use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method testModifyApprovalsAreDeleted.
@Test
void testModifyApprovalsAreDeleted() throws Exception {
ClientDetails details = createClient(adminToken, new RandomValueStringGenerator().generate(), SECRET, Collections.singleton("password"));
((ClientDetailsModification) details).setAction(ClientDetailsModification.DELETE);
String userToken = testClient.getUserOAuthAccessToken(details.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
Approval[] approvals = getApprovals(details.getClientId());
assertEquals(0, approvals.length);
addApprovals(userToken, details.getClientId());
approvals = getApprovals(details.getClientId());
assertEquals(3, approvals.length);
MockHttpServletRequestBuilder deleteClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(new ClientDetails[] { details }));
ResultActions result = mockMvc.perform(deleteClientsPost);
result.andExpect(status().isOk());
ClientDetailsModification[] deleted = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
assertTrue(deleted[0].isApprovalsDeleted());
verify(mockApplicationEventPublisher, times(2)).publishEvent(abstractUaaEventCaptor.capture());
ClientDetails approvalsClient = createApprovalsLoginClient(adminToken);
String loginToken = testClient.getUserOAuthAccessToken(approvalsClient.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
approvals = getApprovals(details.getClientId());
assertEquals(0, approvals.length);
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method testSecretChangeModifyTxApprovalsDeleted.
@Test
void testSecretChangeModifyTxApprovalsDeleted() throws Exception {
int count = 3;
// create clients
ClientDetailsModification[] clients = createBaseClients(count, SECRET, Arrays.asList("client_credentials", "password"));
for (ClientDetailsModification c : clients) {
c.setAction(ClientDetailsModification.ADD);
}
MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
ResultActions result = mockMvc.perform(modifyClientsPost);
result.andExpect(status().isOk());
clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
// add approvals to the client
for (ClientDetailsModification c : clients) {
String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
addApprovals(userToken, c.getClientId());
}
// verify approvals to the client
for (ClientDetailsModification c : clients) {
String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
assertEquals(3, getApprovals(c.getClientId()).length);
}
// change the secret, and we know don't the old secret
for (ClientDetailsModification c : clients) {
c.setClientSecret("secret2");
c.setAction(ClientDetailsModification.UPDATE_SECRET);
}
modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
result = mockMvc.perform(modifyClientsPost);
result.andExpect(status().isOk());
clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
// check that we deleted approvals for each client
for (ClientDetailsModification c : clients) {
String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret2", testUser.getUserName(), testPassword, "oauth.approvals");
assertEquals(0, getApprovals(c.getClientId()).length);
assertTrue(c.isApprovalsDeleted());
}
// verify(mockApplicationEventPublisher, times(count*3)).publishEvent(abstractUaaEventCaptor.capture());
verify(mockApplicationEventPublisher, times(12)).publishEvent(abstractUaaEventCaptor.capture());
int index = 0;
for (AbstractUaaEvent event : abstractUaaEventCaptor.getAllValues()) {
if (index < count) {
assertEquals(AuditEventType.ClientCreateSuccess, event.getAuditEvent().getType());
} else {
int swit = index % 3;
if (swit == 0) {
assertEquals(AuditEventType.ClientUpdateSuccess, event.getAuditEvent().getType());
} else if (swit == 1) {
assertEquals(AuditEventType.SecretChangeSuccess, event.getAuditEvent().getType());
} else {
assertEquals(AuditEventType.ClientApprovalsDeleted, event.getAuditEvent().getType());
assertEquals(ClientApprovalsDeletedEvent.class, event.getClass());
}
}
index++;
}
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method testAddUpdateDeleteClientsTxDeleteUnsuccessfulRollback.
@Test
void testAddUpdateDeleteClientsTxDeleteUnsuccessfulRollback() throws Exception {
ClientDetailsModification[] details = new ClientDetailsModification[15];
for (int i = 0; i < 5; i++) {
details[i] = (ClientDetailsModification) createClient(adminToken, null, SECRET, Collections.singleton("password"));
details[i].setRefreshTokenValiditySeconds(120);
details[i].setAction(ClientDetailsModification.UPDATE);
}
for (int i = 5; i < 10; i++) {
details[i] = (ClientDetailsModification) createClient(adminToken, null, SECRET, null);
details[i].setAction(ClientDetailsModification.DELETE);
}
for (int i = 10; i < 15; i++) {
details[i] = createBaseClient(null, null, null);
details[i].setAction(ClientDetailsModification.ADD);
}
String userToken = testClient.getUserOAuthAccessToken(details[0].getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
addApprovals(userToken, details[0].getClientId());
Approval[] approvals = getApprovals(details[0].getClientId());
assertEquals(3, approvals.length);
String deleteId = details[5].getClientId();
details[5].setClientId("unknown.client.id");
MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(details));
ResultActions result = mockMvc.perform(modifyClientsPost);
result.andExpect(status().isNotFound());
details[5].setClientId(deleteId);
for (int i = 0; i < 5; i++) {
ClientDetails c = getClient(details[i].getClientId());
assertNotNull(c);
assertNull(c.getRefreshTokenValiditySeconds());
}
for (int i = 5; i < 10; i++) {
ClientDetails c = getClient(details[i].getClientId());
assertNotNull(c);
}
for (int i = 10; i < 15; i++) {
ClientDetails c = getClient(details[i].getClientId());
assertNull(c);
}
approvals = getApprovals(details[0].getClientId());
assertEquals(3, approvals.length);
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method createClient_withClientAdminToken_withAuthoritiesExcluded.
