Examples with ClientConsentEntity com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity used on opensource projects

Search in sources :

Example 1 with ClientConsentEntity

use of com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity in project oauth2-server by gw2auth.

the class ClientConsentServiceImpl method save.

// region OAuth2AuthorizationConsentService
@Override
@Transactional
public void save(OAuth2AuthorizationConsent authorizationConsent) {
    if (!authorizationConsent.getScopes().containsAll(this.authorizationCodeParamAccessor.getRequestedScopes())) {
        throw this.authorizationCodeParamAccessor.error(new OAuth2Error(OAuth2ErrorCodes.ACCESS_DENIED));
    }
    final long accountId = Long.parseLong(authorizationConsent.getPrincipalName());
    final long clientRegistrationId = Long.parseLong(authorizationConsent.getRegisteredClientId());
    try (LoggingContext log = log(accountId, clientRegistrationId, LogType.CONSENT)) {
        ClientConsentEntity clientConsentEntity = this.clientConsentRepository.findByAccountIdAndClientRegistrationId(accountId, clientRegistrationId).orElseGet(() -> createAuthorizedClientEntity(accountId, clientRegistrationId)).withAdditionalScopes(authorizationConsent.getScopes());
        clientConsentEntity = this.clientConsentRepository.save(clientConsentEntity);
        log.log("Updated consented oauth2-scopes to [%s]", String.join(", ", clientConsentEntity.authorizedScopes()));
    }
}
Also used : OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) ClientConsentEntity(com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with ClientConsentEntity

use of com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity in project oauth2-server by gw2auth.

the class ApplicationControllerTest method getApplicationSummary.

@Test
public void getApplicationSummary() throws Exception {
    final long accountId = this.accountRepository.save(new AccountEntity(null, Instant.now())).id();
    final int accounts = 102;
    final int apiTokens = 3;
    final int verifiedGw2Accounts = 5;
    final int clientRegistrations = 12;
    // this must be less than clientRegistrations! (only to keep the testcase simple)
    final int clientAuthorizations = 10;
    for (int i = 0; i < accounts; i++) {
        this.accountRepository.save(new AccountEntity(null, Instant.now()));
    }
    for (int i = 0; i < apiTokens; i++) {
        this.testHelper.createApiToken(accountId, UUID.randomUUID(), Set.of(), "Name");
    }
    for (int i = 0; i < verifiedGw2Accounts; i++) {
        this.gw2AccountVerificationRepository.save(new Gw2AccountVerificationEntity(UUID.randomUUID(), accountId));
    }
    final Queue<ClientRegistrationEntity> clientRegistrationEntities = new LinkedList<>();
    for (int i = 0; i < clientRegistrations; i++) {
        clientRegistrationEntities.add(this.clientRegistrationRepository.save(new ClientRegistrationEntity(null, accountId, Instant.now(), "Name", UUID.randomUUID(), "", Set.of(), Set.of("http://127.0.0.1/"))));
    }
    for (int i = 0; i < clientAuthorizations; i++) {
        this.clientConsentRepository.save(new ClientConsentEntity(accountId, clientRegistrationEntities.poll().id(), UUID.randomUUID(), Set.of("dummy")));
    }
    // add one client authorization without scopes (that should not be counted)
    this.clientConsentRepository.save(new ClientConsentEntity(accountId, clientRegistrationEntities.poll().id(), UUID.randomUUID(), Set.of()));
    this.mockMvc.perform(get("/api/application/summary")).andExpect(status().isOk()).andExpect(// we create one dummy account who owns everything else
    jsonPath("$.accounts").value(Integer.toString(accounts + 1))).andExpect(jsonPath("$.apiTokens").value(Integer.toString(apiTokens))).andExpect(jsonPath("$.verifiedGw2Accounts").value(Integer.toString(verifiedGw2Accounts))).andExpect(jsonPath("$.clientRegistrations").value(Integer.toString(clientRegistrations))).andExpect(jsonPath("$.clientAuthorizations").value(Integer.toString(clientAuthorizations)));
}
Also used : ClientRegistrationEntity(com.gw2auth.oauth2.server.repository.client.registration.ClientRegistrationEntity) Gw2AccountVerificationEntity(com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationEntity) AccountEntity(com.gw2auth.oauth2.server.repository.account.AccountEntity) LinkedList(java.util.LinkedList) ClientConsentEntity(com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 3 with ClientConsentEntity

use of com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity in project oauth2-server by gw2auth.

the class ClientConsentControllerTest method getClientConsents.

