Search in sources :

Example 1 with ADCallbackContext

use of io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestServiceTest method shouldNotUpdateStatus_UnknownRequestId.

@Test
public void shouldNotUpdateStatus_UnknownRequestId() {
    final String STATE = "state";
    final String EXTERNAL_ID = "externalId";
    final String AUTH_REQ_ID = "auth_red_id";
    final boolean requestValidated = new Random().nextBoolean();
    AuthenticationDeviceNotifierProvider provider = mock(AuthenticationDeviceNotifierProvider.class);
    when(notifierManager.getAuthDeviceNotifierProviders()).thenReturn(List.of(provider));
    when(provider.extractUserResponse(any())).thenReturn(Single.just(Optional.of(new ADUserResponse(EXTERNAL_ID, STATE, requestValidated))));
    final JWT stateJwt = new JWT();
    stateJwt.setJti(EXTERNAL_ID);
    when(this.jwtService.decode(STATE)).thenReturn(Single.just(stateJwt));
    when(this.clientService.findByClientId(any())).thenReturn(Maybe.just(new Client()));
    when(this.jwtService.decodeAndVerify(anyString(), any(Client.class))).thenReturn(Single.just(stateJwt));
    final CibaAuthRequest cibaRequest = new CibaAuthRequest();
    cibaRequest.setId(AUTH_REQ_ID);
    when(this.requestRepository.findByExternalId(EXTERNAL_ID)).thenReturn(Maybe.empty());
    final ADCallbackContext context = new ADCallbackContext(MultiMap.caseInsensitiveMultiMap(), MultiMap.caseInsensitiveMultiMap());
    final TestObserver<Void> observer = this.service.validateUserResponse(context).test();
    observer.awaitTerminalEvent();
    observer.assertError(InvalidRequestException.class);
    verify(clientService).findByClientId(any());
    verify(jwtService).decodeAndVerify(anyString(), any(Client.class));
    verify(requestRepository, never()).updateStatus(any(), any());
}
Also used : CibaAuthRequest(io.gravitee.am.repository.oidc.model.CibaAuthRequest) ADCallbackContext(io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext) ADUserResponse(io.gravitee.am.authdevice.notifier.api.model.ADUserResponse) JWT(io.gravitee.am.common.jwt.JWT) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Client(io.gravitee.am.model.oidc.Client) AuthenticationDeviceNotifierProvider(io.gravitee.am.authdevice.notifier.api.AuthenticationDeviceNotifierProvider) Test(org.junit.Test)

Example 2 with ADCallbackContext

use of io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestServiceTest method shouldUpdateAuthReqStatus.

@Test
public void shouldUpdateAuthReqStatus() {
    final String STATE = "state";
    final String EXTERNAL_ID = "externalId";
    final String AUTH_REQ_ID = "auth_red_id";
    final boolean requestValidated = new Random().nextBoolean();
    AuthenticationDeviceNotifierProvider provider = mock(AuthenticationDeviceNotifierProvider.class);
    when(notifierManager.getAuthDeviceNotifierProviders()).thenReturn(List.of(provider));
    when(provider.extractUserResponse(any())).thenReturn(Single.just(Optional.of(new ADUserResponse(EXTERNAL_ID, STATE, requestValidated))));
    final JWT stateJwt = new JWT();
    stateJwt.setJti(EXTERNAL_ID);
    when(this.jwtService.decode(STATE)).thenReturn(Single.just(stateJwt));
    when(this.clientService.findByClientId(any())).thenReturn(Maybe.just(new Client()));
    when(this.jwtService.decodeAndVerify(anyString(), any(Client.class))).thenReturn(Single.just(stateJwt));
    final CibaAuthRequest cibaRequest = new CibaAuthRequest();
    cibaRequest.setId(AUTH_REQ_ID);
    when(this.requestRepository.findByExternalId(EXTERNAL_ID)).thenReturn(Maybe.just(cibaRequest));
    final String status = requestValidated ? AuthenticationRequestStatus.SUCCESS.name() : AuthenticationRequestStatus.REJECTED.name();
    when(this.requestRepository.updateStatus(AUTH_REQ_ID, status)).thenReturn(Single.just(cibaRequest));
    final ADCallbackContext context = new ADCallbackContext(MultiMap.caseInsensitiveMultiMap(), MultiMap.caseInsensitiveMultiMap());
    final TestObserver<Void> observer = this.service.validateUserResponse(context).test();
    observer.awaitTerminalEvent();
    observer.assertNoErrors();
    verify(requestRepository).updateStatus(AUTH_REQ_ID, status);
}
Also used : CibaAuthRequest(io.gravitee.am.repository.oidc.model.CibaAuthRequest) ADCallbackContext(io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext) ADUserResponse(io.gravitee.am.authdevice.notifier.api.model.ADUserResponse) JWT(io.gravitee.am.common.jwt.JWT) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Client(io.gravitee.am.model.oidc.Client) AuthenticationDeviceNotifierProvider(io.gravitee.am.authdevice.notifier.api.AuthenticationDeviceNotifierProvider) Test(org.junit.Test)

Example 3 with ADCallbackContext

use of io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestCallbackHandler method handle.

