|
16 | 16 | import java.security.spec.InvalidKeySpecException; |
17 | 17 | import java.time.temporal.ChronoUnit; |
18 | 18 | import java.util.Date; |
19 | | -import okhttp3.HttpUrl; |
20 | | -import okhttp3.OkHttpClient; |
| 19 | +import okhttp3.*; |
21 | 20 | import okhttp3.mockwebserver.MockResponse; |
22 | 21 | import okhttp3.mockwebserver.MockWebServer; |
23 | 22 | import org.junit.jupiter.api.AfterEach; |
@@ -62,6 +61,9 @@ class KeyFlowAuthenticatorTest { |
62 | 61 | + "h/9afEtu5aUE/m+1vGBoH8z1\n" |
63 | 62 | + "-----END PRIVATE KEY-----\n"; |
64 | 63 |
|
| 64 | + private static final Request mockRequest = |
| 65 | + new Request.Builder().url("https://stackit.com").get().build(); |
| 66 | + |
65 | 67 | private ServiceAccountKey createDummyServiceAccount() { |
66 | 68 | ServiceAccountCredentials credentials = |
67 | 69 | new ServiceAccountCredentials("aud", "iss", "kid", PRIVATE_KEY, "sub"); |
@@ -270,4 +272,92 @@ void createAccessTokenWithRefreshTokenResponse200WithEmptyBodyThrowsException() |
270 | 272 | assertThrows( |
271 | 273 | JsonSyntaxException.class, keyFlowAuthenticator::createAccessTokenWithRefreshToken); |
272 | 274 | } |
| 275 | + |
| 276 | + @Test |
| 277 | + @DisplayName("authenticator sets Authorization header") |
| 278 | + void authenticatorSetsAuthorizationHeaderIfNotAuthenticated() |
| 279 | + throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { |
| 280 | + // Setup mockServer |
| 281 | + final String authorizationHeader = "Authorization"; |
| 282 | + KeyFlowAuthenticator.KeyFlowTokenResponse mockResponse = mockResponseBody(false); |
| 283 | + // mock response for KeyFlow authentication with mocked access token |
| 284 | + MockResponse mockedResponse = |
| 285 | + new MockResponse() |
| 286 | + .setResponseCode(200) |
| 287 | + .setBody(new Gson().toJson(mockResponse)) |
| 288 | + .addHeader("Content-type", "application/json"); |
| 289 | + mockWebServer.enqueue(mockedResponse); |
| 290 | + HttpUrl url = mockWebServer.url(MOCK_WEBSERVER_PATH); |
| 291 | + |
| 292 | + // Set unauthorized request |
| 293 | + Response unauthorizedRequest = |
| 294 | + new Response.Builder() |
| 295 | + .request(mockRequest) |
| 296 | + .code(401) |
| 297 | + .message("Unauthorized") |
| 298 | + .protocol(Protocol.HTTP_2) |
| 299 | + .build(); |
| 300 | + |
| 301 | + // Config |
| 302 | + CoreConfiguration cfg = |
| 303 | + new CoreConfiguration().tokenCustomUrl(url.toString()); // Use mockWebServer |
| 304 | + |
| 305 | + // Check if "Authorization" header is unset |
| 306 | + assertNull(unauthorizedRequest.request().header(authorizationHeader)); |
| 307 | + |
| 308 | + // Prepare keyFlowAuthenticator |
| 309 | + KeyFlowAuthenticator keyFlowAuthenticator = |
| 310 | + new KeyFlowAuthenticator(httpClient, cfg, createDummyServiceAccount()); |
| 311 | + // authenticator creates new access token and sets it the Authorization header |
| 312 | + Request newRequest = keyFlowAuthenticator.authenticate(null, unauthorizedRequest); |
| 313 | + |
| 314 | + // Check if new request is not null |
| 315 | + assertNotNull(newRequest); |
| 316 | + // Check if the "Authorization" Header is set |
| 317 | + assertNotNull(newRequest.header(authorizationHeader)); |
| 318 | + } |
| 319 | + |
| 320 | + @Test |
| 321 | + @DisplayName("Authenticator returns null when already authenticated") |
| 322 | + void authenticatorReturnsNullWhenAlreadyAuthenticated() |
| 323 | + throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { |
| 324 | + // Setup mockServer |
| 325 | + final String authorizationHeader = "Authorization"; |
| 326 | + KeyFlowAuthenticator.KeyFlowTokenResponse mockResponse = mockResponseBody(false); |
| 327 | + // mock response for KeyFlow authentication with mocked access token |
| 328 | + MockResponse mockedResponse = |
| 329 | + new MockResponse() |
| 330 | + .setResponseCode(200) |
| 331 | + .setBody(new Gson().toJson(mockResponse)) |
| 332 | + .addHeader("Content-type", "application/json"); |
| 333 | + mockWebServer.enqueue(mockedResponse); |
| 334 | + HttpUrl url = mockWebServer.url(MOCK_WEBSERVER_PATH); |
| 335 | + |
| 336 | + // Set unauthorized request |
| 337 | + Response unauthorizedRequest = |
| 338 | + new Response.Builder() |
| 339 | + .request( |
| 340 | + mockRequest |
| 341 | + .newBuilder() |
| 342 | + .addHeader(authorizationHeader, "<my-access-token>") |
| 343 | + .build()) |
| 344 | + .code(401) |
| 345 | + .message("Unauthorized") |
| 346 | + .protocol(Protocol.HTTP_2) |
| 347 | + .build(); // Unauthorized request |
| 348 | + |
| 349 | + // Config |
| 350 | + CoreConfiguration cfg = |
| 351 | + new CoreConfiguration().tokenCustomUrl(url.toString()); // Use mockWebServer |
| 352 | + |
| 353 | + // Check if "Authorization" header is set |
| 354 | + assertNotNull(unauthorizedRequest.request().header(authorizationHeader)); |
| 355 | + |
| 356 | + // Prepare keyFlowAuthenticator |
| 357 | + KeyFlowAuthenticator keyFlowAuthenticator = |
| 358 | + new KeyFlowAuthenticator(httpClient, cfg, createDummyServiceAccount()); |
| 359 | + |
| 360 | + // Authenticator returns no new request, because "Authorization" header was already set |
| 361 | + assertNull(keyFlowAuthenticator.authenticate(null, unauthorizedRequest)); |
| 362 | + } |
273 | 363 | } |
0 commit comments