Search in sources :

Example 1 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceHttpTest method requestEndSessionWithSessionId.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSessionWithSessionId(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestEndSession by session_id");
    // 1. OpenID Connect Dynamic Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
    registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
    registerRequest.setFrontChannelLogoutUri(logoutUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 201, true);
    String clientId = response.getClientId();
    // 2. Request authorization
    List<ResponseType> responseTypes = new ArrayList<ResponseType>();
    responseTypes.add(ResponseType.TOKEN);
    responseTypes.add(ResponseType.ID_TOKEN);
    List<String> scopes = new ArrayList<String>();
    scopes.add("openid");
    scopes.add("profile");
    scopes.add("address");
    scopes.add("email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
    assertEquals(authorizationResponse.getState(), state);
    assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
    assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
    assertNotNull(authorizationResponse.getScope(), "The scope must be null");
    assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
    String sid = Jwt.parseOrThrow(authorizationResponse.getIdToken()).getClaims().getClaimAsString("sid");
    // 3. End session
    String endSessionId1 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest1 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId1);
    endSessionRequest1.setSid(sid);
    EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
    endSessionClient.setRequest(endSessionRequest1);
    EndSessionResponse endSessionResponse1 = endSessionClient.exec();
    showClient(endSessionClient);
    assertEquals(endSessionResponse1.getStatus(), 200);
    assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
    // silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
    assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
    assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
    assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
    // assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
    // 4. End session with an already ended session
    String endSessionId2 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest2 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId2);
    endSessionRequest2.setSid(sid);
    EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
    endSessionClient2.setRequest(endSessionRequest2);
    EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
    showClient(endSessionClient2);
    assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
    assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) EndSessionClient(io.jans.as.client.EndSessionClient) ArrayList(java.util.ArrayList) EndSessionResponse(io.jans.as.client.EndSessionResponse) EndSessionErrorResponseType(io.jans.as.model.session.EndSessionErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) EndSessionRequest(io.jans.as.client.EndSessionRequest) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 2 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceEmbeddedTest method requestEndSessionFail1.

// private void validateNonHttpBasedLogout(EnhancedMockHttpServletResponse
// response) {
// if (response.getLocation() != null) {
// try {
// URI uri = new URI(response.getLocation().toString());
// assertNotNull(uri.getQuery(), "The query string is null");
// 
// Map<String, String> params = QueryStringDecoder.decode(uri.getQuery());
// 
// assertNotNull(params.get(EndSessionResponseParam.STATE), "The state is
// null");
// assertEquals(params.get(EndSessionResponseParam.STATE), endSessionId);
// } catch (URISyntaxException e) {
// e.printStackTrace();
// fail("Response URI is not well formed");
// } catch (Exception e) {
// e.printStackTrace();
// fail(e.getMessage());
// }
// }
// }
@Parameters({ "endSessionPath" })
@Test(enabled = true)
public // switched off test : WebApplicationException seems to not translated correctly into response by container and results in 500 error. See EndSessionRestWebServiceImpl.endSession()
void requestEndSessionFail1(final String endSessionPath) throws Exception {
    EndSessionRequest endSessionRequest = new EndSessionRequest(null, null, null);
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestEndSessionFail1", response, entity);
    assertEquals(response.getStatus(), 400, "Unexpected response code.");
    assertNotNull(entity, "Unexpected result: " + entity);
    try {
        JSONObject jsonObj = new JSONObject(entity);
        assertTrue(jsonObj.has("error"), "The error type is null");
        assertTrue(jsonObj.has("error_description"), "The error description is null");
    } catch (JSONException e) {
        e.printStackTrace();
        fail(e.getMessage() + "\nResponse was: " + entity);
    }
}
Also used : BaseTest.showResponse(io.jans.as.server.BaseTest.showResponse) RegisterResponse(io.jans.as.client.RegisterResponse) Response(javax.ws.rs.core.Response) JSONObject(org.json.JSONObject) EndSessionRequest(io.jans.as.client.EndSessionRequest) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) JSONException(org.json.JSONException) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 3 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceEmbeddedTest method requestEndSessionStep3.

