use of com.auth0.flickr2.domain.User in project ddf by codice.
the class TestOidc method processCredentialFlow.
/**
* Processes a credential flow request/response
*
* <ul>
* <li>Sets up a userinfo endpoint that responds with the given {@param userInfoResponse} when
* given {@param accessToken}
* <li>Sends a request to Intrigue with the {@param accessToken} as a parameter
* <li>Asserts that the response is teh expected response
* <li>Verifies if the userinfo endpoint is hit or not
* </ul>
*
* @return the response for additional verification
*/
private Response processCredentialFlow(String accessToken, String userInfoResponse, boolean isSigned, int expectedStatusCode, boolean userInfoShouldBeHit) {
// Host the user info endpoint with the access token in the auth header
String basicAuthHeader = "Bearer " + accessToken;
String contentType = isSigned ? "application/jwt" : APPLICATION_JSON;
whenHttp(server).match(get(USER_INFO_ENDPOINT_PATH), withHeader(AUTHORIZATION, basicAuthHeader)).then(ok(), contentType(contentType), bytesContent(userInfoResponse.getBytes()));
// Send a request to DDF with the access token
Response response = given().redirects().follow(false).expect().statusCode(expectedStatusCode).when().get(ROOT_URL.getUrl() + "?access_token=" + accessToken);
List<Call> endpointCalls = server.getCalls().stream().filter(call -> call.getMethod().getMethodString().equals(GET)).filter(call -> call.getUrl().equals(URL_START + USER_INFO_ENDPOINT_PATH)).collect(Collectors.toList());
if (userInfoShouldBeHit) {
assertThat(endpointCalls.size(), is(greaterThanOrEqualTo(1)));
} else {
assertThat(endpointCalls.size(), is(0));
}
return response;
}
use of com.auth0.flickr2.domain.User in project ddf by codice.
the class TestOidc method testCodeFlowLogin.
// --------------------------Code Flow Tests--------------------------//
@Test
public void testCodeFlowLogin() throws Exception {
Map<String, String> initialResponseParams = sendInitialRequest(CODE);
assertThat(initialResponseParams.get(SCOPE), is(DDF_SCOPE));
assertThat(initialResponseParams.get(RESPONSE_TYPE), is(CODE));
assertThat(initialResponseParams.get(CLIENT_ID), is(DDF_CLIENT_ID));
assertTrue(initialResponseParams.containsKey(REDIRECT_URI));
// recommended by spec
assertTrue(initialResponseParams.containsKey(STATE));
// optional but sent in DDF
assertTrue(initialResponseParams.containsKey(RESPONSE_MODE));
// optional but sent in DDF
assertTrue(initialResponseParams.containsKey(NONCE));
// Add token endpoint information to stub server
String basicAuthHeader = "Basic " + java.util.Base64.getEncoder().encodeToString((DDF_CLIENT_ID + ":" + DDF_CLIENT_SECRET).getBytes(StandardCharsets.UTF_8));
String validIdToken = getBaseIdTokenBuilder().withClaim(NONCE, initialResponseParams.get(NONCE)).sign(validAlgorithm);
String validAccessToken = createAccessToken(true);
String tokenEndpointResponse = createTokenEndpointResponse(validIdToken, validAccessToken);
whenHttp(server).match(post(TOKEN_ENDPOINT_PATH), parameter(CODE, TEMPORARY_CODE), parameter("grant_type", "authorization_code"), withHeader(AUTHORIZATION, basicAuthHeader)).then(ok(), contentType(APPLICATION_JSON), bytesContent(tokenEndpointResponse.getBytes()));
// Respond to request after user logged in with the temporary code
Response searchResponse = given().cookie(JSESSIONID, initialResponseParams.get(JSESSIONID)).header(USER_AGENT, BROWSER_USER_AGENT).header(HOST, "localhost:" + HTTPS_PORT.getPort()).header("Origin", URL_START.toString()).param(CODE, TEMPORARY_CODE).param(STATE, initialResponseParams.get(STATE)).redirects().follow(false).expect().statusCode(200).when().post(initialResponseParams.get(REDIRECT_URI));
// Verify that the stub server was hit
List<Call> tokenEndpointCalls = server.getCalls().stream().filter(call -> call.getUrl().equals(URL_START + TOKEN_ENDPOINT_PATH)).collect(Collectors.toList());
assertThat(tokenEndpointCalls.size(), is(1));
// Verify that we're logged in as admin
Map<String, Object> userInfoList = getUserInfo(initialResponseParams.get(JSESSIONID));
assertThat(userInfoList.get("name"), is(ADMIN));
logout(initialResponseParams.get(JSESSIONID));
}
use of com.auth0.flickr2.domain.User in project snow-owl by b2ihealthcare.
