use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.
the class JwtSignatureAlgorithmsTest method generateToken.
private String generateToken(final JwtConfig config) {
final Algorithm algorithm = JwtConfigParser.parseAlgorithm(config.getAlgorithm(), config.getPublicKey(), config.getPrivateKey());
final JwtGenerator jwtGenerator = new JwtGenerator(config);
final AccountBO account = AccountBO.builder().id("id").build();
final JWTCreator.Builder tokenBuilder = jwtGenerator.generateUnsignedToken(account, Duration.ofMinutes(5));
return tokenBuilder.sign(algorithm);
}
use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method validateWithAlgNone.
@Test
void validateWithAlgNone() {
final StrategyConfig strategyConfig = strategyConfig(false);
final JwtConfig jwtConfig = jwtConfig();
final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
final AccountBO account = RANDOM.nextObject(AccountBO.class);
final AuthResponseBO tokens = generateToken(jwtConfig, account, null);
final String payload = tokens.getToken().toString().split("\\.")[1];
final String maliciousToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." + payload + ".signature";
assertThat(jwtTokenVerifier.verify(maliciousToken)).isEmpty();
}
use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method validateWithJtiBlacklisted.
@Test
void validateWithJtiBlacklisted() {
final StrategyConfig strategyConfig = strategyConfig(true);
final JwtConfig jwtConfig = jwtConfig();
final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
final String jti = UUID.randomUUID().toString();
Mockito.when(jtiProvider.next()).thenReturn(jti);
Mockito.when(jtiProvider.validate(jti)).thenReturn(false);
final AccountBO account = RANDOM.nextObject(AccountBO.class);
final AuthResponseBO tokens = generateToken(jwtConfig, account, jti);
final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
assertThat(validatedToken.isLeft());
}
use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method validateExpired.
@Test
void validateExpired() {
final StrategyConfig strategyConfig = strategyConfig(false);
final JwtConfig jwtConfig = jwtConfig();
final AccountBO account = RANDOM.nextObject(AccountBO.class);
final Algorithm algorithm = JwtConfigParser.parseAlgorithm(jwtConfig.getAlgorithm(), jwtConfig.getPublicKey(), jwtConfig.getPrivateKey());
final JwtGenerator jwtGenerator = new JwtGenerator(jwtConfig);
final String token = jwtGenerator.generateUnsignedToken(account, Duration.ofMinutes(5)).withExpiresAt(Date.from(Instant.now().minusSeconds(60))).sign(algorithm);
final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(token);
assertThat(validatedToken.isLeft()).isTrue();
assertThat(validatedToken.getLeft()).isInstanceOf(ServiceAuthorizationException.class);
}
use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.
the class AuthorizationCodeToOidcTest method exchangeWithRestrictions.
@Test
void exchangeWithRestrictions() {
final AuthRequestBO authRequest = AuthRequestBO.builder().token("auth code").build();
final AccountTokenDO accountToken = AccountTokenDO.builder().associatedAccountId("account").tokenRestrictions(TokenRestrictionsDO.builder().scopes(Collections.emptySet()).permissions(new HashSet<>(Arrays.asList("perm-1", "perm-2"))).build()).build();
final AccountBO account = AccountBO.builder().id("account").build();
final AuthResponseBO authResponse = AuthResponseBO.builder().token("OIDC").build();
Mockito.when(authorizationCodeVerifier.verifyAndGetAccountToken(authRequest.getToken())).thenReturn(Either.right(accountToken));
Mockito.when(accountsService.getById(accountToken.getAssociatedAccountId())).thenReturn(Optional.of(account));
Mockito.when(openIdConnectTokenProvider.generateToken(account, serviceMapper.toBO(accountToken.getTokenRestrictions()))).thenReturn(authResponse);
final Either<Exception, AuthResponseBO> actual = authorizationCodeToOidc.exchange(authRequest);
assertThat(actual.isRight());
assertThat(actual.get()).isEqualTo(authResponse);
}
Aggregations