use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.
the class AcquireTokenSilentHandlerTest method testMRRTExistInPreferredLocation.
@Test
public void testMRRTExistInPreferredLocation() throws IOException, JSONException {
final FileMockContext mockContext = new FileMockContext(getContext());
final ITokenCacheStore mockedCache = new DefaultTokenCacheStore(getContext());
clearCache(mockedCache);
updateAuthorityMetadataCache();
// insert token with authority as preferred cache
final String resource = "resource";
final String clientId = "clientId";
final String preferredCacheAuthority = "https://preferred.cache/test.onmicrosoft.com";
final String mrrtForPreferredCache = "rt with preferred cache";
final TokenCacheItem mrrtTokenCacheItem = Util.getTokenCacheItem(preferredCacheAuthority, null, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
mrrtTokenCacheItem.setRefreshToken(mrrtForPreferredCache);
mrrtTokenCacheItem.setIsMultiResourceRefreshToken(true);
saveTokenIntoCache(mockedCache, mrrtTokenCacheItem);
final String testHostAuthority = "https://test.host/test.onmicrosoft.com";
final TokenCacheItem mrrtWithTestHost = Util.getTokenCacheItem(testHostAuthority, null, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
mrrtWithTestHost.setRefreshToken("rt with test host");
saveTokenIntoCache(mockedCache, mrrtWithTestHost);
final AuthenticationRequest authenticationRequest = getAuthenticationRequest(testHostAuthority, resource, clientId, false);
authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockedCache);
// inject mocked web request handler
final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(mrrtForPreferredCache, clientId, resource)), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_OK, Util.getSuccessTokenResponse(false, false), null));
acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
try {
final AuthenticationResult result = acquireTokenSilentHandler.getAccessToken();
assertNotNull(result);
assertNotNull(result.getAccessToken());
} catch (final AuthenticationException e) {
fail();
}
Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(mrrtForPreferredCache, clientId, resource)), Mockito.anyString());
// verify token items
assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForMRRT(preferredCacheAuthority, clientId, TEST_IDTOKEN_USERID)));
assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForMRRT(preferredCacheAuthority, clientId, TEST_IDTOKEN_UPN)));
clearCache(mockedCache);
}
use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.
the class AcquireTokenSilentHandlerTest method testRegularRT.
// Verify if regular RT exists, if the RT is not MRRT, we only redeem token with the regular RT.
@Test
public void testRegularRT() throws IOException, JSONException {
FileMockContext mockContext = new FileMockContext(getContext());
final ITokenCacheStore mockedCache = new DefaultTokenCacheStore(getContext());
final String resource = "resource";
final String clientId = "clientId";
// Add regular RT in the cache, RT is not MRRT
final TokenCacheItem regularTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
final String regularRT = "Regular RT";
regularTokenCacheItem.setRefreshToken(regularRT);
saveTokenIntoCache(mockedCache, regularTokenCacheItem);
// Add MRRT in the cache for different clientid
final String mrrtClientId = "clientId2";
final TokenCacheItem mrrtTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, resource, mrrtClientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
final String mrrt = "MRRT Refresh Token";
mrrtTokenCacheItem.setRefreshToken(mrrt);
mrrtTokenCacheItem.setResource(null);
mrrtTokenCacheItem.setFamilyClientId("familyClientId");
mrrtTokenCacheItem.setIsMultiResourceRefreshToken(true);
saveTokenIntoCache(mockedCache, mrrtTokenCacheItem);
final AuthenticationRequest authenticationRequest = getAuthenticationRequest(VALID_AUTHORITY, resource, clientId, false);
authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockedCache);
// inject mocked web request handler
final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
// Token redeem with RT fail with invalid_grant.
