use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientTest method create_client_then_replace_it_with_different_client_only_password_is_empty_then_login_with_new_client_but_password_should_be_old_one.
@Test
public void create_client_then_replace_it_with_different_client_only_password_is_empty_then_login_with_new_client_but_password_should_be_old_one() {
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
String bearer = tokenResponse.getBody().getValue();
Client oldClient = ClientUtility.getClientAsNonResource(CLIENT_ID_RESOURCE_ID);
ResponseEntity<String> client1 = ClientUtility.createClient(oldClient);
Client newClient = ClientUtility.getClientAsNonResource(CLIENT_ID_RESOURCE_ID);
newClient.setClientSecret(" ");
newClient.setVersion(0);
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.setBearerAuth(bearer);
HttpEntity<Client> request = new HttpEntity<>(newClient, headers);
String url = UrlUtility.getAccessUrl(CLIENTS + "/" + client1.getHeaders().getLocation().toString());
ResponseEntity<String> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.PUT, request, String.class);
Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse1 = OAuth2Utility.getOAuth2PasswordToken(client1.getHeaders().getLocation().toString(), oldClient.getClientSecret(), ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
Assert.assertEquals(HttpStatus.OK, tokenResponse1.getStatusCode());
Assert.assertNotNull(tokenResponse1.getBody().getValue());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientTest method create_resource_client_and_client_which_access_it_then_delete_resource_client.
@Test
public void create_resource_client_and_client_which_access_it_then_delete_resource_client() throws InterruptedException {
Client clientAsResource = ClientUtility.getClientAsResource();
clientAsResource.setName("resource client");
ResponseEntity<String> client = ClientUtility.createClient(clientAsResource);
Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
String resourceClientId = client.getHeaders().getLocation().toString();
Client clientAsNonResource = ClientUtility.getClientAsNonResource(resourceClientId, CLIENT_ID_OAUTH2_ID);
HashSet<GrantTypeEnum> enums = new HashSet<>();
enums.add(GrantTypeEnum.PASSWORD);
enums.add(GrantTypeEnum.REFRESH_TOKEN);
clientAsNonResource.setGrantTypeEnums(enums);
clientAsNonResource.setRefreshTokenValiditySeconds(120);
clientAsNonResource.setName("non resource client");
ResponseEntity<String> client1 = ClientUtility.createClient(clientAsNonResource);
Assert.assertEquals(HttpStatus.OK, client1.getStatusCode());
String clientId = client1.getHeaders().getLocation().toString();
String clientSecret = clientAsNonResource.getClientSecret();
// get jwt
ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
// clientAsNonResource can access endpoint
String url = UrlUtility.getAccessUrl(USER_MNGMT);
HttpHeaders headers = new HttpHeaders();
headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
HttpEntity<String> request = new HttpEntity<>(null, headers);
ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
});
Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
// delete resource client
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
String bearer = tokenResponse.getBody().getValue();
String url4 = UrlUtility.getAccessUrl(CLIENTS + "/" + resourceClientId);
HttpHeaders headers4 = new HttpHeaders();
headers4.setBearerAuth(bearer);
HttpEntity<String> request4 = new HttpEntity<>(null, headers4);
ResponseEntity<String> exchange1 = TestContext.getRestTemplate().exchange(url4, HttpMethod.DELETE, request4, String.class);
Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
Thread.sleep(10000);
// clientAsNonResource should not have removed client
String url5 = UrlUtility.getAccessUrl(CLIENTS + "/" + clientId);
ResponseEntity<Client> exchange3 = TestContext.getRestTemplate().exchange(url5, HttpMethod.GET, request4, Client.class);
Assert.assertEquals(HttpStatus.OK, exchange3.getStatusCode());
Set<String> resourceIds = exchange3.getBody().getResourceIds();
Assert.assertEquals(1, resourceIds.size());
// clientAsNonResource can not access endpoint both access token
ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
});
Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
// even refresh token will not work
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("grant_type", "refresh_token");
params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
HttpHeaders headers2 = new HttpHeaders();
headers2.setBasicAuth(clientId, clientSecret);
HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
ResponseEntity<DefaultOAuth2AccessToken> exchange4 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange4.getStatusCode());
// get new jwt
ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient3 = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient3.getStatusCode());
// clientAsNonResource can access endpoint again
HttpHeaders headers5 = new HttpHeaders();
headers5.setBearerAuth(jwtPasswordWithClient3.getBody().getValue());
HttpEntity<String> request5 = new HttpEntity<>(null, headers5);
ResponseEntity<SumTotal<User>> exchange5 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request5, new ParameterizedTypeReference<>() {
});
Assert.assertEquals(HttpStatus.OK, exchange5.getStatusCode());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientTest method root_client_is_not_deletable.
