Search in sources :

Example 11 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method testModifyApprovalsAreDeleted.

@Test
void testModifyApprovalsAreDeleted() throws Exception {
    ClientDetails details = createClient(adminToken, new RandomValueStringGenerator().generate(), SECRET, Collections.singleton("password"));
    ((ClientDetailsModification) details).setAction(ClientDetailsModification.DELETE);
    String userToken = testClient.getUserOAuthAccessToken(details.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
    Approval[] approvals = getApprovals(details.getClientId());
    assertEquals(0, approvals.length);
    addApprovals(userToken, details.getClientId());
    approvals = getApprovals(details.getClientId());
    assertEquals(3, approvals.length);
    MockHttpServletRequestBuilder deleteClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(new ClientDetails[] { details }));
    ResultActions result = mockMvc.perform(deleteClientsPost);
    result.andExpect(status().isOk());
    ClientDetailsModification[] deleted = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
    assertTrue(deleted[0].isApprovalsDeleted());
    verify(mockApplicationEventPublisher, times(2)).publishEvent(abstractUaaEventCaptor.capture());
    ClientDetails approvalsClient = createApprovalsLoginClient(adminToken);
    String loginToken = testClient.getUserOAuthAccessToken(approvalsClient.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
    approvals = getApprovals(details.getClientId());
    assertEquals(0, approvals.length);
}
Also used : ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ResultActions(org.springframework.test.web.servlet.ResultActions) Approval(org.cloudfoundry.identity.uaa.approval.Approval) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 12 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method testSecretChangeModifyTxApprovalsDeleted.

@Test
void testSecretChangeModifyTxApprovalsDeleted() throws Exception {
    int count = 3;
    // create clients
    ClientDetailsModification[] clients = createBaseClients(count, SECRET, Arrays.asList("client_credentials", "password"));
    for (ClientDetailsModification c : clients) {
        c.setAction(ClientDetailsModification.ADD);
    }
    MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
    ResultActions result = mockMvc.perform(modifyClientsPost);
    result.andExpect(status().isOk());
    clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
    // add approvals to the client
    for (ClientDetailsModification c : clients) {
        String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
        addApprovals(userToken, c.getClientId());
    }
    // verify approvals to the client
    for (ClientDetailsModification c : clients) {
        String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
        assertEquals(3, getApprovals(c.getClientId()).length);
    }
    // change the secret, and we know don't the old secret
    for (ClientDetailsModification c : clients) {
        c.setClientSecret("secret2");
        c.setAction(ClientDetailsModification.UPDATE_SECRET);
    }
    modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
    result = mockMvc.perform(modifyClientsPost);
    result.andExpect(status().isOk());
    clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
    // check that we deleted approvals for each client
    for (ClientDetailsModification c : clients) {
        String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret2", testUser.getUserName(), testPassword, "oauth.approvals");
        assertEquals(0, getApprovals(c.getClientId()).length);
        assertTrue(c.isApprovalsDeleted());
    }
    // verify(mockApplicationEventPublisher, times(count*3)).publishEvent(abstractUaaEventCaptor.capture());
    verify(mockApplicationEventPublisher, times(12)).publishEvent(abstractUaaEventCaptor.capture());
    int index = 0;
    for (AbstractUaaEvent event : abstractUaaEventCaptor.getAllValues()) {
        if (index < count) {
            assertEquals(AuditEventType.ClientCreateSuccess, event.getAuditEvent().getType());
        } else {
            int swit = index % 3;
            if (swit == 0) {
                assertEquals(AuditEventType.ClientUpdateSuccess, event.getAuditEvent().getType());
            } else if (swit == 1) {
                assertEquals(AuditEventType.SecretChangeSuccess, event.getAuditEvent().getType());
            } else {
                assertEquals(AuditEventType.ClientApprovalsDeleted, event.getAuditEvent().getType());
                assertEquals(ClientApprovalsDeletedEvent.class, event.getClass());
            }
        }
        index++;
    }
}
Also used : ClientApprovalsDeletedEvent(org.cloudfoundry.identity.uaa.client.event.ClientApprovalsDeletedEvent) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) AbstractUaaEvent(org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent) ResultActions(org.springframework.test.web.servlet.ResultActions) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 13 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method testAddUpdateDeleteClientsTxDeleteUnsuccessfulRollback.

