use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.
the class UmaTokenGranterTest method setUp.
@Before
public void setUp() {
// Init parameters
parameters.add(TICKET, TICKET_ID);
parameters.add(CLAIM_TOKEN, RQP_ID_TOKEN);
parameters.add(CLAIM_TOKEN_FORMAT, TokenType.ID_TOKEN);
tokenRequest = new TokenRequest();
tokenRequest.setParameters(parameters);
List<PermissionRequest> permissions = Arrays.asList(new PermissionRequest().setResourceId(RS_ONE).setResourceScopes(new ArrayList<>(Arrays.asList("scopeA"))), new PermissionRequest().setResourceId(RS_TWO).setResourceScopes(new ArrayList<>(Arrays.asList("scopeA"))));
Map permission = new HashMap();
permission.put("resourceId", RS_ONE);
permission.put("resourceScopes", Arrays.asList("scopeB"));
// Init mocks
when(domain.getUma()).thenReturn(new UMASettings().setEnabled(true));
when(client.getClientId()).thenReturn(CLIENT_ID);
when(client.getScopeSettings()).thenReturn(Arrays.asList(new ApplicationScopeSettings("scopeA"), new ApplicationScopeSettings("scopeB"), new ApplicationScopeSettings("scopeC"), new ApplicationScopeSettings("scopeD")));
when(client.getAuthorizedGrantTypes()).thenReturn(Arrays.asList(GrantType.UMA, GrantType.REFRESH_TOKEN));
when(user.getId()).thenReturn(USER_ID);
when(jwt.getSub()).thenReturn(USER_ID);
when(rpt.getSub()).thenReturn(USER_ID);
when(rpt.getAud()).thenReturn(CLIENT_ID);
when(rpt.get("permissions")).thenReturn(new LinkedList(Arrays.asList(permission)));
when(jwtService.decodeAndVerify(RQP_ID_TOKEN, client)).thenReturn(Single.just(jwt));
when(jwtService.decodeAndVerify(RPT_OLD_TOKEN, client)).thenReturn(Single.just(rpt));
when(userAuthenticationManager.loadPreAuthenticatedUser(USER_ID, tokenRequest)).thenReturn(Maybe.just(user));
when(permissionTicketService.remove(TICKET_ID)).thenReturn(Single.just(new PermissionTicket().setId(TICKET_ID).setPermissionRequest(permissions)));
when(resourceService.findByResources(Arrays.asList(RS_ONE, RS_TWO))).thenReturn(Flowable.just(new Resource().setId(RS_ONE).setResourceScopes(Arrays.asList("scopeA", "scopeB", "scopeC")), new Resource().setId(RS_TWO).setResourceScopes(Arrays.asList("scopeA", "scopeB", "scopeD"))));
when(tokenService.create(oauth2RequestCaptor.capture(), eq(client), any())).thenReturn(Single.just(new AccessToken("success")));
when(resourceService.findAccessPoliciesByResources(anyList())).thenReturn(Flowable.empty());
}
use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.
the class ResourceRegistrationAccessHandlerTest method testUmaDisabled.
@Test
public void testUmaDisabled() {
when(domain.getUma()).thenReturn(new UMASettings());
handler.handle(context);
verify(context, times(1)).fail(exceptionCaptor.capture());
Assert.assertTrue("Should return a forbidden exception", exceptionCaptor.getValue() instanceof UMAProtectionApiForbiddenException);
}
use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.
the class PatchDomainTest method testGetRequiredPermissions.
@Test
public void testGetRequiredPermissions() {
PatchDomain patchDomain = new PatchDomain();
assertEquals(Collections.emptySet(), patchDomain.getRequiredPermissions());
patchDomain.setName(Optional.of("patchName"));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setDescription(Optional.of("patchDescription"));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setEnabled(Optional.of(true));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setPath(Optional.of("patchPath"));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setLoginSettings(Optional.of(new LoginSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setAccountSettings(Optional.of(new AccountSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setTags(Optional.of(Collections.singleton("patchTag")));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
PatchOIDCSettings oidcSettings = new PatchOIDCSettings();
patchDomain.setOidc(Optional.of(oidcSettings));
assertEquals(Collections.emptySet(), patchDomain.getRequiredPermissions());
oidcSettings.setClientRegistrationSettings(Optional.of(new PatchClientRegistrationSettings()));
oidcSettings.setRedirectUriStrictMatching(Optional.of(true));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_OPENID)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setScim(Optional.of(new SCIMSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SCIM)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setUma(Optional.of(new UMASettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_UMA)), patchDomain.getRequiredPermissions());
// Check multiple permissions.
patchDomain = new PatchDomain();
patchDomain.setPath(Optional.of("patchPath"));
patchDomain.setOidc(Optional.of(oidcSettings));
patchDomain.setScim(Optional.of(new SCIMSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS, Permission.DOMAIN_OPENID, Permission.DOMAIN_SCIM)), patchDomain.getRequiredPermissions());
}
use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.
the class MongoDomainRepository method convert.
private static UMASettings convert(UMASettingsMongo umaMongo) {
if (umaMongo == null) {
return null;
}
UMASettings umaSettings = new UMASettings();
umaSettings.setEnabled(umaMongo.isEnabled());
return umaSettings;
}
use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.
the class DomainRepositoryTest method initDomain.
private Domain initDomain(String name) {
Domain domain = new Domain();
domain.setName(name);
domain.setHrid(name);
domain.setCreatedAt(new Date());
domain.setUpdatedAt(domain.getCreatedAt());
domain.setDescription(name + " description");
domain.setEnabled(true);
domain.setAlertEnabled(false);
domain.setPath("/" + name);
domain.setReferenceId("refId" + name);
domain.setReferenceType(ReferenceType.ENVIRONMENT);
domain.setVhostMode(true);
VirtualHost host = new VirtualHost();
host.setHost("hostname-" + name);
host.setPath("/hostname-" + name);
host.setOverrideEntrypoint(true);
VirtualHost host2 = new VirtualHost();
host2.setHost("hostname2-" + name);
host2.setPath("/hostname2-" + name);
host2.setOverrideEntrypoint(true);
domain.setVhosts(Arrays.asList(host, host2));
domain.setTags(new HashSet<>(Arrays.asList("tag1", "tag2")));
domain.setIdentities(new HashSet<>(Arrays.asList("id1", "id2")));
domain.setAccountSettings(new AccountSettings());
domain.setLoginSettings(new LoginSettings());
final OIDCSettings oidc = new OIDCSettings();
final CIBASettings cibaSettings = new CIBASettings();
cibaSettings.setEnabled(true);
final CIBASettingNotifier notifier = new CIBASettingNotifier();
notifier.setId(UUID.randomUUID().toString());
cibaSettings.setDeviceNotifiers(Arrays.asList(notifier));
oidc.setCibaSettings(cibaSettings);
domain.setOidc(oidc);
domain.setScim(new SCIMSettings());
domain.setUma(new UMASettings());
domain.setWebAuthnSettings(new WebAuthnSettings());
domain.setSelfServiceAccountManagementSettings(new SelfServiceAccountManagementSettings());
return domain;
}
Aggregations