use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class UserAuthenticationManagerTest method shouldAuthenticateUser_multipleIDPs_firstPriorityIdentityProvider.
@Test
public void shouldAuthenticateUser_multipleIDPs_firstPriorityIdentityProvider() {
Client client = new Client();
client.setClientId("client-id");
client.setIdentityProviders(getApplicationIdentityProviders(true, "idp-1", "idp-2"));
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.setId("idp-1");
IdentityProvider identityProvider2 = new IdentityProvider();
identityProvider2.setId("idp-2");
when(userAuthenticationService.connect(any(), eq(true))).then(invocation -> {
io.gravitee.am.identityprovider.api.User idpUser = invocation.getArgument(0);
User user = new User();
user.setUsername(idpUser.getUsername());
return Single.just(user);
});
when(identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
when(identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() {
@Override
public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(Authentication authentication) {
return Maybe.just(new DefaultUser("username1"));
}
@Override
public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(String username) {
return Maybe.empty();
}
}));
when(identityProviderManager.getIdentityProvider("idp-2")).thenReturn(identityProvider2);
TestObserver<User> observer = userAuthenticationManager.authenticate(client, new Authentication() {
@Override
public Object getCredentials() {
return null;
}
@Override
public Object getPrincipal() {
return "username";
}
@Override
public AuthenticationContext getContext() {
return null;
}
}).test();
observer.assertNoErrors();
observer.assertComplete();
observer.assertValue(user -> user.getUsername().equals("username1"));
verify(eventManager, times(1)).publishEvent(eq(AuthenticationEvent.SUCCESS), any());
client.setIdentityProviders(getApplicationIdentityProviders(false, "idp-1", "idp-2"));
when(identityProviderManager.get("idp-2")).thenReturn(Maybe.just(new AuthenticationProvider() {
@Override
public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(Authentication authentication) {
return Maybe.just(new DefaultUser("username2"));
}
@Override
public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(String username) {
return Maybe.empty();
}
}));
observer = userAuthenticationManager.authenticate(client, new Authentication() {
@Override
public Object getCredentials() {
return null;
}
@Override
public Object getPrincipal() {
return "username";
}
@Override
public AuthenticationContext getContext() {
return null;
}
}).test();
observer.assertNoErrors();
observer.assertComplete();
observer.assertValue(user -> user.getUsername().equals("username2"));
verify(eventManager, times(2)).publishEvent(eq(AuthenticationEvent.SUCCESS), any());
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class UserAuthenticationManagerTest method shouldNotAuthenticateUser_onlyExternalProvider.
@Test
public void shouldNotAuthenticateUser_onlyExternalProvider() {
Client client = new Client();
client.setClientId("client-id");
client.setIdentityProviders(getApplicationIdentityProviders(true, "idp-1"));
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.setId("idp-1");
identityProvider.setExternal(true);
when(identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
TestObserver<User> observer = userAuthenticationManager.authenticate(client, null).test();
observer.assertNotComplete();
observer.assertError(InternalAuthenticationServiceException.class);
verifyZeroInteractions(userAuthenticationService);
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class UserAuthenticationManagerTest method shouldNotAuthenticateUser_noIdentityProvider.
@Test
public void shouldNotAuthenticateUser_noIdentityProvider() {
Client client = new Client();
client.setClientId("client-id");
client.setIdentityProviders(new TreeSet<>());
TestObserver<User> observer = userAuthenticationManager.authenticate(client, new Authentication() {
@Override
public Object getCredentials() {
return null;
}
@Override
public Object getPrincipal() {
return null;
}
@Override
public AuthenticationContext getContext() {
return null;
}
}).test();
observer.assertNotComplete();
observer.assertError(InternalAuthenticationServiceException.class);
verifyZeroInteractions(userAuthenticationService);
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class WebAuthnRegisterStep method execute.
@Override
public void execute(RoutingContext routingContext, AuthenticationFlowChain flow) {
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final Session session = routingContext.session();
// check if WebAuthn is enabled
LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
if (loginSettings == null || !loginSettings.isPasswordlessEnabled()) {
flow.doNext(routingContext);
return;
}
// check if user is already authenticated with passwordless
if (Boolean.TRUE.equals(session.get(ConstantKeys.PASSWORDLESS_AUTH_COMPLETED_KEY))) {
flow.doNext(routingContext);
return;
}
// check if user has skipped registration step
if (Boolean.TRUE.equals(session.get(ConstantKeys.WEBAUTHN_SKIPPED_KEY))) {
flow.doNext(routingContext);
return;
}
// else go to the WebAuthn registration page
flow.exit(this);
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class FlowManagerTest method shouldNotFindByExtensionPoint_applicationPolicy_wrongClient.
@Test
public void shouldNotFindByExtensionPoint_applicationPolicy_wrongClient() {
Step step = mock(Step.class);
when(step.isEnabled()).thenReturn(true);
when(step.getPolicy()).thenReturn("step-policy");
when(step.getConfiguration()).thenReturn("step-configuration");
Flow flow = mock(Flow.class);
when(flow.getId()).thenReturn("flow-id");
when(flow.getType()).thenReturn(Type.CONSENT);
when(flow.isEnabled()).thenReturn(true);
when(flow.getPre()).thenReturn(Collections.singletonList(step));
when(flow.getApplication()).thenReturn("app-id");
Policy policy = mock(Policy.class);
Client client = mock(Client.class);
when(client.getId()).thenReturn("other-app-id");
when(domain.getId()).thenReturn("domain-id");
when(policyPluginManager.create(step.getPolicy(), step.getCondition(), step.getConfiguration())).thenReturn(policy);
when(flowService.findAll(ReferenceType.DOMAIN, domain.getId())).thenReturn(Flowable.just(flow));
flowManager.afterPropertiesSet();
TestObserver<List<Policy>> obs = flowManager.findByExtensionPoint(ExtensionPoint.PRE_CONSENT, client, null).test();
obs.awaitTerminalEvent();
obs.assertValue(policies -> {
Assert.assertTrue(policies.isEmpty());
return true;
});
verify(policyPluginManager, times(1)).create(anyString(), eq(null), anyString());
}
Aggregations