@Test
void testAddUpdateDeleteClientsTxDeleteUnsuccessfulRollback() throws Exception {
    ClientDetailsModification[] details = new ClientDetailsModification[15];
    for (int i = 0; i < 5; i++) {
        details[i] = (ClientDetailsModification) createClient(adminToken, null, SECRET, Collections.singleton("password"));
        details[i].setRefreshTokenValiditySeconds(120);
        details[i].setAction(ClientDetailsModification.UPDATE);
    }
    for (int i = 5; i < 10; i++) {
        details[i] = (ClientDetailsModification) createClient(adminToken, null, SECRET, null);
        details[i].setAction(ClientDetailsModification.DELETE);
    }
    for (int i = 10; i < 15; i++) {
        details[i] = createBaseClient(null, null, null);
        details[i].setAction(ClientDetailsModification.ADD);
    }
    String userToken = testClient.getUserOAuthAccessToken(details[0].getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
    addApprovals(userToken, details[0].getClientId());
    Approval[] approvals = getApprovals(details[0].getClientId());
    assertEquals(3, approvals.length);
    String deleteId = details[5].getClientId();
    details[5].setClientId("unknown.client.id");
    MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(details));
    ResultActions result = mockMvc.perform(modifyClientsPost);
    result.andExpect(status().isNotFound());
    details[5].setClientId(deleteId);
    for (int i = 0; i < 5; i++) {
        ClientDetails c = getClient(details[i].getClientId());
        assertNotNull(c);
        assertNull(c.getRefreshTokenValiditySeconds());
    }
    for (int i = 5; i < 10; i++) {
        ClientDetails c = getClient(details[i].getClientId());
        assertNotNull(c);
    }
    for (int i = 10; i < 15; i++) {
        ClientDetails c = getClient(details[i].getClientId());
        assertNull(c);
    }
    approvals = getApprovals(details[0].getClientId());
    assertEquals(3, approvals.length);
}
Also used : ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ResultActions(org.springframework.test.web.servlet.ResultActions) Approval(org.cloudfoundry.identity.uaa.approval.Approval) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 14 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method createClient_withClientAdminToken_withAuthoritiesExcluded.

// TODO: put in a nested context to clean up the excluded claims
@Test
void createClient_withClientAdminToken_withAuthoritiesExcluded(@Autowired @Qualifier("excludedClaims") LinkedHashSet excludedClaims) throws Exception {
    String clientId = generator.generate().toLowerCase();
    excludedClaims.add("authorities");
    try {
        String clientAdminToken = testClient.getClientCredentialsOAuthAccessToken(testAccounts.getAdminClientId(), testAccounts.getAdminClientSecret(), "clients.admin");
        List<String> authorities = Arrays.asList("password.write", "scim.write", "scim.read");
        List<String> scopes = Arrays.asList("foo", "bar", "oauth.approvals");
        ClientDetailsModification client = createBaseClient(clientId, SECRET, Collections.singleton("client_credentials"), authorities, scopes);
        MockHttpServletRequestBuilder createClientPost = post("/oauth/clients").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(client));
        ResultActions createResult = mockMvc.perform(createClientPost).andExpect(status().isCreated());
        BaseClientDetails clientDetails = JsonUtils.readValue(createResult.andReturn().getResponse().getContentAsString(), BaseClientDetails.class);
        MockHttpServletRequestBuilder getClientMetadata = get("/oauth/clients/" + clientDetails.getClientId() + "/meta").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON);
        ResultActions getResult = mockMvc.perform(getClientMetadata).andExpect(status().isOk());
        JsonUtils.readValue(getResult.andReturn().getResponse().getContentAsString(), ClientMetadata.class);
    } finally {
        excludedClaims.remove("authorities");
    }
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ResultActions(org.springframework.test.web.servlet.ResultActions) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 15 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointDocs method clientTx.