@WithGw2AuthLogin
public void getClientConsents(MockHttpSession session) throws Exception {
    final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
    final ClientRegistrationEntity clientRegistrationA = this.testHelper.createClientRegistration(accountId, "Name");
    final ClientRegistrationEntity clientRegistrationC = this.testHelper.createClientRegistration(accountId, "Name");
    final ClientConsentEntity clientConsentA = this.testHelper.createClientConsent(accountId, clientRegistrationA.id(), Set.of(Gw2ApiPermission.ACCOUNT.oauth2(), ClientConsentService.GW2AUTH_VERIFIED_SCOPE));
    final ClientConsentEntity clientConsentB = this.testHelper.createClientConsent(accountId, clientRegistrationC.id(), Set.of(Gw2ApiPermission.ACCOUNT.oauth2(), Gw2ApiPermission.GUILDS.oauth2()));
    final String jsonResponse = this.mockMvc.perform(get("/api/client/consent").session(session)).andExpect(status().isOk()).andExpect(jsonPath("$.length()").value(2)).andReturn().getResponse().getContentAsString();
    final ObjectMapper mapper = new ObjectMapper();
    final JsonNode node = mapper.readTree(jsonResponse);
    assertTrue(node.isArray());
    boolean foundAuthorizationA = false;
    boolean foundAuthorizationC = false;
    for (int i = 0; i < node.size(); i++) {
        final JsonNode element = node.get(i);
        final JsonNode clientRegistrationNode = element.get("clientRegistration");
        final ClientRegistrationEntity clientRegistration;
        final ClientConsentEntity clientConsent;
        if (clientRegistrationNode.get("clientId").textValue().equals(clientRegistrationA.clientId().toString())) {
            if (foundAuthorizationA) {
                fail("authorization A appeared at least twice in the response");
                return;
            } else {
                foundAuthorizationA = true;
                clientRegistration = clientRegistrationA;
                clientConsent = clientConsentA;
            }
        } else if (clientRegistrationNode.get("clientId").textValue().equals(clientRegistrationC.clientId().toString())) {
            if (foundAuthorizationC) {
                fail("authorization C appeared at least twice in the response");
                return;
            } else {
                foundAuthorizationC = true;
                clientRegistration = clientRegistrationC;
                clientConsent = clientConsentB;
            }
        } else {
            fail("unknown authorization appeared in response");
            return;
        }
        // registration
        assertInstantEquals(clientRegistration.creationTime(), clientRegistrationNode.get("creationTime").textValue());
        assertEquals(clientRegistration.displayName(), clientRegistrationNode.get("displayName").textValue());
        // accountsub
        assertEquals(clientConsent.accountSub().toString(), element.get("accountSub").textValue());
        // authorized scopes
        final Set<String> expectedScopes = new HashSet<>(clientConsent.authorizedScopes());
        final JsonNode authorizedGw2ApiPermissionsNode = element.get("authorizedGw2ApiPermissions");
        assertTrue(authorizedGw2ApiPermissionsNode.isArray());
        for (int j = 0; j < authorizedGw2ApiPermissionsNode.size(); j++) {
            final Gw2ApiPermission gw2ApiPermission = Gw2ApiPermission.fromGw2(authorizedGw2ApiPermissionsNode.get(j).textValue()).orElseThrow();
            if (!expectedScopes.remove(gw2ApiPermission.oauth2())) {
                fail("got unexpected scope in authorization");
            }
        }
        if (element.get("authorizedVerifiedInformation").booleanValue()) {
            if (!expectedScopes.remove(ClientConsentService.GW2AUTH_VERIFIED_SCOPE)) {
                fail("got unexpected scope in authorization");
            }
        }
        assertTrue(expectedScopes.isEmpty());
    }
    assertTrue(foundAuthorizationA);
    assertTrue(foundAuthorizationC);
}
Also used : Gw2ApiPermission(com.gw2auth.oauth2.server.service.Gw2ApiPermission) ClientRegistrationEntity(com.gw2auth.oauth2.server.repository.client.registration.ClientRegistrationEntity) JsonNode(com.fasterxml.jackson.databind.JsonNode) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ClientConsentEntity(com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity)

Example 4 with ClientConsentEntity

use of com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity in project oauth2-server by gw2auth.

the class ClientConsentControllerTest method deleteClientConsent.

