OAuth 2.0 waxay bixisaa afar qulquli oo kala duwan, laakiin ujeedada ugu weyn ee socod kasta waa in la sameeyo hel tilmaan-helid oo u isticmaal helitaanka ilaha la ilaaliyo.
Afarta qulqulka kala duwan waa:
Casharkaan wuxuu bixinayaa tusaalooyin koodh iyadoo la adeegsanayo REST oo la hubo si loo tijaabiyo socodka OAuth 2.0, Abaalmarinta Koodhka Oggolaanshaha iyo socodka Aqoonsiga Macmiilka.
Tani waa qulqulka ugu caansan ee koodh la soo saaro oo loo isticmaalo helitaanka marin_siis . Koodhkan waxaa lagu riixayaa codsi hore-dhamaadka ah (biraawsarka) ka dib markii uu adeegsadaha soo galo. Access_token waxaa laga soo saaraa dhinaca serverka, iyadoo lagu xaqiijinayo macmiilka lambarkiisa sirta ah iyo lambarka la helay.
Saddex tallaabo:
Tallaabada ugu horreysa waa in la helo code
:
import io.restassured.RestAssured; import io.restassured.http.ContentType; import io.restassured.response.Response; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import static io.restassured.RestAssured.given; import java.util.Base64; public class RestAssuredOAuth2 {
public static String clientId = 'some_client_id';
public static String redirectUri = 'some_redirect_uri';
public static String scope = 'some_scope';
public static String username = 'some_email';
public static String password = 'some_password';
public static String encode(String str1, String str2) {
return new String(Base64.getEncoder().encode((str1 + ':' + str2).getBytes()));
}
public static Response getCode() {
String authorization = encode(username, password);
return
given()
.header('authorization', 'Basic ' + authorization)
.contentType(ContentType.URLENC)
.formParam('response_type', 'code')
.queryParam('client_id', clientId)
.queryParam('redirect_uri', redirectUri)
.queryParam('scope', scope)
.post('/oauth2/authorize')
.then()
.statusCode(200)
.extract()
.response();
}
public static String parseForOAuth2Code(Response response) {
return response.jsonPath().getString('code');
}
@BeforeAll
public static void setup() {
RestAssured.baseURI = 'https://some-url.com';
}
@Test
public void iShouldGetCode() {
Response response = getCode();
String code = parseForOAuth2Code(response);
Assertions.assertNotNull(code);
} }
Marka aan helno nambarka oggolaanshaha, kadib waxaan codsan karnaa access_token
:
public static Response getToken(String authCode) {
String authorization = encode(username, password);
return
given()
.header('authorization', 'Basic ' + authorization)
.contentType(ContentType.URLENC)
.queryParam('code', authCode)
.queryParam('redirect_uri', redirectUri)
.queryParam('grant_type', grantType)
.post('/oauth2/token')
.then()
.statusCode(200)
.extract()
.response();
}
public static String parseForAccessToken(Response loginResponse) {
return loginResponse.jsonPath().getString('access_token');
}
@Test
public void iShouldGetToken() {
Response tokenResponse = getToken(code);
String accessToken = parseForAccessToken(tokenResponse);
Assertions.assertNotNull(accessToken);
}
Ugu dambeyntiina, markii aan helno wax ansax ah access_token
, kadib waxaan codsan karnaa ilaha la ilaaliyo:
public static void getUsers() {
given().auth()
.oauth2(accessToken)
.when()
.get('/users')
.then()
.statusCode(200); }
Waxaan sidoo kale u diri karnaa calaamadda gelitaanka sidii Authorization Header
leh Bearer
Horgale
Tusaale ahaan:
public static void getUsers() {
given()
.header('Authorization', 'Bearer ' + accessToken)
.when()
.get('/users')
.then()
.statusCode(200); }
Qulqulka aqoonsiga macmiilku ma laha UI (biraawsar) ku lug leh waxaana badanaa loo adeegsadaa oggolaanshaha Mashiinka-ilaa-Mashiinka.
Xaqiijinta-hubinta, tani waxay umuuqan doontaa:
import io.restassured.RestAssured; import io.restassured.http.ContentType; import io.restassured.response.Response; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import static io.restassured.RestAssured.given; import static io.restassured.RestAssured.requestSpecification; public class RestAssuredOAuth2 {
public static Response response;
private String userAdminClientId = System.getenv('M2M_USER_ADMIN_CLIENT_ID');
private String userAdminClientSecret = System.getenv('M2M_USER_ADMIN_CLIENT_SECRET');
private String oauth2Payload = '{
' +
' 'client_id': '' + userAdminClientId + '',
' +
' 'client_secret': '' + userAdminClientSecret + '',
' +
' 'audience': 'https://some-url.com/user',
' +
' 'grant_type': 'client_credentials',
' +
' 'scope': 'user:admin'
}';
private static String createUserPayload = '{
' +
' 'username': 'api-user',
' +
' 'email': 'api-user@putsbox.com',
' +
' 'password': 'Passw0rd123!',
' +
' 'firstName': 'my-first-name',
' +
' 'lastName': 'my-last-name',
' +
' 'roles': ['read']
}';
public void userAdminConfigSetup() {
requestSpecification = given().auth().oauth2(getAccessToken(oauth2Payload))
.header('Accept', ContentType.JSON.getAcceptHeader())
.contentType(ContentType.JSON);
}
public String getAccessToken(String payload) {
return given()
.contentType(ContentType.JSON)
.body(payload)
.post('/token')
.then().extract().response()
.jsonPath().getString('access_token');
}
@BeforeAll
public static void setup() {
RestAssured.baseURI = 'https://some-url.com';
}
@Test
public void createUser() {
userAdminConfigSetup();
response = given(requestSpecification)
.body(createUserPayload)
.post('/user')
.then().extract().response();
Assertions.assertEquals(201, response.statusCode());
} }
Halkan, waxaan ku soo bandhignay tusaalooyin koodh leh REST oo la hubo sida loo helo access_token
adoo adeegsanaya socodka OAuth 2.0. Marka aan helno access_token
ka dib waxaan codsan karnaa kheyraadka la ilaaliyo.
Waxaan rajeynayaa inaad ka heshay waxtarka kore.