@Test
void clientTx() throws Exception {
    // CREATE
    List<String> scopes = Arrays.asList("clients.read", "clients.write");
    BaseClientDetails createdClientDetails1 = createBasicClientWithAdditionalInformation(scopes);
    BaseClientDetails createdClientDetails2 = createBasicClientWithAdditionalInformation(scopes);
    ResultActions createResultActions = mockMvc.perform(post("/oauth/clients/tx").contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(Arrays.asList(createdClientDetails1, createdClientDetails2))).header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
    FieldDescriptor[] fieldsNoSecret = subFields("[]", idempotentFields);
    FieldDescriptor[] fieldsWithSecret = (FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", clientSecretField));
    FieldDescriptor[] fieldsWithSecretAndAction = (FieldDescriptor[]) ArrayUtils.addAll(fieldsWithSecret, subFields("[]", actionField));
    Snippet responseFields = responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField)));
    Snippet responseFieldsWithAction = responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField, actionField)));
    createResultActions.andExpect(status().isCreated()).andDo(document("{ClassName}/createClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldsWithSecret), responseFields));
    // UPDATE
    createdClientDetails1.setRegisteredRedirectUri(Collections.singleton("http://updated.redirect.uri/"));
    createdClientDetails2.getAuthorities().add(new SimpleGrantedAuthority("new.authority"));
    ResultActions updateResultActions = mockMvc.perform(put("/oauth/clients/tx").contentType(APPLICATION_JSON).content("[" + serializeExcludingProperties(createdClientDetails1, "client_secret", "lastModified") + "," + serializeExcludingProperties(createdClientDetails2, "client_secret", "lastModified") + "]").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
    updateResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/updateClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldsNoSecret), responseFields));
    // CHANGE SECRET
    Map<String, Object> client1SecretChange = map(entry("clientId", createdClientDetails1.getClientId()), entry("secret", "new_secret"));
    Map<String, Object> client2SecretChange = map(entry("clientId", createdClientDetails2.getClientId()), entry("secret", "new_secret"));
    String content = JsonUtils.writeValueAsString(new Object[] { client1SecretChange, client2SecretChange });
    ResultActions secretResultActions = mockMvc.perform(post("/oauth/clients/tx/secret").contentType(APPLICATION_JSON).content(content).header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
    secretResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/secretClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(subFields("[]", secretChangeFields)), responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField, fieldWithPath("approvals_deleted").description("Indicates whether the approvals associated with the client were deleted as a result of this action"))))));
    // BATCH
    Map<String, Object> modify1 = map(entry("action", ClientDetailsModification.SECRET), entry("client_id", createdClientDetails1.getClientId()), entry("client_secret", "new_secret"));
    Map<String, Object> modify2 = map(entry("action", ClientDetailsModification.DELETE), entry("client_id", createdClientDetails2.getClientId()));
    BaseClientDetails createdClientDetails3 = createBasicClientWithAdditionalInformation(scopes);
    ClientDetailsModification modify3 = new ClientDetailsModification(createdClientDetails3);
    modify3.setAction(ClientDetailsModification.ADD);
    ResultActions modifyResultActions = mockMvc.perform(post("/oauth/clients/tx/modify").contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(new Object[] { modify1, modify2, modify3 })).header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
    modifyResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/modifyClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldsWithSecretAndAction), responseFieldsWithAction));
    // DELETE
    ResultActions deleteResultActions = mockMvc.perform(post("/oauth/clients/tx/delete").contentType(APPLICATION_JSON).content("[{\"client_id\":\"" + createdClientDetails1.getClientId() + "\"},{\"client_id\":\"" + createdClientDetails3.getClientId() + "\"}]").header("Authorization", "Bearer " + clientAdminToken).accept(APPLICATION_JSON));
    deleteResultActions.andExpect(status().isOk()).andDo(document("{ClassName}/deleteClientTx", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint()), requestHeaders(authorizationHeader, IDENTITY_ZONE_ID_HEADER, IDENTITY_ZONE_SUBDOMAIN_HEADER), requestFields(fieldWithPath("[].client_id").required().description(clientIdDescription)), responseFields((FieldDescriptor[]) ArrayUtils.addAll(fieldsNoSecret, subFields("[]", lastModifiedField, fieldWithPath("approvals_deleted").description("Indicates whether the approvals associated with the client were deleted as a result of this action"))))));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) JsonUtils.writeValueAsString(org.cloudfoundry.identity.uaa.util.JsonUtils.writeValueAsString) ResultActions(org.springframework.test.web.servlet.ResultActions) Snippet(org.springframework.restdocs.snippet.Snippet) FieldDescriptor(org.springframework.restdocs.payload.FieldDescriptor) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Aggregations

ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)31 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)20 Test (org.junit.jupiter.api.Test)16 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)15 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)15 ResultActions (org.springframework.test.web.servlet.ResultActions)15 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)14 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)14 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)14 RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)8 Approval (org.cloudfoundry.identity.uaa.approval.Approval)4 HashMap (java.util.HashMap)3 AbstractUaaEvent (org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent)2 Test (org.junit.Test)2 Transactional (org.springframework.transaction.annotation.Transactional)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2 ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)2 HashSet (java.util.HashSet)1 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)1