Search in sources :

Example 1 with AccountBO

use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.

the class JwtSignatureAlgorithmsTest method generateToken.

private String generateToken(final JwtConfig config) {
    final Algorithm algorithm = JwtConfigParser.parseAlgorithm(config.getAlgorithm(), config.getPublicKey(), config.getPrivateKey());
    final JwtGenerator jwtGenerator = new JwtGenerator(config);
    final AccountBO account = AccountBO.builder().id("id").build();
    final JWTCreator.Builder tokenBuilder = jwtGenerator.generateUnsignedToken(account, Duration.ofMinutes(5));
    return tokenBuilder.sign(algorithm);
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JWTCreator(com.auth0.jwt.JWTCreator) Algorithm(com.auth0.jwt.algorithms.Algorithm)

Example 2 with AccountBO

use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validateWithAlgNone.

@Test
void validateWithAlgNone() {
    final StrategyConfig strategyConfig = strategyConfig(false);
    final JwtConfig jwtConfig = jwtConfig();
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final AuthResponseBO tokens = generateToken(jwtConfig, account, null);
    final String payload = tokens.getToken().toString().split("\\.")[1];
    final String maliciousToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." + payload + ".signature";
    assertThat(jwtTokenVerifier.verify(maliciousToken)).isEmpty();
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO) Test(org.junit.jupiter.api.Test)

Example 3 with AccountBO

use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validateWithJtiBlacklisted.

@Test
void validateWithJtiBlacklisted() {
    final StrategyConfig strategyConfig = strategyConfig(true);
    final JwtConfig jwtConfig = jwtConfig();
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final String jti = UUID.randomUUID().toString();
    Mockito.when(jtiProvider.next()).thenReturn(jti);
    Mockito.when(jtiProvider.validate(jti)).thenReturn(false);
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final AuthResponseBO tokens = generateToken(jwtConfig, account, jti);
    final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
    assertThat(validatedToken.isLeft());
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException) Test(org.junit.jupiter.api.Test)

Example 4 with AccountBO

use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validateExpired.

@Test
void validateExpired() {
    final StrategyConfig strategyConfig = strategyConfig(false);
    final JwtConfig jwtConfig = jwtConfig();
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final Algorithm algorithm = JwtConfigParser.parseAlgorithm(jwtConfig.getAlgorithm(), jwtConfig.getPublicKey(), jwtConfig.getPrivateKey());
    final JwtGenerator jwtGenerator = new JwtGenerator(jwtConfig);
    final String token = jwtGenerator.generateUnsignedToken(account, Duration.ofMinutes(5)).withExpiresAt(Date.from(Instant.now().minusSeconds(60))).sign(algorithm);
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(token);
    assertThat(validatedToken.isLeft()).isTrue();
    assertThat(validatedToken.getLeft()).isInstanceOf(ServiceAuthorizationException.class);
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) Algorithm(com.auth0.jwt.algorithms.Algorithm) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException) Test(org.junit.jupiter.api.Test)

Example 5 with AccountBO

use of com.nexblocks.authguard.service.model.AccountBO in project AuthGuard by AuthGuard.

the class AuthorizationCodeToOidcTest method exchangeWithRestrictions.

@Test
void exchangeWithRestrictions() {
    final AuthRequestBO authRequest = AuthRequestBO.builder().token("auth code").build();
    final AccountTokenDO accountToken = AccountTokenDO.builder().associatedAccountId("account").tokenRestrictions(TokenRestrictionsDO.builder().scopes(Collections.emptySet()).permissions(new HashSet<>(Arrays.asList("perm-1", "perm-2"))).build()).build();
    final AccountBO account = AccountBO.builder().id("account").build();
    final AuthResponseBO authResponse = AuthResponseBO.builder().token("OIDC").build();
    Mockito.when(authorizationCodeVerifier.verifyAndGetAccountToken(authRequest.getToken())).thenReturn(Either.right(accountToken));
    Mockito.when(accountsService.getById(accountToken.getAssociatedAccountId())).thenReturn(Optional.of(account));
    Mockito.when(openIdConnectTokenProvider.generateToken(account, serviceMapper.toBO(accountToken.getTokenRestrictions()))).thenReturn(authResponse);
    final Either<Exception, AuthResponseBO> actual = authorizationCodeToOidc.exchange(authRequest);
    assertThat(actual.isRight());
    assertThat(actual.get()).isEqualTo(authResponse);
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) AccountTokenDO(com.nexblocks.authguard.dal.model.AccountTokenDO) AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO) AuthRequestBO(com.nexblocks.authguard.service.model.AuthRequestBO) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Aggregations

AccountBO (com.nexblocks.authguard.service.model.AccountBO)55 Test (org.junit.jupiter.api.Test)43 AccountTokenDO (com.nexblocks.authguard.dal.model.AccountTokenDO)21 Message (com.nexblocks.authguard.emb.model.Message)15 AuthResponseBO (com.nexblocks.authguard.service.model.AuthResponseBO)15 OtpMessageBody (com.nexblocks.authguard.basic.otp.OtpMessageBody)8 PasswordlessMessageBody (com.nexblocks.authguard.basic.passwordless.PasswordlessMessageBody)8 OneTimePasswordBO (com.nexblocks.authguard.service.model.OneTimePasswordBO)8 ServiceAuthorizationException (com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)7 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)6 ImmutableTextMessage (com.nexblocks.authguard.external.sms.ImmutableTextMessage)6 RequestContextBO (com.nexblocks.authguard.service.model.RequestContextBO)6 ImmutableEmail (com.nexblocks.authguard.external.email.ImmutableEmail)5 JwtConfig (com.nexblocks.authguard.service.config.JwtConfig)5 StrategyConfig (com.nexblocks.authguard.service.config.StrategyConfig)5 ServiceException (com.nexblocks.authguard.service.exceptions.ServiceException)5 AuthRequestBO (com.nexblocks.authguard.service.model.AuthRequestBO)5 CreateAccountRequestDTO (com.nexblocks.authguard.api.dto.requests.CreateAccountRequestDTO)4 OtpConfig (com.nexblocks.authguard.basic.config.OtpConfig)4 CreateCompleteAccountRequestDTO (com.nexblocks.authguard.api.dto.requests.CreateCompleteAccountRequestDTO)3