Search in sources :

Example 56 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ClientAdminEndpointsIntegrationTests method testClientApprovalsDeleted.

@Test
public void testClientApprovalsDeleted() throws Exception {
    // create client
    BaseClientDetails client = createClient("client_credentials", "password");
    assertNotNull(getClient(client.getClientId()));
    // issue a user token for this client
    OAuth2AccessToken userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
    // make sure we don't have any approvals
    Approval[] approvals = getApprovals(userToken.getValue(), client.getClientId());
    Assert.assertEquals(0, approvals.length);
    // create three approvals
    addApprovals(userToken.getValue(), client.getClientId());
    approvals = getApprovals(userToken.getValue(), client.getClientId());
    Assert.assertEquals(3, approvals.length);
    // delete the client
    ResponseEntity<Void> result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients/{client}"), HttpMethod.DELETE, new HttpEntity<BaseClientDetails>(client, getAuthenticatedHeaders(token)), Void.class, client.getClientId());
    assertEquals(HttpStatus.OK, result.getStatusCode());
    // create a client that can read another clients approvals
    String deletedClientId = client.getClientId();
    client = createApprovalsClient("password");
    userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
    // make sure we don't have any approvals
    approvals = getApprovals(userToken.getValue(), deletedClientId);
    Assert.assertEquals(0, approvals.length);
    assertNull(getClient(deletedClientId));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.Test)

Example 57 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ClientAdminEndpointsIntegrationTests method getApprovals.

private Approval[] getApprovals(String token, String clientId) {
    String filter = "client_id eq \"" + clientId + "\"";
    HttpHeaders headers = getAuthenticatedHeaders(token);
    ResponseEntity<Approval[]> approvals = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/approvals"), HttpMethod.GET, new HttpEntity<>(headers), Approval[].class, filter);
    assertEquals(HttpStatus.OK, approvals.getStatusCode());
    return Arrays.stream(approvals.getBody()).filter(a -> clientId.equals(a.getClientId())).toArray(Approval[]::new);
}
Also used : Base64(org.springframework.security.crypto.codec.Base64) Arrays(java.util.Arrays) Date(java.util.Date) SecretChangeRequest(org.cloudfoundry.identity.uaa.oauth.client.SecretChangeRequest) TestAccountSetup(org.cloudfoundry.identity.uaa.test.TestAccountSetup) IdentityZoneSwitchingFilter(org.cloudfoundry.identity.uaa.zone.IdentityZoneSwitchingFilter) After(org.junit.After) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) Map(java.util.Map) RestTemplate(org.springframework.web.client.RestTemplate) HttpHeaders(org.springframework.http.HttpHeaders) MediaType(org.springframework.http.MediaType) HttpEntity(org.springframework.http.HttpEntity) List(java.util.List) SearchResults(org.cloudfoundry.identity.uaa.resources.SearchResults) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) InvalidClientDetailsException(org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException) GRANT_TYPE_AUTHORIZATION_CODE(org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Assert.assertEquals(junit.framework.Assert.assertEquals) UaaTestAccounts(org.cloudfoundry.identity.uaa.test.UaaTestAccounts) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) IntegrationTestUtils(org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils) ArrayList(java.util.ArrayList) Assert.assertTrue(junit.framework.Assert.assertTrue) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Matchers.hasSize(org.hamcrest.Matchers.hasSize) Approval(org.cloudfoundry.identity.uaa.approval.Approval) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Before(org.junit.Before) IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration) Assert.assertNotNull(org.junit.Assert.assertNotNull) IntegrationTestUtils.doesSupportZoneDNS(org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils.doesSupportZoneDNS) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) HttpMethod(org.springframework.http.HttpMethod) MultiValueMap(org.springframework.util.MultiValueMap) Test(org.junit.Test) ServerRunning(org.cloudfoundry.identity.uaa.ServerRunning) UaaException(org.cloudfoundry.identity.uaa.error.UaaException) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) HttpStatus(org.springframework.http.HttpStatus) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) Rule(org.junit.Rule) Assert.assertNull(org.junit.Assert.assertNull) ResponseEntity(org.springframework.http.ResponseEntity) Assert(org.junit.Assert) Comparator(java.util.Comparator) ClientSecretPolicy(org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) Collections(java.util.Collections) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) Assert.assertFalse(junit.framework.Assert.assertFalse) HttpHeaders(org.springframework.http.HttpHeaders) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Example 58 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ProfileControllerMockMvcTests method setUp.