@Test
public void root_client_is_not_deletable() {
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
String bearer = tokenResponse.getBody().getValue();
Client oldClient = ClientUtility.getClientAsNonResource(CLIENT_ID_RESOURCE_ID);
/**
* add ROLE_ROOT so it can not be deleted
*/
oldClient.setTypes(new HashSet<>(Arrays.asList(ClientType.BACKEND_APP, ClientType.ROOT_APPLICATION)));
ResponseEntity<String> client1 = ClientUtility.createClient(oldClient);
String url = UrlUtility.getAccessUrl(CLIENTS + "/" + client1.getHeaders().getLocation().toString());
HttpHeaders headers = new HttpHeaders();
headers.setBearerAuth(bearer);
HttpEntity<String> request = new HttpEntity<>(null, headers);
ResponseEntity<String> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.DELETE, request, String.class);
Assert.assertEquals(HttpStatus.BAD_REQUEST, exchange.getStatusCode());
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse1 = OAuth2Utility.getOAuth2PasswordToken(client1.getHeaders().getLocation().toString(), oldClient.getClientSecret(), ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
Assert.assertEquals(HttpStatus.OK, tokenResponse1.getStatusCode());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientTest method should_not_able_to_create_client_which_is_resource_itself_with_wrong_resource_ids.
@Test
public void should_not_able_to_create_client_which_is_resource_itself_with_wrong_resource_ids() {
Client client = ClientUtility.getClientAsResource(CLIENT_ID_TEST_ID);
ResponseEntity<String> exchange = ClientUtility.createClient(client);
Assert.assertEquals(HttpStatus.BAD_REQUEST, exchange.getStatusCode());
}
use of com.hw.helper.Client in project mt-auth by publicdevop2019.
the class ClientTest method should_not_be_able_to_update_client_type_once_created.
@Test
public void should_not_be_able_to_update_client_type_once_created() throws JsonProcessingException {
ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
String bearer = tokenResponse.getBody().getValue();
Client oldClient = ClientUtility.getClientAsNonResource(CLIENT_ID_RESOURCE_ID);
ResponseEntity<String> client1 = ClientUtility.createClient(oldClient);
Client newClient = ClientUtility.getInvalidClientAsResource(CLIENT_ID_RESOURCE_ID);
newClient.setClientSecret(" ");
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.setBearerAuth(bearer);
String s1 = mapper.writeValueAsString(newClient);
String url = UrlUtility.getAccessUrl(CLIENTS + "/" + client1.getHeaders().getLocation().toString());
HttpEntity<String> request = new HttpEntity<>(s1, headers);
ResponseEntity<String> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.PUT, request, String.class);
Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
ResponseEntity<Client> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, Client.class);
Assert.assertEquals(HttpStatus.OK, exchange2.getStatusCode());
Assert.assertTrue(exchange2.getBody().getTypes().contains(ClientType.BACKEND_APP));
Assert.assertTrue(exchange2.getBody().getTypes().contains(ClientType.FIRST_PARTY));
}
Aggregations