use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class DeprecatedUaaTokenServicesTests method testUserUpdatedAfterRefreshTokenIssued.
@Test(expected = TokenRevokedException.class)
public void testUserUpdatedAfterRefreshTokenIssued() {
Calendar expiresAt = Calendar.getInstance();
expiresAt.add(Calendar.MILLISECOND, 3000);
tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
authorizationRequest.setRequestParameters(azParameters);
Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
UaaUser user = tokenSupport.userDatabase.retrieveUserByName(tokenSupport.username, OriginKeys.UAA);
UaaUser newUser = new UaaUser(new UaaUserPrototype().withId(tokenSupport.userId).withUsername(user.getUsername()).withPassword("blah").withEmail(user.getEmail()).withAuthorities(user.getAuthorities()));
tokenSupport.userDatabase.updateUser(tokenSupport.userId, newUser);
AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
refreshAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters());
refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN);
refreshAuthorizationRequest.setRequestParameters(refreshAzParameters);
tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token"));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class DeprecatedUaaTokenServicesTests method testCreateAccessTokenAuthcodeGrant.
@Test
public void testCreateAccessTokenAuthcodeGrant() {
AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
authorizationRequest.setRequestParameters(azParameters);
authorizationRequest.setResponseTypes(Sets.newHashSet("id_token"));
Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
Approval approval = new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(OPENID).setExpiresAt(new Date()).setStatus(ApprovalStatus.APPROVED);
tokenSupport.approvalStore.addApproval(approval, IdentityZone.getUaaZoneId());
OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
CompositeToken castAccessToken = (CompositeToken) accessToken;
assertThat(castAccessToken.getIdTokenValue(), is(notNullValue()));
validateAccessAndRefreshToken(accessToken);
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class DeprecatedUaaTokenServicesTests method getOAuth2AccessToken.
private OAuth2AccessToken getOAuth2AccessToken() {
expiresAt.add(Calendar.MILLISECOND, 300000);
updatedAt.add(Calendar.MILLISECOND, -1000);
tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(OPENID).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
authorizationRequest.setRequestParameters(azParameters);
Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
return tokenServices.createAccessToken(authentication);
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class DeprecatedUaaTokenServicesTests method testRefreshTokenAfterApprovalsDenied.
@Test(expected = InvalidTokenException.class)
public void testRefreshTokenAfterApprovalsDenied() {
Calendar expiresAt = Calendar.getInstance();
expiresAt.add(Calendar.MILLISECOND, -3000);
tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.DENIED), IdentityZoneHolder.get().getId());
tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
authorizationRequest.setRequestParameters(azParameters);
Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
refreshAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters());
refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN);
refreshAuthorizationRequest.setRequestParameters(refreshAzParameters);
tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token"));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ApprovalServiceTest method ensureRequiredApprovals_throwsWhenApprovalIsDenied.
@Test
public void ensureRequiredApprovals_throwsWhenApprovalIsDenied() {
expectedException.expect(InvalidTokenException.class);
expectedException.expectMessage("requested scopes are not approved");
long approvalExpiry = 10L;
Approval approval = new Approval();
approval.setScope("foo.read");
approval.setStatus(Approval.ApprovalStatus.DENIED);
approval.setExpiresAt(new Date(approvalExpiry));
when(timeService.getCurrentTimeMillis()).thenReturn(approvalExpiry - 1L);
when(timeService.getCurrentDate()).thenCallRealMethod();
List<Approval> approvals = Lists.newArrayList(approval);
when(approvalStore.getApprovals(eq(USER_ID), eq(CLIENT_ID), anyString())).thenReturn(approvals);
approvalService.ensureRequiredApprovals(USER_ID, Lists.newArrayList("foo.read"), GRANT_TYPE_AUTHORIZATION_CODE, clientDetails);
}
Aggregations