 87fd3dfce


Adding logout tests


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/87fd3dfc
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/87fd3dfc
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/87fd3dfc

Branch: refs/heads/master
Commit: 87fd3dfce81250b05c4a68703ce2cf9b744e8651
Parents: 06c6084
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Apr 12 17:42:24 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 12 17:42:24 2017 +0100

----------------------------------------------------------------------
 .../cxf/fediz/systests/oidc/OIDCTest.java       | 106 ++++++++++++++++---
 .../oidc/src/test/resources/fediz_config.xml    |   2 +
 .../test/resources/oidc/applicationContext.xml  |  11 ++
 .../test/resources/realma/entities-realma.xml   |   3 +-
 4 files changed, 108 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/87fd3dfc/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index 2e20ce5..92f09d6 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -230,7 +230,7 @@ public class OIDCTest {
         // Now try to register a new client
         HtmlPage registeredClientPage =
             registerNewClient(webClient, url, "new-client", "https://127.0.0.1",
-                              "https://cxf.apache.org");
+                              "https://cxf.apache.org", "https://localhost:12345");
         String registeredClientPageBody = registeredClientPage.getBody().getTextContent();
         Assert.assertTrue(registeredClientPageBody.contains("Registered Clients"));
         Assert.assertTrue(registeredClientPageBody.contains("new-client"));
@@ -243,7 +243,7 @@ public class OIDCTest {
         // Try to register another new client
         registeredClientPage =
             registerNewClient(webClient, url, "new-client2", "https://127.0.1.1",
-                              "https://ws.apache.org");
+                              "https://ws.apache.org", "https://localhost:12345");
         registeredClientPageBody = registeredClientPage.getBody().getTextContent();
         Assert.assertTrue(registeredClientPageBody.contains("Registered Clients"));
         Assert.assertTrue(registeredClientPageBody.contains("new-client"));
@@ -263,7 +263,8 @@ public class OIDCTest {
 
     private static HtmlPage registerNewClient(WebClient webClient, String url,
                                             String clientName, String redirectURI,
-                                            String clientAudience) throws Exception {
+                                            String clientAudience,
+                                            String logoutURI) throws Exception {
         HtmlPage registerPage = webClient.getPage(url + "/register");
 
         final HtmlForm form = registerPage.getForms().get(0);
@@ -277,6 +278,8 @@ public class OIDCTest {
         redirectURIInput.setValueAttribute(redirectURI);
         final HtmlTextInput clientAudienceURIInput = form.getInputByName("client_audience");
         clientAudienceURIInput.setValueAttribute(clientAudience);
+        final HtmlTextInput clientLogoutURI = form.getInputByName("client_logoutURI");
+        clientLogoutURI.setValueAttribute(logoutURI);
 
         final HtmlButton button = form.getButtonByName("submit_button");
         return button.click();
@@ -551,7 +554,7 @@ public class OIDCTest {
         // Now try to register a new client
         try {
             HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1//",
-                              "https://cxf.apache.org");
+                              "https://cxf.apache.org", "https://localhost:12345");
             Assert.assertTrue(errorPage.asText().contains("Invalid Client Registration"));
         } catch (Exception ex) {
             // expected
@@ -575,7 +578,7 @@ public class OIDCTest {
         // Now try to register a new client
         try {
             HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1#fragment",
-                              "https://cxf.apache.org");
+                              "https://cxf.apache.org", "https://localhost:12345");
             Assert.assertTrue(errorPage.asText().contains("Invalid Client Registration"));
         } catch (Exception ex) {
             // expected
@@ -599,7 +602,31 @@ public class OIDCTest {
         // Now try to register a new client
         try {
             HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1/",
-                              "https://cxf.apache.org//");
+                              "https://cxf.apache.org//", "https://localhost:12345");
+            Assert.assertTrue(errorPage.asText().contains("Invalid Client Registration"));
+        } catch (Exception ex) {
+            // expected
+        }
+
+        webClient.close();
+    }
+
+    @org.junit.Test
+    public void testCreateClientWithInvalidLogoutURI() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String user = "alice";
+        String password = "ecila";
+
+        // Login to the client page successfully
+        WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
+        HtmlPage loginPage = login(url, webClient);
+        final String bodyTextContent = loginPage.getBody().getTextContent();
+        Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
+
+        // Now try to register a new client
+        try {
+            HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1/",
+                              "https://cxf.apache.org/", "https://localhost:12345//");
             Assert.assertTrue(errorPage.asText().contains("Invalid Client Registration"));
         } catch (Exception ex) {
             // expected
@@ -623,7 +650,7 @@ public class OIDCTest {
         // Now try to register a new client
         try {
             HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1",
-                              "https://cxf.apache.org#fragment");
+                              "https://cxf.apache.org#fragment", "https://localhost:12345");
             Assert.assertTrue(errorPage.asText().contains("Invalid Client Registration"));
         } catch (Exception ex) {
             // expected
@@ -652,7 +679,7 @@ public class OIDCTest {
 
         webClient.close();
     }
-    
+
     @org.junit.Test
     public void testCreateClientWithSupportedTLD() throws Exception {
         String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
@@ -667,24 +694,24 @@ public class OIDCTest {
 
         // Register a client with a supported TLD
         HtmlPage registeredClientPage = registerNewClient(webClient, url, "tld1", "https://www.apache.corp",
-            "https://cxf.apache.org");
+            "https://cxf.apache.org", "https://localhost:12345");
         String registeredClientPageBody = registeredClientPage.getBody().getTextContent();
         Assert.assertTrue(registeredClientPageBody.contains("Registered Clients"));
         Assert.assertTrue(registeredClientPageBody.contains("tld1"));
         Assert.assertTrue(registeredClientPageBody.contains("https://www.apache.corp"));
-        
+
         HtmlTable table = registeredClientPage.getHtmlElementById("registered_clients");
         String clientId = table.getCellAt(3, 1).asText().trim();
-        
+
         // Register a client with an unsupported TLD
         try {
             HtmlPage errorPage = registerNewClient(webClient, url, "tld2", "https://www.apache.corp2",
-                                                   "https://cxf.apache.org");
+                                                   "https://cxf.apache.org", "https://localhost:12345");
             Assert.assertTrue(errorPage.asText().contains("Invalid Client Registration"));
         } catch (Exception ex) {
             // expected
         }
-        
+
         // Delete the first client above
         deleteClient(webClient, url, clientId);
 
@@ -692,6 +719,59 @@ public class OIDCTest {
         webClient.close();
     }
 
+    @org.junit.Test
+    public void testLogout() throws Exception {
+        // 1. Log in
+        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        url += "client_id=" + storedClientId;
+        url += "&response_type=code";
+        url += "&scope=openid";
+        String user = "alice";
+        String password = "ecila";
+
+        // Login to the OIDC token endpoint + get the authorization code
+        WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
+        String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
+        Assert.assertNotNull(authorizationCode);
+
+        // 2. Get another authorization code without username/password. This should work
as we are
+        // logged on
+        webClient.getCredentialsProvider().clear();
+        CodeWebConnectionWrapper wrapper = new CodeWebConnectionWrapper(webClient);
+
+        try {
+            webClient.getPage(url);
+        } catch (Throwable t) {
+            // expected
+        }
+
+        wrapper.close();
+        authorizationCode = wrapper.getCode();
+        Assert.assertNotNull(authorizationCode);
+
+        // 3. Log out
+        String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/logout?";
+        logoutUrl += "client_id=" + storedClientId;
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        try {
+            webClient.getPage(logoutUrl);
+        } catch (Exception ex) {
+            Assert.assertTrue(ex.getMessage().contains("Connect to localhost:12345"));
+        }
+
+        // 4. Get another authorization code without username/password. This should fail
as we have
+        // logged out
+        try {
+            loginAndGetAuthorizationCode(url, webClient);
+            Assert.fail("Failure expected after logout");
+        } catch (Exception ex) {
+            Assert.assertTrue(ex.getMessage().contains("401"));
+        }
+
+        webClient.close();
+    }
+
     private static WebClient setupWebClient(String user, String password, String idpPort)
{
         final WebClient webClient = new WebClient();
         webClient.getOptions().setUseInsecureSSL(true);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/87fd3dfc/systests/oidc/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/resources/fediz_config.xml b/systests/oidc/src/test/resources/fediz_config.xml
index ffd9729..55c4def 100644
--- a/systests/oidc/src/test/resources/fediz_config.xml
+++ b/systests/oidc/src/test/resources/fediz_config.xml
@@ -51,6 +51,8 @@
 				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
 			</claimTypesRequested>
 		</protocol>
+		<logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectToConstraint type="Class">org.apache.cxf.fediz.service.oidc.logout.LogoutRedirectConstraintHandler</logoutRedirectToConstraint>
 	</contextConfig>
 </FedizConfig>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/87fd3dfc/systests/oidc/src/test/resources/oidc/applicationContext.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/resources/oidc/applicationContext.xml b/systests/oidc/src/test/resources/oidc/applicationContext.xml
index 232e0f1..b764704 100644
--- a/systests/oidc/src/test/resources/oidc/applicationContext.xml
+++ b/systests/oidc/src/test/resources/oidc/applicationContext.xml
@@ -76,10 +76,21 @@
          <property name="services" ref="oidcServices"/>
     </bean>
     
+    <bean id="tokenCleanupHandler" class="org.apache.cxf.fediz.service.oidc.logout.TokenCleanupHandler">
+         <property name="dataProvider" ref="oauthProvider"/>
+    </bean>
+    
+    <bean id="logoutService" class="org.apache.cxf.fediz.service.oidc.logout.LogoutService">
+         <property name="dataProvider" ref="oauthProvider"/>
+         <property name="relativeIdpLogoutUri" value="../../secure/logout"/>
+         <property name="logoutHandlers" ref="tokenCleanupHandler"/>
+    </bean>
+    
     <!-- Service supporting all OIDC Core flows -->
     <jaxrs:server address="/idp">
         <jaxrs:serviceBeans>
            <ref bean="authorizationService"/>
+           <ref bean="logoutService"/>
         </jaxrs:serviceBeans>
         <jaxrs:providers>
             <ref bean="viewProvider"/>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/87fd3dfc/systests/oidc/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/resources/realma/entities-realma.xml b/systests/oidc/src/test/resources/realma/entities-realma.xml
index 0af49c2..d366ba0 100644
--- a/systests/oidc/src/test/resources/realma/entities-realma.xml
+++ b/systests/oidc/src/test/resources/realma/entities-realma.xml
@@ -35,7 +35,8 @@
         <property name="certificatePassword" value="realma" />
         <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA"
/>
         <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation"
/>
-        <property name="rpSingleSignOutConfirmation" value="true"/>
+        <property name="rpSingleSignOutConfirmation" value="false"/>
+        <property name="automaticRedirectToRpAfterLogout" value="true"/>
         <property name="supportedProtocols">
             <util:list>
                 <value>http://docs.oasis-open.org/wsfed/federation/200706


Mime
View raw message