use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ApprovalServiceTest method ensureRequiredApprovals_throwsWhenApprovalsExpired.
@Test
public void ensureRequiredApprovals_throwsWhenApprovalsExpired() {
expectedException.expect(InvalidTokenException.class);
expectedException.expectMessage("approvals expired");
long approvalExpiry = 10L;
Approval approval = new Approval();
approval.setScope("foo.read");
approval.setStatus(Approval.ApprovalStatus.APPROVED);
approval.setExpiresAt(new Date(approvalExpiry));
when(timeService.getCurrentTimeMillis()).thenReturn(approvalExpiry + 1L);
when(timeService.getCurrentDate()).thenCallRealMethod();
List<Approval> approvals = Lists.newArrayList(approval);
when(approvalStore.getApprovals(eq(USER_ID), eq(CLIENT_ID), anyString())).thenReturn(approvals);
approvalService.ensureRequiredApprovals(USER_ID, Lists.newArrayList("foo.read"), GRANT_TYPE_AUTHORIZATION_CODE, clientDetails);
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ApprovalServiceTest method ensureRequiredApprovals_throwsIfAnyRequestedScopesAreNotApproved.
@Test
public void ensureRequiredApprovals_throwsIfAnyRequestedScopesAreNotApproved() {
expectedException.expect(InvalidTokenException.class);
expectedException.expectMessage("requested scopes are not approved");
long approvalExpiry = 10L;
Approval approval1 = new Approval();
approval1.setScope("foo.read");
approval1.setStatus(Approval.ApprovalStatus.APPROVED);
approval1.setExpiresAt(new Date(approvalExpiry));
Approval approval2 = new Approval();
approval2.setScope("bar.read");
approval2.setStatus(Approval.ApprovalStatus.DENIED);
approval2.setExpiresAt(new Date(approvalExpiry));
Approval approval3 = new Approval();
approval3.setScope("baz.read");
approval3.setStatus(Approval.ApprovalStatus.APPROVED);
approval3.setExpiresAt(new Date(approvalExpiry));
when(timeService.getCurrentTimeMillis()).thenReturn(approvalExpiry - 1L);
when(timeService.getCurrentDate()).thenCallRealMethod();
List<Approval> approvals = Lists.newArrayList(approval1, approval2, approval3);
when(approvalStore.getApprovals(eq(USER_ID), eq(CLIENT_ID), anyString())).thenReturn(approvals);
approvalService.ensureRequiredApprovals(USER_ID, Lists.newArrayList("foo.read", "bar.read"), GRANT_TYPE_AUTHORIZATION_CODE, clientDetails);
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ScimUserEndpointDocs method setUp.
@BeforeEach
void setUp() throws Exception {
userProvisioning = webApplicationContext.getBean(ScimUserProvisioning.class);
scimReadToken = MockMvcUtils.getClientCredentialsOAuthAccessToken(mockMvc, "admin", "adminsecret", "scim.read", null, true);
scimWriteToken = MockMvcUtils.getClientCredentialsOAuthAccessToken(mockMvc, "admin", "adminsecret", "scim.write", null, true);
user = createScimUserObject();
user = MockMvcUtils.createUser(mockMvc, scimWriteToken, user);
ApprovalStore approvalStore = webApplicationContext.getBean(ApprovalStore.class);
approvalStore.addApproval(new Approval().setClientId("client id").setUserId(user.getId()).setExpiresAt(new Date(System.currentTimeMillis() + 10000)).setScope("scim.read").setStatus(Approval.ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ScimUserEndpointDocs method test_Update_User.
@Test
void test_Update_User() throws Exception {
ApprovalStore store = webApplicationContext.getBean(ApprovalStore.class);
Approval approval = new Approval().setUserId(user.getId()).setStatus(Approval.ApprovalStatus.DENIED).setScope("uaa.user").setClientId("identity").setExpiresAt(new Date(System.currentTimeMillis() + 30000)).setLastUpdatedAt(new Date(System.currentTimeMillis() + 30000));
store.addApproval(approval, IdentityZoneHolder.get().getId());
user.setGroups(Collections.emptyList());
mockMvc.perform(RestDocumentationRequestBuilders.put("/Users/{userId}", user.getId()).accept(APPLICATION_JSON).header("Authorization", "Bearer " + scimWriteToken).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).header("If-Match", user.getVersion()).content(JsonUtils.writeValueAsString(user))).andExpect(status().isOk()).andDo(document("{ClassName}/{methodName}", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), pathParameters(parameterWithName("userId").description(userIdDescription)), requestHeaders(headerWithName("Authorization").description(requiredUserUpdateScopes), headerWithName("If-Match").description("The version of the SCIM object to be updated. Wildcard (*) accepted."), IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), updateFields, responseFields(updateResponse)));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ScimUserEndpointDocs method test_Delete_User.
@Test
void test_Delete_User() throws Exception {
ApprovalStore store = webApplicationContext.getBean(ApprovalStore.class);
Approval approval = new Approval().setUserId(user.getId()).setStatus(Approval.ApprovalStatus.APPROVED).setScope("uaa.user").setClientId("identity").setExpiresAt(new Date(System.currentTimeMillis() + 30000)).setLastUpdatedAt(new Date(System.currentTimeMillis() + 30000));
store.addApproval(approval, IdentityZoneHolder.get().getId());
mockMvc.perform(RestDocumentationRequestBuilders.delete("/Users/{userId}", user.getId()).accept(APPLICATION_JSON).header("Authorization", "Bearer " + scimWriteToken).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).header("If-Match", user.getVersion())).andExpect(status().isOk()).andDo(document("{ClassName}/{methodName}", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), pathParameters(parameterWithName("userId").description(userIdDescription)), requestHeaders(headerWithName("Authorization").description("Access token with `scim.write` or `uaa.admin` required"), headerWithName("If-Match").optional().description("The version of the SCIM object to be deleted. Optional."), IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), responseFields(updateResponse)));
}
Aggregations