@Override
public void handle(RoutingContext context) {
    final ADCallbackContext adCallbackContext = new ADCallbackContext(context.request().headers(), context.request().params());
    authRequestService.validateUserResponse(adCallbackContext).doOnComplete(() -> context.response().setStatusCode(HttpStatusCode.OK_200).end()).doOnError(error -> {
        LOGGER.warn("Authentication Request validation can't be processed", error);
        if (error instanceof OAuth2Exception) {
            context.fail(HttpStatusCode.BAD_REQUEST_400, error);
        } else {
            context.fail(HttpStatusCode.INTERNAL_SERVER_ERROR_500);
        }
    }).subscribe();
}
Also used : HttpStatusCode(io.gravitee.common.http.HttpStatusCode) ADCallbackContext(io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext) Logger(org.slf4j.Logger) OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception) LoggerFactory(org.slf4j.LoggerFactory) AuthenticationRequestService(io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService) Handler(io.vertx.core.Handler) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) ADCallbackContext(io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext) OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception)

Example 4 with ADCallbackContext

use of io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestServiceTest method shouldNotUpdateStatus_StateMismatch.

@Test
public void shouldNotUpdateStatus_StateMismatch() {
    final String STATE = "state";
    final String EXTERNAL_ID = "externalId";
    final boolean requestValidated = new Random().nextBoolean();
    AuthenticationDeviceNotifierProvider provider = mock(AuthenticationDeviceNotifierProvider.class);
    when(notifierManager.getAuthDeviceNotifierProviders()).thenReturn(List.of(provider));
    when(provider.extractUserResponse(any())).thenReturn(Single.just(Optional.of(new ADUserResponse("unknown", STATE, requestValidated))));
    final JWT stateJwt = new JWT();
    stateJwt.setJti(EXTERNAL_ID);
    when(this.jwtService.decode(STATE)).thenReturn(Single.just(stateJwt));
    when(this.clientService.findByClientId(any())).thenReturn(Maybe.just(new Client()));
    when(this.jwtService.decodeAndVerify(anyString(), any(Client.class))).thenReturn(Single.just(stateJwt));
    final ADCallbackContext context = new ADCallbackContext(MultiMap.caseInsensitiveMultiMap(), MultiMap.caseInsensitiveMultiMap());
    final TestObserver<Void> observer = this.service.validateUserResponse(context).test();
    observer.awaitTerminalEvent();
    observer.assertError(InvalidRequestException.class);
    verify(clientService).findByClientId(any());
    verify(requestRepository, never()).updateStatus(any(), any());
}
Also used : ADCallbackContext(io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext) ADUserResponse(io.gravitee.am.authdevice.notifier.api.model.ADUserResponse) JWT(io.gravitee.am.common.jwt.JWT) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Client(io.gravitee.am.model.oidc.Client) AuthenticationDeviceNotifierProvider(io.gravitee.am.authdevice.notifier.api.AuthenticationDeviceNotifierProvider) Test(org.junit.Test)

Example 5 with ADCallbackContext

use of io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestServiceTest method shouldNotUpdateStatus_InvalidSignature.

@Test
public void shouldNotUpdateStatus_InvalidSignature() {
    final String STATE = "state";
    final String EXTERNAL_ID = "externalId";
    final boolean requestValidated = new Random().nextBoolean();
    AuthenticationDeviceNotifierProvider provider = mock(AuthenticationDeviceNotifierProvider.class);
    when(notifierManager.getAuthDeviceNotifierProviders()).thenReturn(List.of(provider));
    when(provider.extractUserResponse(any())).thenReturn(Single.just(Optional.of(new ADUserResponse(EXTERNAL_ID, STATE, requestValidated))));
    final JWT stateJwt = new JWT();
    stateJwt.setJti(EXTERNAL_ID);
    when(this.jwtService.decode(STATE)).thenReturn(Single.just(stateJwt));
    when(this.clientService.findByClientId(any())).thenReturn(Maybe.just(new Client()));
    when(this.jwtService.decodeAndVerify(anyString(), any(Client.class))).thenReturn(Single.error(new InvalidTokenException()));
    final ADCallbackContext context = new ADCallbackContext(MultiMap.caseInsensitiveMultiMap(), MultiMap.caseInsensitiveMultiMap());
    final TestObserver<Void> observer = this.service.validateUserResponse(context).test();
    observer.awaitTerminalEvent();
    observer.assertError(InvalidRequestException.class);
    verify(clientService).findByClientId(any());
    verify(requestRepository, never()).updateStatus(any(), any());
}
Also used : InvalidTokenException(io.gravitee.am.common.exception.oauth2.InvalidTokenException) ADCallbackContext(io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext) ADUserResponse(io.gravitee.am.authdevice.notifier.api.model.ADUserResponse) JWT(io.gravitee.am.common.jwt.JWT) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Client(io.gravitee.am.model.oidc.Client) AuthenticationDeviceNotifierProvider(io.gravitee.am.authdevice.notifier.api.AuthenticationDeviceNotifierProvider) Test(org.junit.Test)

Aggregations

ADCallbackContext (io.gravitee.am.authdevice.notifier.api.model.ADCallbackContext)7 AuthenticationDeviceNotifierProvider (io.gravitee.am.authdevice.notifier.api.AuthenticationDeviceNotifierProvider)6 Test (org.junit.Test)6 ADUserResponse (io.gravitee.am.authdevice.notifier.api.model.ADUserResponse)5 JWT (io.gravitee.am.common.jwt.JWT)5 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)5 Client (io.gravitee.am.model.oidc.Client)4 CibaAuthRequest (io.gravitee.am.repository.oidc.model.CibaAuthRequest)2 InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)1 OAuth2Exception (io.gravitee.am.common.exception.oauth2.OAuth2Exception)1 AuthenticationRequestService (io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService)1 HttpStatusCode (io.gravitee.common.http.HttpStatusCode)1 Handler (io.vertx.core.Handler)1 RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)1 Logger (org.slf4j.Logger)1 LoggerFactory (org.slf4j.LoggerFactory)1