Add custom scope test

indigo-iam · Sep 14, 2023 · 511aff2 · 511aff2
1 parent e613b41
commit 511aff2
Showing 1 changed file with 42 additions and 5 deletions.
diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyPdpTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyPdpTests.java
@@ -17,6 +17,8 @@
 
 
 import static it.infn.mw.iam.persistence.model.IamScopePolicy.MatchingPolicy.PATH;
+import static org.hamcrest.CoreMatchers.allOf;
+import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasItems;
@@ -35,6 +37,7 @@
 import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
@@ -52,6 +55,7 @@
 
 
 @RunWith(SpringRunner.class)
+@ActiveProfiles({"h2-test", "h2", "saml", "registration", "wlcg-scopes"})
 @IamMockMvcIntegrationTest
 public class ScopePolicyPdpTests extends ScopePolicyTestUtils {
 
@@ -315,12 +319,12 @@ public void testPathForCustomScope() {
 
     policyScopeRepo.save(up);
 
-    Set<String> filteredScopes = pdp.filterScopes(
-        Sets.newHashSet("openid", "profile", "storage.write:/", "storage.write:/path"),
-        testAccount);
+    Set<String> filteredScopes = pdp.filterScopes(Sets.newHashSet("openid", "profile",
+        "storage.write:/", "storage.write:/path", "storage.write:/path/sub"), testAccount);
 
-    assertThat(filteredScopes, hasSize(3));
-    assertThat(filteredScopes, hasItems("openid", "profile", "storage.write:/path"));
+    assertThat(filteredScopes, hasSize(4));
+    assertThat(filteredScopes,
+        hasItems("openid", "profile", "storage.write:/path", "storage.write:/path/sub"));
   }
 
   @Test
@@ -347,4 +351,37 @@ public void testMisspelledScopeInScopePolicy() throws Exception {
 
   }
 
+  @Test
+  public void testFakeWLCGScopeAsCustomScopeNotIncluded() throws Exception {
+
+    mvc
+      .perform(post("/token").with(httpBasic("password-grant", "secret"))
+        .param("grant_type", "password")
+        .param("username", "test")
+        .param("password", "password")
+        .param("scope", "openid storage.create:/"))
+      .andExpect(status().isOk())
+      .andExpect(jsonPath("$.access_token").exists())
+      .andExpect(
+          jsonPath("$.scope", allOf(containsString("openid"), containsString("storage.create:/"))));
+
+    IamScopePolicy up = initDenyScopePolicy();
+    up.getScopes().add("storage.create:/");
+    up.setMatchingPolicy(PATH);
+    up.linkAccount(findTestAccount());
+    up = policyScopeRepo.save(up);
+
+    mvc
+      .perform(post("/token").with(httpBasic("password-grant", "secret"))
+        .param("grant_type", "password")
+        .param("username", "test")
+        .param("password", "password")
+        .param("scope", "openid storage.create:/"))
+      .andExpect(status().isOk())
+      .andExpect(jsonPath("$.access_token").exists())
+      .andExpect(jsonPath("$.scope", allOf(containsString("openid"))));
+
+    policyScopeRepo.delete(up);
+  }
+
 }