Skip to content

Commit

Permalink
test extension (WIP)
Browse files Browse the repository at this point in the history
  • Loading branch information
@christiangoerdes
christiangoerdes committed Oct 17, 2024
1 parent 7e27c12 commit cbd9013
Showing 1 changed file with 79 additions and 41 deletions.
120 changes: 79 additions & 41 deletions core/src/test/java/com/predic8/membrane/core/OAuth2RedirectTest.java
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
package com.predic8.membrane.core;

import com.predic8.membrane.core.exchangestore.ForgetfulExchangeStore;
import com.predic8.membrane.core.interceptor.authentication.session.StaticUserDataProvider;
import com.predic8.membrane.core.interceptor.flow.ConditionalInterceptor;
import com.predic8.membrane.core.interceptor.groovy.GroovyInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.ClaimList;
import com.predic8.membrane.core.interceptor.oauth2.Client;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.StaticClientList;
import com.predic8.membrane.core.interceptor.oauth2.tokengenerators.BearerTokenGenerator;
import com.predic8.membrane.core.interceptor.oauth2.authorizationservice.MembraneAuthorizationService;
import com.predic8.membrane.core.interceptor.oauth2.client.b2c.MockAuthorizationServer;
import com.predic8.membrane.core.interceptor.oauth2client.OAuth2Resource2Interceptor;
import com.predic8.membrane.core.interceptor.oauth2client.SessionOriginalExchangeStore;
import com.predic8.membrane.core.interceptor.session.InMemorySessionManager;
import com.predic8.membrane.core.rules.Rule;
import com.predic8.membrane.core.rules.ServiceProxy;
import com.predic8.membrane.core.rules.ServiceProxyKey;
Expand All @@ -18,7 +16,6 @@
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

import java.util.ArrayList;
import java.util.List;

import static com.predic8.membrane.core.interceptor.flow.ConditionalInterceptor.LanguageType.SPEL;
Expand All @@ -34,39 +31,103 @@ public class OAuth2RedirectTest {
static void setup() throws Exception {

Rule membraneRule = new ServiceProxy(new ServiceProxyKey("localhost", "POST", ".*", 2000), null, 0);
//TODO configure
membraneRule.getInterceptors().add(new OAuth2Resource2Interceptor());
membraneRule.getInterceptors().add(new OAuth2Resource2Interceptor() {{
setSessionManager(new InMemorySessionManager());
setAuthService(new MembraneAuthorizationService() {{
setSrc("http://localhost:2002");
setClientSecret("def");
setClientId("abc");
setScope("openid profile offline_access");
setSubject("sub");
}});
setOriginalExchangeStore(new SessionOriginalExchangeStore());
}});

Rule azureRule = new ServiceProxy(new ServiceProxyKey("localhost", "POST", ".*", 2002), null, 0);
azureRule.getInterceptors().add(createOAuth2AuthorizationServerInterceptor());
azureRule.getInterceptors().add(new ConditionalInterceptor() {{
setTest("path matches '/.well-known/openid-configuration'");
setLanguage(SPEL);
setInterceptors(List.of(
new GroovyInterceptor() {{
setSrc("""
import groovy.json.JsonOutput
def config = [
issuer: 'http://localhost:2002',
authorization_endpoint: 'http://localhost:2002/authorize',
token_endpoint: 'http://localhost:2002/token',
userinfo_endpoint: 'http://localhost:2002/userinfo',
jwks_uri: 'http://localhost:2002/jwks',
scopes_supported: ['openid', 'profile', 'offline_access'],
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
token_endpoint_auth_methods_supported: ['client_secret_post']
]
exc.response.contentType = 'application/json'
exc.response.statusCode = 200
exc.response.body = JsonOutput.toJson(config).bytes"""
);
}}
));
}});

azureRule.getInterceptors().add(new ConditionalInterceptor() {{
setTest("path == '/token'"); // Mocking the token endpoint
setLanguage(SPEL);
setInterceptors(List.of(
new GroovyInterceptor() {{
setSrc("""
import groovy.json.JsonOutput;
def tokenResponse = [
access_token: 'mock-access-token',
token_type: 'Bearer',
expires_in: 3600,
refresh_token: 'mock-refresh-token',
scope: 'openid profile offline_access'
];
exc.response.contentType = 'application/json';
exc.response.statusCode = 200;
exc.response.body = JsonOutput.toJson(tokenResponse).bytes;
""");
}}
));
}});


Rule nginxRule = new ServiceProxy(new ServiceProxyKey("localhost", "POST", ".*", 2003), null, 0);
nginxRule.getInterceptors().add(createConditionalIntercpetorWithGroovy("method == 'POST'", "exc.getResponse().setStatusCode(400)"));
nginxRule.getInterceptors().add(createConditionalIntercpetorWithGroovy("method == 'GET'", "exc.getResponse().setStatusCode(200)"));


membraneRouter = new Router();
membraneRouter.setExchangeStore(new ForgetfulExchangeStore());
membraneRouter.setTransport(new HttpTransport());
membraneRouter.getRuleManager().addProxyAndOpenPortIfNew(membraneRule);
membraneRouter.init();
membraneRouter.start();

azureRouter = new Router();
azureRouter.setExchangeStore(new ForgetfulExchangeStore());
azureRouter.setTransport(new HttpTransport());
azureRouter.getRuleManager().addProxyAndOpenPortIfNew(azureRule);
azureRouter.init();
azureRouter.start();

nginxRouter = new Router();
nginxRouter.setExchangeStore(new ForgetfulExchangeStore());
nginxRouter.setTransport(new HttpTransport());
nginxRouter.getRuleManager().addProxyAndOpenPortIfNew(nginxRule);
nginxRouter.init();
nginxRouter.start();
}

@Test
void testGet() {
given()
.auth().oauth2("mock-access-token")
.when()
.get("http://localhost:2000")
.then()
Expand All @@ -76,10 +137,11 @@ void testGet() {
@Test
void testPost() {
given()
.auth().oauth2("mock-access-token")
.when()
.post("http://localhost:2000")
.then()
.statusCode(200);
.statusCode(400);
}

private static ConditionalInterceptor createConditionalIntercpetorWithGroovy(String test, String groovy) {
Expand All @@ -91,36 +153,12 @@ private static ConditionalInterceptor createConditionalIntercpetorWithGroovy(Str
}}));
}};
}

//TODO configure
private static OAuth2AuthorizationServerInterceptor createOAuth2AuthorizationServerInterceptor() {
return new OAuth2AuthorizationServerInterceptor() {{
setUserDataProvider(new StaticUserDataProvider() {{
User u = new User("john", "password");
u.getAttributes().put("aud", "demo1");
setUsers(List.of(u));
}});
setClientList(new StaticClientList() {{
setClients(List.of(new Client("abc", "def", "http://localhost:3000/oauth2callback", "authorization_code,password,client_credentials,refresh_token,implicit")));
}});
setTokenGenerator(new BearerTokenGenerator());
setClaimList(new ClaimList() {{
setValue("username");
setScopes(new ArrayList<>() {{
add(new Scope() {{
setId("username");
setClaims("username");
}});
}});
}});
}};
}

MockAuthorizationServer
@AfterAll
public static void tearDown() throws Exception {
membraneRouter.shutdown();
azureRouter.shutdown();
nginxRouter.shutdown();
public static void tearDown() {
membraneRouter.stop();
azureRouter.stop();
nginxRouter.stop();
}

}

0 comments on commit cbd9013

Please sign in to comment.