@Parameters({ "endSessionPath", "postLogoutRedirectUri" })
@Test(dependsOnMethods = "requestEndSessionStep2")
public void requestEndSessionStep3(final String endSessionPath, final String postLogoutRedirectUri) throws Exception {
    String state = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state);
    endSessionRequest.setSid(sid);
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestEndSessionStep3", response, entity);
    assertEquals(response.getStatus(), 200, "Unexpected response code.");
    assertNotNull(entity, "Unexpected html.");
    assertTrue(entity.contains(postLogoutRedirectUri));
    assertTrue(entity.contains(postLogoutRedirectUri));
}
Also used : BaseTest.showResponse(io.jans.as.server.BaseTest.showResponse) RegisterResponse(io.jans.as.client.RegisterResponse) Response(javax.ws.rs.core.Response) EndSessionRequest(io.jans.as.client.EndSessionRequest) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 4 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionBackchannelRestServerTest method requestEndSessionStep3.

@Parameters({ "endSessionPath", "postLogoutRedirectUri" })
@Test(dependsOnMethods = "requestEndSessionStep2")
public void requestEndSessionStep3(final String endSessionPath, final String postLogoutRedirectUri) throws Exception {
    String state = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state);
    endSessionRequest.setSid(sid);
    Invocation.Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestEndSessionStep3", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation());
    assertTrue(response.getLocation().toString().contains(postLogoutRedirectUri));
    assertTrue(response.getLocation().toString().contains("state=" + state));
}
Also used : Response(javax.ws.rs.core.Response) Invocation(javax.ws.rs.client.Invocation) EndSessionRequest(io.jans.as.client.EndSessionRequest) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.server.BaseTest)

Example 5 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceHttpTest method requestEndSession.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSession(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestEndSession by id_token");
    // 1. OpenID Connect Dynamic Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
    registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
    registerRequest.setFrontChannelLogoutUri(logoutUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 201, true);
    String clientId = response.getClientId();
    // 2. Request authorization
    List<ResponseType> responseTypes = new ArrayList<ResponseType>();
    responseTypes.add(ResponseType.TOKEN);
    responseTypes.add(ResponseType.ID_TOKEN);
    List<String> scopes = new ArrayList<String>();
    scopes.add("openid");
    scopes.add("profile");
    scopes.add("address");
    scopes.add("email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
    assertEquals(authorizationResponse.getState(), state);
    assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
    assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
    assertNotNull(authorizationResponse.getScope(), "The scope must be null");
    assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
    String idToken = authorizationResponse.getIdToken();
    String sid = Jwt.parse(idToken).getClaims().getClaimAsString("sid");
    assertNotNull(sid, "The sid is null");
    // 3. End session
    String state1 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest1 = new EndSessionRequest(idToken, postLogoutRedirectUri, state1);
    endSessionRequest1.setSid(sid);
    EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
    endSessionClient.setRequest(endSessionRequest1);
    EndSessionResponse endSessionResponse1 = endSessionClient.exec();
    showClient(endSessionClient);
    assertEquals(endSessionResponse1.getStatus(), 200);
    assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
    // silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
    assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
    assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
    assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
    // assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
    // 4. End session with an already ended session
    String endSessionId2 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest2 = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId2);
    endSessionRequest2.setSid(sid);
    EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
    endSessionClient2.setRequest(endSessionRequest2);
    EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
    showClient(endSessionClient2);
    assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
    assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) EndSessionClient(io.jans.as.client.EndSessionClient) ArrayList(java.util.ArrayList) EndSessionResponse(io.jans.as.client.EndSessionResponse) EndSessionErrorResponseType(io.jans.as.model.session.EndSessionErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) EndSessionRequest(io.jans.as.client.EndSessionRequest) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

EndSessionRequest (io.jans.as.client.EndSessionRequest)7 Test (org.testng.annotations.Test)7 BaseTest (io.jans.as.client.BaseTest)6 RegisterResponse (io.jans.as.client.RegisterResponse)6 Parameters (org.testng.annotations.Parameters)6 Response (javax.ws.rs.core.Response)4 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)3 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)3 EndSessionClient (io.jans.as.client.EndSessionClient)3 EndSessionResponse (io.jans.as.client.EndSessionResponse)3 RegisterClient (io.jans.as.client.RegisterClient)3 RegisterRequest (io.jans.as.client.RegisterRequest)3 BaseTest.showResponse (io.jans.as.server.BaseTest.showResponse)3 Builder (javax.ws.rs.client.Invocation.Builder)3 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)3 ResponseType (io.jans.as.model.common.ResponseType)2 EndSessionErrorResponseType (io.jans.as.model.session.EndSessionErrorResponseType)2 ArrayList (java.util.ArrayList)2 JSONException (org.json.JSONException)2 JSONObject (org.json.JSONObject)2