Examples with Subject com.nimbusds.oauth2.sdk.id.Subject used on opensource projects

Search in sources :

Example 71 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class ResetPasswordRequestHandlerTest method shouldReturn400IfUserIsBlockedFromRequestingAnyMorePasswordResets.

@Test
public void shouldReturn400IfUserIsBlockedFromRequestingAnyMorePasswordResets() {
    Subject subject = new Subject("subject_1");
    String sessionId = "1233455677";
    when(authenticationService.getSubjectFromEmail(TEST_EMAIL_ADDRESS)).thenReturn(subject);
    Session session = mock(Session.class);
    when(session.getEmailAddress()).thenReturn(TEST_EMAIL_ADDRESS);
    when(session.getSessionId()).thenReturn(sessionId);
    when(session.validateSession(TEST_EMAIL_ADDRESS)).thenReturn(true);
    when(session.getPasswordResetCount()).thenReturn(0);
    when(codeStorageService.isBlockedForEmail(TEST_EMAIL_ADDRESS, PASSWORD_RESET_BLOCKED_KEY_PREFIX)).thenReturn(true);
    when(sessionService.getSessionFromRequestHeaders(anyMap())).thenReturn(Optional.of(session));
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(Map.of("Session-Id", sessionId));
    event.setBody(format("{ \"email\": \"%s\" }", TEST_EMAIL_ADDRESS));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertEquals(400, result.getStatusCode());
    assertThat(result, hasJsonBody(ErrorResponse.ERROR_1023));
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) JsonArgumentMatcher.containsJsonString(uk.gov.di.authentication.sharedtest.matchers.JsonArgumentMatcher.containsJsonString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Subject(com.nimbusds.oauth2.sdk.id.Subject) Session(uk.gov.di.authentication.shared.entity.Session) Test(org.junit.jupiter.api.Test)

Example 72 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class ResetPasswordIntegrationTest method shouldUpdatePasswordAndReturn204ForRequestWithNoCode.

@Test
public void shouldUpdatePasswordAndReturn204ForRequestWithNoCode() throws Json.JsonException {
    String subject = "new-subject";
    String sessionId = redis.createSession();
    userStore.signUp(EMAIL_ADDRESS, "password-1", new Subject(subject));
    redis.addEmailToSession(sessionId, EMAIL_ADDRESS);
    var response = makeRequest(Optional.of(new ResetPasswordCompletionRequest(null, PASSWORD)), constructFrontendHeaders(sessionId), Map.of());
    assertThat(response, hasStatus(204));
    List<NotifyRequest> requests = notificationsQueue.getMessages(NotifyRequest.class);
    assertThat(requests, hasSize(1));
    assertThat(requests.get(0).getDestination(), equalTo(EMAIL_ADDRESS));
    assertThat(requests.get(0).getNotificationType(), equalTo(PASSWORD_RESET_CONFIRMATION));
    assertEventTypesReceived(auditTopic, List.of(PASSWORD_RESET_SUCCESSFUL));
}
Also used : NotifyRequest(uk.gov.di.authentication.shared.entity.NotifyRequest) Subject(com.nimbusds.oauth2.sdk.id.Subject) ResetPasswordCompletionRequest(uk.gov.di.authentication.frontendapi.entity.ResetPasswordCompletionRequest) Test(org.junit.jupiter.api.Test) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)

Example 73 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class TokenIntegrationTest method shouldCallTokenResourceAndReturnAccessAndRefreshToken.

@ParameterizedTest
@MethodSource("validVectorValues")
void shouldCallTokenResourceAndReturnAccessAndRefreshToken(Optional<String> vtr, String expectedVotClaim, Optional<String> clientId) throws Exception {
    KeyPair keyPair = KeyPairHelper.GENERATE_RSA_KEY_PAIR();
    Scope scope = new Scope(OIDCScopeValue.OPENID.getValue(), OIDCScopeValue.OFFLINE_ACCESS.getValue());
    setUpDynamo(keyPair, scope, new Subject());
    var response = generateTokenRequest(keyPair, scope, vtr, Optional.empty(), clientId);
    assertThat(response, hasStatus(200));
    JSONObject jsonResponse = JSONObjectUtils.parse(response.getBody());
    assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getRefreshToken());
    assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken());
    assertThat(OIDCTokenResponse.parse(jsonResponse).getOIDCTokens().getIDToken().getJWTClaimsSet().getClaim(VOT.getValue()), equalTo(expectedVotClaim));
    assertNoAuditEventsReceived(auditTopic);
}
Also used : KeyPair(java.security.KeyPair) Scope(com.nimbusds.oauth2.sdk.Scope) JSONObject(net.minidev.json.JSONObject) Subject(com.nimbusds.oauth2.sdk.id.Subject) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 74 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class TokenIntegrationTest method shouldReturnIdTokenWithPublicSubjectId.

