Search in sources :

Example 6 with IdentityZoneManager

use of org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method setUp.

@BeforeEach
void setUp(@Autowired JdbcTemplate jdbcTemplate) {
    RandomValueStringGenerator generator = new RandomValueStringGenerator();
    currentIdentityZoneId = "currentIdentityZoneId-" + generator.generate();
    approvalStore = new JdbcApprovalStore(jdbcTemplate);
    QueryableResourceManager<ClientDetails> mockClientDetailsService = mock(QueryableResourceManager.class);
    mockBaseClientDetails = mock(BaseClientDetails.class);
    when(mockClientDetailsService.retrieve("foo", currentIdentityZoneId)).thenReturn(mockBaseClientDetails);
    when(mockBaseClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList("cloud_controller.read", "cloud_controller.write", "openid", "space.*.developer")));
    when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(Collections.emptySet());
    IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentIdentityZoneId);
    handler = new UserManagedAuthzApprovalHandler(approvalStore, mockClientDetailsService, mockIdentityZoneManager);
    userId = "userId-" + generator.generate();
    mockAuthentication = mock(AuthenticationWithGetId.class);
    when(mockAuthentication.isAuthenticated()).thenReturn(true);
    when(mockAuthentication.getId()).thenReturn(userId);
    nextWeek = new Date(LocalDateTime.now().plus(Duration.ofDays(7)).atZone(ZoneId.systemDefault()).toEpochSecond() * 1000);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) JdbcApprovalStore(org.cloudfoundry.identity.uaa.approval.JdbcApprovalStore) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 7 with IdentityZoneManager

use of org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager in project uaa by cloudfoundry.

the class UaaResetPasswordServiceTests method setUp.

@BeforeEach
void setUp() {
    SecurityContextHolder.clearContext();
    scimUserProvisioning = mock(ScimUserProvisioning.class);
    codeStore = mock(ExpiringCodeStore.class);
    passwordValidator = mock(PasswordValidator.class);
    clientDetailsService = mock(MultitenantClientServices.class);
    RandomValueStringGenerator randomValueStringGenerator = new RandomValueStringGenerator();
    currentZoneId = "currentZoneId-" + randomValueStringGenerator.generate();
    IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentZoneId);
    ResourcePropertySource resourcePropertySource = mock(ResourcePropertySource.class);
    uaaResetPasswordService = new UaaResetPasswordService(scimUserProvisioning, codeStore, passwordValidator, clientDetailsService, resourcePropertySource, mockIdentityZoneManager);
}
Also used : MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) ResourcePropertySource(org.springframework.core.io.support.ResourcePropertySource) UaaResetPasswordService(org.cloudfoundry.identity.uaa.account.UaaResetPasswordService) PasswordValidator(org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator) ExpiringCodeStore(org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) ScimUserProvisioning(org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 8 with IdentityZoneManager

use of org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager in project uaa by cloudfoundry.

the class TokenValidationTest method setup.

