Search in sources :

Example 1 with AuthenticationController

use of com.auth0.AuthenticationController in project app-auth0-idprovider by enonic.

the class Auth0CallbackService method handle.

public boolean handle(final HttpServletRequest request) {
    try {
        final IdProviderKey idProviderKey = getIdProviderKey(request);
        final AuthenticationController authController = createAuthController(idProviderKey);
        final Tokens tokens = authController.handle(request);
        final UserInfo userInfo = retrieveUserInfo(idProviderKey, tokens);
        loginService.login(request, new UserInfoAdapter(userInfo), idProviderKey);
        return true;
    } catch (Exception e) {
        LOG.error("Error while handling auth0 callback", e);
    }
    return false;
}
Also used : AuthenticationController(com.auth0.AuthenticationController) IdProviderKey(com.enonic.xp.security.IdProviderKey) UserInfo(com.auth0.json.auth.UserInfo) UserInfoAdapter(com.enonic.app.auth0.impl.user.UserInfoAdapter) Auth0Exception(com.auth0.exception.Auth0Exception) Tokens(com.auth0.Tokens)

Example 2 with AuthenticationController

use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.

the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequest.

@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequest() throws Exception {
    AuthenticationController controller = builderSpy.withResponseType("code").build();
    TokenRequest codeExchangeRequest = mock(TokenRequest.class);
    TokenHolder tokenHolder = mock(TokenHolder.class);
    when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
    when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
    AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
    when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
    when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
    when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    // build auth URL using request and response, which stores state and nonce in cookies and also session as a fallback
    String authUrl = controller.buildAuthorizeUrl(request, response, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
    String state = (String) request.getSession().getAttribute("com.auth0.state");
    String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
    assertThat(state, is("state"));
    assertThat(nonce, is("nonce"));
    request.setParameter("state", "state");
    request.setParameter("nonce", "nonce");
    request.setParameter("code", "abc123");
    // handle called with request, which should use session
    controller.handle(request);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TokenRequest(com.auth0.net.TokenRequest) TokenHolder(com.auth0.json.auth.TokenHolder) AuthorizeUrlBuilder(com.auth0.client.auth.AuthorizeUrlBuilder) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 3 with AuthenticationController

use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.

the class AuthenticationControllerTest method shouldCreateWithAsymmetricSignatureVerifierWhenJwkProviderIsExplicitlySet.

@Test
public void shouldCreateWithAsymmetricSignatureVerifierWhenJwkProviderIsExplicitlySet() {
    JwkProvider jwkProvider = mock(JwkProvider.class);
    AuthenticationController controller = builderSpy.withResponseType("code id_token").withJwkProvider(jwkProvider).build();
    SignatureVerifier signatureVerifier = signatureVerifierCaptor.getValue();
    assertThat(signatureVerifier, is(notNullValue()));
    assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
    assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
    controller = builderSpy.withResponseType("code token").withJwkProvider(jwkProvider).build();
    signatureVerifier = signatureVerifierCaptor.getValue();
    assertThat(signatureVerifier, is(notNullValue()));
    assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
    assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
    controller = builderSpy.withResponseType("code id_token token").withJwkProvider(jwkProvider).build();
    signatureVerifier = signatureVerifierCaptor.getValue();
    assertThat(signatureVerifier, is(notNullValue()));
    assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
    assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
    controller = builderSpy.withResponseType("code").withJwkProvider(jwkProvider).build();
    signatureVerifier = signatureVerifierCaptor.getValue();
    assertThat(signatureVerifier, is(notNullValue()));
    assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
    assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
    controller = builderSpy.withResponseType("id_token").withJwkProvider(jwkProvider).build();
    signatureVerifier = signatureVerifierCaptor.getValue();
    assertThat(signatureVerifier, is(notNullValue()));
    assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
    assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
    controller = builderSpy.withResponseType("token").withJwkProvider(jwkProvider).build();
    signatureVerifier = signatureVerifierCaptor.getValue();
    assertThat(signatureVerifier, is(notNullValue()));
    assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
    assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
}
Also used : JwkProvider(com.auth0.jwk.JwkProvider) Test(org.junit.jupiter.api.Test)

Example 4 with AuthenticationController

use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.

the class AuthenticationControllerTest method shouldSetupClientWithTelemetry.

@Test
public void shouldSetupClientWithTelemetry() {
    AuthenticationController controller = builderSpy.build();
    ArgumentCaptor<Telemetry> telemetryCaptor = ArgumentCaptor.forClass(Telemetry.class);
    assertThat(controller, is(notNullValue()));
    RequestProcessor requestProcessor = controller.getRequestProcessor();
    assertThat(requestProcessor.getClient(), is(client));
    verify(client).setTelemetry(telemetryCaptor.capture());
    Telemetry capturedTelemetry = telemetryCaptor.getValue();
    assertThat(capturedTelemetry, is(notNullValue()));
    assertThat(capturedTelemetry.getName(), is("auth0-java-mvc-common"));
    assertThat(capturedTelemetry.getVersion(), is("1.2.3"));
}
Also used : Telemetry(com.auth0.net.Telemetry) Test(org.junit.jupiter.api.Test)

Example 5 with AuthenticationController

use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.

the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse.

@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse() throws Exception {
    AuthenticationController controller = builderSpy.withResponseType("code").build();
    TokenRequest codeExchangeRequest = mock(TokenRequest.class);
    TokenHolder tokenHolder = mock(TokenHolder.class);
    when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
    when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
    AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
    when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
    when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
    when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    // build auth URL using deprecated method, which stores state and nonce in session
    String authUrl = controller.buildAuthorizeUrl(request, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
    String state = (String) request.getSession().getAttribute("com.auth0.state");
    String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
    assertThat(state, is("state"));
    assertThat(nonce, is("nonce"));
    request.setParameter("state", "state");
    request.setParameter("nonce", "nonce");
    request.setParameter("code", "abc123");
    // handle called with request and response, which should use cookies but fallback to session
    controller.handle(request, response);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TokenRequest(com.auth0.net.TokenRequest) TokenHolder(com.auth0.json.auth.TokenHolder) AuthorizeUrlBuilder(com.auth0.client.auth.AuthorizeUrlBuilder) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)4 AuthorizeUrlBuilder (com.auth0.client.auth.AuthorizeUrlBuilder)2 TokenHolder (com.auth0.json.auth.TokenHolder)2 TokenRequest (com.auth0.net.TokenRequest)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 AuthenticationController (com.auth0.AuthenticationController)1 Tokens (com.auth0.Tokens)1 Auth0Exception (com.auth0.exception.Auth0Exception)1 UserInfo (com.auth0.json.auth.UserInfo)1 JwkProvider (com.auth0.jwk.JwkProvider)1 Telemetry (com.auth0.net.Telemetry)1 UserInfoAdapter (com.enonic.app.auth0.impl.user.UserInfoAdapter)1 IdProviderKey (com.enonic.xp.security.IdProviderKey)1