use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandlerTest method shouldGenerateAuthReqId.
@Test
public void shouldGenerateAuthReqId() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setSubject("usernameuuid");
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.CIBA_AUTH_REQUEST_KEY, cibaRequest);
routingContext.next();
});
when(jwtService.encode(any(JWT.class), any(Client.class))).thenReturn(Single.just("signed_jwt"));
final CibaAuthRequest req = new CibaAuthRequest();
req.setCreatedAt(new Date());
req.setExpireAt(new Date());
when(authReqService.register(any(), any())).thenReturn(Single.just(req));
when(authReqService.updateAuthDeviceInformation(any())).thenReturn(Single.just(req));
when(authReqService.notify(any())).thenReturn(Single.just(new ADNotificationResponse("jit")));
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.OK_200, "OK", null);
verify(authReqService).register(any(), any());
verify(authReqService).updateAuthDeviceInformation(any());
verify(authReqService).notify(any());
}
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandlerTest method shouldNotGenerateAuthReqId_RegistrationFailure.
@Test
public void shouldNotGenerateAuthReqId_RegistrationFailure() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setSubject("usernameuuid");
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.CIBA_AUTH_REQUEST_KEY, cibaRequest);
routingContext.next();
});
when(jwtService.encode(any(JWT.class), any(Client.class))).thenReturn(Single.just("signed_jwt"));
when(authReqService.register(any(), any())).thenReturn(Single.error(new TechnicalException()));
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.INTERNAL_SERVER_ERROR_500, "Internal Server Error", null);
verify(authReqService).register(any(), any());
verify(authReqService, never()).updateAuthDeviceInformation(any());
verify(notifier, never()).notify(any());
}
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestParametersHandlerTest method shouldAcceptRequest_LoginTokenHint.
@Test
public void shouldAcceptRequest_LoginTokenHint() throws Exception {
final JSONObject jwtBody = new JSONObject();
final JSONObject subId = new JSONObject();
subId.put("format", "email");
subId.put("email", "user@email.com");
jwtBody.put("sub_id", subId);
JwtHintBuilder hint = new JwtHintBuilder(jwtBody);
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHintToken(hint.generateHint());
cibaRequest.setScopes(Set.of("openid"));
cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze"));
cibaRequest.setBindingMessage("msg");
client.setBackchannelUserCodeParameter(false);
handlerUnderTest.setCibaRequest(cibaRequest);
final io.gravitee.am.model.jose.RSAKey jwk = new io.gravitee.am.model.jose.RSAKey();
jwk.setKid(KID);
final JWKSet jwks = new JWKSet();
jwks.setKeys(List.of(jwk));
when(jwkService.getKeys(any(Client.class))).thenReturn(Maybe.just(jwks));
when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(jwk));
when(jwsService.isValidSignature(any(), any())).thenReturn(true);
final User user = new User();
user.setId(UUID.randomUUID().toString());
when(userService.findByDomainAndCriteria(any(), any())).thenReturn(Single.just(List.of(user)));
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
routingContext.next();
});
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.OK_200, "OK", null);
}
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestParametersHandlerTest method shouldRejectRequest_TooManyUsers_LoginHint.
@Test
public void shouldRejectRequest_TooManyUsers_LoginHint() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setScopes(Set.of("openid"));
cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze"));
cibaRequest.setBindingMessage("msg");
client.setBackchannelUserCodeParameter(false);
handlerUnderTest.setCibaRequest(cibaRequest);
final User user = new User();
user.setId(UUID.randomUUID().toString());
when(userService.findByDomainAndCriteria(any(), any())).thenReturn(Single.just(List.of(user, user)));
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
routingContext.next();
});
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.BAD_REQUEST_400, "Bad Request", null);
}
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestParametersHandlerTest method shouldRejectRequest_InvalidAcrValue.
@Test
public void shouldRejectRequest_InvalidAcrValue() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setScopes(Set.of("openid"));
cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze", "urn:mace:incommon:iap:unknown"));
handlerUnderTest.setCibaRequest(cibaRequest);
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
routingContext.next();
});
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.BAD_REQUEST_400, "Bad Request", null);
}
Aggregations