final byte[] postMessage = Util.getPostMessage(regularRT, clientId, resource);
Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(postMessage), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_BAD_REQUEST, Util.getErrorResponseBody("invalid_grant"), null));
acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
try {
final AuthenticationResult authenticationResult = acquireTokenSilentHandler.getAccessToken();
assertNotNull(authenticationResult);
assertTrue(authenticationResult.getErrorCode().equalsIgnoreCase("invalid_grant"));
} catch (AuthenticationException authException) {
fail("Unexpected Exception");
}
ArgumentCaptor<byte[]> webRequestHandlerArgument = ArgumentCaptor.forClass(byte[].class);
Mockito.verify(mockedWebRequestHandler).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), webRequestHandlerArgument.capture(), Mockito.anyString());
assertTrue(Arrays.equals(postMessage, webRequestHandlerArgument.getValue()));
// verify regular token entry not existed
assertNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_USERID)));
assertNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_UPN)));
// verify MRRT entry exist
assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, mrrtClientId, TEST_IDTOKEN_USERID)));
assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, mrrtClientId, TEST_IDTOKEN_UPN)));
clearCache(mockedCache);
}
use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.
the class AcquireTokenSilentHandlerTest method testRTExistedInPreferredCache.
@Test
public void testRTExistedInPreferredCache() throws IOException, JSONException {
final FileMockContext mockContext = new FileMockContext(getContext());
final ITokenCacheStore mockedCache = new DefaultTokenCacheStore(getContext());
clearCache(mockedCache);
updateAuthorityMetadataCache();
// insert token with authority as preferred cache
final String resource = "resource";
final String clientId = "clientId";
// Add regular RT item without RT in the cache
final String preferredCacheAuthority = "https://preferred.cache/test.onmicrosoft.com";
final String rtForPreferredCache = "rt with preferred cache";
final TokenCacheItem rtTokenCacheItem = Util.getTokenCacheItem(preferredCacheAuthority, resource, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
rtTokenCacheItem.setRefreshToken(rtForPreferredCache);
rtTokenCacheItem.setIsMultiResourceRefreshToken(false);
saveTokenIntoCache(mockedCache, rtTokenCacheItem);
// insert token with authority as aliased host
final String testHostAuthority = "https://test.host/test.onmicrosoft.com";
final TokenCacheItem itemWithTestHost = Util.getTokenCacheItem(testHostAuthority, resource, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
itemWithTestHost.setRefreshToken("rt with test host");
saveTokenIntoCache(mockedCache, itemWithTestHost);
final AuthenticationRequest authenticationRequest = getAuthenticationRequest(testHostAuthority, resource, clientId, false);
authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockedCache);
// inject mocked web request handler
final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(rtForPreferredCache, clientId, resource)), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_OK, Util.getSuccessTokenResponse(false, false), null));
acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
try {
final AuthenticationResult result = acquireTokenSilentHandler.getAccessToken();
assertNotNull(result);
assertNotNull(result.getAccessToken());
} catch (final AuthenticationException e) {
fail();
}
Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(rtForPreferredCache, clientId, resource)), Mockito.anyString());
// verify token items
assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(preferredCacheAuthority, resource, clientId, TEST_IDTOKEN_USERID)));
assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(preferredCacheAuthority, resource, clientId, TEST_IDTOKEN_UPN)));
clearCache(mockedCache);
}
use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.
the class AcquireTokenSilentHandlerTest method testFRTFailedWithInvalidGrant.
/**
* Make sure if we have a family token in the cache and we fail to redeem access token with FRT, we correctly fail.
* Also make sure only FRT token entry is deleted.
