Search in sources :

Example 1 with PageConfig

use of io.jans.as.client.page.PageConfig in project jans by JanssenProject.

the class BaseTest method newPageConfig.

protected PageConfig newPageConfig(WebDriver driver) {
    PageConfig config = new PageConfig(driver);
    config.getTestKeys().putAll(allTestKeys);
    return config;
}
Also used : PageConfig(io.jans.as.client.page.PageConfig)

Example 2 with PageConfig

use of io.jans.as.client.page.PageConfig in project jans by JanssenProject.

the class DeviceAuthzFlowHttpTest method deviceAuthzFlowAccessDenied.

/**
 * Device authorization with access denied.
 */
@Parameters({ "userId", "userSecret" })
@Test
public void deviceAuthzFlowAccessDenied(final String userId, final String userSecret) throws Exception {
    showTitle("deviceAuthzFlowAccessDenied");
    // 1. Init device authz request from WS
    RegisterResponse registerResponse = DeviceAuthzRequestRegistrationTest.registerClientForDeviceAuthz(AuthenticationMethod.CLIENT_SECRET_BASIC, Collections.singletonList(GrantType.DEVICE_CODE), null, null, registrationEndpoint);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Device request registration
    final List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
    DeviceAuthzRequest deviceAuthzRequest = new DeviceAuthzRequest(clientId, scopes);
    deviceAuthzRequest.setAuthUsername(clientId);
    deviceAuthzRequest.setAuthPassword(clientSecret);
    DeviceAuthzClient deviceAuthzClient = new DeviceAuthzClient(deviceAuthzEndpoint);
    deviceAuthzClient.setRequest(deviceAuthzRequest);
    DeviceAuthzResponse response = deviceAuthzClient.exec();
    showClient(deviceAuthzClient);
    DeviceAuthzRequestRegistrationTest.validateSuccessfulResponse(response);
    // 3. Load device authz page, process user_code and authorization
    WebDriver currentDriver = initWebDriver(false, true);
    final PageConfig pageConfig = newPageConfig(currentDriver);
    AuthorizationResponse authorizationResponse = processDeviceAuthzDenyAccess(userId, userSecret, response.getUserCode(), currentDriver, false, pageConfig);
    validateErrorResponse(authorizationResponse, AuthorizeErrorResponseType.ACCESS_DENIED);
    // 4. Token request
    TokenResponse tokenResponse = processTokens(clientId, clientSecret, response.getDeviceCode());
    assertNotNull(tokenResponse.getErrorType(), "Error expected, however no error was found");
    assertNotNull(tokenResponse.getErrorDescription(), "Error description expected, however no error was found");
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.ACCESS_DENIED, "Unexpected error");
}
Also used : WebDriver(org.openqa.selenium.WebDriver) DeviceAuthzClient(io.jans.as.client.DeviceAuthzClient) RegisterResponse(io.jans.as.client.RegisterResponse) DeviceAuthzRequest(io.jans.as.client.DeviceAuthzRequest) TokenResponse(io.jans.as.client.TokenResponse) PageConfig(io.jans.as.client.page.PageConfig) DeviceAuthzResponse(io.jans.as.client.DeviceAuthzResponse) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 3 with PageConfig

use of io.jans.as.client.page.PageConfig in project jans by JanssenProject.

the class DeviceAuthzFlowHttpTest method preventBruteForcing.

/**
 * Validate server denies brute forcing
 */
@Test
public void preventBruteForcing() throws Exception {
    showTitle("deviceAuthzFlow");
    WebDriver currentDriver = initWebDriver(false, true);
    final PageConfig pageConfig = newPageConfig(currentDriver);
    List<WebElement> list = currentDriver.findElements(By.xpath("//*[contains(text(),'Too many failed attemps')]"));
    byte limit = 10;
    while (list.size() == 0 && limit > 0) {
        processDeviceAuthzPutUserCodeAndPressContinue("ABCD-ABCD", currentDriver, false, pageConfig);
        Thread.sleep(500);
        list = currentDriver.findElements(By.xpath("//*[contains(text(),'Too many failed attemps')]"));
        limit--;
    }
    stopWebDriver(false, currentDriver);
    assertTrue(list.size() > 0 && limit > 0, "Brute forcing prevention not working correctly.");
}
Also used : WebDriver(org.openqa.selenium.WebDriver) PageConfig(io.jans.as.client.page.PageConfig) WebElement(org.openqa.selenium.WebElement) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 4 with PageConfig

use of io.jans.as.client.page.PageConfig in project jans by JanssenProject.

the class DeviceAuthzFlowHttpTest method deviceAuthzFlowWithCompleteVerificationUri.