@WithGw2AuthLogin
public void deleteClientConsent(MockHttpSession session) throws Exception {
    final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
    final ClientRegistrationEntity clientRegistrationA = this.testHelper.createClientRegistration(accountId, "Name");
    final ClientRegistrationEntity clientRegistrationB = this.testHelper.createClientRegistration(accountId, "Name");
    final ApiTokenEntity apiTokenA = this.testHelper.createApiToken(accountId, UUID.randomUUID(), Gw2ApiPermission.all(), "TokenNameA");
    final ApiTokenEntity apiTokenB = this.testHelper.createApiToken(accountId, UUID.randomUUID(), Gw2ApiPermission.all(), "TokenNameB");
    final ApiTokenEntity apiTokenC = this.testHelper.createApiToken(accountId, UUID.randomUUID(), Gw2ApiPermission.all(), "TokenNameC");
    final ClientConsentEntity clientConsentA = this.testHelper.createClientConsent(accountId, clientRegistrationA.id(), Set.of(Gw2ApiPermission.ACCOUNT.oauth2()));
    final ClientConsentEntity clientConsentB = this.testHelper.createClientConsent(accountId, clientRegistrationB.id(), Set.of(Gw2ApiPermission.ACCOUNT.oauth2(), Gw2ApiPermission.GUILDS.oauth2()));
    final String authorizationIdA = this.testHelper.createClientAuthorization(accountId, clientConsentA.clientRegistrationId(), clientConsentA.authorizedScopes()).id();
    final String authorizationIdB = this.testHelper.createClientAuthorization(accountId, clientConsentB.clientRegistrationId(), clientConsentB.authorizedScopes()).id();
    // tokens for authorization A
    this.testHelper.createClientAuthorizationTokens(accountId, authorizationIdA, apiTokenA.gw2AccountId(), apiTokenC.gw2AccountId());
    // tokens for authorization B
    this.testHelper.createClientAuthorizationTokens(accountId, authorizationIdB, apiTokenB.gw2AccountId());
    // logs for authorization A
    this.testHelper.createClientLog(accountId, clientConsentA.clientRegistrationId(), "SomeTypeA", List.of());
    this.testHelper.createClientLog(accountId, clientConsentA.clientRegistrationId(), "SomeTypeA", List.of());
    // logs for authorization B
    this.testHelper.createClientLog(accountId, clientConsentB.clientRegistrationId(), "SomeTypeA", List.of());
    // delete authorization A
    this.mockMvc.perform(delete("/api/client/consent/{clientId}", clientRegistrationA.clientId()).session(session).with(csrf())).andExpect(status().isOk());
    // entity should still be there
    ClientConsentEntity clientConsent = this.clientConsentRepository.findByAccountIdAndClientRegistrationId(accountId, clientConsentA.clientRegistrationId()).orElse(null);
    assertNotNull(clientConsent);
    assertNotEquals(clientConsentA, clientConsent);
    assertTrue(clientConsent.authorizedScopes().isEmpty());
    assertEquals(clientConsentA.accountSub(), clientConsent.accountSub());
    // logs and tokens should be deleted
    assertTrue(this.clientAuthorizationTokenRepository.findAllByAccountIdAndClientAuthorizationId(accountId, authorizationIdA).isEmpty());
    assertTrue(this.clientConsentLogRepository.findByAccountIdAndClientId(accountId, clientRegistrationA.clientId(), 0, 10).findAny().isEmpty());
    // authorization B should still be there (and unchanged)
    clientConsent = this.clientConsentRepository.findByAccountIdAndClientRegistrationId(accountId, clientConsentB.clientRegistrationId()).orElse(null);
    assertEquals(clientConsentB, clientConsent);
    // logs and tokens of B should still be there
    assertEquals(1, this.clientAuthorizationTokenRepository.findAllByAccountIdAndClientAuthorizationId(accountId, authorizationIdB).size());
    assertEquals(1L, this.clientConsentLogRepository.findByAccountIdAndClientId(accountId, clientRegistrationB.clientId(), 0, 10).count());
}
Also used : ApiTokenEntity(com.gw2auth.oauth2.server.repository.apitoken.ApiTokenEntity) ClientRegistrationEntity(com.gw2auth.oauth2.server.repository.client.registration.ClientRegistrationEntity) ClientConsentEntity(com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity)

Example 5 with ClientConsentEntity

use of com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity in project oauth2-server by gw2auth.

the class ApiTokenControllerTest method updateApiToken.

