use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchApprovalButAdditionalScopesRequested.
@Test
void requestedScopesMatchApprovalButAdditionalScopesRequested() {
AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write")));
request.setApproved(false);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
// The request is not approved because the user has not yet approved all
// the scopes requested
assertFalse(handler.isApproved(request, mockAuthentication));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApprovedByWildcard.
@Test
void requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApprovedByWildcard() {
AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer", "space.2.developer")));
request.setApproved(false);
Set<String> autoApprovedScopes = new HashSet<>();
autoApprovedScopes.add("space.*.developer");
autoApprovedScopes.add("cloud_controller.write");
when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(autoApprovedScopes);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("space.1.developer").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
// The request is not approved because the user has denied some of the
// scopes requested
assertTrue(handler.isApproved(request, mockAuthentication));
assertThat(request.getScope(), Matchers.containsInAnyOrder("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer", "space.2.developer"));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApproved.
@Test
void requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApproved() {
AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write")));
request.setApproved(false);
when(mockBaseClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList("cloud_controller.read", "cloud_controller.write", "openid")));
when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(singleton("cloud_controller.write"));
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
// The request is not approved because the user has denied some of the
// scopes requested
assertTrue(handler.isApproved(request, mockAuthentication));
assertThat(request.getScope(), Matchers.containsInAnyOrder("openid", "cloud_controller.read", "cloud_controller.write"));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchByWildcard.
@Test
void requestedScopesMatchByWildcard() {
AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer")));
request.setApproved(false);
when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(singleton("true"));
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("space.1.developer").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
// The request is not approved because the user has denied some of the
// scopes requested
assertTrue(handler.isApproved(request, mockAuthentication));
assertThat(request.getScope(), Matchers.containsInAnyOrder("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer"));
}
use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.
the class ApprovalTests method testEquals.
@Test
public void testEquals() {
assertEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(500)).setStatus(Approval.ApprovalStatus.DENIED));
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c2").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c1").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u2").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED));
List<Approval> approvals = Arrays.asList(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c1").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c1").setScope("s3").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c2").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c2").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
assertTrue(approvals.contains(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED)));
assertFalse(approvals.contains(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED)));
}
Aggregations