use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ClientAdminEndpointsIntegrationTests method testClientApprovalsDeleted.
@Test
public void testClientApprovalsDeleted() throws Exception {
// create client
BaseClientDetails client = createClient("client_credentials", "password");
assertNotNull(getClient(client.getClientId()));
// issue a user token for this client
OAuth2AccessToken userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
// make sure we don't have any approvals
Approval[] approvals = getApprovals(userToken.getValue(), client.getClientId());
Assert.assertEquals(0, approvals.length);
// create three approvals
addApprovals(userToken.getValue(), client.getClientId());
approvals = getApprovals(userToken.getValue(), client.getClientId());
Assert.assertEquals(3, approvals.length);
// delete the client
ResponseEntity<Void> result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients/{client}"), HttpMethod.DELETE, new HttpEntity<BaseClientDetails>(client, getAuthenticatedHeaders(token)), Void.class, client.getClientId());
assertEquals(HttpStatus.OK, result.getStatusCode());
// create a client that can read another clients approvals
String deletedClientId = client.getClientId();
client = createApprovalsClient("password");
userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
// make sure we don't have any approvals
approvals = getApprovals(userToken.getValue(), deletedClientId);
Assert.assertEquals(0, approvals.length);
assertNull(getClient(deletedClientId));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ClientAdminEndpointsIntegrationTests method getApprovals.
private Approval[] getApprovals(String token, String clientId) {
String filter = "client_id eq \"" + clientId + "\"";
HttpHeaders headers = getAuthenticatedHeaders(token);
ResponseEntity<Approval[]> approvals = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/approvals"), HttpMethod.GET, new HttpEntity<>(headers), Approval[].class, filter);
assertEquals(HttpStatus.OK, approvals.getStatusCode());
return Arrays.stream(approvals.getBody()).filter(a -> clientId.equals(a.getClientId())).toArray(Approval[]::new);
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ProfileControllerMockMvcTests method setUp.
@BeforeEach
void setUp() {
currentIdentityZoneId = "currentIdentityZoneId-" + UUID.randomUUID().toString();
when(identityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentIdentityZoneId);
SecurityContextHolder.clearContext();
mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
Mockito.reset(approvalStore);
Mockito.reset(clientDetailsService);
DescribedApproval otherApproval = new DescribedApproval();
otherApproval.setUserId(USER_ID);
otherApproval.setClientId("other-client");
otherApproval.setScope("thing.read");
otherApproval.setStatus(APPROVED);
otherApproval.setDescription("Read your thing resources");
DescribedApproval readApproval = new DescribedApproval();
readApproval.setUserId(USER_ID);
readApproval.setClientId("app");
readApproval.setScope("thing.read");
readApproval.setStatus(APPROVED);
readApproval.setDescription("Read your thing resources");
DescribedApproval writeApproval = new DescribedApproval();
writeApproval.setUserId(USER_ID);
writeApproval.setClientId("app");
writeApproval.setScope("thing.write");
writeApproval.setStatus(APPROVED);
writeApproval.setDescription("Write to your thing resources");
List<DescribedApproval> allDescApprovals = Arrays.asList(otherApproval, readApproval, writeApproval);
List<Approval> allApprovals = new LinkedList<>(allDescApprovals);
when(approvalStore.getApprovalsForUser(anyString(), eq(currentIdentityZoneId))).thenReturn(allApprovals);
BaseClientDetails appClient = new BaseClientDetails("app", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, "");
appClient.addAdditionalInformation(ClientConstants.CLIENT_NAME, THE_ULTIMATE_APP);
when(clientDetailsService.loadClientByClientId("app", currentIdentityZoneId)).thenReturn(appClient);
BaseClientDetails otherClient = new BaseClientDetails("other-client", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, "");
otherClient.addAdditionalInformation(ClientConstants.CLIENT_NAME, THE_ULTIMATE_APP);
when(clientDetailsService.loadClientByClientId("other-client", currentIdentityZoneId)).thenReturn(otherClient);
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method testApprovalsAreDeleted.
@Test
void testApprovalsAreDeleted() throws Exception {
ClientDetails details = createClient(adminToken, new RandomValueStringGenerator().generate(), SECRET, Collections.singleton("password"));
String userToken = testClient.getUserOAuthAccessToken(details.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
Approval[] approvals = getApprovals(details.getClientId());
assertEquals(0, approvals.length);
addApprovals(userToken, details.getClientId());
approvals = getApprovals(details.getClientId());
assertEquals(3, approvals.length);
MockHttpServletRequestBuilder deleteClientsPost = post("/oauth/clients/tx/delete").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(new ClientDetails[] { details }));
ResultActions result = mockMvc.perform(deleteClientsPost);
result.andExpect(status().isOk());
ClientDetailsModification[] deleted = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
assertTrue(deleted[0].isApprovalsDeleted());
verify(mockApplicationEventPublisher, times(2)).publishEvent(abstractUaaEventCaptor.capture());
approvals = getApprovals(details.getClientId());
assertEquals(0, approvals.length);
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class AuditCheckMockMvcTests method testUserApprovalAdded.
@Test
void testUserApprovalAdded() throws Exception {
clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "password", "oauth.login"));
String marissaToken = testClient.getUserOAuthAccessToken("login", "loginsecret", testUser.getUserName(), testPassword, "oauth.approvals");
Approval[] approvals = { new Approval().setUserId(null).setClientId("app").setScope("cloud_controller.read").setExpiresAt(Approval.timeFromNow(1000)).setStatus(Approval.ApprovalStatus.APPROVED) };
MockHttpServletRequestBuilder approvalsPut = put("/approvals").accept(APPLICATION_JSON_VALUE).contentType(MediaType.APPLICATION_JSON).session(new MockHttpSession()).header("Authorization", "Bearer " + marissaToken).content(JsonUtils.writeValueAsBytes(approvals));
resetAuditTestReceivers();
mockMvc.perform(approvalsPut).andExpect(status().isOk());
assertNumberOfAuditEventsReceived(1);
ApprovalModifiedEvent approvalModifiedEvent = (ApprovalModifiedEvent) testListener.getLatestEvent();
assertEquals(testUser.getUserName(), approvalModifiedEvent.getAuthentication().getName());
assertTrue(approvalModifiedEvent.getAuditEvent().getOrigin().contains("sessionId=<SESSION>"));
String latestMessage = testLogger.getLatestMessage();
assertThat(latestMessage, containsString(" user=" + testUser.getUserName()));
assertLogMessageWithSession(latestMessage, ApprovalModifiedEvent, testUser.getId(), "{\"scope\":\"cloud_controller.read\",\"status\":\"APPROVED\"}");
}
Aggregations