Search in sources :

Example 76 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method onlySomeRequestedScopeMatchesApproval.

@Test
void onlySomeRequestedScopeMatchesApproval() {
    AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read")));
    request.setApproved(false);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    // The request is not approved because the user has not yet approved all
    // the scopes requested
    assertFalse(handler.isApproved(request, mockAuthentication));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Example 77 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method someRequestedScopesMatchApproval.

@Test
void someRequestedScopesMatchApproval() {
    AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Collections.singletonList("openid")));
    request.setApproved(false);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    // The request is approved because the user has approved all the scopes
    // requested
    assertTrue(handler.isApproved(request, mockAuthentication));
    assertEquals(new HashSet<>(Collections.singletonList("openid")), request.getScope());
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Example 78 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method noRequestedScopesButSomeApprovedScopes.

@Test
void noRequestedScopesButSomeApprovedScopes() {
    AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>());
    request.setApproved(false);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    // The request is approved because the user has not requested any scopes
    assertTrue(handler.isApproved(request, mockAuthentication));
    assertEquals(0, request.getScope().size());
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Example 79 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ApprovalTests method testHashCode.

@Test
public void testHashCode() {
    assertEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(500)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c2").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c1").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u2").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode());
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED).hashCode(), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED).hashCode());
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.Test)

Example 80 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ApprovalTests method testExpiry.

@Test
public void testExpiry() {
    int THIRTY_MINTUES = 30 * 60 * 1000;
    assertTrue(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(THIRTY_MINTUES)).setStatus(Approval.ApprovalStatus.APPROVED).isActiveAsOf(new Date()));
    int expiresIn = -1;
    assertFalse(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(expiresIn)).setStatus(Approval.ApprovalStatus.APPROVED).isActiveAsOf(new Date()));
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Date(java.util.Date) Test(org.junit.Test)

Aggregations

Approval (org.cloudfoundry.identity.uaa.approval.Approval)80 Test (org.junit.jupiter.api.Test)34 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)29 Date (java.util.Date)26 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)21 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)19 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)18 Authentication (org.springframework.security.core.Authentication)17 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)17 IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)16 Test (org.junit.Test)16 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)7 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)6 ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)5 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)5 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5 ArrayList (java.util.ArrayList)4 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)4 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)4 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)4