Search in sources :

Example 96 with RandomValueStringGenerator

use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.

the class TokenRevocationEndpointTests method setupForTokenRevocation.

@BeforeEach
void setupForTokenRevocation() {
    String zoneId = IdentityZoneHolder.get().getId();
    RandomValueStringGenerator generator = new RandomValueStringGenerator();
    String clientId = generator.generate().toLowerCase();
    client = new BaseClientDetails(clientId, "", "some.scopes", "client_credentials", "authorities");
    client.addAdditionalInformation(TOKEN_SALT, "pre-salt");
    IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId());
    clientService = spy(new MultitenantJdbcClientDetailsService(jdbcTemplate, mockIdentityZoneManager, passwordEncoder));
    clientService.addClientDetails(client, zoneId);
    ScimUserProvisioning userProvisioning = new JdbcScimUserProvisioning(jdbcTemplate, new JdbcPagingListFactory(jdbcTemplate, limitSqlAdapter), passwordEncoder);
    JdbcRevocableTokenProvisioning provisioning = spy(new JdbcRevocableTokenProvisioning(jdbcTemplate, limitSqlAdapter, new TimeServiceImpl()));
    endpoint = spy(new TokenRevocationEndpoint(clientService, userProvisioning, provisioning));
    ApplicationEventPublisher publisher = mock(ApplicationEventPublisher.class);
    endpoint.setApplicationEventPublisher(publisher);
    SecurityContextHolder.getContext().setAuthentication(new UaaOauth2Authentication("token-value", zoneId, mock(OAuth2Request.class), new UaaAuthentication(new UaaPrincipal("id", "username", "username@test.com", OriginKeys.UAA, "", zoneId), Collections.emptyList(), mock(UaaAuthenticationDetails.class))));
    provisioning.create(new RevocableToken().setClientId(client.getClientId()).setTokenId("token-id").setUserId(null).setResponseType(RevocableToken.TokenType.ACCESS_TOKEN).setValue("value").setIssuedAt(System.currentTimeMillis()), zoneId);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) TimeServiceImpl(org.cloudfoundry.identity.uaa.util.TimeServiceImpl) MultitenantJdbcClientDetailsService(org.cloudfoundry.identity.uaa.zone.MultitenantJdbcClientDetailsService) JdbcRevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.JdbcRevocableTokenProvisioning) JdbcPagingListFactory(org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory) UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails) JdbcScimUserProvisioning(org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning) ScimUserProvisioning(org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning) JdbcScimUserProvisioning(org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal) RevocableToken(org.cloudfoundry.identity.uaa.oauth.token.RevocableToken) ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 97 with RandomValueStringGenerator

use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.

the class UserManagedAuthzApprovalHandlerTests method setUp.

@BeforeEach
void setUp(@Autowired JdbcTemplate jdbcTemplate) {
    RandomValueStringGenerator generator = new RandomValueStringGenerator();
    currentIdentityZoneId = "currentIdentityZoneId-" + generator.generate();
    approvalStore = new JdbcApprovalStore(jdbcTemplate);
    QueryableResourceManager<ClientDetails> mockClientDetailsService = mock(QueryableResourceManager.class);
    mockBaseClientDetails = mock(BaseClientDetails.class);
    when(mockClientDetailsService.retrieve("foo", currentIdentityZoneId)).thenReturn(mockBaseClientDetails);
    when(mockBaseClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList("cloud_controller.read", "cloud_controller.write", "openid", "space.*.developer")));
    when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(Collections.emptySet());
    IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentIdentityZoneId);
    handler = new UserManagedAuthzApprovalHandler(approvalStore, mockClientDetailsService, mockIdentityZoneManager);
    userId = "userId-" + generator.generate();
    mockAuthentication = mock(AuthenticationWithGetId.class);
    when(mockAuthentication.isAuthenticated()).thenReturn(true);
    when(mockAuthentication.getId()).thenReturn(userId);
    nextWeek = new Date(LocalDateTime.now().plus(Duration.ofDays(7)).atZone(ZoneId.systemDefault()).toEpochSecond() * 1000);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) JdbcApprovalStore(org.cloudfoundry.identity.uaa.approval.JdbcApprovalStore) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 98 with RandomValueStringGenerator

use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.

the class LoginMockMvcTests method noRedirect_ifProvidersOfDifferentTypesPresent.

@Test
void noRedirect_ifProvidersOfDifferentTypesPresent(@Autowired JdbcIdentityProviderProvisioning jdbcIdentityProviderProvisioning) throws Exception {
    String alias = "login-saml-" + generator.generate();
    final String zoneAdminClientId = "admin";
    BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com");
    zoneAdminClient.setClientSecret("admin-secret");
    IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId());
    IdentityZone identityZone = identityZoneCreationResult.getIdentityZone();
    String metadata = String.format(MockMvcUtils.IDP_META_DATA, new RandomValueStringGenerator().generate());
    SamlIdentityProviderDefinition activeSamlIdentityProviderDefinition = new SamlIdentityProviderDefinition().setMetaDataLocation(metadata).setIdpEntityAlias(alias).setLinkText("Active SAML Provider").setZoneId(identityZone.getId());
    IdentityProvider activeIdentityProvider = new IdentityProvider();
    activeIdentityProvider.setType(OriginKeys.SAML);
    activeIdentityProvider.setName("Active SAML Provider");
    activeIdentityProvider.setActive(true);
    activeIdentityProvider.setConfig(activeSamlIdentityProviderDefinition);
    activeIdentityProvider.setOriginKey(alias);
    createIdentityProvider(jdbcIdentityProviderProvisioning, identityZone, activeIdentityProvider);
    OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition();
    definition.setAuthUrl(new URL("http://auth.url"));
    definition.setTokenUrl(new URL("http://token.url"));
    definition.setTokenKey("key");
    definition.setRelyingPartyId("UAA");
    definition.setRelyingPartySecret("secret");
    definition.setShowLinkText(false);
    String oauthAlias = "login-oauth-" + generator.generate();
    IdentityProvider<OIDCIdentityProviderDefinition> oauthIdentityProvider = MultitenancyFixture.identityProvider(oauthAlias, "uaa");
    oauthIdentityProvider.setConfig(definition);
    oauthIdentityProvider.setActive(true);
    createIdentityProvider(jdbcIdentityProviderProvisioning, identityZone, oauthIdentityProvider);
    IdentityZoneHolder.set(identityZone);
    IdentityProvider uaaIdentityProvider = jdbcIdentityProviderProvisioning.retrieveByOriginIgnoreActiveFlag(UAA, identityZone.getId());
    uaaIdentityProvider.setActive(false);
    jdbcIdentityProviderProvisioning.update(uaaIdentityProvider, uaaIdentityProvider.getIdentityZoneId());
    mockMvc.perform(get("/login").accept(TEXT_HTML).with(new SetServerNameRequestPostProcessor(identityZone.getSubdomain() + ".localhost")).with(new SetServerNameRequestPostProcessor(identityZone.getSubdomain() + ".localhost"))).andExpect(status().isOk()).andExpect(view().name("login"));
    IdentityZoneHolder.clear();
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockMvcUtils.createOtherIdentityZone(org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.createOtherIdentityZone) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) IdentityZoneCreationResult(org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.IdentityZoneCreationResult) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) OIDCIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Matchers.containsString(org.hamcrest.Matchers.containsString) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) SetServerNameRequestPostProcessor(org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor) URL(java.net.URL) Test(org.junit.jupiter.api.Test)

Example 99 with RandomValueStringGenerator

use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.

the class LoginMockMvcTests method oauthRedirect_stateParameterPassedGetsReturned.

@Test
void oauthRedirect_stateParameterPassedGetsReturned(@Autowired JdbcIdentityProviderProvisioning jdbcIdentityProviderProvisioning) throws Exception {
    final String zoneAdminClientId = "admin";
    BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com");
    zoneAdminClient.setClientSecret("admin-secret");
    IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId());
    IdentityZone identityZone = identityZoneCreationResult.getIdentityZone();
    String zoneAdminToken = identityZoneCreationResult.getZoneAdminToken();
    String oauthAlias = createOIDCProviderInZone(jdbcIdentityProviderProvisioning, identityZone, null);
    IdentityZoneHolder.set(identityZone);
    IdentityProvider uaaIdentityProvider = jdbcIdentityProviderProvisioning.retrieveByOriginIgnoreActiveFlag(UAA, identityZone.getId());
    uaaIdentityProvider.setActive(false);
    jdbcIdentityProviderProvisioning.update(uaaIdentityProvider, uaaIdentityProvider.getIdentityZoneId());
    MvcResult mvcResult = mockMvc.perform(get("/login").accept(TEXT_HTML).servletPath("/login").with(new SetServerNameRequestPostProcessor(identityZone.getSubdomain() + ".localhost"))).andExpect(status().isFound()).andReturn();
    String location = mvcResult.getResponse().getHeader("Location");
    Map<String, String> queryParams = UriComponentsBuilder.fromUriString(location).build().getQueryParams().toSingleValueMap();
    assertThat(location, startsWith("http://auth.url"));
    assertThat(queryParams, hasEntry("client_id", "uaa"));
    assertThat(queryParams, hasEntry("response_type", "code+id_token"));
    assertThat(queryParams, hasEntry("redirect_uri", "http%3A%2F%2F" + identityZone.getSubdomain() + ".localhost%2Flogin%2Fcallback%2F" + oauthAlias));
    assertThat(queryParams, hasEntry("scope", "openid+roles"));
    assertThat(queryParams, hasKey("nonce"));
    assertThat(queryParams, hasEntry(is("state"), not(isEmptyOrNullString())));
    IdentityZoneHolder.clear();
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MockMvcUtils.createOtherIdentityZone(org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.createOtherIdentityZone) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) IdentityZoneCreationResult(org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.IdentityZoneCreationResult) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Matchers.containsString(org.hamcrest.Matchers.containsString) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) SetServerNameRequestPostProcessor(org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Example 100 with RandomValueStringGenerator

use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.

the class LoginMockMvcTests method createZoneLinksZone.

IdentityZone createZoneLinksZone() throws Exception {
    String subdomain = new RandomValueStringGenerator(24).generate().toLowerCase();
    IdentityZone zone = MockMvcUtils.createOtherIdentityZone(subdomain, mockMvc, webApplicationContext, false, IdentityZoneHolder.getCurrentZoneId());
    zone.getConfig().getLinks().setSelfService(new Links.SelfService().setPasswd(null).setSignup(null));
    return MockMvcUtils.updateIdentityZone(zone, webApplicationContext);
}
Also used : MockMvcUtils.createOtherIdentityZone(org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.createOtherIdentityZone) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) Links(org.cloudfoundry.identity.uaa.zone.Links) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Matchers.containsString(org.hamcrest.Matchers.containsString) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator)

Aggregations

RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)271 Test (org.junit.jupiter.api.Test)111 Matchers.containsString (org.hamcrest.Matchers.containsString)92 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)81 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)76 Test (org.junit.Test)52 BeforeEach (org.junit.jupiter.api.BeforeEach)45 IdentityZone (org.cloudfoundry.identity.uaa.zone.IdentityZone)40 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)36 RestTemplate (org.springframework.web.client.RestTemplate)34 IdentityProvider (org.cloudfoundry.identity.uaa.provider.IdentityProvider)30 SamlIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition)29 MvcResult (org.springframework.test.web.servlet.MvcResult)26 SetServerNameRequestPostProcessor (org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor)16 IdentityZoneConfiguration (org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)16 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)16 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)15 ScimGroup (org.cloudfoundry.identity.uaa.scim.ScimGroup)14 KeyWithCertTest (org.cloudfoundry.identity.uaa.util.KeyWithCertTest)14 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)14