Add bearer auth test for invalid token

Use a custom wiremock stub for generating responses for the invalid token.
quarkusio · Sep 9, 2021 · 0ac955d · 0ac955d
1 parent 58ce5fa
commit 0ac955d
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/...ests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java b/...ests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java
@@ -1,5 +1,6 @@
 package io.quarkus.it.keycloak;
 
+import static com.github.tomakehurst.wiremock.client.WireMock.matching;
 import static org.hamcrest.Matchers.equalTo;
 
 import java.time.Instant;
@@ -10,8 +11,12 @@
 import org.hamcrest.Matchers;
 import org.junit.jupiter.api.Test;
 
+import com.github.tomakehurst.wiremock.WireMockServer;
+import com.github.tomakehurst.wiremock.client.WireMock;
+
 import io.quarkus.test.common.QuarkusTestResource;
 import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.oidc.server.InjectWireMock;
 import io.quarkus.test.oidc.server.OidcWiremockTestResource;
 import io.restassured.RestAssured;
 import io.smallrye.jwt.build.Jwt;
@@ -20,6 +25,9 @@
 @QuarkusTestResource(OidcWiremockTestResource.class)
 public class BearerTokenAuthorizationTest {
 
+    @InjectWireMock
+    WireMockServer wireMockServer;
+
     @Test
     public void testSecureAccessSuccessPreferredUsername() {
         for (String username : Arrays.asList("alice", "admin")) {
@@ -98,6 +106,19 @@ public void testBearerTokenWrongAudience() {
                 .header("WWW-Authenticate", equalTo("Bearer"));
     }
 
+    @Test
+    public void testInvalidBearerToken() {
+        wireMockServer.stubFor(WireMock.post("/auth/realms/quarkus/protocol/openid-connect/token/introspect")
+                .withRequestBody(matching(".*token=invalid_token.*"))
+                .willReturn(WireMock.aResponse().withStatus(400)));
+
+        RestAssured.given().auth().oauth2("invalid_token").when()
+                .get("/api/users/me/bearer")
+                .then()
+                .statusCode(401)
+                .header("WWW-Authenticate", equalTo("Bearer"));
+    }
+
     private String getAccessToken(String userName, Set<String> groups) {
         return Jwt.preferredUserName(userName)
                 .groups(groups)