use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class UserManagedAuthzApprovalHandlerTests method onlySomeRequestedScopeMatchesApproval.
@Test
void onlySomeRequestedScopeMatchesApproval() {
AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read")));
request.setApproved(false);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
// The request is not approved because the user has not yet approved all
// the scopes requested
assertFalse(handler.isApproved(request, mockAuthentication));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class UserManagedAuthzApprovalHandlerTests method someRequestedScopesMatchApproval.
@Test
void someRequestedScopesMatchApproval() {
AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Collections.singletonList("openid")));
request.setApproved(false);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
// The request is approved because the user has approved all the scopes
// requested
assertTrue(handler.isApproved(request, mockAuthentication));
assertEquals(new HashSet<>(Collections.singletonList("openid")), request.getScope());
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class UserManagedAuthzApprovalHandlerTests method noRequestedScopesButSomeApprovedScopes.
@Test
void noRequestedScopesButSomeApprovedScopes() {
AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>());
request.setApproved(false);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
// The request is approved because the user has not requested any scopes
assertTrue(handler.isApproved(request, mockAuthentication));
assertEquals(0, request.getScope().size());
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ApprovalTests method testHashCode.
@Test
public void testHashCode() {
assertEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(500)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c2").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c1").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u2").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED).hashCode());
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ApprovalTests method testExpiry.
@Test
public void testExpiry() {
int THIRTY_MINTUES = 30 * 60 * 1000;
assertTrue(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(THIRTY_MINTUES)).setStatus(Approval.ApprovalStatus.APPROVED).isActiveAsOf(new Date()));
int expiresIn = -1;
assertFalse(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(expiresIn)).setStatus(Approval.ApprovalStatus.APPROVED).isActiveAsOf(new Date()));
}
Aggregations