Search in sources :

Example 1 with MultitenantClientServices

use of org.cloudfoundry.identity.uaa.zone.MultitenantClientServices in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method getPromptsFromNonOIDCProvider.

@Test
void getPromptsFromNonOIDCProvider() {
    MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest();
    mockHttpServletRequest.setParameter("origin", "non-OIDC");
    IdentityProvider provider = mock(IdentityProvider.class);
    SamlIdentityProviderDefinition samlConfig = mock(SamlIdentityProviderDefinition.class);
    when(provider.getConfig()).thenReturn(samlConfig);
    when(mockIdentityProviderProvisioning.retrieveByOrigin("non-OIDC", "uaa")).thenReturn(provider);
    MultitenantClientServices clientDetailsService = mockClientService();
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get(), clientDetailsService);
    endpoint.infoForLoginJson(extendedModelMap, null, mockHttpServletRequest);
    assertNotNull(extendedModelMap.get("prompts"));
    assertTrue(extendedModelMap.get("prompts") instanceof Map);
    Map<String, String[]> returnedPrompts = (Map<String, String[]>) extendedModelMap.get("prompts");
    assertEquals(2, returnedPrompts.size());
    assertNotNull(returnedPrompts.get("username"));
    assertEquals("Email", returnedPrompts.get("username")[1]);
    assertNotNull(returnedPrompts.get("password"));
    assertEquals("Password", returnedPrompts.get("password")[1]);
}
Also used : MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) HashMap(java.util.HashMap) Test(org.junit.jupiter.api.Test)

Example 2 with MultitenantClientServices

use of org.cloudfoundry.identity.uaa.zone.MultitenantClientServices in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method filterIDPsForAuthcodeClientInOtherZone.

