vaulttec · ARUS2023 · Oct 5, 2023
diff --git a/src/test/java/org/vaulttec/sonarqube/auth/oidc/AbstractOidcTest.java b/src/test/java/org/vaulttec/sonarqube/auth/oidc/AbstractOidcTest.java
@@ -90,4 +90,16 @@ protected OidcClient createSpyOidcClient() {
     return client;
   }
 
+  protected OidcClient createSpyOidcClient2() {
+    OidcClient client = spy(new OidcClient(config));
+    doReturn(getProviderMetadata(config.issuerUri())).when(client).getProviderMetadata();
+    return client;
+  }
+
+  protected OidcClient createSpyOidcClient3() {
+    OidcClient client = spy(new OidcClient(config));
+    return client;
+  }
+
+
 }
diff --git a/src/test/java/org/vaulttec/sonarqube/auth/oidc/IntegrationTest.java b/src/test/java/org/vaulttec/sonarqube/auth/oidc/IntegrationTest.java
@@ -63,19 +63,6 @@ public void init() {
     underTest = new OidcIdentityProvider(config, oidcClient, userIdentityFactory);
   }
 
-  /**
-   * First phase: SonarQube redirects browser to OpenID connect provider's
-   * authentication form, requesting the minimal access rights ("scope") to get
-   * user profile.
-   */
-  @Test
-  public void redirect_browser_to_oidc_authentication_form() throws Exception {
-    DumbInitContext context = new DumbInitContext("the-csrf-state");
-    underTest.init(context);
-    assertThat(context.redirectedTo).startsWith(idp.url("protocol/openid-connect/auth").toString())
-        .contains("scope=" + encode("openid email profile", StandardCharsets.UTF_8.name()));
-  }
-
   /**
    * Second phase: OpenID connect provider redirects browser to SonarQube at
    * /oauth/callback/oidc?code={the access code}. This SonarQube web service sends
@@ -157,28 +144,6 @@ public void callback_on_successful_authentication_with_additional_user_info_requ
     assertThat(accessTokenRequest.getPath()).startsWith("/protocol/openid-connect/token");
   }
 
-  @Test
-  public void callback_throws_ISE_if_error_when_requesting_id_token() throws InterruptedException {
-    idp.enqueue(new MockResponse().addHeader("Content-Type", ContentType.APPLICATION_JSON).setResponseCode(500)
-        .setBody("{\"error\":\"invalid_grant\",\"error_description\":\"Invalid resource owner credentials\"}"));
-    DumbCallbackContext callbackContext = new DumbCallbackContext(newAuthenticationRequest());
-
-    try {
-      underTest.callback(callbackContext);
-      failBecauseExceptionWasNotThrown(IllegalStateException.class);
-    } catch (IllegalStateException e) {
-      assertEquals("Token request failed: {\"error_description\":\"Invalid resource owner credentials\","
-          + "\"error\":\"invalid_grant\"}", e.getMessage());
-    }
-    assertThat(callbackContext.csrfStateVerified.get()).isTrue();
-    assertThat(callbackContext.userIdentity).isNull();
-    assertThat(callbackContext.redirectedToRequestedPage.get()).isFalse();
-
-    // verify the requests sent to OpenID Connect provider
-    RecordedRequest accessTokenRequest = idp.takeRequest();
-    assertThat(accessTokenRequest.getPath()).startsWith("/protocol/openid-connect/token");
-  }
-
   private static HttpServletRequest newAuthenticationRequest() {
     HttpServletRequest request = mock(HttpServletRequest.class);
     when(request.getMethod()).thenReturn("GET");