// TODO: put in a nested context to clean up the excluded claims
@Test
void createClient_withClientAdminToken_withAuthoritiesExcluded(@Autowired @Qualifier("excludedClaims") LinkedHashSet excludedClaims) throws Exception {
String clientId = generator.generate().toLowerCase();
excludedClaims.add("authorities");
try {
String clientAdminToken = testClient.getClientCredentialsOAuthAccessToken(testAccounts.getAdminClientId(), testAccounts.getAdminClientSecret(), "clients.admin");
List<String> authorities = Arrays.asList("password.write", "scim.write", "scim.read");
List<String> scopes = Arrays.asList("foo", "bar", "oauth.approvals");
ClientDetailsModification client = createBaseClient(clientId, SECRET, Collections.singleton("client_credentials"), authorities, scopes);
MockHttpServletRequestBuilder createClientPost = post("/oauth/clients").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(client));
ResultActions createResult = mockMvc.perform(createClientPost).andExpect(status().isCreated());
BaseClientDetails clientDetails = JsonUtils.readValue(createResult.andReturn().getResponse().getContentAsString(), BaseClientDetails.class);
MockHttpServletRequestBuilder getClientMetadata = get("/oauth/clients/" + clientDetails.getClientId() + "/meta").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON);
ResultActions getResult = mockMvc.perform(getClientMetadata).andExpect(status().isOk());
JsonUtils.readValue(getResult.andReturn().getResponse().getContentAsString(), ClientMetadata.class);
} finally {
excludedClaims.remove("authorities");
}
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointDocs method clientTx.
@Test
void clientTx() throws Exception {
// CREATE
List<String> scopes = Arrays.asList("clients.read", "clients.write");
BaseClientDetails createdClientDetails1 = createBasicClientWithAdditionalInformation(scopes);
BaseClientDetails createdClientDetails2 = createBasicClientWithAdditionalInformation(scopes);
ResultActions createResultActions = mockMvc.perform(post("/oauth/clients/tx").contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(Arrays.asList(createdClientDetails1, createdClientDetails2))).header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
FieldDescriptor[] fieldsNoSecret = subFields("[]", idempotentFields);
FieldDescriptor[] fieldsWithSecret = (FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", clientSecretField));
FieldDescriptor[] fieldsWithSecretAndAction = (FieldDescriptor[]) ArrayUtils.addAll(fieldsWithSecret, subFields("[]", actionField));
Snippet responseFields = responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField)));
Snippet responseFieldsWithAction = responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField, actionField)));
createResultActions.andExpect(status().isCreated()).andDo(document("{ClassName}/createClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldsWithSecret), responseFields));
// UPDATE
createdClientDetails1.setRegisteredRedirectUri(Collections.singleton("http://updated.redirect.uri/"));
createdClientDetails2.getAuthorities().add(new SimpleGrantedAuthority("new.authority"));
ResultActions updateResultActions = mockMvc.perform(put("/oauth/clients/tx").contentType(APPLICATION_JSON).content("[" + serializeExcludingProperties(createdClientDetails1, "client_secret", "lastModified") + "," + serializeExcludingProperties(createdClientDetails2, "client_secret", "lastModified") + "]").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
updateResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/updateClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldsNoSecret), responseFields));
// CHANGE SECRET
Map<String, Object> client1SecretChange = map(entry("clientId", createdClientDetails1.getClientId()), entry("secret", "new_secret"));
Map<String, Object> client2SecretChange = map(entry("clientId", createdClientDetails2.getClientId()), entry("secret", "new_secret"));
String content = JsonUtils.writeValueAsString(new Object[] { client1SecretChange, client2SecretChange });
ResultActions secretResultActions = mockMvc.perform(post("/oauth/clients/tx/secret").contentType(APPLICATION_JSON).content(content).header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
secretResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/secretClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(subFields("[]", secretChangeFields)), responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField, fieldWithPath("approvals_deleted").description("Indicates whether the approvals associated with the client were deleted as a result of this action"))))));
// BATCH
Map<String, Object> modify1 = map(entry("action", ClientDetailsModification.SECRET), entry("client_id", createdClientDetails1.getClientId()), entry("client_secret", "new_secret"));
Map<String, Object> modify2 = map(entry("action", ClientDetailsModification.DELETE), entry("client_id", createdClientDetails2.getClientId()));
BaseClientDetails createdClientDetails3 = createBasicClientWithAdditionalInformation(scopes);
ClientDetailsModification modify3 = new ClientDetailsModification(createdClientDetails3);
modify3.setAction(ClientDetailsModification.ADD);
ResultActions modifyResultActions = mockMvc.perform(post("/oauth/clients/tx/modify").contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(new Object[] { modify1, modify2, modify3 })).header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
modifyResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/modifyClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldsWithSecretAndAction), responseFieldsWithAction));
// DELETE
ResultActions deleteResultActions = mockMvc.perform(post("/oauth/clients/tx/delete").contentType(APPLICATION_JSON).content("[{\"client_id\":\"" + createdClientDetails1.getClientId() + "\"},{\"client_id\":\"" + createdClientDetails3.getClientId() + "\"}]").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
deleteResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/deleteClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldWithPath("[].client_id").required().description(clientIdDescription)), responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField, fieldWithPath("approvals_deleted").description("Indicates whether the approvals associated with the client were deleted as a result of this action"))))));
}
Aggregations