/**
 * Process a complete device authorization flow using verification_uri_complete
 */
@Parameters({ "userId", "userSecret" })
@Test
public void deviceAuthzFlowWithCompleteVerificationUri(final String userId, final String userSecret) throws Exception {
    showTitle("deviceAuthzFlow");
    // 1. Init device authz request from WS
    RegisterResponse registerResponse = DeviceAuthzRequestRegistrationTest.registerClientForDeviceAuthz(AuthenticationMethod.CLIENT_SECRET_BASIC, Collections.singletonList(GrantType.DEVICE_CODE), null, null, registrationEndpoint);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Device request registration
    final List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
    DeviceAuthzRequest deviceAuthzRequest = new DeviceAuthzRequest(clientId, scopes);
    deviceAuthzRequest.setAuthUsername(clientId);
    deviceAuthzRequest.setAuthPassword(clientSecret);
    DeviceAuthzClient deviceAuthzClient = new DeviceAuthzClient(deviceAuthzEndpoint);
    deviceAuthzClient.setRequest(deviceAuthzRequest);
    DeviceAuthzResponse response = deviceAuthzClient.exec();
    showClient(deviceAuthzClient);
    DeviceAuthzRequestRegistrationTest.validateSuccessfulResponse(response);
    // 3. Load device authz page, process user_code and authorization
    WebDriver currentDriver = initWebDriver(false, true);
    final PageConfig pageConfig = newPageConfig(currentDriver);
    processDeviceAuthzPutUserCodeAndPressContinue(response.getUserCode(), currentDriver, true, pageConfig);
    AuthorizationResponse authorizationResponse = processAuthorization(userId, userSecret, currentDriver);
    stopWebDriver(false, currentDriver);
    assertSuccessAuthzResponse(authorizationResponse);
    // 4. Token request
    TokenResponse tokenResponse1 = processTokens(clientId, clientSecret, response.getDeviceCode());
    validateTokenSuccessfulResponse(tokenResponse1);
    String refreshToken = tokenResponse1.getRefreshToken();
    String idToken = tokenResponse1.getIdToken();
    // 5. Validate id_token
    verifyIdToken(idToken);
    // 6. Request new access token using the refresh token.
    TokenResponse tokenResponse2 = processNewTokenWithRefreshToken(StringUtils.implode(scopes, " "), refreshToken, clientId, clientSecret);
    validateTokenSuccessfulResponse(tokenResponse2);
    String accessToken = tokenResponse2.getAccessToken();
    // 7. Request user info
    processUserInfo(accessToken);
}
Also used : WebDriver(org.openqa.selenium.WebDriver) DeviceAuthzClient(io.jans.as.client.DeviceAuthzClient) RegisterResponse(io.jans.as.client.RegisterResponse) DeviceAuthzRequest(io.jans.as.client.DeviceAuthzRequest) TokenResponse(io.jans.as.client.TokenResponse) PageConfig(io.jans.as.client.page.PageConfig) DeviceAuthzResponse(io.jans.as.client.DeviceAuthzResponse) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 5 with PageConfig

use of io.jans.as.client.page.PageConfig in project jans by JanssenProject.

the class DeviceAuthzFlowHttpTest method attemptDifferentFailedValuesToTokenEndpoint.

