use of io.gravitee.am.repository.oauth2.model.AuthorizationCode in project gravitee-access-management by gravitee-io.
the class AuthorizationCodeServiceImpl method create.
@Override
public Single<AuthorizationCode> create(AuthorizationRequest authorizationRequest, User user) {
AuthorizationCode authorizationCode = new AuthorizationCode();
authorizationCode.setId(RandomString.generate());
authorizationCode.setTransactionId(authorizationRequest.transactionId());
authorizationCode.setContextVersion(authorizationRequest.getContextVersion());
authorizationCode.setCode(SecureRandomString.generate());
authorizationCode.setClientId(authorizationRequest.getClientId());
authorizationCode.setSubject(user.getId());
authorizationCode.setScopes(authorizationRequest.getScopes());
authorizationCode.setRequestParameters(authorizationRequest.parameters());
authorizationCode.setExpireAt(new Date(System.currentTimeMillis() + authorizationCodeValidity));
authorizationCode.setCreatedAt(new Date());
return authorizationCodeRepository.create(authorizationCode);
}
use of io.gravitee.am.repository.oauth2.model.AuthorizationCode in project gravitee-access-management by gravitee-io.
the class AuthorizationCodeServiceTest method shouldRemove_invalidCode_existingTokens_noRefreshToken.
@Test
public void shouldRemove_invalidCode_existingTokens_noRefreshToken() {
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setClientId("my-client-id");
Client client = new Client();
client.setClientId("my-client-id");
AuthorizationCode authorizationCode = new AuthorizationCode();
authorizationCode.setCode("my-code");
authorizationCode.setClientId("my-client-id");
AccessToken accessToken = new AccessToken();
accessToken.setToken("my-access-token-1");
accessToken.setAuthorizationCode("my-code");
AccessToken accessToken2 = new AccessToken();
accessToken2.setToken("my-access-token-2");
accessToken2.setAuthorizationCode("my-code");
List<AccessToken> tokens = Arrays.asList(accessToken, accessToken2);
when(authorizationCodeRepository.findByCode(any())).thenReturn(Maybe.empty());
when(accessTokenRepository.findByAuthorizationCode(anyString())).thenReturn(Observable.fromIterable(tokens));
when(accessTokenRepository.delete(anyString())).thenReturn(Completable.complete());
TestObserver<AuthorizationCode> testObserver = authorizationCodeService.remove(authorizationCode.getCode(), client).test();
testObserver.assertError(InvalidGrantException.class);
verify(authorizationCodeRepository, times(1)).findByCode(any());
verify(accessTokenRepository, times(1)).findByAuthorizationCode(anyString());
verify(accessTokenRepository, times(2)).delete(anyString());
verify(authorizationCodeRepository, never()).delete(any());
verify(refreshTokenRepository, never()).delete(anyString());
}
use of io.gravitee.am.repository.oauth2.model.AuthorizationCode in project gravitee-access-management by gravitee-io.
the class AuthorizationCodeServiceTest method shouldCreate_noExistingCode.
@Test
public void shouldCreate_noExistingCode() {
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setClientId("my-client-id");
User user = new User();
user.setUsername("my-username-id");
when(authorizationCodeRepository.create(any())).thenReturn(Single.just(new AuthorizationCode()));
TestObserver<AuthorizationCode> testObserver = authorizationCodeService.create(authorizationRequest, user).test();
testObserver.assertComplete();
testObserver.assertNoErrors();
verify(authorizationCodeRepository, times(1)).create(any());
}
use of io.gravitee.am.repository.oauth2.model.AuthorizationCode in project gravitee-access-management by gravitee-io.
the class MongoAuthorizationCodeRepository method convert.
private AuthorizationCode convert(AuthorizationCodeMongo authorizationCodeMongo) {
if (authorizationCodeMongo == null) {
return null;
}
AuthorizationCode authorizationCode = new AuthorizationCode();
authorizationCode.setId(authorizationCodeMongo.getId());
authorizationCode.setTransactionId(authorizationCodeMongo.getTransactionId());
authorizationCode.setContextVersion(authorizationCodeMongo.getContextVersion());
authorizationCode.setCode(authorizationCodeMongo.getCode());
authorizationCode.setClientId(authorizationCodeMongo.getClientId());
authorizationCode.setCreatedAt(authorizationCodeMongo.getCreatedAt());
authorizationCode.setExpireAt(authorizationCodeMongo.getExpireAt());
authorizationCode.setSubject(authorizationCodeMongo.getSubject());
authorizationCode.setScopes(authorizationCodeMongo.getScopes());
if (authorizationCodeMongo.getRequestParameters() != null) {
MultiValueMap<String, String> requestParameters = new LinkedMultiValueMap<>();
authorizationCodeMongo.getRequestParameters().forEach((key, value) -> requestParameters.put(key, (List<String>) value));
authorizationCode.setRequestParameters(requestParameters);
}
return authorizationCode;
}
use of io.gravitee.am.repository.oauth2.model.AuthorizationCode in project gravitee-access-management by gravitee-io.
the class AuthorizationCodeRepositoryPurgeTest method shouldRemoveCode.
@Test
public void shouldRemoveCode() {
Instant now = Instant.now();
String code = "testCode";
AuthorizationCode authorizationCode = new AuthorizationCode();
authorizationCode.setId(code);
authorizationCode.setCode(code);
authorizationCode.setExpireAt(new Date(now.plus(1, ChronoUnit.MINUTES).toEpochMilli()));
String codeExpired = "testCodeExpired";
AuthorizationCode authorizationCodeExpired = new AuthorizationCode();
authorizationCodeExpired.setId(codeExpired);
authorizationCodeExpired.setCode(codeExpired);
authorizationCodeExpired.setExpireAt(new Date(now.minus(1, ChronoUnit.MINUTES).toEpochMilli()));
TestObserver<AuthorizationCode> testObserver = authorizationCodeRepository.create(authorizationCode).test();
testObserver.awaitTerminalEvent();
testObserver.assertNoErrors();
testObserver = authorizationCodeRepository.create(authorizationCodeExpired).test();
testObserver.awaitTerminalEvent();
testObserver.assertNoErrors();
assertNotNull(authorizationCodeRepository.findByCode(code).blockingGet());
assertNull(authorizationCodeRepository.findByCode(codeExpired).blockingGet());
TestObserver<Void> testPurge = authorizationCodeRepository.purgeExpiredData().test();
testPurge.awaitTerminalEvent();
testPurge.assertNoErrors();
assertNotNull(authorizationCodeRepository.findByCode(code).blockingGet());
assertNull(authorizationCodeRepository.findByCode(codeExpired).blockingGet());
}
Aggregations