Search in sources :

Example 1 with CibaAuthenticationRequest

use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestAcknowledgeHandlerTest method shouldGenerateAuthReqId.

@Test
public void shouldGenerateAuthReqId() throws Exception {
    CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
    cibaRequest.setLoginHint("username");
    cibaRequest.setSubject("usernameuuid");
    router.route().order(-1).handler(routingContext -> {
        routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        routingContext.put(ConstantKeys.CIBA_AUTH_REQUEST_KEY, cibaRequest);
        routingContext.next();
    });
    when(jwtService.encode(any(JWT.class), any(Client.class))).thenReturn(Single.just("signed_jwt"));
    final CibaAuthRequest req = new CibaAuthRequest();
    req.setCreatedAt(new Date());
    req.setExpireAt(new Date());
    when(authReqService.register(any(), any())).thenReturn(Single.just(req));
    when(authReqService.updateAuthDeviceInformation(any())).thenReturn(Single.just(req));
    when(authReqService.notify(any())).thenReturn(Single.just(new ADNotificationResponse("jit")));
    testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.OK_200, "OK", null);
    verify(authReqService).register(any(), any());
    verify(authReqService).updateAuthDeviceInformation(any());
    verify(authReqService).notify(any());
}
Also used : CibaAuthRequest(io.gravitee.am.repository.oidc.model.CibaAuthRequest) JWT(io.gravitee.am.common.jwt.JWT) CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest) Client(io.gravitee.am.model.oidc.Client) Date(java.util.Date) ADNotificationResponse(io.gravitee.am.authdevice.notifier.api.model.ADNotificationResponse) Test(org.junit.Test)

Example 2 with CibaAuthenticationRequest

use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestAcknowledgeHandlerTest method shouldNotGenerateAuthReqId_RegistrationFailure.

@Test
public void shouldNotGenerateAuthReqId_RegistrationFailure() throws Exception {
    CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
    cibaRequest.setLoginHint("username");
    cibaRequest.setSubject("usernameuuid");
    router.route().order(-1).handler(routingContext -> {
        routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        routingContext.put(ConstantKeys.CIBA_AUTH_REQUEST_KEY, cibaRequest);
        routingContext.next();
    });
    when(jwtService.encode(any(JWT.class), any(Client.class))).thenReturn(Single.just("signed_jwt"));
    when(authReqService.register(any(), any())).thenReturn(Single.error(new TechnicalException()));
    testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.INTERNAL_SERVER_ERROR_500, "Internal Server Error", null);
    verify(authReqService).register(any(), any());
    verify(authReqService, never()).updateAuthDeviceInformation(any());
    verify(notifier, never()).notify(any());
}
Also used : TechnicalException(io.gravitee.am.repository.exceptions.TechnicalException) JWT(io.gravitee.am.common.jwt.JWT) CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 3 with CibaAuthenticationRequest

use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestParametersHandlerTest method shouldAcceptRequest_LoginTokenHint.

@Test
public void shouldAcceptRequest_LoginTokenHint() throws Exception {
    final JSONObject jwtBody = new JSONObject();
    final JSONObject subId = new JSONObject();
    subId.put("format", "email");
    subId.put("email", "user@email.com");
    jwtBody.put("sub_id", subId);
    JwtHintBuilder hint = new JwtHintBuilder(jwtBody);
    CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
    cibaRequest.setLoginHintToken(hint.generateHint());
    cibaRequest.setScopes(Set.of("openid"));
    cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze"));
    cibaRequest.setBindingMessage("msg");
    client.setBackchannelUserCodeParameter(false);
    handlerUnderTest.setCibaRequest(cibaRequest);
    final io.gravitee.am.model.jose.RSAKey jwk = new io.gravitee.am.model.jose.RSAKey();
    jwk.setKid(KID);
    final JWKSet jwks = new JWKSet();
    jwks.setKeys(List.of(jwk));
    when(jwkService.getKeys(any(Client.class))).thenReturn(Maybe.just(jwks));
    when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(jwk));
    when(jwsService.isValidSignature(any(), any())).thenReturn(true);
    final User user = new User();
    user.setId(UUID.randomUUID().toString());
    when(userService.findByDomainAndCriteria(any(), any())).thenReturn(Single.just(List.of(user)));
    router.route().order(-1).handler(routingContext -> {
        routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
        routingContext.next();
    });
    testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.OK_200, "OK", null);
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) User(io.gravitee.am.model.User) com.nimbusds.jose(com.nimbusds.jose) CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest) JSONObject(net.minidev.json.JSONObject) JWKSet(io.gravitee.am.model.oidc.JWKSet) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 4 with CibaAuthenticationRequest

use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestParametersHandlerTest method shouldRejectRequest_TooManyUsers_LoginHint.

@Test
public void shouldRejectRequest_TooManyUsers_LoginHint() throws Exception {
    CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
    cibaRequest.setLoginHint("username");
    cibaRequest.setScopes(Set.of("openid"));
    cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze"));
    cibaRequest.setBindingMessage("msg");
    client.setBackchannelUserCodeParameter(false);
    handlerUnderTest.setCibaRequest(cibaRequest);
    final User user = new User();
    user.setId(UUID.randomUUID().toString());
    when(userService.findByDomainAndCriteria(any(), any())).thenReturn(Single.just(List.of(user, user)));
    router.route().order(-1).handler(routingContext -> {
        routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
        routingContext.next();
    });
    testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.BAD_REQUEST_400, "Bad Request", null);
}
Also used : User(io.gravitee.am.model.User) CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest) Test(org.junit.Test)

Example 5 with CibaAuthenticationRequest

use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.

the class AuthenticationRequestParametersHandlerTest method shouldRejectRequest_InvalidAcrValue.

@Test
public void shouldRejectRequest_InvalidAcrValue() throws Exception {
    CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
    cibaRequest.setLoginHint("username");
    cibaRequest.setScopes(Set.of("openid"));
    cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze", "urn:mace:incommon:iap:unknown"));
    handlerUnderTest.setCibaRequest(cibaRequest);
    router.route().order(-1).handler(routingContext -> {
        routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
        routingContext.next();
    });
    testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.BAD_REQUEST_400, "Bad Request", null);
}
Also used : CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest) Test(org.junit.Test)

Aggregations

CibaAuthenticationRequest (io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)19 Test (org.junit.Test)17 Client (io.gravitee.am.model.oidc.Client)8 User (io.gravitee.am.model.User)5 com.nimbusds.jose (com.nimbusds.jose)4 RSAKey (com.nimbusds.jose.jwk.RSAKey)4 JWT (io.gravitee.am.common.jwt.JWT)4 JWKSet (io.gravitee.am.model.oidc.JWKSet)4 JSONObject (net.minidev.json.JSONObject)4 InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)2 TechnicalException (io.gravitee.am.repository.exceptions.TechnicalException)2 CibaAuthRequest (io.gravitee.am.repository.oidc.model.CibaAuthRequest)2 ADNotificationRequest (io.gravitee.am.authdevice.notifier.api.model.ADNotificationRequest)1 ADNotificationResponse (io.gravitee.am.authdevice.notifier.api.model.ADNotificationResponse)1 InvalidBindingMessageException (io.gravitee.am.common.exception.oauth2.InvalidBindingMessageException)1 MissingUserCodeException (io.gravitee.am.common.exception.oauth2.MissingUserCodeException)1 CIBADeliveryMode (io.gravitee.am.common.oidc.CIBADeliveryMode)1 ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1 SecureRandomString (io.gravitee.am.common.utils.SecureRandomString)1 AuthenticationRequestService (io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService)1