Implement de-authentication test

Fixes #59

Author: AB-xdev

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 1.2.1
+* Added more tests
+* Updated dependencies
+
 # 1.2.0
 * Added ``LoginUrlStore``
     * Stores the login url so that it can be used inside other parts of applications to e.g. display dedicated login components

oauth2-oidc/src/main/java/software/xdev/sse/oauth2/checkauth/OAuth2ProviderOfflineManager.java

@@ -41,9 +41,20 @@ public class OAuth2ProviderOfflineManager
 	public OAuth2ProviderOfflineManager(
 		final AuthProviderOfflineConfig config,
 		final List<OAuth2ProviderOfflineManagerMetricsHandler> metricsHandlers)
+	{
+		this(config, metricsHandlers, false);
+	}
+	
+	protected OAuth2ProviderOfflineManager(
+		final AuthProviderOfflineConfig config,
+		final List<OAuth2ProviderOfflineManagerMetricsHandler> metricsHandlers,
+		final boolean silent)
 	{
 		this.config = config;
-		LOG.info("Instantiated with {}", this.config);
+		if(!silent)
+		{
+			LOG.info("Instantiated with {}", this.config);
+		}
 
 		metricsHandlers.stream()
 			.filter(OAuth2ProviderOfflineManagerMetricsHandler::enabled)

oauth2-oidc/src/main/java/software/xdev/sse/oauth2/filter/OAuth2RefreshFilter.java

@@ -104,7 +104,7 @@ public void doFilter(final ServletRequest request, final ServletResponse respons
 	}
 
 	@SuppressWarnings("java:S3626") // Incorrect
-	private void checkAuth(final ServletRequest request, final ServletResponse response)
+	protected void checkAuth(final ServletRequest request, final ServletResponse response)
 	{
 		if(request instanceof final HttpServletRequest httpRequest
 			&& this.ignoreRequestMatcher.matches(httpRequest))
@@ -113,15 +113,14 @@ private void checkAuth(final ServletRequest request, final ServletResponse respo
 			return;
 		}
 
-		final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		final Authentication authentication = this.getCurrentAuth(request, response);
 		if(!(authentication instanceof final OAuth2AuthenticationToken auth))
 		{
 			this.communicateReload(OAuth2RefreshReloadCommunicator.Source.NO_AUTH, request, response);
 			this.metrics.noAuth();
 			return;
 		}
 
-		// Client may be null on initial login -> Do not log out
 		final OAuth2AuthChecker.AuthCheckResult authCheckResult =
 			this.oAuth2AuthChecker.check(auth, this.clientService::loadAuthorizedClient);
 		this.metrics.authCheckMetricsIncrement(authCheckResult.outcome());
@@ -157,6 +156,12 @@ else if(authCheckResult.outcome() == OAuth2AuthChecker.AuthCheckOutcome.VALID)
 		}
 	}
 
+	@SuppressWarnings("java:S1172")
+	protected Authentication getCurrentAuth(final ServletRequest request, final ServletResponse response)
+	{
+		return SecurityContextHolder.getContext().getAuthentication();
+	}
+	
 	protected Collection<OAuth2RefreshHandler> oAuth2RefreshHandlers()
 	{
 		return this.refreshHandlersProvider.get();