From c2b9ecc7ad797c3832e79aceff0f2814e1ffefa0 Mon Sep 17 00:00:00 2001 From: Tobias Polley Date: Fri, 17 Jan 2025 15:00:39 +0100 Subject: [PATCH] fix: OAuth2RedirectTest --- .../core/oauth2/OAuth2AuthFlowClient.java | 31 +++++++++++++++---- .../core/oauth2/OAuth2RedirectTest.java | 14 ++++----- 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2AuthFlowClient.java b/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2AuthFlowClient.java index dba3325b1..6e115e772 100644 --- a/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2AuthFlowClient.java +++ b/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2AuthFlowClient.java @@ -13,13 +13,19 @@ limitations under the License. */ package com.predic8.membrane.core.oauth2; -import io.restassured.response.*; -import org.jetbrains.annotations.*; +import com.predic8.membrane.core.resolver.ResolverMap; +import io.restassured.filter.log.LogDetail; +import io.restassured.filter.log.UrlDecoder; +import io.restassured.response.Response; +import org.jetbrains.annotations.NotNull; +import java.nio.charset.StandardCharsets; import java.util.*; +import static com.predic8.membrane.core.resolver.ResolverMap.combine; import static io.restassured.RestAssured.*; -import static io.restassured.filter.log.LogDetail.*; +import static io.restassured.filter.log.UrlDecoder.urlDecode; +import static java.nio.charset.StandardCharsets.UTF_8; import static org.apache.http.HttpHeaders.*; import static org.hamcrest.Matchers.*; import static org.hamcrest.text.MatchesPattern.matchesPattern; @@ -27,7 +33,7 @@ public class OAuth2AuthFlowClient { private static final String CLIENT_BASE_URL = "http://localhost:2000"; - private static final String CLIENT_URL = CLIENT_BASE_URL + "/a?b=c&d= "; + private static final String CLIENT_URL = CLIENT_BASE_URL + "/a?b=c&d=ä"; private static final String AUTH_SERVER_URL = "http://localhost:2002"; Map cookies = new HashMap<>(); @@ -158,13 +164,26 @@ String step8redirectToClient() { } void step9exchangeCodeForToken(String location, String expectedBody) { - given() + String location2 = given() .redirects().follow(false) .cookies(memCookies) .when() .post(location) .then() - .log().ifValidationFails(BODY) + .log().ifValidationFails(LogDetail.ALL) + .statusCode(307) + .extract().response().getHeader(LOCATION); + + // this is what browsers seem to do + location2 = urlDecode(combine(location, location2), UTF_8, true); + + given() + .redirects().follow(false) + .cookies(memCookies) + .when() + .get(location2) + .then() + .log().ifValidationFails(LogDetail.ALL) .statusCode(200) .assertThat().body(is(expectedBody)); } diff --git a/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2RedirectTest.java b/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2RedirectTest.java index ca2d219aa..51cc0cd16 100644 --- a/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2RedirectTest.java +++ b/core/src/test/java/com/predic8/membrane/core/oauth2/OAuth2RedirectTest.java @@ -84,8 +84,8 @@ void testGet() { // Step 9: Exchange Code for Token & continue original request.· OAuth2.step9exchangeCodeForToken( callbackUrl, - "GET / application/x-www-form-urlencoded; charset=ISO-8859-1 / " - // method is 'GET', Content-Type is x-www, body is empty + "GET | null | " + // method is 'GET', Content-Type is not set, body is empty ); assertEquals(firstUrlHit.get(), targetUrlHit.get(), "Check that URL survived encoding."); @@ -114,11 +114,11 @@ void testPost() { // Step 9: Exchange Code for Token & continue original request.· OAuth2.step9exchangeCodeForToken( callbackUrl, - "POST / text/x-json; charset=ISO-8859-1 / [true]" - // method is POST, Content-Type text/x-json, body is '[true]' + "POST | text/x-json; charset=ISO-8859-1 | [true]" + // method is POST, Content-Type is 'text/x-json; charset=ISO-8859-1', body is '[true]' ); - assertTrue(targetUrlHit.get().startsWith(firstUrlHit.get() + "&oa2redirect"), "Check that URL survived encoding."); + assertTrue(targetUrlHit.get().startsWith(firstUrlHit.get()), "Check that URL survived encoding."); assertEquals(firstUrlHit.get(), interceptorChainHit.get(), "Is interceptor chain correctly continued?"); } @@ -156,8 +156,8 @@ public Outcome handleRequest(Exchange exc) { return Outcome.CONTINUE; } }); - nginxRule.getInterceptors().add(createConditionalInterceptorWithReturnMessage("method == 'POST'", "POST / ${exc.request.header.getFirstValue('Content-Type')} / ${exc.request.body}")); - nginxRule.getInterceptors().add(createConditionalInterceptorWithReturnMessage("method == 'GET'", "GET / ${exc.request.header.getFirstValue('Content-Type')} / ${exc.request.body}")); + nginxRule.getInterceptors().add(createConditionalInterceptorWithReturnMessage("method == 'POST'", "POST | ${exc.request.header.getFirstValue('Content-Type')} | ${exc.request.body}")); + nginxRule.getInterceptors().add(createConditionalInterceptorWithReturnMessage("method == 'GET'", "GET | ${exc.request.header.getFirstValue('Content-Type')} | ${exc.request.body}")); nginxRule.getInterceptors().add(new ReturnInterceptor()); return nginxRule; }