Add degraded mode tests for token operations

[#151024202] https://www.pivotaltracker.com/story/show/151024202

uaa/src/main/resources/uaa.yml

@@ -595,10 +595,14 @@ uaa:
       endpoints:
         - /oauth/authorize/**
         - /oauth/token/**
-        - /check_token
+        - /check_token/**
         - /login/**
+        - /login.do
         - /logout/**
+        - /logout.do
         - /saml/**
+        - /autologin/**
+        - /authenticate/**
       methods:
         - GET
         - HEAD

uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java

@@ -206,10 +206,14 @@ public void defaults_and_required_properties() throws Exception {
                    containsInAnyOrder(
                         "/oauth/authorize/**",
                         "/oauth/token/**",
-                        "/check_token",
-                        "/saml/**",
+                        "/check_token/**",
                         "/login/**",
-                        "/logout/**"
+                        "/login.do",
+                        "/logout/**",
+                        "/logout.do",
+                        "/saml/**",
+                        "/autologin/**",
+                        "/authenticate/**"
                    )
         );
         assertThat(degradedModeUaaFilter.getPermittedMethods(),

uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java

@@ -745,7 +745,7 @@ public void revokeSingleToken() throws Exception {
                 client.getClientSecret(),
                 user.getUserName(),
                 user.getPassword(),
-                "",
+                "openid",
                 IdentityZoneHolder.get(),
                 true
         );
@@ -760,7 +760,7 @@ public void revokeSingleToken() throws Exception {
         MockHttpServletRequestBuilder delete = RestDocumentationRequestBuilders.delete("/oauth/token/revoke/{tokenId}", userInfoToken);
 
         getMockMvc().perform(delete
-                .header(HttpHeaders.AUTHORIZATION, "Bearer " + adminToken))
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + userInfoToken))
                 .andExpect(status().isOk())
                 .andDo(document("{ClassName}/{methodName}", preprocessResponse(prettyPrint()), requestHeaders, pathParameters));
     }

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/degraded/DegradedModeJwtBearerGrantMockMvcTests.java

@@ -0,0 +1,37 @@
+/*
+ * ****************************************************************************
+ *     Cloud Foundry
+ *     Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved.
+ *
+ *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
+ *     You may not use this product except in compliance with the License.
+ *
+ *     This product includes a number of subcomponents with
+ *     separate copyright notices and license terms. Your use of these
+ *     subcomponents is subject to the terms and conditions of the
+ *     subcomponent's license, as noted in the LICENSE file.
+ * ****************************************************************************
+ */
+
+package org.cloudfoundry.identity.uaa.mock.degraded;
+
+import org.cloudfoundry.identity.uaa.mock.token.JwtBearerGrantMockMvcTests;
+import org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter;
+import org.junit.After;
+import org.junit.Before;
+
+public class DegradedModeJwtBearerGrantMockMvcTests extends JwtBearerGrantMockMvcTests {
+    private boolean original;
+
+    @Before
+    public void setup () throws Exception {
+        DegradedModeUaaFilter bean = getWebApplicationContext().getBean(DegradedModeUaaFilter.class);
+        original = bean.isEnabled();
+        bean.setEnabled(true);
+    }
+
+    @After
+    public void teardown() throws Exception {
+        getWebApplicationContext().getBean(DegradedModeUaaFilter.class).setEnabled(original);
+    }
+}

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/degraded/DegradedModeTokenMockMvcTests.java

