diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyPdpTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyPdpTests.java index 7054fa27c..cc70bb036 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyPdpTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyPdpTests.java @@ -17,6 +17,8 @@ import static it.infn.mw.iam.persistence.model.IamScopePolicy.MatchingPolicy.PATH; +import static org.hamcrest.CoreMatchers.allOf; +import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItems; @@ -35,6 +37,7 @@ import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.service.SystemScopeService; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; @@ -52,6 +55,7 @@ @RunWith(SpringRunner.class) +@ActiveProfiles({"h2-test", "h2", "saml", "registration", "wlcg-scopes"}) @IamMockMvcIntegrationTest public class ScopePolicyPdpTests extends ScopePolicyTestUtils { @@ -315,12 +319,12 @@ public void testPathForCustomScope() { policyScopeRepo.save(up); - Set filteredScopes = pdp.filterScopes( - Sets.newHashSet("openid", "profile", "storage.write:/", "storage.write:/path"), - testAccount); + Set filteredScopes = pdp.filterScopes(Sets.newHashSet("openid", "profile", + "storage.write:/", "storage.write:/path", "storage.write:/path/sub"), testAccount); - assertThat(filteredScopes, hasSize(3)); - assertThat(filteredScopes, hasItems("openid", "profile", "storage.write:/path")); + assertThat(filteredScopes, hasSize(4)); + assertThat(filteredScopes, + hasItems("openid", "profile", "storage.write:/path", "storage.write:/path/sub")); } @Test @@ -347,4 +351,37 @@ public void testMisspelledScopeInScopePolicy() throws Exception { } + @Test + public void testFakeWLCGScopeAsCustomScopeNotIncluded() throws Exception { + + mvc + .perform(post("/token").with(httpBasic("password-grant", "secret")) + .param("grant_type", "password") + .param("username", "test") + .param("password", "password") + .param("scope", "openid storage.create:/")) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.access_token").exists()) + .andExpect( + jsonPath("$.scope", allOf(containsString("openid"), containsString("storage.create:/")))); + + IamScopePolicy up = initDenyScopePolicy(); + up.getScopes().add("storage.create:/"); + up.setMatchingPolicy(PATH); + up.linkAccount(findTestAccount()); + up = policyScopeRepo.save(up); + + mvc + .perform(post("/token").with(httpBasic("password-grant", "secret")) + .param("grant_type", "password") + .param("username", "test") + .param("password", "password") + .param("scope", "openid storage.create:/")) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.access_token").exists()) + .andExpect(jsonPath("$.scope", allOf(containsString("openid")))); + + policyScopeRepo.delete(up); + } + }