Search in sources :

Example 1 with ApprovalService

use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.

the class IdTokenGranterTest method setup.

@Before
public void setup() {
    user = new UaaUser(new UaaUserPrototype().withId("user").withUsername("user").withEmail("user@example.com"));
    clientDetails = new BaseClientDetails();
    clientWithoutOpenid = new BaseClientDetails("clientId", null, "foo.read", null, null);
    clientWithOpenId = new BaseClientDetails("clientId", null, "foo.read,openid", null, null);
    requestedScopesWithoutOpenId = Sets.newHashSet("foo.read");
    requestedScopesWithOpenId = Sets.newHashSet("foo.read", "openid");
    validGrantTypeForIdToken = GRANT_TYPE_IMPLICIT;
    approvalService = mock(ApprovalService.class);
    idTokenGranter = new IdTokenGranter(approvalService);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) UaaUserPrototype(org.cloudfoundry.identity.uaa.user.UaaUserPrototype) ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService) Before(org.junit.Before)

Example 2 with ApprovalService

use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method refreshAccessToken_buildsIdToken_withRolesAndAttributesAndACR.

@Test
public void refreshAccessToken_buildsIdToken_withRolesAndAttributesAndACR() throws Exception {
    IdTokenCreator idTokenCreator = mock(IdTokenCreator.class);
    when(idTokenCreator.create(any(), any(), any())).thenReturn(mock(IdToken.class));
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setScope(Sets.newHashSet("openid"));
    MultitenantClientServices mockMultitenantClientServices = mock(MultitenantClientServices.class);
    when(mockMultitenantClientServices.loadClientByClientId(eq(TokenTestSupport.CLIENT_ID))).thenReturn(clientDetails);
    TokenValidityResolver tokenValidityResolver = mock(TokenValidityResolver.class);
    when(tokenValidityResolver.resolve(TokenTestSupport.CLIENT_ID)).thenReturn(new Date());
    TokenValidation tokenValidation = mock(TokenValidation.class);
    TokenValidationService tokenValidationService = mock(TokenValidationService.class);
    when(tokenValidationService.validateToken(anyString(), anyBoolean())).thenReturn(tokenValidation);
    HashMap<String, Object> claims = Maps.newHashMap();
    String userId = "userid";
    claims.put(ClaimConstants.USER_ID, userId);
    claims.put(ClaimConstants.CID, TokenTestSupport.CLIENT_ID);
    claims.put(ClaimConstants.EXP, 1);
    claims.put(ClaimConstants.GRANTED_SCOPES, Lists.newArrayList("read", "write", "openid"));
    claims.put(ClaimConstants.GRANT_TYPE, "password");
    claims.put(ClaimConstants.AUD, Lists.newArrayList(TokenTestSupport.CLIENT_ID));
    HashMap<Object, Object> acrMap = Maps.newHashMap();
    acrMap.put(IdToken.ACR_VALUES_KEY, acrValue);
    claims.put(ClaimConstants.ACR, acrMap);
    when(tokenValidation.getClaims()).thenReturn(claims);
    when(tokenValidation.checkJti()).thenReturn(tokenValidation);
    Jwt jwt = mock(Jwt.class);
    when(tokenValidation.getJwt()).thenReturn(jwt);
    when(jwt.getEncoded()).thenReturn("encoded");
    UaaUserDatabase userDatabase = mock(UaaUserDatabase.class);
    UaaUser user = new UaaUser(new UaaUserPrototype().withId(userId).withUsername("marissa").withEmail("marissa@example.com"));
    when(userDatabase.retrieveUserById(userId)).thenReturn(user);
    ArgumentCaptor<UserAuthenticationData> userAuthenticationDataArgumentCaptor = ArgumentCaptor.forClass(UserAuthenticationData.class);
    TimeService timeService = mock(TimeService.class);
    when(timeService.getCurrentTimeMillis()).thenReturn(1000L);
    when(timeService.getCurrentDate()).thenCallRealMethod();
    ApprovalService approvalService = mock(ApprovalService.class);
    UaaTokenServices uaaTokenServices = new UaaTokenServices(idTokenCreator, mock(TokenEndpointBuilder.class), mockMultitenantClientServices, mock(RevocableTokenProvisioning.class), tokenValidationService, mock(RefreshTokenCreator.class), timeService, tokenValidityResolver, userDatabase, Sets.newHashSet(), new TokenPolicy(), new KeyInfoService(DEFAULT_ISSUER), new IdTokenGranter(approvalService), approvalService);
    UserInfo userInfo = new UserInfo();
    userInfo.setRoles(Lists.newArrayList("custom_role"));
    MultiValueMap<String, String> userAttributes = new LinkedMultiValueMap<>();
    userAttributes.put("multi_value", Arrays.asList("value1", "value2"));
    userAttributes.add("single_value", "value3");
    userInfo.setUserAttributes(userAttributes);
    when(userDatabase.getUserInfo(userId)).thenReturn(userInfo);
    String refreshToken = getOAuth2AccessToken().getRefreshToken().getValue();
    uaaTokenServices.refreshAccessToken(refreshToken, getRefreshTokenRequest());
    verify(idTokenCreator).create(eq(clientDetails), eq(user), userAuthenticationDataArgumentCaptor.capture());
    UserAuthenticationData userData = userAuthenticationDataArgumentCaptor.getValue();
    Set<String> expectedRoles = Sets.newHashSet("custom_role");
    assertEquals(expectedRoles, userData.roles);
    assertEquals(userAttributes, userData.userAttributes);
    assertEquals(acrValue, userData.contextClassRef);
}
Also used : LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) UserInfo(org.cloudfoundry.identity.uaa.user.UserInfo) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService) UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase) IdTokenCreator(org.cloudfoundry.identity.uaa.oauth.openid.IdTokenCreator) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) IdToken(org.cloudfoundry.identity.uaa.oauth.openid.IdToken) Jwt(org.cloudfoundry.identity.uaa.oauth.jwt.Jwt) TimeService(org.cloudfoundry.identity.uaa.util.TimeService) IdTokenGranter(org.cloudfoundry.identity.uaa.oauth.openid.IdTokenGranter) RefreshTokenCreator(org.cloudfoundry.identity.uaa.oauth.refresh.RefreshTokenCreator) UserAuthenticationData(org.cloudfoundry.identity.uaa.oauth.openid.UserAuthenticationData) TokenValidation(org.cloudfoundry.identity.uaa.util.TokenValidation) UaaUserPrototype(org.cloudfoundry.identity.uaa.user.UaaUserPrototype)

Example 3 with ApprovalService

use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.

the class CheckTokenEndpointTests method setUp.

public void setUp(boolean opaque) throws Exception {
    zone = MultitenancyFixture.identityZone("id", "subdomain");
    defaultZone = IdentityZone.getUaa();
    mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId());
    when(mockIdentityZoneManager.getCurrentIdentityZone()).thenReturn(defaultZone);
    clientDetailsService = new InMemoryMultitenantClientServices(mockIdentityZoneManager);
    TestUtils.resetIdentityZoneHolder(null);
    nowMillis = 10000L;
    timeService = mock(TimeService.class);
    when(timeService.getCurrentTimeMillis()).thenReturn(nowMillis);
    when(timeService.getCurrentDate()).thenCallRealMethod();
    userAuthorities = new ArrayList<>();
    userAuthorities.add(new SimpleGrantedAuthority("read"));
    userAuthorities.add(new SimpleGrantedAuthority("write"));
    userAuthorities.add(new SimpleGrantedAuthority("zones.myzone.admin"));
    userAuthorities.addAll(UaaAuthority.USER_AUTHORITIES);
    user = new UaaUser(userId, userName, "password", userEmail, userAuthorities, "GivenName", "FamilyName", new Date(nowMillis - 2000), new Date(nowMillis - 2000), OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), "salt", new Date(nowMillis - 2000));
    authorizationRequest = new AuthorizationRequest("client", Collections.singleton("read"));
    authorizationRequest.setResourceIds(new HashSet<>(Arrays.asList("client", "scim")));
    Map<String, String> requestParameters = new HashMap<>();
    tokenProvisioning = mock(RevocableTokenProvisioning.class);
    if (opaque) {
        tokenMap = new HashMap<>();
        when(tokenProvisioning.create(any(), anyString())).thenAnswer(invocation -> {
            RevocableToken token = (RevocableToken) invocation.getArguments()[0];
            tokenMap.put(token.getTokenId(), token);
            return token;
        });
        when(tokenProvisioning.retrieve(anyString(), anyString())).thenAnswer(invocation -> {
            String id = (String) invocation.getArguments()[0];
            return tokenMap.get(id);
        });
        requestParameters.put(TokenConstants.REQUEST_TOKEN_FORMAT, OPAQUE.getStringValue());
    }
    authorizationRequest.setRequestParameters(requestParameters);
    authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), UaaAuthenticationTestFactory.getAuthentication(userId, userName, "olds@vmware.com"));
    configureDefaultZoneKeys(Collections.singletonMap("testKey", signerKey));
    IdentityZoneHolder.set(defaultZone);
    when(zoneProvisioning.retrieve(IdentityZone.getUaaZoneId())).thenReturn(defaultZone);
    Date oneSecondAgo = new Date(nowMillis - 1000);
    Date thirtySecondsAhead = new Date(nowMillis + 30000);
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("client").setScope("read").setExpiresAt(thirtySecondsAhead).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId());
    approvalStore.addApproval(new Approval().setUserId(userId).setClientId("client").setScope("write").setExpiresAt(thirtySecondsAhead).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId());
    defaultClient = new BaseClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080/uaa");
    clientDetailsStore = Collections.singletonMap("client", defaultClient);
    clientDetailsService.setClientDetailsStore(zone.getId(), clientDetailsStore);
    clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore);
    tokenEndpointBuilder = new TokenEndpointBuilder("http://localhost:8080/uaa");
    userDatabase = mock(UaaUserDatabase.class);
    KeyInfoService keyInfoService = new KeyInfoService("http://localhost:8080/uaa");
    tokenValidationService = new TokenValidationService(tokenProvisioning, tokenEndpointBuilder, userDatabase, clientDetailsService, keyInfoService);
    ApprovalService approvalService = new ApprovalService(timeService, approvalStore);
    tokenServices = new UaaTokenServices(mock(IdTokenCreator.class), tokenEndpointBuilder, clientDetailsService, tokenProvisioning, tokenValidationService, null, timeService, new TokenValidityResolver(new ClientAccessTokenValidity(clientDetailsService, mockIdentityZoneManager), Integer.MAX_VALUE, timeService), userDatabase, Sets.newHashSet(), IdentityZoneHolder.get().getConfig().getTokenPolicy(), keyInfoService, new IdTokenGranter(approvalService), approvalService);
    resetAndMockUserDatabase(userId, user);
    endpoint = new CheckTokenEndpoint(tokenServices, timeService);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) HashMap(java.util.HashMap) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService) UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) RevocableToken(org.cloudfoundry.identity.uaa.oauth.token.RevocableToken) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) Approval(org.cloudfoundry.identity.uaa.approval.Approval) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) InMemoryMultitenantClientServices(org.cloudfoundry.identity.uaa.zone.InMemoryMultitenantClientServices) RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) TimeService(org.cloudfoundry.identity.uaa.util.TimeService) IdTokenGranter(org.cloudfoundry.identity.uaa.oauth.openid.IdTokenGranter) Date(java.util.Date) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)

Example 4 with ApprovalService

use of org.cloudfoundry.identity.uaa.approval.ApprovalService in project uaa by cloudfoundry.

the class ApprovalServiceTest method setup.

@Before
public void setup() {
    timeService = mock(TimeService.class);
    approvalStore = mock(ApprovalStore.class);
    clientDetails = new BaseClientDetails(CLIENT_ID, null, "foo.read,bar.write", null, null);
    approvalService = new ApprovalService(timeService, approvalStore);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) TimeService(org.cloudfoundry.identity.uaa.util.TimeService) ApprovalStore(org.cloudfoundry.identity.uaa.approval.ApprovalStore) ApprovalService(org.cloudfoundry.identity.uaa.approval.ApprovalService) Before(org.junit.Before)

Aggregations

ApprovalService (org.cloudfoundry.identity.uaa.approval.ApprovalService)4 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)4 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)3 TimeService (org.cloudfoundry.identity.uaa.util.TimeService)3 IdTokenGranter (org.cloudfoundry.identity.uaa.oauth.openid.IdTokenGranter)2 UaaUserDatabase (org.cloudfoundry.identity.uaa.user.UaaUserDatabase)2 UaaUserPrototype (org.cloudfoundry.identity.uaa.user.UaaUserPrototype)2 Before (org.junit.Before)2 Date (java.util.Date)1 HashMap (java.util.HashMap)1 Approval (org.cloudfoundry.identity.uaa.approval.Approval)1 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)1 Jwt (org.cloudfoundry.identity.uaa.oauth.jwt.Jwt)1 IdToken (org.cloudfoundry.identity.uaa.oauth.openid.IdToken)1 IdTokenCreator (org.cloudfoundry.identity.uaa.oauth.openid.IdTokenCreator)1 UserAuthenticationData (org.cloudfoundry.identity.uaa.oauth.openid.UserAuthenticationData)1 RefreshTokenCreator (org.cloudfoundry.identity.uaa.oauth.refresh.RefreshTokenCreator)1 RevocableToken (org.cloudfoundry.identity.uaa.oauth.token.RevocableToken)1 RevocableTokenProvisioning (org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning)1 UserInfo (org.cloudfoundry.identity.uaa.user.UserInfo)1