@@ -0,0 +1,70 @@
+/*
+ * ****************************************************************************
+ *     Cloud Foundry
+ *     Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved.
+ *
+ *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
+ *     You may not use this product except in compliance with the License.
+ *
+ *     This product includes a number of subcomponents with
+ *     separate copyright notices and license terms. Your use of these
+ *     subcomponents is subject to the terms and conditions of the
+ *     subcomponent's license, as noted in the LICENSE file.
+ * ****************************************************************************
+ */
+
+package org.cloudfoundry.identity.uaa.mock.degraded;
+
+import org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests;
+import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils;
+import org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.oauth2.provider.client.BaseClientDetails;
+
+import static org.hamcrest.Matchers.containsInAnyOrder;
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+public class DegradedModeTokenMockMvcTests extends TokenMvcMockTests {
+
+    private boolean original;
+
+    @Before
+    @Override
+    public void setup () throws Exception {
+        super.setup();
+        DegradedModeUaaFilter bean = getWebApplicationContext().getBean(DegradedModeUaaFilter.class);
+        original = bean.isEnabled();
+        bean.setEnabled(true);
+    }
+
+    @After
+    public void teardown() throws Exception {
+        getWebApplicationContext().getBean(DegradedModeUaaFilter.class).setEnabled(original);
+    }
+
+    @Test
+    public void check_token_while_degraded() throws Exception {
+        BaseClientDetails client = setUpClients(generator.generate().toLowerCase(),
+                                                "uaa.resource,clients.read",
+                                                "",
+                                                "client_credentials",
+                                                true);
+        String token = MockMvcUtils.getClientCredentialsOAuthAccessToken(getMockMvc(), client.getClientId(), SECRET, null, null, true);
+        getMockMvc().perform(
+            post("/check_token")
+                .param("token", token)
+                .header(AUTHORIZATION,
+                        "Basic " + new String(Base64.encode((client.getClientId() + ":" + SECRET).getBytes())))
+        )
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$.scope").value(containsInAnyOrder("clients.read", "uaa.resource")))
+            .andExpect(jsonPath("$.client_id").value(client.getClientId()))
+            .andExpect(jsonPath("$.jti").value(token));
+    }
+}

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/degraded/DegradedModeUserTokenMockMvcTests.java

@@ -0,0 +1,45 @@
+/*
+ * ****************************************************************************
+ *     Cloud Foundry
+ *     Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved.
+ *
+ *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
+ *     You may not use this product except in compliance with the License.
+ *
+ *     This product includes a number of subcomponents with
+ *     separate copyright notices and license terms. Your use of these
+ *     subcomponents is subject to the terms and conditions of the
+ *     subcomponent's license, as noted in the LICENSE file.
+ * ****************************************************************************
+ */
+
+package org.cloudfoundry.identity.uaa.mock.degraded;
+
+import org.cloudfoundry.identity.uaa.mock.token.UserTokenMockMvcTests;
+import org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
+public class DegradedModeUserTokenMockMvcTests extends UserTokenMockMvcTests {
+    private boolean original;
+
+    @Before
+    public void setup () throws Exception {
+        DegradedModeUaaFilter bean = getWebApplicationContext().getBean(DegradedModeUaaFilter.class);
+        original = bean.isEnabled();
+        bean.setEnabled(true);
+    }
+
+    @After
+    public void teardown() throws Exception {
+        getWebApplicationContext().getBean(DegradedModeUaaFilter.class).setEnabled(original);
+    }
+
+    @Test
+    @Ignore("super method uses disabled endpoints")
+    @Override
+    public void test_create_client_with_user_token_grant() throws Exception {
+    }
+}

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java

@@ -61,7 +61,6 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 import static org.springframework.util.StringUtils.hasText;
 
-@Ignore("auth0 went down June 7, 11:52am Pacific")
 public class JwtBearerGrantMockMvcTests extends AbstractTokenMockMvcTests {
 
     private static RandomValueStringGenerator generator = new RandomValueStringGenerator(12);
@@ -99,7 +98,11 @@ public void default_zone_jwt_grant () throws Exception {
     @Test
     public void non_default_zone_jwt_grant () throws Exception {
         String subdomain = generator.generate().toLowerCase();
-        IdentityZone zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, getMockMvc(), getWebApplicationContext(), null).getIdentityZone();
+        IdentityZone zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain,
+                                                                                getMockMvc(),
+                                                                                getWebApplicationContext(),
+                                                                                null,
+                                                                                false).getIdentityZone();
         createProvider(zone, getTokenVerificationKey(originZone.getIdentityZone()));
         perform_grant_in_zone(zone, getUaaIdToken(originZone.getIdentityZone(), originClient, originUser))
             .andExpect(status().isOk())
@@ -108,11 +111,9 @@ public void non_default_zone_jwt_grant () throws Exception {
 
     @Test
     public void defaultZoneJwtGrantWithInternalIdp () throws Exception {
-        BaseClientDetails defaultZoneClient = new BaseClientDetails(generator.generate(), "", "openid", "password", null);
+        BaseClientDetails defaultZoneClient = setUpClients(generator.generate(), "", "openid", "password", true);
         defaultZoneClient.setClientSecret(SECRET);
 
-        MockMvcUtils.createClient(getMockMvc(), adminToken, defaultZoneClient);
-
         IdentityZone defaultZone = IdentityZone.getUaa();
 
         ScimUser defaultZoneUser = createUser(defaultZone);