use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class RefreshTokenTest method refresh_token_should_work.
@Test
public void refresh_token_should_work() throws InterruptedException {
// create client supports refresh token
Client clientRaw = ClientUtility.getClientRaw();
String clientSecret = clientRaw.getClientSecret();
HashSet<GrantTypeEnum> enums = new HashSet<>();
enums.add(GrantTypeEnum.PASSWORD);
enums.add(GrantTypeEnum.REFRESH_TOKEN);
clientRaw.setResourceIds(Collections.singleton(AppConstant.CLIENT_ID_OAUTH2_ID));
clientRaw.setGrantTypeEnums(enums);
clientRaw.setTypes(new HashSet<>(List.of(ClientType.BACKEND_APP)));
clientRaw.setAccessTokenValiditySeconds(60);
clientRaw.setRefreshTokenValiditySeconds(1000);
ResponseEntity<String> client = ClientUtility.createClient(clientRaw);
String clientId = client.getHeaders().getLocation().toString();
Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
// get jwt
ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, AppConstant.ACCOUNT_USERNAME_ADMIN, AppConstant.ACCOUNT_PASSWORD_ADMIN);
Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
// access endpoint
String url = UrlUtility.getAccessUrl(USER_MNGMT);
HttpHeaders headers = new HttpHeaders();
headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
HttpEntity<String> request = new HttpEntity<>(null, headers);
ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
});
Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
// spring cloud gateway add 60S leeway
Thread.sleep(60000 + 60000 + 2000);
// access access token should expire
ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
});
Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
// get access token with refresh token
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("grant_type", "refresh_token");
params.add("scope", "not_used");
params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
HttpHeaders headers2 = new HttpHeaders();
headers2.setBasicAuth(clientId, clientSecret);
headers2.setContentType(MediaType.MULTIPART_FORM_DATA);
HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
ResponseEntity<DefaultOAuth2AccessToken> exchange1 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
// use new access token for api call
HttpHeaders headers3 = new HttpHeaders();
headers3.setBearerAuth(exchange1.getBody().getValue());
HttpEntity<String> request3 = new HttpEntity<>(null, headers3);
ResponseEntity<SumTotal<User>> exchange3 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request3, new ParameterizedTypeReference<>() {
});
Assert.assertEquals(HttpStatus.OK, exchange3.getStatusCode());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientApiSecurityTest method should_not_able_to_create_client_w_admin_account_when_going_through_proxy.
@Test
public void should_not_able_to_create_client_w_admin_account_when_going_through_proxy() throws JsonProcessingException {
Client client = ClientUtility.getClientAsNonResource(AppConstant.CLIENT_ID_RESOURCE_ID);
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.setBearerAuth(UserUtility.getJwtUser());
String s = mapper.writeValueAsString(client);
HttpEntity<String> request = new HttpEntity<>(s, headers);
ResponseEntity<String> exchange = TestContext.getRestTemplate().exchange(CLIENT_MNGMT_URL, HttpMethod.POST, request, String.class);
Assert.assertEquals(HttpStatus.FORBIDDEN, exchange.getStatusCode());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class GatewayFilterTest method should_sanitize_response_json.
@Test
@Ignore
public void should_sanitize_response_json() {
String url = UrlUtility.getAccessUrl(CLIENTS + "/" + AppConstant.CLIENT_ID_RIGHT_ROLE_NOT_SUFFICIENT_RESOURCE_ID);
HttpHeaders headers = new HttpHeaders();
headers.setBearerAuth(UserUtility.getJwtAdmin());
HttpEntity<String> request = new HttpEntity<>(null, headers);
ResponseEntity<Client> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, Client.class);
Assert.assertEquals("<script>test</script>", exchange.getBody().getDescription());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientIdempotentTest method create_client_then_update_w_same_changeId_two_times.
@Test
public void create_client_then_update_w_same_changeId_two_times() {
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(AppConstant.ACCOUNT_USERNAME_ADMIN, AppConstant.ACCOUNT_PASSWORD_ADMIN);
String bearer = tokenResponse.getBody().getValue();
String s = UUID.randomUUID().toString();
Client oldClient = ClientUtility.getClientAsResource(AppConstant.CLIENT_ID_RESOURCE_ID);
ResponseEntity<String> client1 = ClientUtility.createClient(oldClient, s);
Assert.assertEquals(HttpStatus.OK, client1.getStatusCode());
oldClient.setAccessTokenValiditySeconds(120);
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.setBearerAuth(bearer);
String s2 = UUID.randomUUID().toString();
headers.set("changeId", s2);
headers.set("X-XSRF-TOKEN", "123");
headers.add(HttpHeaders.COOKIE, "XSRF-TOKEN=123");
String url = UrlUtility.getAccessUrl(CLIENTS + "/" + client1.getHeaders().getLocation().toString());
oldClient.setVersion(0);
HttpEntity<Client> request = new HttpEntity<>(oldClient, headers);
ResponseEntity<String> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.PUT, request, String.class);
Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
oldClient.setVersion(1);
ResponseEntity<String> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.PUT, request, String.class);
Assert.assertEquals(HttpStatus.OK, exchange2.getStatusCode());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientIdempotentTest method create_client_then_delete_w_same_changeId_two_times.
@Test
public void create_client_then_delete_w_same_changeId_two_times() {
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(AppConstant.ACCOUNT_USERNAME_ADMIN, AppConstant.ACCOUNT_PASSWORD_ADMIN);
String bearer = tokenResponse.getBody().getValue();
String s = UUID.randomUUID().toString();
Client oldClient = ClientUtility.getClientAsResource(AppConstant.CLIENT_ID_RESOURCE_ID);
ResponseEntity<String> client1 = ClientUtility.createClient(oldClient, s);
Assert.assertEquals(HttpStatus.OK, client1.getStatusCode());
oldClient.setAccessTokenValiditySeconds(120);
String url = UrlUtility.getAccessUrl(CLIENTS + "/" + client1.getHeaders().getLocation().toString());
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.setBearerAuth(bearer);
String s2 = UUID.randomUUID().toString();
headers.set("changeId", s2);
headers.set("X-XSRF-TOKEN", "123");
headers.add(HttpHeaders.COOKIE, "XSRF-TOKEN=123");
HttpEntity<Client> request = new HttpEntity<>(oldClient, headers);
ResponseEntity<String> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.DELETE, request, String.class);
Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
ResponseEntity<String> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.DELETE, request, String.class);
Assert.assertEquals(HttpStatus.OK, exchange2.getStatusCode());
}
Aggregations