Search in sources :

Example 1 with SumTotal

use of com.hw.helper.SumTotal in project mt-auth by publicdevop2019.

the class RefreshTokenTest method refresh_token_should_work.

@Test
public void refresh_token_should_work() throws InterruptedException {
    // create client supports refresh token
    Client clientRaw = ClientUtility.getClientRaw();
    String clientSecret = clientRaw.getClientSecret();
    HashSet<GrantTypeEnum> enums = new HashSet<>();
    enums.add(GrantTypeEnum.PASSWORD);
    enums.add(GrantTypeEnum.REFRESH_TOKEN);
    clientRaw.setResourceIds(Collections.singleton(AppConstant.CLIENT_ID_OAUTH2_ID));
    clientRaw.setGrantTypeEnums(enums);
    clientRaw.setTypes(new HashSet<>(List.of(ClientType.BACKEND_APP)));
    clientRaw.setAccessTokenValiditySeconds(60);
    clientRaw.setRefreshTokenValiditySeconds(1000);
    ResponseEntity<String> client = ClientUtility.createClient(clientRaw);
    String clientId = client.getHeaders().getLocation().toString();
    Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
    // get jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, AppConstant.ACCOUNT_USERNAME_ADMIN, AppConstant.ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
    // access endpoint
    String url = UrlUtility.getAccessUrl(USER_MNGMT);
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
    // spring cloud gateway add 60S leeway
    Thread.sleep(60000 + 60000 + 2000);
    // access access token should expire
    ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
    // get access token with refresh token
    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
    params.add("grant_type", "refresh_token");
    params.add("scope", "not_used");
    params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
    HttpHeaders headers2 = new HttpHeaders();
    headers2.setBasicAuth(clientId, clientSecret);
    headers2.setContentType(MediaType.MULTIPART_FORM_DATA);
    HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
    ResponseEntity<DefaultOAuth2AccessToken> exchange1 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
    Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
    // use new access token for api call
    HttpHeaders headers3 = new HttpHeaders();
    headers3.setBearerAuth(exchange1.getBody().getValue());
    HttpEntity<String> request3 = new HttpEntity<>(null, headers3);
    ResponseEntity<SumTotal<User>> exchange3 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request3, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange3.getStatusCode());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) SumTotal(com.hw.helper.SumTotal) GrantTypeEnum(com.hw.helper.GrantTypeEnum) Client(com.hw.helper.Client) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 2 with SumTotal

use of com.hw.helper.SumTotal in project mt-auth by publicdevop2019.

the class UserTest method read_all_users_with_root_account.

@Test
public void read_all_users_with_root_account() {
    String url = UrlUtility.getAccessUrl(USER_MNGMT);
    ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(AppConstant.ACCOUNT_USERNAME_ADMIN, AppConstant.ACCOUNT_PASSWORD_ADMIN);
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(tokenResponse.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertNotSame(0, exchange.getBody().getData().size());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) SumTotal(com.hw.helper.SumTotal) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 3 with SumTotal

use of com.hw.helper.SumTotal in project mt-auth by publicdevop2019.

the class ClientTest method create_resource_client_and_client_which_access_it_then_resource_client_is_not_accessible.

@Test
public void create_resource_client_and_client_which_access_it_then_resource_client_is_not_accessible() throws InterruptedException {
    Client clientAsResource = ClientUtility.getClientAsResource();
    ResponseEntity<String> client = ClientUtility.createClient(clientAsResource);
    Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
    String resourceClientId = client.getHeaders().getLocation().toString();
    Client clientAsNonResource = ClientUtility.getClientAsNonResource(resourceClientId, CLIENT_ID_OAUTH2_ID);
    HashSet<GrantTypeEnum> enums = new HashSet<>();
    enums.add(GrantTypeEnum.PASSWORD);
    enums.add(GrantTypeEnum.REFRESH_TOKEN);
    clientAsNonResource.setGrantTypeEnums(enums);
    clientAsNonResource.setRefreshTokenValiditySeconds(120);
    ResponseEntity<String> client1 = ClientUtility.createClient(clientAsNonResource);
    Assert.assertEquals(HttpStatus.OK, client1.getStatusCode());
    String clientId = client1.getHeaders().getLocation().toString();
    String clientSecret = clientAsNonResource.getClientSecret();
    // get jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
    // clientAsNonResource can access endpoint
    String url = UrlUtility.getAccessUrl(USER_MNGMT);
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
    // update resource client to remove access
    clientAsResource.setResourceIndicator(false);
    ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    String bearer = tokenResponse.getBody().getValue();
    String url4 = UrlUtility.getAccessUrl(CLIENTS + "/" + resourceClientId);
    HttpHeaders headers4 = new HttpHeaders();
    headers4.setBearerAuth(bearer);
    HttpEntity<Client> request4 = new HttpEntity<>(clientAsResource, headers4);
    ResponseEntity<String> exchange1 = TestContext.getRestTemplate().exchange(url4, HttpMethod.PUT, request4, String.class);
    Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
    Thread.sleep(10000);
    // clientAsNonResource can not access endpoint both access token
    ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
    // even refresh token will not work
    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
    params.add("grant_type", "refresh_token");
    params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
    HttpHeaders headers2 = new HttpHeaders();
    headers2.setBasicAuth(clientId, clientSecret);
    HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
    ResponseEntity<DefaultOAuth2AccessToken> exchange4 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange4.getStatusCode());
    // get new jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient3 = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient3.getStatusCode());
    // clientAsNonResource can access endpoint again
    HttpHeaders headers5 = new HttpHeaders();
    headers5.setBearerAuth(jwtPasswordWithClient3.getBody().getValue());
    HttpEntity<String> request5 = new HttpEntity<>(null, headers5);
    ResponseEntity<SumTotal<User>> exchange5 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request5, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange5.getStatusCode());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) SumTotal(com.hw.helper.SumTotal) GrantTypeEnum(com.hw.helper.GrantTypeEnum) Client(com.hw.helper.Client) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with SumTotal

use of com.hw.helper.SumTotal in project mt-auth by publicdevop2019.

the class ClientTest method admin_account_can_read_client.

@Test
public void admin_account_can_read_client() {
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordAdmin = UserUtility.getJwtPasswordAdmin();
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwtPasswordAdmin.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<Client>> exchange = TestContext.getRestTemplate().exchange(UrlUtility.getAccessUrl(CLIENTS), HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertNotSame(0, exchange.getBody().getData().size());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) SumTotal(com.hw.helper.SumTotal) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 5 with SumTotal

use of com.hw.helper.SumTotal in project mt-auth by publicdevop2019.

the class ClientTest method create_resource_client_and_client_which_access_it_then_delete_resource_client.

@Test
public void create_resource_client_and_client_which_access_it_then_delete_resource_client() throws InterruptedException {
    Client clientAsResource = ClientUtility.getClientAsResource();
    clientAsResource.setName("resource client");
    ResponseEntity<String> client = ClientUtility.createClient(clientAsResource);
    Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
    String resourceClientId = client.getHeaders().getLocation().toString();
    Client clientAsNonResource = ClientUtility.getClientAsNonResource(resourceClientId, CLIENT_ID_OAUTH2_ID);
    HashSet<GrantTypeEnum> enums = new HashSet<>();
    enums.add(GrantTypeEnum.PASSWORD);
    enums.add(GrantTypeEnum.REFRESH_TOKEN);
    clientAsNonResource.setGrantTypeEnums(enums);
    clientAsNonResource.setRefreshTokenValiditySeconds(120);
    clientAsNonResource.setName("non resource client");
    ResponseEntity<String> client1 = ClientUtility.createClient(clientAsNonResource);
    Assert.assertEquals(HttpStatus.OK, client1.getStatusCode());
    String clientId = client1.getHeaders().getLocation().toString();
    String clientSecret = clientAsNonResource.getClientSecret();
    // get jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
    // clientAsNonResource can access endpoint
    String url = UrlUtility.getAccessUrl(USER_MNGMT);
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
    // delete resource client
    ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    String bearer = tokenResponse.getBody().getValue();
    String url4 = UrlUtility.getAccessUrl(CLIENTS + "/" + resourceClientId);
    HttpHeaders headers4 = new HttpHeaders();
    headers4.setBearerAuth(bearer);
    HttpEntity<String> request4 = new HttpEntity<>(null, headers4);
    ResponseEntity<String> exchange1 = TestContext.getRestTemplate().exchange(url4, HttpMethod.DELETE, request4, String.class);
    Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
    Thread.sleep(10000);
    // clientAsNonResource should not have removed client
    String url5 = UrlUtility.getAccessUrl(CLIENTS + "/" + clientId);
    ResponseEntity<Client> exchange3 = TestContext.getRestTemplate().exchange(url5, HttpMethod.GET, request4, Client.class);
    Assert.assertEquals(HttpStatus.OK, exchange3.getStatusCode());
    Set<String> resourceIds = exchange3.getBody().getResourceIds();
    Assert.assertEquals(1, resourceIds.size());
    // clientAsNonResource can not access endpoint both access token
    ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
    // even refresh token will not work
    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
    params.add("grant_type", "refresh_token");
    params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
    HttpHeaders headers2 = new HttpHeaders();
    headers2.setBasicAuth(clientId, clientSecret);
    HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
    ResponseEntity<DefaultOAuth2AccessToken> exchange4 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange4.getStatusCode());
    // get new jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient3 = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient3.getStatusCode());
    // clientAsNonResource can access endpoint again
    HttpHeaders headers5 = new HttpHeaders();
    headers5.setBearerAuth(jwtPasswordWithClient3.getBody().getValue());
    HttpEntity<String> request5 = new HttpEntity<>(null, headers5);
    ResponseEntity<SumTotal<User>> exchange5 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request5, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange5.getStatusCode());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) SumTotal(com.hw.helper.SumTotal) GrantTypeEnum(com.hw.helper.GrantTypeEnum) Client(com.hw.helper.Client) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

SumTotal (com.hw.helper.SumTotal)6 Test (org.junit.Test)6 HttpEntity (org.springframework.http.HttpEntity)6 HttpHeaders (org.springframework.http.HttpHeaders)6 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)5 Client (com.hw.helper.Client)3 GrantTypeEnum (com.hw.helper.GrantTypeEnum)3 HashSet (java.util.HashSet)3 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3 MultiValueMap (org.springframework.util.MultiValueMap)3 EndpointInfo (com.hw.helper.EndpointInfo)1 Ignore (org.junit.Ignore)1