Search in sources :

Example 36 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchApprovalButAdditionalScopesRequested.

@Test
void requestedScopesMatchApprovalButAdditionalScopesRequested() {
    AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write")));
    request.setApproved(false);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    // The request is not approved because the user has not yet approved all
    // the scopes requested
    assertFalse(handler.isApproved(request, mockAuthentication));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Example 37 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApprovedByWildcard.

@Test
void requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApprovedByWildcard() {
    AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer", "space.2.developer")));
    request.setApproved(false);
    Set<String> autoApprovedScopes = new HashSet<>();
    autoApprovedScopes.add("space.*.developer");
    autoApprovedScopes.add("cloud_controller.write");
    when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(autoApprovedScopes);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("space.1.developer").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    // The request is not approved because the user has denied some of the
    // scopes requested
    assertTrue(handler.isApproved(request, mockAuthentication));
    assertThat(request.getScope(), Matchers.containsInAnyOrder("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer", "space.2.developer"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Example 38 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApproved.

@Test
void requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApproved() {
    AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write")));
    request.setApproved(false);
    when(mockBaseClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList("cloud_controller.read", "cloud_controller.write", "openid")));
    when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(singleton("cloud_controller.write"));
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    // The request is not approved because the user has denied some of the
    // scopes requested
    assertTrue(handler.isApproved(request, mockAuthentication));
    assertThat(request.getScope(), Matchers.containsInAnyOrder("openid", "cloud_controller.read", "cloud_controller.write"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Example 39 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method requestedScopesMatchByWildcard.

@Test
void requestedScopesMatchByWildcard() {
    AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<>(Arrays.asList("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer")));
    request.setApproved(false);
    when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(singleton("true"));
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("openid").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.read").setExpiresAt(nextWeek).setStatus(APPROVED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("cloud_controller.write").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("foo").setScope("space.1.developer").setExpiresAt(nextWeek).setStatus(DENIED), currentIdentityZoneId);
    // The request is not approved because the user has denied some of the
    // scopes requested
    assertTrue(handler.isApproved(request, mockAuthentication));
    assertThat(request.getScope(), Matchers.containsInAnyOrder("openid", "cloud_controller.read", "cloud_controller.write", "space.1.developer"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Example 40 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ApprovalTests method testEquals.

@Test
public void testEquals() {
    assertEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(500)).setStatus(Approval.ApprovalStatus.DENIED));
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c2").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c1").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u2").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
    assertNotEquals(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED), new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED));
    List<Approval> approvals = Arrays.asList(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c1").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c1").setScope("s3").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c2").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED), new Approval().setUserId("u1").setClientId("c2").setScope("s2").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED));
    assertTrue(approvals.contains(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.APPROVED)));
    assertFalse(approvals.contains(new Approval().setUserId("u1").setClientId("c1").setScope("s1").setExpiresAt(Approval.timeFromNow(100)).setStatus(Approval.ApprovalStatus.DENIED)));
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.Test)

Aggregations

Approval (org.cloudfoundry.identity.uaa.approval.Approval)80 Test (org.junit.jupiter.api.Test)34 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)29 Date (java.util.Date)26 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)21 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)19 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)18 Authentication (org.springframework.security.core.Authentication)17 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)17 IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)16 Test (org.junit.Test)16 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)7 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)6 ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)5 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)5 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5 ArrayList (java.util.ArrayList)4 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)4 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)4 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)4