Example 1 with ApprovalService
use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.
the class IdTokenGranterTest method setup.
@Before
public void setup() {
user = new UaaUser(new UaaUserPrototype().withId("user").withUsername("user").withEmail("user@example.com"));
clientDetails = new BaseClientDetails();
clientWithoutOpenid = new BaseClientDetails("clientId", null, "foo.read", null, null);
clientWithOpenId = new BaseClientDetails("clientId", null, "foo.read,openid", null, null);
requestedScopesWithoutOpenId = Sets.newHashSet("foo.read");
requestedScopesWithOpenId = Sets.newHashSet("foo.read", "openid");
validGrantTypeForIdToken = GRANT_TYPE_IMPLICIT;
approvalService = mock(ApprovalService.class);
idTokenGranter = new IdTokenGranter(approvalService);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser)
UaaUserPrototype(org.cloudfoundry.identity.uaa.user.UaaUserPrototype)
ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService)
Before(org.junit.Before)
Example 2 with ApprovalService
use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.
the class DeprecatedUaaTokenServicesTests method refreshAccessToken_buildsIdToken_withRolesAndAttributesAndACR.
@Test
public void refreshAccessToken_buildsIdToken_withRolesAndAttributesAndACR() throws Exception {
IdTokenCreator idTokenCreator = mock(IdTokenCreator.class);
when(idTokenCreator.create(any(), any(), any())).thenReturn(mock(IdToken.class));
BaseClientDetails clientDetails = new BaseClientDetails();
clientDetails.setScope(Sets.newHashSet("openid"));
MultitenantClientServices mockMultitenantClientServices = mock(MultitenantClientServices.class);
when(mockMultitenantClientServices.loadClientByClientId(eq(TokenTestSupport.CLIENT_ID))).thenReturn(clientDetails);
TokenValidityResolver tokenValidityResolver = mock(TokenValidityResolver.class);
when(tokenValidityResolver.resolve(TokenTestSupport.CLIENT_ID)).thenReturn(new Date());
TokenValidation tokenValidation = mock(TokenValidation.class);
TokenValidationService tokenValidationService = mock(TokenValidationService.class);
when(tokenValidationService.validateToken(anyString(), anyBoolean())).thenReturn(tokenValidation);
HashMap<String, Object> claims = Maps.newHashMap();
String userId = "userid";
claims.put(ClaimConstants.USER_ID, userId);
claims.put(ClaimConstants.CID, TokenTestSupport.CLIENT_ID);
claims.put(ClaimConstants.EXP, 1);
claims.put(ClaimConstants.GRANTED_SCOPES, Lists.newArrayList("read", "write", "openid"));
claims.put(ClaimConstants.GRANT_TYPE, "password");
claims.put(ClaimConstants.AUD, Lists.newArrayList(TokenTestSupport.CLIENT_ID));
HashMap<Object, Object> acrMap = Maps.newHashMap();
acrMap.put(IdToken.ACR_VALUES_KEY, acrValue);
claims.put(ClaimConstants.ACR, acrMap);
when(tokenValidation.getClaims()).thenReturn(claims);
when(tokenValidation.checkJti()).thenReturn(tokenValidation);
Jwt jwt = mock(Jwt.class);
when(tokenValidation.getJwt()).thenReturn(jwt);
when(jwt.getEncoded()).thenReturn("encoded");
UaaUserDatabase userDatabase = mock(UaaUserDatabase.class);
UaaUser user = new UaaUser(new UaaUserPrototype().withId(userId).withUsername("marissa").withEmail("marissa@example.com"));
when(userDatabase.retrieveUserById(userId)).thenReturn(user);
ArgumentCaptor<UserAuthenticationData> userAuthenticationDataArgumentCaptor = ArgumentCaptor.forClass(UserAuthenticationData.class);
TimeService timeService = mock(TimeService.class);
when(timeService.getCurrentTimeMillis()).thenReturn(1000L);
when(timeService.getCurrentDate()).thenCallRealMethod();
ApprovalService approvalService = mock(ApprovalService.class);
UaaTokenServices uaaTokenServices = new UaaTokenServices(idTokenCreator, mock(TokenEndpointBuilder.class), mockMultitenantClientServices, mock(RevocableTokenProvisioning.class), tokenValidationService, mock(RefreshTokenCreator.class), timeService, tokenValidityResolver, userDatabase, Sets.newHashSet(), new TokenPolicy(), new KeyInfoService(DEFAULT_ISSUER), new IdTokenGranter(approvalService), approvalService);
UserInfo userInfo = new UserInfo();
userInfo.setRoles(Lists.newArrayList("custom_role"));
MultiValueMap<String, String> userAttributes = new LinkedMultiValueMap<>();
userAttributes.put("multi_value", Arrays.asList("value1", "value2"));
userAttributes.add("single_value", "value3");
userInfo.setUserAttributes(userAttributes);
when(userDatabase.getUserInfo(userId)).thenReturn(userInfo);
String refreshToken = getOAuth2AccessToken().getRefreshToken().getValue();
uaaTokenServices.refreshAccessToken(refreshToken, getRefreshTokenRequest());
verify(idTokenCreator).create(eq(clientDetails), eq(user), userAuthenticationDataArgumentCaptor.capture());
UserAuthenticationData userData = userAuthenticationDataArgumentCaptor.getValue();
Set<String> expectedRoles = Sets.newHashSet("custom_role");
assertEquals(expectedRoles, userData.roles);
assertEquals(userAttributes, userData.userAttributes);
assertEquals(acrValue, userData.contextClassRef);
}
Also used :
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
UserInfo(org.cloudfoundry.identity.uaa.user.UserInfo)
IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString)
ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService)
UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase)
IdTokenCreator(org.cloudfoundry.identity.uaa.oauth.openid.IdTokenCreator)
UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser)
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
IdToken(org.cloudfoundry.identity.uaa.oauth.openid.IdToken)
Jwt(org.cloudfoundry.identity.uaa.oauth.jwt.Jwt)
TimeService(org.cloudfoundry.identity.uaa.util.TimeService)
IdTokenGranter(org.cloudfoundry.identity.uaa.oauth.openid.IdTokenGranter)
RefreshTokenCreator(org.cloudfoundry.identity.uaa.oauth.refresh.RefreshTokenCreator)
UserAuthenticationData(org.cloudfoundry.identity.uaa.oauth.openid.UserAuthenticationData)
TokenValidation(org.cloudfoundry.identity.uaa.util.TokenValidation)
UaaUserPrototype(org.cloudfoundry.identity.uaa.user.UaaUserPrototype)
Example 3 with ApprovalService
use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.
the class CheckTokenEndpointTests method setUp.
public void setUp(boolean opaque) throws Exception {
zone = MultitenancyFixture.identityZone("id", "subdomain");
defaultZone = IdentityZone.getUaa();
mockIdentityZoneManager = mock(IdentityZoneManager.class);
when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId());
when(mockIdentityZoneManager.getCurrentIdentityZone()).thenReturn(defaultZone);
clientDetailsService = new InMemoryMultitenantClientServices(mockIdentityZoneManager);
TestUtils.resetIdentityZoneHolder(null);
nowMillis = 10000L;
timeService = mock(TimeService.class);
when(timeService.getCurrentTimeMillis()).thenReturn(nowMillis);
when(timeService.getCurrentDate()).thenCallRealMethod();
userAuthorities = new ArrayList<>();
userAuthorities.add(new SimpleGrantedAuthority("read"));
userAuthorities.add(new SimpleGrantedAuthority("write"));
userAuthorities.add(new SimpleGrantedAuthority("zones.myzone.admin"));
userAuthorities.addAll(UaaAuthority.USER_AUTHORITIES);
user = new UaaUser(userId, userName, "password", userEmail, userAuthorities, "GivenName", "FamilyName", new Date(nowMillis - 2000), new Date(nowMillis - 2000), OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), "salt", new Date(nowMillis - 2000));
authorizationRequest = new AuthorizationRequest("client", Collections.singleton("read"));
authorizationRequest.setResourceIds(new HashSet<>(Arrays.asList("client", "scim")));
Map<String, String> requestParameters = new HashMap<>();
tokenProvisioning = mock(RevocableTokenProvisioning.class);
if (opaque) {
tokenMap = new HashMap<>();
when(tokenProvisioning.create(any(), anyString())).thenAnswer(invocation -> {
RevocableToken token = (RevocableToken) invocation.getArguments()[0];
tokenMap.put(token.getTokenId(), token);
return token;
});
when(tokenProvisioning.retrieve(anyString(), anyString())).thenAnswer(invocation -> {
String id = (String) invocation.getArguments()[0];
return tokenMap.get(id);
});
requestParameters.put(TokenConstants.REQUEST_TOKEN_FORMAT, OPAQUE.getStringValue());
}
authorizationRequest.setRequestParameters(requestParameters);
authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), UaaAuthenticationTestFactory.getAuthentication(userId, userName, "olds@vmware.com"));
configureDefaultZoneKeys(Collections.singletonMap("testKey", signerKey));
IdentityZoneHolder.set(defaultZone);
when(zoneProvisioning.retrieve(IdentityZone.getUaaZoneId())).thenReturn(defaultZone);
Date oneSecondAgo = new Date(nowMillis - 1000);
Date thirtySecondsAhead = new Date(nowMillis + 30000);
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("client").setScope("read").setExpiresAt(thirtySecondsAhead).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId());
approvalStore.addApproval(new Approval().setUserId(userId).setClientId("client").setScope("write").setExpiresAt(thirtySecondsAhead).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId());
defaultClient = new BaseClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080/uaa");
clientDetailsStore = Collections.singletonMap("client", defaultClient);
clientDetailsService.setClientDetailsStore(zone.getId(), clientDetailsStore);
clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore);
tokenEndpointBuilder = new TokenEndpointBuilder("http://localhost:8080/uaa");
userDatabase = mock(UaaUserDatabase.class);
KeyInfoService keyInfoService = new KeyInfoService("http://localhost:8080/uaa");
tokenValidationService = new TokenValidationService(tokenProvisioning, tokenEndpointBuilder, userDatabase, clientDetailsService, keyInfoService);
ApprovalService approvalService = new ApprovalService(timeService, approvalStore);
tokenServices = new UaaTokenServices(mock(IdTokenCreator.class), tokenEndpointBuilder, clientDetailsService, tokenProvisioning, tokenValidationService, null, timeService, new TokenValidityResolver(new ClientAccessTokenValidity(clientDetailsService, mockIdentityZoneManager), Integer.MAX_VALUE, timeService), userDatabase, Sets.newHashSet(), IdentityZoneHolder.get().getConfig().getTokenPolicy(), keyInfoService, new IdTokenGranter(approvalService), approvalService);
resetAndMockUserDatabase(userId, user);
endpoint = new CheckTokenEndpoint(tokenServices, timeService);
}
Also used :
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
HashMap(java.util.HashMap)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService)
UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
RevocableToken(org.cloudfoundry.identity.uaa.oauth.token.RevocableToken)
UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser)
Approval(org.cloudfoundry.identity.uaa.approval.Approval)
IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager)
InMemoryMultitenantClientServices(org.cloudfoundry.identity.uaa.zone.InMemoryMultitenantClientServices)
RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning)
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
TimeService(org.cloudfoundry.identity.uaa.util.TimeService)
IdTokenGranter(org.cloudfoundry.identity.uaa.oauth.openid.IdTokenGranter)
Date(java.util.Date)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Example 4 with ApprovalService
use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.
the class ApprovalServiceTest method setup.
@Before
public void setup() {
timeService = mock(TimeService.class);
approvalStore = mock(ApprovalStore.class);
clientDetails = new BaseClientDetails(CLIENT_ID, null, "foo.read,bar.write", null, null);
approvalService = new ApprovalService(timeService, approvalStore);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
TimeService(org.cloudfoundry.identity.uaa.util.TimeService)
ApprovalStore(org.cloudfoundry.identity.uaa.approval.ApprovalStore)
ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService)
Before(org.junit.Before)
Aggregations
ApprovalService (org.cloudfoundry.identity.uaa.approval.ApprovalService)4
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)4
UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)3
TimeService (org.cloudfoundry.identity.uaa.util.TimeService)3
IdTokenGranter (org.cloudfoundry.identity.uaa.oauth.openid.IdTokenGranter)2
UaaUserDatabase (org.cloudfoundry.identity.uaa.user.UaaUserDatabase)2
UaaUserPrototype (org.cloudfoundry.identity.uaa.user.UaaUserPrototype)2
Before (org.junit.Before)2
Date (java.util.Date)1
HashMap (java.util.HashMap)1
Approval (org.cloudfoundry.identity.uaa.approval.Approval)1
ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)1
Jwt (org.cloudfoundry.identity.uaa.oauth.jwt.Jwt)1
IdToken (org.cloudfoundry.identity.uaa.oauth.openid.IdToken)1
IdTokenCreator (org.cloudfoundry.identity.uaa.oauth.openid.IdTokenCreator)1
UserAuthenticationData (org.cloudfoundry.identity.uaa.oauth.openid.UserAuthenticationData)1
RefreshTokenCreator (org.cloudfoundry.identity.uaa.oauth.refresh.RefreshTokenCreator)1
RevocableToken (org.cloudfoundry.identity.uaa.oauth.token.RevocableToken)1
RevocableTokenProvisioning (org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning)1
UserInfo (org.cloudfoundry.identity.uaa.user.UserInfo)1