the class AuthorizationHeaderVerifier method toUser.
/**
* Converts the given JWT access token to a {@link User} representation using the configured email and permission claims.
*
* @param jwt
* - the JWT to convert to a {@link User} object
* @return
* @throws BadRequestException
* - if either the configured email or permissions property is missing from the given JWT
*/
public User toUser(DecodedJWT jwt) {
final Claim emailClaim = jwt.getClaim(emailClaimProperty);
if (emailClaim == null || emailClaim.isNull()) {
throw new BadRequestException("'%s' JWT access token field is required for email access, but it was missing.", emailClaimProperty);
}
Claim permissionsClaim = jwt.getClaim(permissionsClaimProperty);
if (permissionsClaim == null || permissionsClaim.isNull()) {
throw new BadRequestException("'%s' JWT access token field is required for permissions access, but it was missing.", permissionsClaimProperty);
}
final Set<Permission> permissions = jwt.getClaim(permissionsClaimProperty).asList(String.class).stream().map(Permission::valueOf).collect(Collectors.toSet());
return new User(emailClaim.asString(), List.of(new Role("jwt_roles", permissions)));
}
use of com.auth0.flickr2.domain.User in project flowgate by vmware.
the class JwtTokenUtil method generate.
/**
* generate token with roles
* @param user
* @return
*/
public AuthToken generate(WormholeUserDetails user) {
String secret = FlowgateKeystore.getEncryptKey();
Algorithm algorithm = null;
try {
algorithm = Algorithm.HMAC256(secret);
} catch (IllegalArgumentException | UnsupportedEncodingException e) {
logger.error("Error when generating token", e.getMessage());
return null;
}
ObjectMapper mapper = new ObjectMapper();
AuthToken access_token = new AuthToken();
Date issure_date = new Date();
Date expires_date = new Date(System.currentTimeMillis() + expiration * 1000);
long timeMillis = expires_date.getTime();
String token = JWT.create().withIssuer(issuer).withIssuedAt(issure_date).withExpiresAt(expires_date).withSubject(user.getUsername()).withClaim("userId", user.getUserId()).sign(algorithm);
access_token.setAccess_token(token);
access_token.setExpires_in(timeMillis);
try {
mapper.enable(DeserializationFeature.ACCEPT_EMPTY_ARRAY_AS_NULL_OBJECT);
redisTemplate.opsForValue().set(Prefix_token + token, mapper.writeValueAsString(user), expiration, TimeUnit.SECONDS);
} catch (JsonProcessingException e) {
logger.error(e.getMessage());
return null;
}
logger.debug(user.getUsername() + "'s token has been generated.");
return access_token;
}
use of com.auth0.flickr2.domain.User in project structr by structr.
the class JWTHelper method getPrincipalForAccessTokenWithKeystore.
private static Principal getPrincipalForAccessTokenWithKeystore(String token, PropertyKey<String> eMailKey) throws FrameworkException {
Key publicKey = getPublicKeyForToken();
final Algorithm alg = parseAlgorithm(publicKey.getAlgorithm());
Map<String, Claim> claims = validateTokenWithKeystore(token, alg);
if (claims == null) {
return null;
}
Principal user = getPrincipalForTokenClaims(claims, eMailKey);
if (user == null) {
return null;
}
// Check if the access_token is still valid.
// If access_token isn't valid anymore, then either it timed out, or the user logged out.
String tokenReference = claims.getOrDefault("tokenId", new NullClaim()).asString();
if (validateTokenForUser(tokenReference, user)) {
return user;
}
return null;
}
Aggregations