@Test
void shouldReturnIdTokenWithPublicSubjectId() throws Exception {
    KeyPair keyPair = KeyPairHelper.GENERATE_RSA_KEY_PAIR();
    Scope scope = new Scope(OIDCScopeValue.OPENID.getValue(), OIDCScopeValue.OFFLINE_ACCESS.getValue());
    setUpDynamo(keyPair, scope, new Subject());
    var response = generateTokenRequest(keyPair, scope, Optional.empty(), Optional.empty(), Optional.of(CLIENT_ID));
    assertThat(response, hasStatus(200));
    JSONObject jsonResponse = JSONObjectUtils.parse(response.getBody());
    assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getRefreshToken());
    assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken());
    assertThat(OIDCTokenResponse.parse(jsonResponse).getOIDCTokens().getIDToken().getJWTClaimsSet().getSubject(), equalTo(userStore.getPublicSubjectIdForEmail(TEST_EMAIL)));
    assertNoAuditEventsReceived(auditTopic);
}
Also used : KeyPair(java.security.KeyPair) Scope(com.nimbusds.oauth2.sdk.Scope) JSONObject(net.minidev.json.JSONObject) Subject(com.nimbusds.oauth2.sdk.id.Subject) Test(org.junit.jupiter.api.Test) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 75 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class TokenIntegrationTest method shouldCallTokenResourceWithRefreshTokenGrantAndReturn200.

@Test
void shouldCallTokenResourceWithRefreshTokenGrantAndReturn200() throws Exception {
    Scope scope = new Scope(OIDCScopeValue.OPENID, OIDCScopeValue.EMAIL, OIDCScopeValue.OFFLINE_ACCESS);
    Subject publicSubject = new Subject();
    Subject internalSubject = new Subject();
    KeyPair keyPair = KeyPairHelper.GENERATE_RSA_KEY_PAIR();
    setUpDynamo(keyPair, scope, internalSubject);
    SignedJWT signedJWT = generateSignedRefreshToken(scope, publicSubject);
    RefreshToken refreshToken = new RefreshToken(signedJWT.serialize());
    RefreshTokenStore tokenStore = new RefreshTokenStore(refreshToken.getValue(), internalSubject.getValue());
    redis.addToRedis(REFRESH_TOKEN_PREFIX + signedJWT.getJWTClaimsSet().getJWTID(), objectMapper.writeValueAsString(tokenStore), 900L);
    PrivateKey privateKey = keyPair.getPrivate();
    JWTAuthenticationClaimsSet claimsSet = new JWTAuthenticationClaimsSet(new ClientID(CLIENT_ID), new Audience(ROOT_RESOURCE_URL + TOKEN_ENDPOINT));
    var expiryDate = NowHelper.nowPlus(5, ChronoUnit.MINUTES);
    claimsSet.getExpirationTime().setTime(expiryDate.getTime());
    var privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, (RSAPrivateKey) privateKey, null, null);
    Map<String, List<String>> customParams = new HashMap<>();
    customParams.put("grant_type", Collections.singletonList(GrantType.REFRESH_TOKEN.getValue()));
    customParams.put("client_id", Collections.singletonList(CLIENT_ID));
    customParams.put("refresh_token", Collections.singletonList(refreshToken.getValue()));
    Map<String, List<String>> privateKeyParams = privateKeyJWT.toParameters();
    privateKeyParams.putAll(customParams);
    String requestParams = URLUtils.serializeParameters(privateKeyParams);
    var response = makeRequest(Optional.of(requestParams), Map.of(), Map.of());
    assertThat(response, hasStatus(200));
    JSONObject jsonResponse = JSONObjectUtils.parse(response.getBody());
    assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getRefreshToken());
    assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken());
    assertNoAuditEventsReceived(auditTopic);
}
Also used : RefreshTokenStore(uk.gov.di.authentication.shared.entity.RefreshTokenStore) KeyPair(java.security.KeyPair) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) Audience(com.nimbusds.oauth2.sdk.id.Audience) HashMap(java.util.HashMap) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) SignedJWT(com.nimbusds.jwt.SignedJWT) Subject(com.nimbusds.oauth2.sdk.id.Subject) RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) Scope(com.nimbusds.oauth2.sdk.Scope) JSONObject(net.minidev.json.JSONObject) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet) Collections.singletonList(java.util.Collections.singletonList) List(java.util.List) Test(org.junit.jupiter.api.Test) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

Subject (com.nimbusds.oauth2.sdk.id.Subject)59 Test (org.junit.jupiter.api.Test)36 SignedJWT (com.nimbusds.jwt.SignedJWT)22 Date (java.util.Date)22 ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)19 UserProfile (uk.gov.di.authentication.shared.entity.UserProfile)18 KeyPair (java.security.KeyPair)16 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)15 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)13 ParseException (com.nimbusds.oauth2.sdk.ParseException)12 Scope (com.nimbusds.oauth2.sdk.Scope)12 APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)11 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)11 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)10 ECKeyGenerator (com.nimbusds.jose.jwk.gen.ECKeyGenerator)9 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)9 ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)8 Issuer (com.nimbusds.oauth2.sdk.id.Issuer)8 IDTokenClaimsSet (com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet)8 LocalDateTime (java.time.LocalDateTime)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial