Add test cases for OAuth feature validation (#1874)

rahul-chekuri · mergify[bot] · web-flow · commit a33b053ec87f · 2025-03-03T15:22:49.000Z
* test: Add test cases for OAuth feature validation

* remove old property and remove WithMockUser annotation as the logout url is public one

---------

Co-authored-by: mergify[bot] &lt;37929162+mergify[bot]@users.noreply.github.com&gt;
diff --git a/gate-web/gate-web.gradle b/gate-web/gate-web.gradle
@@ -74,6 +74,8 @@ dependencies {
   testImplementation "org.apache.groovy:groovy-json"
   testImplementation "com.squareup.retrofit2:converter-jackson"
   testImplementation "com.squareup.retrofit2:retrofit-mock"
+  testImplementation "org.springframework.security:spring-security-oauth2-client"
+
 
   // Add each included authz provider as a runtime dependency
   gradle.includedProviderProjects.each {
diff --git a/gate-web/src/test/java/com/netflix/spinnaker/gate/security/oauth/OAuth2Test.java b/gate-web/src/test/java/com/netflix/spinnaker/gate/security/oauth/OAuth2Test.java
@@ -17,8 +17,10 @@
 package com.netflix.spinnaker.gate.security.oauth;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -32,7 +34,6 @@
 @AutoConfigureMockMvc
 @SpringBootTest(
     properties = {
-      "retrofit.enabled=true",
       "security.oauth2.client.clientId=Spinnaker-Client",
       "security.oauth2.resource.userInfoUri=http://localhost/userinfo"
     })
@@ -51,4 +52,22 @@ void shouldRedirectOnOauth2Authentication() throws Exception {
 
     assertEquals(302, result.getResponse().getStatus());
   }
+
+  /** Test: Public endpoint should be accessible without authentication */
+  @Test
+  public void whenAccessingPublicEndpointThenSuccess() throws Exception {
+    mockMvc.perform(get("/auth/user")).andExpect(status().isOk());
+  }
+
+  /** Test: Secure endpoint should be accessible with OAuth2 authentication */
+  @Test
+  public void whenAuthenticatedWithOAuth2ThenAccessGranted() throws Exception {
+    mockMvc.perform(get("/credentials").with(oauth2Login())).andExpect(status().isOk());
+  }
+
+  /** Test: Logout should redirect to home */
+  @Test
+  public void whenLoggingOutThenRedirectToHome() throws Exception {
+    mockMvc.perform(get("/auth/logout")).andExpect(status().is3xxRedirection());
+  }
 }
