Example 1 with CibaAuthenticationRequest
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandlerTest method shouldGenerateAuthReqId.
@Test
public void shouldGenerateAuthReqId() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setSubject("usernameuuid");
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.CIBA_AUTH_REQUEST_KEY, cibaRequest);
routingContext.next();
});
when(jwtService.encode(any(JWT.class), any(Client.class))).thenReturn(Single.just("signed_jwt"));
final CibaAuthRequest req = new CibaAuthRequest();
req.setCreatedAt(new Date());
req.setExpireAt(new Date());
when(authReqService.register(any(), any())).thenReturn(Single.just(req));
when(authReqService.updateAuthDeviceInformation(any())).thenReturn(Single.just(req));
when(authReqService.notify(any())).thenReturn(Single.just(new ADNotificationResponse("jit")));
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.OK_200, "OK", null);
verify(authReqService).register(any(), any());
verify(authReqService).updateAuthDeviceInformation(any());
verify(authReqService).notify(any());
}
Also used :
CibaAuthRequest(io.gravitee.am.repository.oidc.model.CibaAuthRequest)
JWT(io.gravitee.am.common.jwt.JWT)
CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)
Client(io.gravitee.am.model.oidc.Client)
Date(java.util.Date)
ADNotificationResponse(io.gravitee.am.authdevice.notifier.api.model.ADNotificationResponse)
Test(org.junit.Test)
Example 2 with CibaAuthenticationRequest
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandlerTest method shouldNotGenerateAuthReqId_RegistrationFailure.
@Test
public void shouldNotGenerateAuthReqId_RegistrationFailure() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setSubject("usernameuuid");
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.CIBA_AUTH_REQUEST_KEY, cibaRequest);
routingContext.next();
});
when(jwtService.encode(any(JWT.class), any(Client.class))).thenReturn(Single.just("signed_jwt"));
when(authReqService.register(any(), any())).thenReturn(Single.error(new TechnicalException()));
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.INTERNAL_SERVER_ERROR_500, "Internal Server Error", null);
verify(authReqService).register(any(), any());
verify(authReqService, never()).updateAuthDeviceInformation(any());
verify(notifier, never()).notify(any());
}
Also used :
TechnicalException(io.gravitee.am.repository.exceptions.TechnicalException)
JWT(io.gravitee.am.common.jwt.JWT)
CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Example 3 with CibaAuthenticationRequest
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestParametersHandlerTest method shouldAcceptRequest_LoginTokenHint.
@Test
public void shouldAcceptRequest_LoginTokenHint() throws Exception {
final JSONObject jwtBody = new JSONObject();
final JSONObject subId = new JSONObject();
subId.put("format", "email");
subId.put("email", "user@email.com");
jwtBody.put("sub_id", subId);
JwtHintBuilder hint = new JwtHintBuilder(jwtBody);
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHintToken(hint.generateHint());
cibaRequest.setScopes(Set.of("openid"));
cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze"));
cibaRequest.setBindingMessage("msg");
client.setBackchannelUserCodeParameter(false);
handlerUnderTest.setCibaRequest(cibaRequest);
final io.gravitee.am.model.jose.RSAKey jwk = new io.gravitee.am.model.jose.RSAKey();
jwk.setKid(KID);
final JWKSet jwks = new JWKSet();
jwks.setKeys(List.of(jwk));
when(jwkService.getKeys(any(Client.class))).thenReturn(Maybe.just(jwks));
when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(jwk));
when(jwsService.isValidSignature(any(), any())).thenReturn(true);
final User user = new User();
user.setId(UUID.randomUUID().toString());
when(userService.findByDomainAndCriteria(any(), any())).thenReturn(Single.just(List.of(user)));
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
routingContext.next();
});
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.OK_200, "OK", null);
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
User(io.gravitee.am.model.User)
com.nimbusds.jose(com.nimbusds.jose)
CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)
JSONObject(net.minidev.json.JSONObject)
JWKSet(io.gravitee.am.model.oidc.JWKSet)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Example 4 with CibaAuthenticationRequest
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestParametersHandlerTest method shouldRejectRequest_TooManyUsers_LoginHint.
@Test
public void shouldRejectRequest_TooManyUsers_LoginHint() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setScopes(Set.of("openid"));
cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze"));
cibaRequest.setBindingMessage("msg");
client.setBackchannelUserCodeParameter(false);
handlerUnderTest.setCibaRequest(cibaRequest);
final User user = new User();
user.setId(UUID.randomUUID().toString());
when(userService.findByDomainAndCriteria(any(), any())).thenReturn(Single.just(List.of(user, user)));
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
routingContext.next();
});
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.BAD_REQUEST_400, "Bad Request", null);
}
Also used :
User(io.gravitee.am.model.User)
CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)
Test(org.junit.Test)
Example 5 with CibaAuthenticationRequest
use of io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestParametersHandlerTest method shouldRejectRequest_InvalidAcrValue.
@Test
public void shouldRejectRequest_InvalidAcrValue() throws Exception {
CibaAuthenticationRequest cibaRequest = new CibaAuthenticationRequest();
cibaRequest.setLoginHint("username");
cibaRequest.setScopes(Set.of("openid"));
cibaRequest.setAcrValues(Arrays.asList("urn:mace:incommon:iap:bronze", "urn:mace:incommon:iap:unknown"));
handlerUnderTest.setCibaRequest(cibaRequest);
router.route().order(-1).handler(routingContext -> {
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
routingContext.put(ConstantKeys.PROVIDER_METADATA_CONTEXT_KEY, openIDProviderMetadata);
routingContext.next();
});
testRequest(HttpMethod.POST, CIBAProvider.CIBA_PATH + CIBAProvider.AUTHENTICATION_ENDPOINT + "?request=fakejwt", null, HttpStatusCode.BAD_REQUEST_400, "Bad Request", null);
}
Also used :
CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)
Test(org.junit.Test)
Aggregations
CibaAuthenticationRequest (io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)19
Test (org.junit.Test)17
Client (io.gravitee.am.model.oidc.Client)8
User (io.gravitee.am.model.User)5
com.nimbusds.jose (com.nimbusds.jose)4
RSAKey (com.nimbusds.jose.jwk.RSAKey)4
JWT (io.gravitee.am.common.jwt.JWT)4
JWKSet (io.gravitee.am.model.oidc.JWKSet)4
JSONObject (net.minidev.json.JSONObject)4
InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)2
TechnicalException (io.gravitee.am.repository.exceptions.TechnicalException)2
CibaAuthRequest (io.gravitee.am.repository.oidc.model.CibaAuthRequest)2
ADNotificationRequest (io.gravitee.am.authdevice.notifier.api.model.ADNotificationRequest)1
ADNotificationResponse (io.gravitee.am.authdevice.notifier.api.model.ADNotificationResponse)1
InvalidBindingMessageException (io.gravitee.am.common.exception.oauth2.InvalidBindingMessageException)1
MissingUserCodeException (io.gravitee.am.common.exception.oauth2.MissingUserCodeException)1
CIBADeliveryMode (io.gravitee.am.common.oidc.CIBADeliveryMode)1
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1
SecureRandomString (io.gravitee.am.common.utils.SecureRandomString)1
AuthenticationRequestService (io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService)1
