Search in sources :

Example 21 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method testSecretChangeModifyTxApprovalsNotDeleted.

@Test
void testSecretChangeModifyTxApprovalsNotDeleted() throws Exception {
    // create clients
    ClientDetailsModification[] clients = createBaseClients(3, SECRET, Arrays.asList("client_credentials", "password"));
    for (ClientDetailsModification c : clients) {
        c.setAction(ClientDetailsModification.ADD);
    }
    MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
    ResultActions result = mockMvc.perform(modifyClientsPost);
    result.andExpect(status().isOk());
    clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
    // add approvals to the client
    for (ClientDetailsModification c : clients) {
        String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
        addApprovals(userToken, c.getClientId());
    }
    // verify approvals to the client
    for (ClientDetailsModification c : clients) {
        String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
        assertEquals(3, getApprovals(c.getClientId()).length);
    }
    // change the secret, and we know don't the old secret
    for (ClientDetailsModification c : clients) {
        c.setClientSecret("secret");
        c.setAction(ClientDetailsModification.UPDATE_SECRET);
    }
    modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
    result = mockMvc.perform(modifyClientsPost);
    result.andExpect(status().isOk());
    clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
    // check that we still have approvals for each client
    for (ClientDetailsModification c : clients) {
        assertFalse(c.isApprovalsDeleted());
        String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
        assertEquals(3, getApprovals(c.getClientId()).length);
    }
}
Also used : MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ResultActions(org.springframework.test.web.servlet.ResultActions) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 22 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method testNonClientsAdminPermissions.

@Test
void testNonClientsAdminPermissions() throws Exception {
    ClientDetails adminsClient = createReadWriteClient(adminToken);
    // create clients
    ClientDetailsModification[] clients = createBaseClients(3, SECRET, Arrays.asList("client_credentials", "refresh_token"));
    for (ClientDetailsModification c : clients) {
        c.setScope(Collections.singletonList("oauth.approvals"));
        c.setAction(ClientDetailsModification.ADD);
    }
    String token = testClient.getClientCredentialsOAuthAccessToken(adminsClient.getClientId(), "secret", "clients.write");
    MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + token).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
    ResultActions result = mockMvc.perform(modifyClientsPost);
    result.andExpect(status().isForbidden());
}
Also used : ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ResultActions(org.springframework.test.web.servlet.ResultActions) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 23 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class AdminClientCreator method createBaseClient.

ClientDetailsModification createBaseClient(String id, String clientSecret, Collection<String> grantTypes, List<String> authorities, List<String> scopes) {
    if (id == null) {
        id = new RandomValueStringGenerator().generate();
    }
    if (grantTypes == null) {
        grantTypes = Collections.singleton("client_credentials");
    }
    ClientDetailsModification client = new ClientDetailsModification();
    client.setClientId(id);
    client.setScope(scopes);
    client.setAuthorizedGrantTypes(grantTypes);
    if (authorities != null) {
        client.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList(String.join(",", authorities)));
    }
    client.setClientSecret(clientSecret);
    Map<String, Object> additionalInformation = new HashMap<>();
    additionalInformation.put("foo", "bar");
    additionalInformation.put("name", makeClientName(id));
    client.setAdditionalInformation(additionalInformation);
    client.setRegisteredRedirectUri(Collections.singleton("http://some.redirect.url.com"));
    return client;
}
Also used : HashMap(java.util.HashMap) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)

Example 24 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class ClientAdminEndpointsMockMvcTests method testCreateAsWritePermissions.

@Test
void testCreateAsWritePermissions() throws Exception {
    ClientDetails adminsClient = createReadWriteClient(adminToken);
    // create clients
    ClientDetailsModification[] clients = createBaseClients(1, SECRET, Arrays.asList("client_credentials", "refresh_token"));
    for (ClientDetailsModification c : clients) {
        c.setScope(Collections.singletonList("oauth.approvals"));
        c.setAction(ClientDetailsModification.ADD);
    }
    String token = testClient.getClientCredentialsOAuthAccessToken(adminsClient.getClientId(), "secret", "clients.write");
    MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients").header("Authorization", "Bearer " + token).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients[0]));
    ResultActions result = mockMvc.perform(modifyClientsPost);
    result.andExpect(status().isCreated());
}
Also used : ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) ClientDetailsHelper.clientArrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString) ClientDetailsHelper.arrayFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString) ClientDetailsHelper.clientFromString(org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString) ResultActions(org.springframework.test.web.servlet.ResultActions) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Example 25 with ClientDetailsModification

use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.

the class TotpMfaEndpointMockMvcTests method testMFARegistrationHonorsRedirectUri.

@Test
void testMFARegistrationHonorsRedirectUri() throws Exception {
    ClientDetailsModification client = MockMvcUtils.getClientDetailsModification("auth-client-id", "secret", Collections.emptyList(), Collections.singletonList("openid"), Collections.singletonList(GRANT_TYPE_AUTHORIZATION_CODE), "uaa.resource", Collections.singleton("http://example.com"));
    client.setAutoApproveScopes(Collections.singletonList("openid"));
    Map<String, String> information = new HashMap<>();
    information.put("autoapprove", "true");
    client.setAdditionalInformation(information);
    MockMvcUtils.createClient(mockMvc, adminToken, client, IdentityZone.getUaa(), status().isCreated());
    // Not using param function because params won't end up in paramsMap.
    String oauthUrl = "/oauth/authorize?client_id=auth-client-id&client_secret=secret&redirect_uri=http://example.com";
    mockMvc.perform(get(oauthUrl).session(mockHttpSession).with(cookieCsrf())).andExpect(status().is3xxRedirection()).andDo(print()).andExpect(redirectedUrl("http://localhost/login"));
    performLoginWithSession(mockMvc, mockHttpSession, scimUser, password).andExpect(redirectedUrl("http://localhost" + oauthUrl));
    mockMvc.perform(get(oauthUrl).session(mockHttpSession).with(cookieCsrf())).andExpect(status().is3xxRedirection()).andDo(print()).andExpect(redirectedUrl("/login/mfa/register"));
    performGetMfaRegister(mockMvc, mockHttpSession);
    int code = MockMvcUtils.getMFACodeFromSession(mockHttpSession);
    MockMvcUtils.performMfaPostVerifyWithCode(code, mockMvc, mockHttpSession);
    mockMvc.perform(get("/login/mfa/completed").session(mockHttpSession).with(cookieCsrf())).andExpect(status().is3xxRedirection()).andDo(print()).andExpect(redirectedUrl("http://localhost/oauth/authorize?client_id=auth-client-id&client_secret=secret&redirect_uri=http://example.com"));
}
Also used : HashMap(java.util.HashMap) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) MockMvcResultHandlers.print(org.springframework.test.web.servlet.result.MockMvcResultHandlers.print) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.jupiter.api.Test)

Aggregations

ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)31 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)20 Test (org.junit.jupiter.api.Test)16 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)15 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)15 ResultActions (org.springframework.test.web.servlet.ResultActions)15 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)14 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)14 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)14 RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)8 Approval (org.cloudfoundry.identity.uaa.approval.Approval)4 HashMap (java.util.HashMap)3 AbstractUaaEvent (org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent)2 Test (org.junit.Test)2 Transactional (org.springframework.transaction.annotation.Transactional)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2 ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)2 HashSet (java.util.HashSet)1 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)1