*/
@Test
public void testFRTFailedWithInvalidGrant() throws IOException, JSONException {
FileMockContext mockContext = new FileMockContext(getContext());
final ITokenCacheStore mockCache = new DefaultTokenCacheStore(mockContext);
mockCache.removeAll();
// note: if only FRT exists, cache key will be hard-coded to 1
final TokenCacheItem frTokenCacheItem = getTokenCacheItemWithFoCI(TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN, AuthenticationConstants.MS_FAMILY_ID);
saveTokenIntoCache(mockCache, frTokenCacheItem);
final String resource = "resource";
final String clientId = "clientId";
final AuthenticationRequest authenticationRequest = getAuthenticationRequest(VALID_AUTHORITY, resource, clientId, false);
authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockCache);
// inject mocked web request handler
final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), Mockito.any(byte[].class), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_BAD_REQUEST, Util.getErrorResponseBody("invalid_grant"), null));
acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
try {
final AuthenticationResult authenticationResult = acquireTokenSilentHandler.getAccessToken();
assertNotNull(authenticationResult);
assertTrue(authenticationResult.getErrorCode().equalsIgnoreCase("invalid_grant"));
} catch (AuthenticationException e) {
fail("Unexpected exception");
}
// Verify Cache entry
// Token request with FRT should delete token cache entry with FRT
assertNull(mockCache.getItem(CacheKey.createCacheKeyForFRT(VALID_AUTHORITY, AuthenticationConstants.MS_FAMILY_ID, TEST_IDTOKEN_UPN)));
assertNull(mockCache.getItem(CacheKey.createCacheKeyForFRT(VALID_AUTHORITY, AuthenticationConstants.MS_FAMILY_ID, TEST_IDTOKEN_UPN)));
clearCache(mockCache);
}
use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.
the class AcquireTokenSilentHandlerTest method testMRRTRequestFailsTryFRT.
/**
* Test if MRRT is not marked as FRT, if the MRRT request fails, we will try with FRT.
*/
@Test
public void testMRRTRequestFailsTryFRT() throws JSONException, IOException {
FileMockContext mockContext = new FileMockContext(getContext());
final ITokenCacheStore mockCache = new DefaultTokenCacheStore(getContext());
mockCache.removeAll();
final String clientId = "clientId";
final String resource = "resource";
// MRRT token Cache Item without FoCI flag
final String mrrtToken = "MRRT Refresh Token";
final TokenCacheItem mrrtTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, null, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
mrrtTokenCacheItem.setRefreshToken(mrrtToken);
mrrtTokenCacheItem.setIsMultiResourceRefreshToken(true);
saveTokenIntoCache(mockCache, mrrtTokenCacheItem);
// FRT token cache item
final TokenCacheItem frtTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, null, null, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
final String frtToken = "FRT Refresh Token";
frtTokenCacheItem.setRefreshToken(frtToken);
frtTokenCacheItem.setIsMultiResourceRefreshToken(true);
frtTokenCacheItem.setFamilyClientId(AuthenticationConstants.MS_FAMILY_ID);
saveTokenIntoCache(mockCache, frtTokenCacheItem);
final AuthenticationRequest authenticationRequest = getAuthenticationRequest(VALID_AUTHORITY, resource, clientId, false);
authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockCache);
// inject mocked web request handler
final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
// MRRT request fails with invalid_grant
Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(mrrtToken, clientId, resource)), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_BAD_REQUEST, Util.getErrorResponseBody("invalid_grant"), null));
// FRT request succeed
Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(frtToken, clientId, resource)), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_OK, Util.getSuccessTokenResponse(true, true), null));
acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
try {
final AuthenticationResult authResult = acquireTokenSilentHandler.getAccessToken();
assertNotNull(authResult);
assertNull(authResult.getErrorCode());
assertNotNull(authResult.getAccessToken());
assertNotNull(authResult.getRefreshToken());
} catch (final AuthenticationException e) {
fail("Unexpected exception");
}
// Verify post request with MRRT token is executed first, followed by post request with FRT.
Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(mrrtToken, clientId, resource)), Mockito.anyString());
Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(frtToken, clientId, resource)), Mockito.anyString());
// Verify cache entry, FRT return token back, should store entries with user in cache.
// FRT token entry
assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForFRT(VALID_AUTHORITY, "familyClientId", TEST_IDTOKEN_USERID)));
assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForFRT(VALID_AUTHORITY, "familyClientId", TEST_IDTOKEN_UPN)));
// MRRT token entry
assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, clientId, TEST_IDTOKEN_USERID)));
assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, clientId, TEST_IDTOKEN_UPN)));
// RT entry
assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_USERID)));
assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_UPN)));
clearCache(mockCache);
}
Aggregations