You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/06/06 16:26:18 UTC
cxf-fediz git commit: Adding token hint test

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 84e7f6edc -> 84adf90ab


Adding token hint test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/84adf90a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/84adf90a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/84adf90a

Branch: refs/heads/master
Commit: 84adf90ab8c7d3e3cb000c01efd22e178dd8b8af
Parents: 84e7f6e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jun 6 17:26:10 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jun 6 17:26:10 2017 +0100

----------------------------------------------------------------------
 .../cxf/fediz/systests/oidc/OIDCTest.java       | 60 ++++++++++++++++++++
 1 file changed, 60 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/84adf90a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index 216e1ec..d7dceb0 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -794,6 +794,66 @@ public class OIDCTest {
         webClient.close();
     }
 
+    @org.junit.Test
+    public void testLogoutViaTokenHint() throws Exception {
+        // 1. Log in
+        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        url += "client_id=" + storedClientId;
+        url += "&response_type=code";
+        url += "&scope=openid";
+        String user = "alice";
+        String password = "ecila";
+
+        // Login to the OIDC token endpoint + get the authorization code
+        WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
+        String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
+        Assert.assertNotNull(authorizationCode);
+        webClient.getCredentialsProvider().clear();
+
+        // Now use the code to get an IdToken
+        WebClient webClient2 = setupWebClient(user, password, getIdpHttpsPort());
+        String tokenUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        WebRequest request = new WebRequest(new URL(tokenUrl), HttpMethod.POST);
+
+        request.setRequestParameters(new ArrayList<NameValuePair>());
+        request.getRequestParameters().add(new NameValuePair("client_id", storedClientId));
+        request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
+        request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
+
+        webClient2.getOptions().setJavaScriptEnabled(false);
+        final UnexpectedPage responsePage = webClient2.getPage(request);
+        String response = responsePage.getWebResponse().getContentAsString();
+
+        // Check the IdToken
+        String idToken = getIdToken(response);
+        Assert.assertNotNull(idToken);
+        validateIdToken(idToken, storedClientId);
+
+        webClient2.close();
+
+        // 2. Log out using the token hint
+        String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/logout?";
+        logoutUrl += "id_token_hint=" + idToken;
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        try {
+            webClient.getPage(logoutUrl);
+        } catch (Exception ex) {
+            Assert.assertTrue(ex.getMessage().contains("Connect to localhost:12345"));
+        }
+
+        // 3. Get another authorization code without username/password. This should fail as we have
+        // logged out
+        try {
+            loginAndGetAuthorizationCode(url, webClient);
+            Assert.fail("Failure expected after logout");
+        } catch (Exception ex) {
+            Assert.assertTrue(ex.getMessage().contains("401"));
+        }
+
+        webClient.close();
+    }
+
     // Test that the form has the correct CSRF token in it when creating a client
     @org.junit.Test
     public void testCSRFClientRegistration() throws Exception {