Replace integration test with unit test

Avery-Dunn · Avery-Dunn · commit f042744c91b3 · 2024-12-10T15:15:21.000-08:00
diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java
@@ -123,49 +123,6 @@ void acquireTokenWithOBO_testCache(String environment) throws Exception {
         assertNotEquals(result6.accessToken(), result2.accessToken());
     }
 
-    @Test
-    void acquireTokenWithOBO_TenantOverride() throws Exception {
-        cfg = new Config(AzureEnvironment.AZURE);
-        String accessToken = this.getAccessToken();
-
-        final String clientId = cfg.appProvider.getOboAppId();
-        final String password = cfg.appProvider.getOboAppPassword();
-
-        ConfidentialClientApplication cca =
-                ConfidentialClientApplication.builder(clientId, ClientCredentialFactory.createFromSecret(password)).
-                        authority(cfg.tenantSpecificAuthority()).
-                        build();
-
-        //This token should be cached with the tenant-specific authority set at the application level
-        IAuthenticationResult resultNoOverride = cca.acquireToken(OnBehalfOfParameters.builder(
-                                Collections.singleton(cfg.graphDefaultScope()),
-                                new UserAssertion(accessToken)).build()).
-                        get();
-
-        //This token should be cached with an 'organizations' authority set at the request level
-        IAuthenticationResult resultOrganizations = cca.acquireToken(OnBehalfOfParameters.builder(
-                                Collections.singleton(cfg.graphDefaultScope()),
-                                new UserAssertion(accessToken))
-                                .tenant("organizations")
-                                .build()).
-                        get();
-
-        //This token should come from the cache and match the token with the 'organizations' authority
-        IAuthenticationResult resultOrganizationsCached = cca.acquireToken(OnBehalfOfParameters.builder(
-                                Collections.singleton(cfg.graphDefaultScope()),
-                                new UserAssertion(accessToken))
-                                .tenant("organizations")
-                                .build()).
-                        get();
-
-        assertResultNotNull(resultNoOverride);
-        assertResultNotNull(resultOrganizations);
-        assertResultNotNull(resultOrganizationsCached);
-
-        assertNotEquals(resultNoOverride.accessToken(), resultOrganizations.accessToken());
-        assertEquals(resultOrganizations.accessToken(), resultOrganizationsCached.accessToken());
-    }
-
     private void assertResultNotNull(IAuthenticationResult result) {
         assertNotNull(result);
         assertNotNull(result.accessToken());
diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OnBehalfOfTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OnBehalfOfTests.java
@@ -0,0 +1,90 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.junit.jupiter.MockitoExtension;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.times;
+
+@ExtendWith(MockitoExtension.class)
+class OnBehalfOfTests {
+
+    private String getSuccessfulResponse() {
+        return "{\"access_token\":\"accessToken\",\"expires_in\": \""+ 60*60*1000 +"\",\"token_type\":" +
+                "\"Bearer\",\"client_id\":\"client_id\",\"Content-Type\":\"text/html; charset=utf-8\"}";
+    }
+
+    private HttpResponse expectedResponse(int statusCode, String response) {
+        Map<String, List<String>> headers = new HashMap<String, List<String>>();
+        headers.put("Content-Type", Collections.singletonList("application/json"));
+
+        HttpResponse httpResponse = new HttpResponse();
+        httpResponse.statusCode(statusCode);
+        httpResponse.body(response);
+        httpResponse.addHeaders(headers);
+
+        return httpResponse;
+    }
+
+    @Test
+    void OnBehalfOf_InternalCacheLookup_Success() throws Exception {
+        DefaultHttpClient httpClientMock = mock(DefaultHttpClient.class);
+
+        when(httpClientMock.send(any(HttpRequest.class))).thenReturn(expectedResponse(200, getSuccessfulResponse()));
+
+        ConfidentialClientApplication cca =
+                ConfidentialClientApplication.builder("clientId", ClientCredentialFactory.createFromSecret("password"))
+                                .authority("https://login.microsoftonline.com/tenant/")
+                        .instanceDiscovery(false)
+                        .validateAuthority(false)
+                        .httpClient(httpClientMock)
+                        .build();
+
+        OnBehalfOfParameters parameters = OnBehalfOfParameters.builder(Collections.singleton("scopes"), new UserAssertion(TestHelper.signedToken)).build();
+
+        IAuthenticationResult result = cca.acquireToken(parameters).get();
+        IAuthenticationResult result2 = cca.acquireToken(parameters).get();
+
+        //OBO flow should perform an internal cache lookup, so similar parameters should only cause one HTTP client call
+        assertEquals(result.accessToken(), result2.accessToken());
+        verify(httpClientMock, times(1)).send(any());
+    }
+
+    @Test
+    void OnBehalfOf_TenantOverride() throws Exception {
+        DefaultHttpClient httpClientMock = mock(DefaultHttpClient.class);
+
+        when(httpClientMock.send(any(HttpRequest.class))).thenReturn(expectedResponse(200, getSuccessfulResponse()));
+
+        ConfidentialClientApplication cca =
+                ConfidentialClientApplication.builder("clientId", ClientCredentialFactory.createFromSecret("password"))
+                        .authority("https://login.microsoftonline.com/tenant")
+                        .instanceDiscovery(false)
+                        .validateAuthority(false)
+                        .httpClient(httpClientMock)
+                        .build();
+
+        OnBehalfOfParameters parameters = OnBehalfOfParameters.builder(Collections.singleton("scopes"), new UserAssertion(TestHelper.signedToken)).build();
+        //The two acquireToken calls have the same parameters and should only cause one call from the HTTP client
+
+        cca.acquireToken(parameters).get();
+        cca.acquireToken(parameters).get();
+        verify(httpClientMock, times(1)).send(any());
+
+        parameters = OnBehalfOfParameters.builder(Collections.singleton("scopes"), new UserAssertion(TestHelper.signedToken)).tenant("otherTenant").build();
+        //Overriding the tenant parameter in the request should lead to a new token call being made, but followup calls should not
+        cca.acquireToken(parameters).get();
+        cca.acquireToken(parameters).get();
+        verify(httpClientMock, times(2)).send(any());
+    }
+}
diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestHelper.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestHelper.java
@@ -3,6 +3,11 @@
 