/**
 * Attempts to get token with a wrong device_code, after that it attempts to get token twice,
 * second one should be rejected.
 */
@Parameters({ "userId", "userSecret" })
@Test
public void attemptDifferentFailedValuesToTokenEndpoint(final String userId, final String userSecret) throws Exception {
    showTitle("deviceAuthzFlow");
    // 1. Init device authz request from WS
    RegisterResponse registerResponse = DeviceAuthzRequestRegistrationTest.registerClientForDeviceAuthz(AuthenticationMethod.CLIENT_SECRET_BASIC, Collections.singletonList(GrantType.DEVICE_CODE), null, null, registrationEndpoint);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Device request registration
    final List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
    DeviceAuthzRequest deviceAuthzRequest = new DeviceAuthzRequest(clientId, scopes);
    deviceAuthzRequest.setAuthUsername(clientId);
    deviceAuthzRequest.setAuthPassword(clientSecret);
    DeviceAuthzClient deviceAuthzClient = new DeviceAuthzClient(deviceAuthzEndpoint);
    deviceAuthzClient.setRequest(deviceAuthzRequest);
    DeviceAuthzResponse response = deviceAuthzClient.exec();
    showClient(deviceAuthzClient);
    DeviceAuthzRequestRegistrationTest.validateSuccessfulResponse(response);
    // 3. Load device authz page, process user_code and authorization
    WebDriver currentDriver = initWebDriver(false, true);
    final PageConfig pageConfig = newPageConfig(currentDriver);
    processDeviceAuthzPutUserCodeAndPressContinue(response.getUserCode(), currentDriver, false, pageConfig);
    AuthorizationResponse authorizationResponse = processAuthorization(userId, userSecret, currentDriver);
    stopWebDriver(false, currentDriver);
    assertSuccessAuthzResponse(authorizationResponse);
    // 4. Token request with a wrong device code
    String wrongDeviceCode = "WRONG" + response.getDeviceCode();
    TokenResponse tokenResponse1 = processTokens(clientId, clientSecret, wrongDeviceCode);
    assertNotNull(tokenResponse1.getErrorType(), "Error expected, however no error was found");
    assertNotNull(tokenResponse1.getErrorDescription(), "Error description expected, however no error was found");
    assertEquals(tokenResponse1.getErrorType(), TokenErrorResponseType.EXPIRED_TOKEN, "Unexpected error");
    // 5. Token request with a right device code value
    tokenResponse1 = processTokens(clientId, clientSecret, response.getDeviceCode());
    validateTokenSuccessfulResponse(tokenResponse1);
    // 6. Try to get token again, however this should be rejected by the server
    tokenResponse1 = processTokens(clientId, clientSecret, response.getDeviceCode());
    assertNotNull(tokenResponse1.getErrorType(), "Error expected, however no error was found");
    assertNotNull(tokenResponse1.getErrorDescription(), "Error description expected, however no error was found");
    assertEquals(tokenResponse1.getErrorType(), TokenErrorResponseType.EXPIRED_TOKEN, "Unexpected error");
}
Also used : WebDriver(org.openqa.selenium.WebDriver) DeviceAuthzClient(io.jans.as.client.DeviceAuthzClient) RegisterResponse(io.jans.as.client.RegisterResponse) DeviceAuthzRequest(io.jans.as.client.DeviceAuthzRequest) TokenResponse(io.jans.as.client.TokenResponse) PageConfig(io.jans.as.client.page.PageConfig) DeviceAuthzResponse(io.jans.as.client.DeviceAuthzResponse) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

PageConfig (io.jans.as.client.page.PageConfig)7 BaseTest (io.jans.as.client.BaseTest)6 WebDriver (org.openqa.selenium.WebDriver)6 Test (org.testng.annotations.Test)6 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)5 DeviceAuthzClient (io.jans.as.client.DeviceAuthzClient)5 DeviceAuthzRequest (io.jans.as.client.DeviceAuthzRequest)5 DeviceAuthzResponse (io.jans.as.client.DeviceAuthzResponse)5 RegisterResponse (io.jans.as.client.RegisterResponse)5 TokenResponse (io.jans.as.client.TokenResponse)5 Parameters (org.testng.annotations.Parameters)5 WebElement (org.openqa.selenium.WebElement)1