use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method testSecretChangeModifyTxApprovalsNotDeleted.
@Test
void testSecretChangeModifyTxApprovalsNotDeleted() throws Exception {
// create clients
ClientDetailsModification[] clients = createBaseClients(3, SECRET, Arrays.asList("client_credentials", "password"));
for (ClientDetailsModification c : clients) {
c.setAction(ClientDetailsModification.ADD);
}
MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
ResultActions result = mockMvc.perform(modifyClientsPost);
result.andExpect(status().isOk());
clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
// add approvals to the client
for (ClientDetailsModification c : clients) {
String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
addApprovals(userToken, c.getClientId());
}
// verify approvals to the client
for (ClientDetailsModification c : clients) {
String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
assertEquals(3, getApprovals(c.getClientId()).length);
}
// change the secret, and we know don't the old secret
for (ClientDetailsModification c : clients) {
c.setClientSecret("secret");
c.setAction(ClientDetailsModification.UPDATE_SECRET);
}
modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + adminToken).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
result = mockMvc.perform(modifyClientsPost);
result.andExpect(status().isOk());
clients = (ClientDetailsModification[]) arrayFromString(result.andReturn().getResponse().getContentAsString(), ClientDetailsModification[].class);
// check that we still have approvals for each client
for (ClientDetailsModification c : clients) {
assertFalse(c.isApprovalsDeleted());
String userToken = testClient.getUserOAuthAccessToken(c.getClientId(), "secret", testUser.getUserName(), testPassword, "oauth.approvals");
assertEquals(3, getApprovals(c.getClientId()).length);
}
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method testNonClientsAdminPermissions.
@Test
void testNonClientsAdminPermissions() throws Exception {
ClientDetails adminsClient = createReadWriteClient(adminToken);
// create clients
ClientDetailsModification[] clients = createBaseClients(3, SECRET, Arrays.asList("client_credentials", "refresh_token"));
for (ClientDetailsModification c : clients) {
c.setScope(Collections.singletonList("oauth.approvals"));
c.setAction(ClientDetailsModification.ADD);
}
String token = testClient.getClientCredentialsOAuthAccessToken(adminsClient.getClientId(), "secret", "clients.write");
MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients/tx/modify").header("Authorization", "Bearer " + token).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients));
ResultActions result = mockMvc.perform(modifyClientsPost);
result.andExpect(status().isForbidden());
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class AdminClientCreator method createBaseClient.
ClientDetailsModification createBaseClient(String id, String clientSecret, Collection<String> grantTypes, List<String> authorities, List<String> scopes) {
if (id == null) {
id = new RandomValueStringGenerator().generate();
}
if (grantTypes == null) {
grantTypes = Collections.singleton("client_credentials");
}
ClientDetailsModification client = new ClientDetailsModification();
client.setClientId(id);
client.setScope(scopes);
client.setAuthorizedGrantTypes(grantTypes);
if (authorities != null) {
client.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList(String.join(",", authorities)));
}
client.setClientSecret(clientSecret);
Map<String, Object> additionalInformation = new HashMap<>();
additionalInformation.put("foo", "bar");
additionalInformation.put("name", makeClientName(id));
client.setAdditionalInformation(additionalInformation);
client.setRegisteredRedirectUri(Collections.singleton("http://some.redirect.url.com"));
return client;
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class ClientAdminEndpointsMockMvcTests method testCreateAsWritePermissions.
@Test
void testCreateAsWritePermissions() throws Exception {
ClientDetails adminsClient = createReadWriteClient(adminToken);
// create clients
ClientDetailsModification[] clients = createBaseClients(1, SECRET, Arrays.asList("client_credentials", "refresh_token"));
for (ClientDetailsModification c : clients) {
c.setScope(Collections.singletonList("oauth.approvals"));
c.setAction(ClientDetailsModification.ADD);
}
String token = testClient.getClientCredentialsOAuthAccessToken(adminsClient.getClientId(), "secret", "clients.write");
MockHttpServletRequestBuilder modifyClientsPost = post("/oauth/clients").header("Authorization", "Bearer " + token).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content(JsonUtils.writeValueAsString(clients[0]));
ResultActions result = mockMvc.perform(modifyClientsPost);
result.andExpect(status().isCreated());
}
use of org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification in project uaa by cloudfoundry.
the class TotpMfaEndpointMockMvcTests method testMFARegistrationHonorsRedirectUri.
@Test
void testMFARegistrationHonorsRedirectUri() throws Exception {
ClientDetailsModification client = MockMvcUtils.getClientDetailsModification("auth-client-id", "secret", Collections.emptyList(), Collections.singletonList("openid"), Collections.singletonList(GRANT_TYPE_AUTHORIZATION_CODE), "uaa.resource", Collections.singleton("http://example.com"));
client.setAutoApproveScopes(Collections.singletonList("openid"));
Map<String, String> information = new HashMap<>();
information.put("autoapprove", "true");
client.setAdditionalInformation(information);
MockMvcUtils.createClient(mockMvc, adminToken, client, IdentityZone.getUaa(), status().isCreated());
// Not using param function because params won't end up in paramsMap.
String oauthUrl = "/oauth/authorize?client_id=auth-client-id&client_secret=secret&redirect_uri=http://example.com";
mockMvc.perform(get(oauthUrl).session(mockHttpSession).with(cookieCsrf())).andExpect(status().is3xxRedirection()).andDo(print()).andExpect(redirectedUrl("http://localhost/login"));
performLoginWithSession(mockMvc, mockHttpSession, scimUser, password).andExpect(redirectedUrl("http://localhost" + oauthUrl));
mockMvc.perform(get(oauthUrl).session(mockHttpSession).with(cookieCsrf())).andExpect(status().is3xxRedirection()).andDo(print()).andExpect(redirectedUrl("/login/mfa/register"));
performGetMfaRegister(mockMvc, mockHttpSession);
int code = MockMvcUtils.getMFACodeFromSession(mockHttpSession);
MockMvcUtils.performMfaPostVerifyWithCode(code, mockMvc, mockHttpSession);
mockMvc.perform(get("/login/mfa/completed").session(mockHttpSession).with(cookieCsrf())).andExpect(status().is3xxRedirection()).andDo(print()).andExpect(redirectedUrl("http://localhost/oauth/authorize?client_id=auth-client-id&client_secret=secret&redirect_uri=http://example.com"));
}
Aggregations