@Before
public void setup() {
    String defaultKeyId = "some-key-id";
    IdentityZone uaaZone = IdentityZone.getUaa();
    uaaZone.getConfig().getTokenPolicy().setKeys(map(entry(defaultKeyId, macSigningKeySecret)));
    IdentityZoneProvisioning identityZoneProvisioning = mock(IdentityZoneProvisioning.class);
    when(identityZoneProvisioning.retrieve(anyString())).thenReturn(uaaZone);
    IdentityZoneHolder.setProvisioning(identityZoneProvisioning);
    header = map(entry("alg", "HS256"), entry("kid", defaultKeyId));
    content = map(entry("jti", "8b14f193-8212-4af2-9927-e3ae903f94a6"), entry("nonce", "04e2e934200b4b9fbe5d4e70ae18ba8e"), entry("sub", "a7f07bf6-e720-4652-8999-e980189cef54"), entry("scope", Collections.singletonList("acme.dev")), entry("client_id", "app"), entry("cid", "app"), entry("azp", "app"), entry("grant_type", GRANT_TYPE_AUTHORIZATION_CODE), entry("user_id", "a7f07bf6-e720-4652-8999-e980189cef54"), entry("origin", "uaa"), entry("user_name", "marissa"), entry("email", "marissa@test.org"), entry("auth_time", 1458953554), entry("rev_sig", "fa1c787d"), entry("iat", 1458953932), entry("exp", 1458997132), entry("iss", "http://localhost:8080/uaa/oauth/token"), entry("zid", "uaa"), entry("aud", Arrays.asList("app", "acme")), entry("revocable", true));
    signer = new MacSigner(macSigningKeySecret);
    IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId());
    inMemoryMultitenantClientServices = new InMemoryMultitenantClientServices(mockIdentityZoneManager);
    uaaClient = new BaseClientDetails("app", "acme", "acme.dev", GRANT_TYPE_AUTHORIZATION_CODE, "");
    uaaClient.addAdditionalInformation(REQUIRED_USER_GROUPS, Collections.emptyList());
    inMemoryMultitenantClientServices.setClientDetailsStore(IdentityZone.getUaaZoneId(), Collections.singletonMap(CLIENT_ID, uaaClient));
    revocableTokenProvisioning = mock(RevocableTokenProvisioning.class);
    when(revocableTokenProvisioning.retrieve("8b14f193-8212-4af2-9927-e3ae903f94a6", IdentityZoneHolder.get().getId())).thenReturn(new RevocableToken().setValue(UaaTokenUtils.constructToken(header, content, signer)));
    userDb = new MockUaaUserDatabase(u -> u.withUsername("marissa").withId(USER_ID).withEmail("marissa@test.org").withAuthorities(Collections.singletonList(new SimpleGrantedAuthority("acme.dev"))));
    uaaUser = userDb.retrieveUserById(USER_ID);
    uaaUserGroups = uaaUser.getAuthorities().stream().map(a -> a.getAuthority()).collect(Collectors.toList());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) LoggerContext(org.apache.logging.log4j.core.LoggerContext) MockUaaUserDatabase(org.cloudfoundry.identity.uaa.user.MockUaaUserDatabase) UaaMapUtils.map(org.cloudfoundry.identity.uaa.util.UaaMapUtils.map) LogEvent(org.apache.logging.log4j.core.LogEvent) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) Assert.assertThat(org.junit.Assert.assertThat) MockitoHamcrest.argThat(org.mockito.hamcrest.MockitoHamcrest.argThat) After(org.junit.After) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) REQUIRED_USER_GROUPS(org.cloudfoundry.identity.uaa.oauth.client.ClientConstants.REQUIRED_USER_GROUPS) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) EMPTY_LIST(java.util.Collections.EMPTY_LIST) AfterClass(org.junit.AfterClass) ClaimConstants(org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase) org.cloudfoundry.identity.uaa.zone(org.cloudfoundry.identity.uaa.zone) GRANT_TYPE_AUTHORIZATION_CODE(org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) SignatureVerifier(org.springframework.security.jwt.crypto.sign.SignatureVerifier) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) java.util(java.util) KeyInfoService(org.cloudfoundry.identity.uaa.oauth.KeyInfoService) BeforeClass(org.junit.BeforeClass) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) MacSigner(org.springframework.security.jwt.crypto.sign.MacSigner) TestUtils(org.cloudfoundry.identity.uaa.test.TestUtils) Lists(com.google.common.collect.Lists) InMemoryClientDetailsService(org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) TokenValidation(org.cloudfoundry.identity.uaa.util.TokenValidation) ExpectedException(org.junit.rules.ExpectedException) Signer(org.springframework.security.jwt.crypto.sign.Signer) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Before(org.junit.Before) RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) InMemoryUaaUserDatabase(org.cloudfoundry.identity.uaa.user.InMemoryUaaUserDatabase) AbstractAppender(org.apache.logging.log4j.core.appender.AbstractAppender) ChainedSignatureVerifier(org.cloudfoundry.identity.uaa.oauth.jwt.ChainedSignatureVerifier) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) RevocableToken(org.cloudfoundry.identity.uaa.oauth.token.RevocableToken) Mockito(org.mockito.Mockito) UaaMapUtils.entry(org.cloudfoundry.identity.uaa.util.UaaMapUtils.entry) Rule(org.junit.Rule) LogManager(org.apache.logging.log4j.LogManager) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException) MockUaaUserDatabase(org.cloudfoundry.identity.uaa.user.MockUaaUserDatabase) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) MacSigner(org.springframework.security.jwt.crypto.sign.MacSigner) RevocableToken(org.cloudfoundry.identity.uaa.oauth.token.RevocableToken) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) Before(org.junit.Before)

Example 9 with IdentityZoneManager

use of org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager in project uaa by cloudfoundry.

the class UaaUserApprovalHandlerTests method setUp.

@BeforeEach
void setUp() {
    final RandomValueStringGenerator generator = new RandomValueStringGenerator();
    final MultitenantClientServices mockMultitenantClientServices = mock(MultitenantClientServices.class);
    final AuthorizationServerTokenServices mockAuthorizationServerTokenServices = mock(AuthorizationServerTokenServices.class);
    final IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    final String currentIdentityZoneId = "currentIdentityZoneId-" + generator.generate();
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentIdentityZoneId);
    handler = new UaaUserApprovalHandler(mockMultitenantClientServices, null, mockAuthorizationServerTokenServices, mockIdentityZoneManager);
    authorizationRequest = new AuthorizationRequest("client", Collections.singletonList("read"));
    userAuthentication = new UsernamePasswordAuthenticationToken("joe", "", AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
    client = new BaseClientDetails("client", "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none");
    when(mockMultitenantClientServices.loadClientByClientId("client", currentIdentityZoneId)).thenReturn(client);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) UaaUserApprovalHandler(org.cloudfoundry.identity.uaa.user.UaaUserApprovalHandler) AuthorizationServerTokenServices(org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 10 with IdentityZoneManager

use of org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager in project uaa by cloudfoundry.

the class ApprovalsAdminEndpointsTests method initApprovalsAdminEndpointsTests.

@BeforeEach
void initApprovalsAdminEndpointsTests() {
    UaaTestAccounts testAccounts = UaaTestAccounts.standard(null);
    String id = UUID.randomUUID().toString();
    String userId = testAccounts.addUser(jdbcTemplate, id, IdentityZoneHolder.get().getId());
    IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId());
    IdentityZone mockIdentityZone = mock(IdentityZone.class);
    when(mockIdentityZoneManager.getCurrentIdentityZone()).thenReturn(mockIdentityZone);
    when(mockIdentityZone.getConfig()).thenReturn(IdentityZone.getUaa().getConfig());
    UaaUserDatabase userDao = new JdbcUaaUserDatabase(jdbcTemplate, new TimeServiceImpl(), false, mockIdentityZoneManager);
    marissa = userDao.retrieveUserById(userId);
    assertNotNull(marissa);
    dao = new JdbcApprovalStore(jdbcTemplate);
    mockSecurityContextAccessor = mock(SecurityContextAccessor.class);
    when(mockSecurityContextAccessor.getUserName()).thenReturn(marissa.getUsername());
    when(mockSecurityContextAccessor.getUserId()).thenReturn(marissa.getId());
    when(mockSecurityContextAccessor.isUser()).thenReturn(true);
    MultitenantJdbcClientDetailsService clientDetailsService = new MultitenantJdbcClientDetailsService(jdbcTemplate, mockIdentityZoneManager, passwordEncoder);
    BaseClientDetails details = new BaseClientDetails("c1", "scim,clients", "read,write", "authorization_code, password, implicit, client_credentials", "update");
    details.setAutoApproveScopes(Collections.singletonList("true"));
    clientDetailsService.addClientDetails(details);
    endpoints = new ApprovalsAdminEndpoints(mockSecurityContextAccessor, dao, userDao, clientDetailsService);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) TimeServiceImpl(org.cloudfoundry.identity.uaa.util.TimeServiceImpl) MultitenantJdbcClientDetailsService(org.cloudfoundry.identity.uaa.zone.MultitenantJdbcClientDetailsService) JdbcUaaUserDatabase(org.cloudfoundry.identity.uaa.user.JdbcUaaUserDatabase) ApprovalsAdminEndpoints(org.cloudfoundry.identity.uaa.approval.ApprovalsAdminEndpoints) SecurityContextAccessor(org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor) UaaTestAccounts(org.cloudfoundry.identity.uaa.test.UaaTestAccounts) JdbcUaaUserDatabase(org.cloudfoundry.identity.uaa.user.JdbcUaaUserDatabase) UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase) JdbcApprovalStore(org.cloudfoundry.identity.uaa.approval.JdbcApprovalStore) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) BeforeEach(org.junit.jupiter.api.BeforeEach)

Aggregations

IdentityZoneManager (org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager)10 BeforeEach (org.junit.jupiter.api.BeforeEach)9 RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)6 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)5 ScimUserProvisioning (org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning)3 MultitenantClientServices (org.cloudfoundry.identity.uaa.zone.MultitenantClientServices)3 MultitenantJdbcClientDetailsService (org.cloudfoundry.identity.uaa.zone.MultitenantJdbcClientDetailsService)3 JdbcApprovalStore (org.cloudfoundry.identity.uaa.approval.JdbcApprovalStore)2 ExpiringCodeStore (org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore)2 RevocableToken (org.cloudfoundry.identity.uaa.oauth.token.RevocableToken)2 PasswordValidator (org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator)2 UaaUserDatabase (org.cloudfoundry.identity.uaa.user.UaaUserDatabase)2 TimeServiceImpl (org.cloudfoundry.identity.uaa.util.TimeServiceImpl)2 ApplicationEventPublisher (org.springframework.context.ApplicationEventPublisher)2 Lists (com.google.common.collect.Lists)1 Timestamp (java.sql.Timestamp)1 Instant (java.time.Instant)1 java.util (java.util)1 EMPTY_LIST (java.util.Collections.EMPTY_LIST)1 AtomicLong (java.util.concurrent.atomic.AtomicLong)1