Search in sources :

Example 51 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ApprovalServiceTest method ensureRequiredApprovals_throwsWhenApprovalsMissing.

@Test
public void ensureRequiredApprovals_throwsWhenApprovalsMissing() {
    expectedException.expect(InvalidTokenException.class);
    expectedException.expectMessage("requested scopes are not approved");
    long approvalExpiry = 10L;
    Approval approval = new Approval();
    approval.setScope("bar.read");
    approval.setStatus(Approval.ApprovalStatus.APPROVED);
    approval.setExpiresAt(new Date(approvalExpiry));
    when(timeService.getCurrentTimeMillis()).thenReturn(approvalExpiry - 5L);
    when(timeService.getCurrentDate()).thenCallRealMethod();
    List<Approval> approvals = Lists.newArrayList(approval);
    when(approvalStore.getApprovals(eq(USER_ID), eq(CLIENT_ID), anyString())).thenReturn(approvals);
    approvalService.ensureRequiredApprovals(USER_ID, Lists.newArrayList("foo.read"), GRANT_TYPE_AUTHORIZATION_CODE, clientDetails);
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Date(java.util.Date) Test(org.junit.Test)

Example 52 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ApprovalServiceTest method ensureRequiredApprovals_happyCase.

@Test
public void ensureRequiredApprovals_happyCase() {
    long approvalExpiry = 10L;
    Approval approval = new Approval();
    approval.setScope("foo.read");
    approval.setStatus(Approval.ApprovalStatus.APPROVED);
    approval.setExpiresAt(new Date(approvalExpiry));
    when(timeService.getCurrentTimeMillis()).thenReturn(approvalExpiry - 1L);
    when(timeService.getCurrentDate()).thenCallRealMethod();
    List<Approval> approvals = Lists.newArrayList(approval);
    when(approvalStore.getApprovals(eq(USER_ID), eq(CLIENT_ID), anyString())).thenReturn(approvals);
    approvalService.ensureRequiredApprovals(USER_ID, Lists.newArrayList("foo.read"), GRANT_TYPE_AUTHORIZATION_CODE, clientDetails);
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Date(java.util.Date) Test(org.junit.Test)

Example 53 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ApprovalServiceTest method ensureRequiredApprovals_iteratesThroughAllApprovalsAndScopes.

@Test
public void ensureRequiredApprovals_iteratesThroughAllApprovalsAndScopes() {
    long approvalExpiry = 10L;
    Approval approval1 = new Approval();
    approval1.setScope("foo.read");
    approval1.setStatus(Approval.ApprovalStatus.APPROVED);
    approval1.setExpiresAt(new Date(approvalExpiry));
    Approval approval2 = new Approval();
    approval2.setScope("bar.read");
    approval2.setStatus(Approval.ApprovalStatus.APPROVED);
    approval2.setExpiresAt(new Date(approvalExpiry));
    Approval approval3 = new Approval();
    approval3.setScope("baz.read");
    approval3.setStatus(Approval.ApprovalStatus.APPROVED);
    approval3.setExpiresAt(new Date(approvalExpiry));
    when(timeService.getCurrentTimeMillis()).thenReturn(approvalExpiry - 1L);
    when(timeService.getCurrentDate()).thenCallRealMethod();
    List<Approval> approvals = Lists.newArrayList(approval1, approval2, approval3);
    when(approvalStore.getApprovals(eq(USER_ID), eq(CLIENT_ID), anyString())).thenReturn(approvals);
    approvalService.ensureRequiredApprovals(USER_ID, Lists.newArrayList("foo.read", "bar.read"), GRANT_TYPE_AUTHORIZATION_CODE, clientDetails);
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Date(java.util.Date) Test(org.junit.Test)

Example 54 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class CheckTokenEndpointTests method testDeniedApprovals.

@Test(expected = InvalidTokenException.class)
public void testDeniedApprovals() throws Exception {
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    Date oneSecondAgo = new Date(nowMillis - 1000);
    Date thirtySecondsAhead = new Date(nowMillis + 30000);
    approvalStore.revokeApproval(new Approval().setUserId(userId).setClientId("client").setScope("read").setExpiresAt(thirtySecondsAhead).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId());
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("client").setScope("read").setExpiresAt(thirtySecondsAhead).setStatus(ApprovalStatus.DENIED).setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId());
    Claims result = endpoint.checkToken(accessToken.getValue(), Collections.emptyList(), request);
    assertNull(result.getAuthorities());
}
Also used : Claims(org.cloudfoundry.identity.uaa.oauth.token.Claims) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Date(java.util.Date) Test(org.junit.Test)

Example 55 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class CheckTokenEndpointTests method testExpiredApprovals.

@Test(expected = InvalidTokenException.class)
public void testExpiredApprovals() throws Exception {
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    approvalStore.revokeApproval(new Approval().setUserId(userId).setClientId("client").setScope("read").setExpiresAt(new Date(nowMillis)).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("client").setScope("read").setExpiresAt(new Date(nowMillis)).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
    Claims result = endpoint.checkToken(accessToken.getValue(), Collections.emptyList(), request);
    assertNull(result.getAuthorities());
}
Also used : Claims(org.cloudfoundry.identity.uaa.oauth.token.Claims) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Date(java.util.Date) Test(org.junit.Test)

Aggregations

Approval (org.cloudfoundry.identity.uaa.approval.Approval)80 Test (org.junit.jupiter.api.Test)34 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)29 Date (java.util.Date)26 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)21 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)19 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)18 Authentication (org.springframework.security.core.Authentication)17 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)17 IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)16 Test (org.junit.Test)16 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)7 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)6 ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)5 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)5 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5 ArrayList (java.util.ArrayList)4 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)4 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)4 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)4