@BeforeEach
void setUp() {
    currentIdentityZoneId = "currentIdentityZoneId-" + UUID.randomUUID().toString();
    when(identityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentIdentityZoneId);
    SecurityContextHolder.clearContext();
    mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
    Mockito.reset(approvalStore);
    Mockito.reset(clientDetailsService);
    DescribedApproval otherApproval = new DescribedApproval();
    otherApproval.setUserId(USER_ID);
    otherApproval.setClientId("other-client");
    otherApproval.setScope("thing.read");
    otherApproval.setStatus(APPROVED);
    otherApproval.setDescription("Read your thing resources");
    DescribedApproval readApproval = new DescribedApproval();
    readApproval.setUserId(USER_ID);
    readApproval.setClientId("app");
    readApproval.setScope("thing.read");
    readApproval.setStatus(APPROVED);
    readApproval.setDescription("Read your thing resources");
    DescribedApproval writeApproval = new DescribedApproval();
    writeApproval.setUserId(USER_ID);
    writeApproval.setClientId("app");
    writeApproval.setScope("thing.write");
    writeApproval.setStatus(APPROVED);
    writeApproval.setDescription("Write to your thing resources");
    List<DescribedApproval> allDescApprovals = Arrays.asList(otherApproval, readApproval, writeApproval);
    List<Approval> allApprovals = new LinkedList<>(allDescApprovals);
    when(approvalStore.getApprovalsForUser(anyString(), eq(currentIdentityZoneId))).thenReturn(allApprovals);
    BaseClientDetails appClient = new BaseClientDetails("app", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, "");
    appClient.addAdditionalInformation(ClientConstants.CLIENT_NAME, THE_ULTIMATE_APP);
    when(clientDetailsService.loadClientByClientId("app", currentIdentityZoneId)).thenReturn(appClient);
    BaseClientDetails otherClient = new BaseClientDetails("other-client", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, "");
    otherClient.addAdditionalInformation(ClientConstants.CLIENT_NAME, THE_ULTIMATE_APP);
    when(clientDetailsService.loadClientByClientId("other-client", currentIdentityZoneId)).thenReturn(otherClient);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) DescribedApproval(org.cloudfoundry.identity.uaa.approval.DescribedApproval) DescribedApproval(org.cloudfoundry.identity.uaa.approval.DescribedApproval) Approval(org.cloudfoundry.identity.uaa.approval.Approval) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 59 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method testApprovalsAreDeleted.

@Test
void testApprovalsAreDeleted() throws Exception {
    ClientDetails details = createClient(adminToken, new RandomValueStringGenerator().generate(), SECRET, Collections.singleton("password"));
    String userToken = testClient.getUserOAuthAccessToken(details.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
    Approval[] approvals = getApprovals(details.getClientId());
    assertEquals(0, approvals.length);
    addApprovals(userToken, details.getClientId());
    approvals = getApprovals(details.getClientId());
    assertEquals(3, approvals.length);
    MockHttpServletRequestBuilder deleteClientsPost = post("/oauth/clients/tx/delete").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(new ClientDetails[] { details }));
    ResultActions result = mockMvc.perform(deleteClientsPost);
    result.andExpect(status().isOk());
    ClientDetailsModification[] deleted = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
    assertTrue(deleted[0].isApprovalsDeleted());
    verify(mockApplicationEventPublisher, times(2)).publishEvent(abstractUaaEventCaptor.capture());
    approvals = getApprovals(details.getClientId());
    assertEquals(0, approvals.length);
}
Also used : ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ResultActions(org.springframework.test.web.servlet.ResultActions) Approval(org.cloudfoundry.identity.uaa.approval.Approval) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 60 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class AuditCheckMockMvcTests method testUserApprovalAdded.

@Test
void testUserApprovalAdded() throws Exception {
    clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "password", "oauth.login"));
    String marissaToken = testClient.getUserOAuthAccessToken("login", "loginsecret", testUser.getUserName(), testPassword, "oauth.approvals");
    Approval[] approvals = { new Approval().setUserId(null).setClientId("app").setScope("cloud_controller.read").setExpiresAt(Approval.timeFromNow(1000)).setStatus(Approval.ApprovalStatus.APPROVED) };
    MockHttpServletRequestBuilder approvalsPut = put("/approvals").accept(APPLICATION_JSON_VALUE).contentType(MediaType.APPLICATION_JSON).session(new MockHttpSession()).header("Authorization", "Bearer " + marissaToken).content(JsonUtils.writeValueAsBytes(approvals));
    resetAuditTestReceivers();
    mockMvc.perform(approvalsPut).andExpect(status().isOk());
    assertNumberOfAuditEventsReceived(1);
    ApprovalModifiedEvent approvalModifiedEvent = (ApprovalModifiedEvent) testListener.getLatestEvent();
    assertEquals(testUser.getUserName(), approvalModifiedEvent.getAuthentication().getName());
    assertTrue(approvalModifiedEvent.getAuditEvent().getOrigin().contains("sessionId=<SESSION>"));
    String latestMessage = testLogger.getLatestMessage();
    assertThat(latestMessage, containsString(" user=" + testUser.getUserName()));
    assertLogMessageWithSession(latestMessage, ApprovalModifiedEvent, testUser.getId(), "{\"scope\":\"cloud_controller.read\",\"status\":\"APPROVED\"}");
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ApprovalModifiedEvent(org.cloudfoundry.identity.uaa.audit.event.ApprovalModifiedEvent) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) MockHttpSession(org.springframework.mock.web.MockHttpSession) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Aggregations

Approval (org.cloudfoundry.identity.uaa.approval.Approval)80 Test (org.junit.jupiter.api.Test)34 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)29 Date (java.util.Date)26 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)21 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)19 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)18 Authentication (org.springframework.security.core.Authentication)17 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)17 IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)16 Test (org.junit.Test)16 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)7 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)6 ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)5 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)5 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5 ArrayList (java.util.ArrayList)4 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)4 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)4 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)4