@Test
void filterIDPsForAuthcodeClientInOtherZone() throws Exception {
    // mock session and saved request
    MockHttpServletRequest request = getMockHttpServletRequest();
    IdentityZone zone = MultitenancyFixture.identityZone("other-zone", "other-zone");
    IdentityZoneHolder.set(zone);
    List<String> allowedProviders = Arrays.asList("my-client-awesome-idp1", "my-client-awesome-idp2");
    // mock Client service
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setClientId("client-id");
    clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders));
    MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class);
    when(clientDetailsService.loadClientByClientId("client-id", "other-zone")).thenReturn(clientDetails);
    // mock SamlIdentityProviderConfigurator
    List<SamlIdentityProviderDefinition> clientIDPs = new LinkedList<>();
    clientIDPs.add(createIdentityProviderDefinition("my-client-awesome-idp1", "uaa"));
    clientIDPs.add(createIdentityProviderDefinition("my-client-awesome-idp2", "uaa"));
    when(mockSamlIdentityProviderConfigurator.getIdentityProviderDefinitions(eq(allowedProviders), eq(zone))).thenReturn(clientIDPs);
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get(), clientDetailsService);
    endpoint.loginForHtml(extendedModelMap, null, request, singletonList(MediaType.TEXT_HTML));
    Collection<SamlIdentityProviderDefinition> idpDefinitions = (Collection<SamlIdentityProviderDefinition>) extendedModelMap.asMap().get("idpDefinitions");
    assertEquals(2, idpDefinitions.size());
    assertThat(idpDefinitions, PredicateMatcher.has(c -> c.getIdpEntityAlias().equals("my-client-awesome-idp1")));
    assertThat(idpDefinitions, PredicateMatcher.has(SamlIdentityProviderDefinition::isShowSamlLink));
    assertEquals(false, extendedModelMap.asMap().get("fieldUsernameShow"));
    assertEquals(false, extendedModelMap.asMap().get("linkCreateAccountShow"));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Matchers.not(org.hamcrest.Matchers.not) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) SamlIdentityProviderConfigurator(org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator) Collections.singletonList(java.util.Collections.singletonList) OriginKeys(org.cloudfoundry.identity.uaa.constants.OriginKeys) Model(org.springframework.ui.Model) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) Map(java.util.Map) Mockito.doReturn(org.mockito.Mockito.doReturn) OidcMetadataFetcher(org.cloudfoundry.identity.uaa.provider.oauth.OidcMetadataFetcher) PollutionPreventionExtension(org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) ArgumentMatchers.anyList(org.mockito.ArgumentMatchers.anyList) Matchers.startsWith(org.hamcrest.Matchers.startsWith) DefaultSavedRequest(org.springframework.security.web.savedrequest.DefaultSavedRequest) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) Assert.assertFalse(org.junit.Assert.assertFalse) JsonUtils(org.cloudfoundry.identity.uaa.util.JsonUtils) MultitenancyFixture(org.cloudfoundry.identity.uaa.zone.MultitenancyFixture) Matchers.is(org.hamcrest.Matchers.is) UaaRandomStringUtil(org.cloudfoundry.identity.uaa.util.UaaRandomStringUtil) Matchers.containsString(org.hamcrest.Matchers.containsString) ExternalOAuthProviderConfigurator(org.cloudfoundry.identity.uaa.provider.oauth.ExternalOAuthProviderConfigurator) Mockito.mock(org.mockito.Mockito.mock) Links(org.cloudfoundry.identity.uaa.zone.Links) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) ArgumentMatchers.anyBoolean(org.mockito.ArgumentMatchers.anyBoolean) Mockito.spy(org.mockito.Mockito.spy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) ArrayList(java.util.ArrayList) Matchers.hasSize(org.hamcrest.Matchers.hasSize) AssertThrowsWithMessage.assertThrowsWithMessageThat(org.cloudfoundry.identity.uaa.util.AssertThrowsWithMessage.assertThrowsWithMessageThat) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration) Assert.assertTrue(org.junit.Assert.assertTrue) OIDCIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition) PredicateMatcher(org.cloudfoundry.identity.uaa.util.PredicateMatcher) AfterEach(org.junit.jupiter.api.AfterEach) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) Assert.assertNull(org.junit.Assert.assertNull) AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) RawExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.RawExternalOAuthIdentityProviderDefinition) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) Assert.assertEquals(org.junit.Assert.assertEquals) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ClientConstants(org.cloudfoundry.identity.uaa.oauth.client.ClientConstants) URL(java.net.URL) ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken) UaaUrlUtils.addSubdomainToUrl(org.cloudfoundry.identity.uaa.util.UaaUrlUtils.addSubdomainToUrl) Matchers.hasKey(org.hamcrest.Matchers.hasKey) IdentityZoneHolder(org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder) Assert.assertThat(org.junit.Assert.assertThat) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) HttpSession(javax.servlet.http.HttpSession) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) Collections.emptyList(java.util.Collections.emptyList) MediaType(org.springframework.http.MediaType) Collection(java.util.Collection) IdentityProviderProvisioning(org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning) MfaChecker(org.cloudfoundry.identity.uaa.mfa.MfaChecker) Test(org.junit.jupiter.api.Test) List(java.util.List) Modifier(java.lang.reflect.Modifier) Matchers.equalTo(org.hamcrest.Matchers.equalTo) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) DataAccessException(org.springframework.dao.DataAccessException) SessionUtils(org.cloudfoundry.identity.uaa.util.SessionUtils) IdentityZoneProvisioning(org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning) LoginSamlAuthenticationToken(org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken) HashMap(java.util.HashMap) UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails) Function(java.util.function.Function) InMemoryExpiringCodeStore(org.cloudfoundry.identity.uaa.codestore.InMemoryExpiringCodeStore) Cookie(javax.servlet.http.Cookie) LinkedList(java.util.LinkedList) Iterator(java.util.Iterator) Collections.emptySet(java.util.Collections.emptySet) MalformedURLException(java.net.MalformedURLException) UTF_8(java.nio.charset.StandardCharsets.UTF_8) Assert.assertNotNull(org.junit.Assert.assertNotNull) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) Mockito.when(org.mockito.Mockito.when) Mockito.verify(org.mockito.Mockito.verify) URLEncoder(java.net.URLEncoder) UaaIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition) TimeServiceImpl(org.cloudfoundry.identity.uaa.util.TimeServiceImpl) HttpMediaTypeNotAcceptableException(org.springframework.web.HttpMediaTypeNotAcceptableException) Collections(java.util.Collections) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) LinkedList(java.util.LinkedList) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) Collection(java.util.Collection) Test(org.junit.jupiter.api.Test)

Example 3 with MultitenantClientServices

use of org.cloudfoundry.identity.uaa.zone.MultitenantClientServices in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method loginHintOriginOidc.

@Test
void loginHintOriginOidc() throws Exception {
    MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest();
    MultitenantClientServices clientDetailsService = mockClientService();
    mockOidcProvider(mockIdentityProviderProvisioning);
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get(), clientDetailsService);
    SavedRequest savedRequest = SessionUtils.getSavedRequestSession(mockHttpServletRequest.getSession());
    when(savedRequest.getParameterValues("login_hint")).thenReturn(new String[] { "{\"origin\":\"my-OIDC-idp1\"}" });
    String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML));
    assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa"));
    assertThat(redirect, containsString("my-OIDC-idp1"));
    assertNull(extendedModelMap.get("login_hint"));
}
Also used : MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) DefaultSavedRequest(org.springframework.security.web.savedrequest.DefaultSavedRequest) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) Test(org.junit.jupiter.api.Test)

Example 4 with MultitenantClientServices

use of org.cloudfoundry.identity.uaa.zone.MultitenantClientServices in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method loginHintOriginOidcForJson.

@Test
void loginHintOriginOidcForJson() throws Exception {
    MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest();
    MultitenantClientServices clientDetailsService = mockClientService();
    mockOidcProvider(mockIdentityProviderProvisioning);
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get(), clientDetailsService);
    SavedRequest savedRequest = SessionUtils.getSavedRequestSession(mockHttpServletRequest.getSession());
    when(savedRequest.getParameterValues("login_hint")).thenReturn(new String[] { "{\"origin\":\"my-OIDC-idp1\"}" });
    endpoint.infoForLoginJson(extendedModelMap, null, mockHttpServletRequest);
    assertNotNull(extendedModelMap.get("prompts"));
    assertTrue(extendedModelMap.get("prompts") instanceof Map);
    Map<String, String[]> returnedPrompts = (Map<String, String[]>) extendedModelMap.get("prompts");
    assertEquals(3, returnedPrompts.size());
}
Also used : MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) HashMap(java.util.HashMap) DefaultSavedRequest(org.springframework.security.web.savedrequest.DefaultSavedRequest) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) Test(org.junit.jupiter.api.Test)

Example 5 with MultitenantClientServices

use of org.cloudfoundry.identity.uaa.zone.MultitenantClientServices in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method defaultProviderLdapWithAllowedOnlyOIDC.

@Test
void defaultProviderLdapWithAllowedOnlyOIDC() throws Exception {
    MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest();
    List<String> allowedProviders = singletonList("my-OIDC-idp1");
    // mock Client service
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setClientId("client-id");
    clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders));
    MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class);
    when(clientDetailsService.loadClientByClientId("client-id", "uaa")).thenReturn(clientDetails);
    mockOidcProvider(mockIdentityProviderProvisioning);
    IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider("ldap");
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get(), clientDetailsService);
    String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML));
    assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa"));
    assertThat(redirect, containsString("my-OIDC-idp1"));
    assertFalse(extendedModelMap.containsKey("login_hint"));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Aggregations

MultitenantClientServices (org.cloudfoundry.identity.uaa.zone.MultitenantClientServices)33 Test (org.junit.jupiter.api.Test)30 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)30 Matchers.containsString (org.hamcrest.Matchers.containsString)25 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)25 DefaultSavedRequest (org.springframework.security.web.savedrequest.DefaultSavedRequest)14 SavedRequest (org.springframework.security.web.savedrequest.SavedRequest)14 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)13 HashMap (java.util.HashMap)11 Map (java.util.Map)10 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)10 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)10 IdentityProvider (org.cloudfoundry.identity.uaa.provider.IdentityProvider)8 LinkedList (java.util.LinkedList)5 SamlIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition)4 IdentityZone (org.cloudfoundry.identity.uaa.zone.IdentityZone)4 BeforeEach (org.junit.jupiter.api.BeforeEach)4 URL (java.net.URL)3 ArrayList (java.util.ArrayList)3 AbstractExternalOAuthIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition)3