@WithGw2AuthLogin
public void updateApiToken(MockHttpSession session) throws Exception {
    final long accountId = AuthenticationHelper.getUser(session).orElseThrow().getAccountId();
    final UUID gw2AccountId = UUID.randomUUID();
    final ApiTokenEntity apiToken = this.testHelper.createApiToken(accountId, gw2AccountId, Set.of(Gw2ApiPermission.ACCOUNT, Gw2ApiPermission.GUILDS), "TokenA");
    // verified
    this.testHelper.createAccountVerification(accountId, gw2AccountId);
    // register 2 clients
    final ClientRegistrationEntity clientRegistrationA = this.testHelper.createClientRegistration(accountId, "ClientA");
    final ClientRegistrationEntity clientRegistrationB = this.testHelper.createClientRegistration(accountId, "ClientB");
    // authorize 2 clients
    final ClientConsentEntity clientConsentA = this.testHelper.createClientConsent(accountId, clientRegistrationA.id(), Set.of(Gw2ApiPermission.ACCOUNT.oauth2()));
    final ClientConsentEntity clientConsentB = this.testHelper.createClientConsent(accountId, clientRegistrationB.id(), Set.of(Gw2ApiPermission.ACCOUNT.oauth2()));
    final String authorizationIdA = this.testHelper.createClientAuthorization(accountId, clientConsentA.clientRegistrationId(), clientConsentA.authorizedScopes()).id();
    final String authorizationIdB = this.testHelper.createClientAuthorization(accountId, clientConsentB.clientRegistrationId(), clientConsentB.authorizedScopes()).id();
    // use this token in both clients
    this.testHelper.createClientAuthorizationToken(accountId, authorizationIdA, gw2AccountId);
    this.testHelper.createClientAuthorizationToken(accountId, authorizationIdB, gw2AccountId);
    final String gw2ApiToken = TestHelper.randomRootToken();
    // prepare the gw2 rest server
    this.gw2RestServer.reset();
    prepareGw2RestServerForTokenInfoRequest(gw2ApiToken, "Token Name", Set.of(Gw2ApiPermission.ACCOUNT));
    preparedGw2RestServerForAccountRequest(gw2AccountId, gw2ApiToken, "Gw2AccountName.1234");
    final String responseJson = this.mockMvc.perform(patch("/api/token/{gw2AccountId}", gw2AccountId).session(session).with(csrf()).queryParam("gw2ApiToken", gw2ApiToken).queryParam("displayName", "New Display Name")).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
    final ObjectMapper mapper = new ObjectMapper();
    final JsonNode apiTokenNode = mapper.readTree(responseJson);
    assertExpectedApiToken(new ExpectedApiToken(apiToken, true, List.of(clientRegistrationA, clientRegistrationB)), // display name should be updated
    "New Display Name", // api token should be updated
    gw2ApiToken, // the new api token has less permissions than the original one
    Set.of(Gw2ApiPermission.ACCOUNT.gw2()), apiTokenNode);
}
Also used : ApiTokenEntity(com.gw2auth.oauth2.server.repository.apitoken.ApiTokenEntity) ClientRegistrationEntity(com.gw2auth.oauth2.server.repository.client.registration.ClientRegistrationEntity) JsonNode(com.fasterxml.jackson.databind.JsonNode) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ClientConsentEntity(com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity)

Aggregations

ClientConsentEntity (com.gw2auth.oauth2.server.repository.client.consent.ClientConsentEntity)21 JsonNode (com.fasterxml.jackson.databind.JsonNode)12 ClientRegistration (com.gw2auth.oauth2.server.service.client.registration.ClientRegistration)11 ApiTokenEntity (com.gw2auth.oauth2.server.repository.apitoken.ApiTokenEntity)9 ClientRegistrationEntity (com.gw2auth.oauth2.server.repository.client.registration.ClientRegistrationEntity)8 ClientRegistrationCreation (com.gw2auth.oauth2.server.service.client.registration.ClientRegistrationCreation)8 MvcResult (org.springframework.test.web.servlet.MvcResult)8 ClientAuthorizationEntity (com.gw2auth.oauth2.server.repository.client.authorization.ClientAuthorizationEntity)7 ClientAuthorizationTokenEntity (com.gw2auth.oauth2.server.repository.client.authorization.ClientAuthorizationTokenEntity)7 Clock (java.time.Clock)7 JSONObject (org.json.JSONObject)7 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)6 Gw2AccountVerificationEntity (com.gw2auth.oauth2.server.repository.verification.Gw2AccountVerificationEntity)4 UriComponents (org.springframework.web.util.UriComponents)4 ApiSubTokenEntity (com.gw2auth.oauth2.server.repository.apisubtoken.ApiSubTokenEntity)3 Gw2ApiPermission (com.gw2auth.oauth2.server.service.Gw2ApiPermission)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 com.gw2auth.oauth2.server (com.gw2auth.oauth2.server)1 Assertions.assertInstantEquals (com.gw2auth.oauth2.server.Assertions.assertInstantEquals)1 Matchers (com.gw2auth.oauth2.server.Matchers)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial