use of org.cloudfoundry.identity.uaa.approval.ApprovalStore in project uaa by cloudfoundry.
the class ScimUserEndpointsMockMvcTests method delete_user_clears_approvals.
@Test
void delete_user_clears_approvals() throws Exception {
ApprovalStore store = webApplicationContext.getBean(ApprovalStore.class);
JdbcTemplate template = webApplicationContext.getBean(JdbcTemplate.class);
ScimUser user = setUpScimUser();
Approval approval = new Approval();
approval.setClientId("cf");
approval.setUserId(user.getId());
approval.setScope("openid");
approval.setStatus(Approval.ApprovalStatus.APPROVED);
store.addApproval(approval, IdentityZoneHolder.get().getId());
assertEquals(1, (long) template.queryForObject("select count(*) from authz_approvals where user_id=?", Integer.class, user.getId()));
mockMvc.perform((delete("/Users/" + user.getId())).header("Authorization", "Bearer " + uaaAdminToken).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsBytes(user))).andExpect(status().isOk()).andExpect(jsonPath("$.userName").value(user.getUserName())).andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail())).andExpect(jsonPath("$.name.givenName").value(user.getGivenName())).andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()));
assertEquals(0, (long) template.queryForObject("select count(*) from authz_approvals where user_id=?", Integer.class, user.getId()));
}
use of org.cloudfoundry.identity.uaa.approval.ApprovalStore in project uaa by cloudfoundry.
the class IdentityZoneEndpointsMockMvcTests method test_delete_zone_cleans_db.
@Test
void test_delete_zone_cleans_db() throws Exception {
IdentityProviderProvisioning idpp = webApplicationContext.getBean(JdbcIdentityProviderProvisioning.class);
ScimGroupProvisioning groupProvisioning = webApplicationContext.getBean(ScimGroupProvisioning.class);
ScimUserProvisioning userProvisioning = webApplicationContext.getBean(ScimUserProvisioning.class);
ScimGroupMembershipManager membershipManager = webApplicationContext.getBean(ScimGroupMembershipManager.class);
ScimGroupExternalMembershipManager externalMembershipManager = webApplicationContext.getBean(ScimGroupExternalMembershipManager.class);
ApprovalStore approvalStore = webApplicationContext.getBean(ApprovalStore.class);
JdbcTemplate template = webApplicationContext.getBean(JdbcTemplate.class);
String id = generator.generate();
IdentityZone zone = createZone(id, HttpStatus.CREATED, identityClientToken, new IdentityZoneConfiguration());
// create zone and clients
BaseClientDetails client = new BaseClientDetails("limited-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource");
client.setClientSecret("secret");
client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(UAA));
client.addAdditionalInformation("foo", "bar");
for (String url : Arrays.asList("", "/")) {
mockMvc.perform(post("/identity-zones/" + zone.getId() + "/clients" + url).header("Authorization", "Bearer " + identityClientZonesReadToken).contentType(APPLICATION_JSON).accept(APPLICATION_JSON).content(JsonUtils.writeValueAsString(client))).andExpect(status().isForbidden());
}
// create client without token
mockMvc.perform(post("/identity-zones/" + zone.getId() + "/clients").contentType(APPLICATION_JSON).accept(APPLICATION_JSON).content(JsonUtils.writeValueAsString(client))).andExpect(status().isUnauthorized());
MvcResult result = mockMvc.perform(post("/identity-zones/" + zone.getId() + "/clients").header("Authorization", "Bearer " + identityClientToken).contentType(APPLICATION_JSON).accept(APPLICATION_JSON).content(JsonUtils.writeValueAsString(client))).andExpect(status().isCreated()).andReturn();
BaseClientDetails created = JsonUtils.readValue(result.getResponse().getContentAsString(), BaseClientDetails.class);
assertNull(created.getClientSecret());
assertEquals("zones.write", created.getAdditionalInformation().get(ClientConstants.CREATED_WITH));
assertEquals(Collections.singletonList(UAA), created.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS));
assertEquals("bar", created.getAdditionalInformation().get("foo"));
// ensure that UAA provider is there
assertNotNull(idpp.retrieveByOrigin(UAA, zone.getId()));
assertEquals(UAA, idpp.retrieveByOrigin(UAA, zone.getId()).getOriginKey());
// create login-server provider
IdentityProvider provider = new IdentityProvider().setOriginKey(LOGIN_SERVER).setActive(true).setIdentityZoneId(zone.getId()).setName("Delete Test").setType(LOGIN_SERVER);
IdentityZoneHolder.set(zone);
provider = idpp.create(provider, provider.getIdentityZoneId());
assertNotNull(idpp.retrieveByOrigin(LOGIN_SERVER, zone.getId()));
assertEquals(provider.getId(), idpp.retrieveByOrigin(LOGIN_SERVER, zone.getId()).getId());
// create user and add user to group
ScimUser user = getScimUser();
user.setOrigin(LOGIN_SERVER);
user = userProvisioning.createUser(user, "", IdentityZoneHolder.get().getId());
assertNotNull(userProvisioning.retrieve(user.getId(), IdentityZoneHolder.get().getId()));
assertEquals(zone.getId(), user.getZoneId());
// create group
ScimGroup group = new ScimGroup("Delete Test Group");
group.setZoneId(zone.getId());
group = groupProvisioning.create(group, IdentityZoneHolder.get().getId());
membershipManager.addMember(group.getId(), new ScimGroupMember(user.getId(), ScimGroupMember.Type.USER), IdentityZoneHolder.get().getId());
assertEquals(zone.getId(), group.getZoneId());
assertNotNull(groupProvisioning.retrieve(group.getId(), IdentityZoneHolder.get().getId()));
assertEquals("Delete Test Group", groupProvisioning.retrieve(group.getId(), IdentityZoneHolder.get().getId()).getDisplayName());
assertEquals(1, membershipManager.getMembers(group.getId(), false, IdentityZoneHolder.get().getId()).size());
// failed authenticated user
mockMvc.perform(post("/login.do").header("Host", zone.getSubdomain() + ".localhost").with(cookieCsrf()).accept(TEXT_HTML_VALUE).param("username", user.getUserName()).param("password", "adasda")).andExpect(status().isFound());
// ensure we have some audit records
// this doesn't work yet
// assertThat(template.queryForObject("select count(*) from sec_audit where identity_zone_id=?", new Object[] {user.getZoneId()}, Integer.class), greaterThan(0));
// create an external group map
IdentityZoneHolder.set(zone);
externalMembershipManager.mapExternalGroup(group.getId(), "externalDeleteGroup", LOGIN_SERVER, IdentityZoneHolder.get().getId());
assertEquals(1, externalMembershipManager.getExternalGroupMapsByGroupId(group.getId(), LOGIN_SERVER, IdentityZoneHolder.get().getId()).size());
assertThat(template.queryForObject("select count(*) from external_group_mapping where origin=?", new Object[] { LOGIN_SERVER }, Integer.class), is(1));
// add user approvals
approvalStore.addApproval(new Approval().setClientId(client.getClientId()).setScope("openid").setStatus(Approval.ApprovalStatus.APPROVED).setUserId(user.getId()), IdentityZoneHolder.get().getId());
assertEquals(1, approvalStore.getApprovals(user.getId(), client.getClientId(), IdentityZoneHolder.get().getId()).size());
// perform zone delete
mockMvc.perform(delete("/identity-zones/{id}", zone.getId()).header("Authorization", "Bearer " + identityClientToken).accept(APPLICATION_JSON)).andExpect(status().isOk());
mockMvc.perform(delete("/identity-zones/{id}", zone.getId()).header("Authorization", "Bearer " + identityClientToken).accept(APPLICATION_JSON)).andExpect(status().isNotFound());
assertThat(template.queryForObject("select count(*) from identity_zone where id=?", new Object[] { zone.getId() }, Integer.class), is(0));
assertThat(template.queryForObject("select count(*) from oauth_client_details where identity_zone_id=?", new Object[] { zone.getId() }, Integer.class), is(0));
assertThat(template.queryForObject("select count(*) from groups where identity_zone_id=?", new Object[] { zone.getId() }, Integer.class), is(0));
assertThat(template.queryForObject("select count(*) from sec_audit where identity_zone_id=?", new Object[] { zone.getId() }, Integer.class), is(0));
assertThat(template.queryForObject("select count(*) from users where identity_zone_id=?", new Object[] { zone.getId() }, Integer.class), is(0));
assertThat(template.queryForObject("select count(*) from external_group_mapping where origin=?", new Object[] { LOGIN_SERVER }, Integer.class), is(0));
try {
externalMembershipManager.getExternalGroupMapsByGroupId(group.getId(), LOGIN_SERVER, IdentityZoneHolder.get().getId());
fail("no external groups should be found");
} catch (ScimResourceNotFoundException ignored) {
}
assertThat(template.queryForObject("select count(*) from authz_approvals where user_id=?", new Object[] { user.getId() }, Integer.class), is(0));
assertEquals(0, approvalStore.getApprovals(user.getId(), client.getClientId(), IdentityZoneHolder.get().getId()).size());
}
use of org.cloudfoundry.identity.uaa.approval.ApprovalStore in project uaa by cloudfoundry.
the class ClientAdminEndpointsTests method setUp.
@BeforeEach
void setUp() {
testZone.setId("testzone");
mockSecurityContextAccessor = Mockito.mock(SecurityContextAccessor.class);
clientDetailsService = Mockito.mock(NoOpClientDetailsResourceManager.class);
when(clientDetailsService.create(any(ClientDetails.class), anyString())).thenCallRealMethod();
clientRegistrationService = Mockito.mock(MultitenantClientServices.class, withSettings().extraInterfaces(SystemDeletable.class));
mockAuthenticationManager = Mockito.mock(AuthenticationManager.class);
ApprovalStore approvalStore = mock(ApprovalStore.class);
clientDetailsValidator = new ClientAdminEndpointsValidator(mockSecurityContextAccessor);
clientDetailsValidator.setClientDetailsService(clientDetailsService);
clientDetailsValidator.setClientSecretValidator(new ZoneAwareClientSecretPolicyValidator(new ClientSecretPolicy(0, 255, 0, 0, 0, 0, 6)));
testZone.getConfig().setClientSecretPolicy(new ClientSecretPolicy(0, 255, 0, 0, 0, 0, 6));
IdentityZoneHolder.set(testZone);
endpoints = spy(new ClientAdminEndpoints(mockSecurityContextAccessor, clientDetailsValidator, mockAuthenticationManager, mock(ResourceMonitor.class), approvalStore, clientRegistrationService, clientDetailsService, 5));
input = new BaseClientDetails();
input.setClientId("foo");
input.setClientSecret("secret");
input.setAuthorizedGrantTypes(Collections.singletonList(GRANT_TYPE_AUTHORIZATION_CODE));
input.setRegisteredRedirectUri(SINGLE_REDIRECT_URL);
for (int i = 0; i < inputs.length; i++) {
inputs[i] = new ClientDetailsModification();
inputs[i].setClientId("foo-" + i);
inputs[i].setClientSecret("secret-" + i);
inputs[i].setAuthorizedGrantTypes(Collections.singletonList(GRANT_TYPE_AUTHORIZATION_CODE));
inputs[i].setRegisteredRedirectUri(new HashSet(Collections.singletonList("https://foo-" + i)));
inputs[i].setAccessTokenValiditySeconds(300);
}
detail = new UaaClientDetails(input);
detail.setResourceIds(Collections.singletonList("none"));
// refresh token is added automatically by endpoint validation
detail.setAuthorizedGrantTypes(Arrays.asList(GRANT_TYPE_AUTHORIZATION_CODE, "refresh_token"));
detail.setScope(Collections.singletonList("uaa.none"));
detail.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none"));
for (int i = 0; i < details.length; i++) {
details[i] = new BaseClientDetails(inputs[i]);
details[i].setResourceIds(Collections.singletonList("none"));
// refresh token is added automatically by endpoint validation
details[i].setAuthorizedGrantTypes(Arrays.asList(GRANT_TYPE_AUTHORIZATION_CODE, "refresh_token"));
details[i].setScope(Collections.singletonList("uaa.none"));
details[i].setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none"));
}
endpoints.setApplicationEventPublisher(new ApplicationEventPublisher() {
@Override
public void publishEvent(ApplicationEvent event) {
if (event instanceof EntityDeletedEvent) {
ClientDetails client = (ClientDetails) ((EntityDeletedEvent) event).getDeleted();
clientRegistrationService.removeClientDetails(client.getClientId());
}
}
@Override
public void publishEvent(Object event) {
}
});
}
use of org.cloudfoundry.identity.uaa.approval.ApprovalStore in project uaa by cloudfoundry.
the class ApprovalServiceTest method setup.
@Before
public void setup() {
timeService = mock(TimeService.class);
approvalStore = mock(ApprovalStore.class);
clientDetails = new BaseClientDetails(CLIENT_ID, null, "foo.read,bar.write", null, null);
approvalService = new ApprovalService(timeService, approvalStore);
}
Aggregations