 package com.microsoft.aad.msal4j;
 
+import com.nimbusds.jose.*;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
+
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
@@ -12,10 +17,16 @@
 
 class TestHelper {
 
-    static String readResource(Class<?> classInstance, String resource) throws IOException, URISyntaxException {
-        return new String(
-                Files.readAllBytes(
-                        Paths.get(classInstance.getResource(resource).toURI())));
+    //Signed JWT which should be enough to pass the parsing/validation in the library, useful if a unit test needs an
+    // assertion in a request or token in a response but that is not the focus of the test
+    static String signedToken = generateToken();
+
+    static String readResource(Class<?> classInstance, String resource) {
+        try {
+            return new String(Files.readAllBytes(Paths.get(classInstance.getResource(resource).toURI())));
+        } catch (IOException | URISyntaxException e) {
+            throw new RuntimeException(e);
+        }
     }
 
     static void deleteFileContent(Class<?> classInstance, String resource)
@@ -27,4 +38,21 @@ static void deleteFileContent(Class<?> classInstance, String resource)
         fileWriter.write("");
         fileWriter.close();
     }
+
+    static String generateToken() {
+        try {
+            RSAKey rsaJWK = new RSAKeyGenerator(2048)
+                    .keyID("kid")
+                    .generate();
+            JWSObject jwsObject = new JWSObject(
+                    new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(rsaJWK.getKeyID()).build(),
+                    new Payload("payload"));
+
+            jwsObject.sign(new RSASSASigner(rsaJWK));
+
+            return jwsObject.serialize();
+        } catch (JOSEException e) {
+            throw new RuntimeException(e);
+        }
+    }
 }
