Example 11 with RandomValueStringGenerator
use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.
the class UserInfoEndpointMockMvcTests method setUp.
@BeforeEach
void setUp() throws Exception {
testClient = new TestClient(mockMvc);
String adminToken = testClient.getClientCredentialsOAuthAccessToken("admin", "adminsecret", "clients.read clients.write clients.secret scim.read scim.write clients.admin");
String authorities = "scim.read,scim.write,password.write,oauth.approvals,scim.create,openid";
MockMvcUtils.createClient(mockMvc, adminToken, clientId, clientSecret, Collections.singleton("oauth"), Arrays.asList("openid", USER_ATTRIBUTES, ROLES), Arrays.asList("client_credentials", "password"), authorities);
String userName = new RandomValueStringGenerator().generate() + "@test.org";
user = new ScimUser(null, userName, "PasswordResetUserFirst", "PasswordResetUserLast");
user.setPrimaryEmail(user.getUserName());
user.setPassword("secr3T");
user = MockMvcUtils.createUser(mockMvc, adminToken, user);
webApplicationContext.getBean(UaaUserDatabase.class).updateLastLogonTime(user.getId());
userAttributes = new LinkedMultiValueMap<>();
userAttributes.add("single", "1");
userAttributes.add("multi", "2");
userAttributes.add("multi", "3");
roles = Arrays.asList("role1", "role2", "role3");
UserInfo userInfo = new UserInfo().setUserAttributes(userAttributes).setRoles(roles);
webApplicationContext.getBean(UaaUserDatabase.class).storeUserInfo(user.getId(), userInfo);
}
Also used :
ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser)
TestClient(org.cloudfoundry.identity.uaa.test.TestClient)
UserInfo(org.cloudfoundry.identity.uaa.user.UserInfo)
RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator)
UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 12 with RandomValueStringGenerator
use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.
the class ExternalLoginAuthenticationManagerTest method testNoUsernameOnlyEmail.
@Test
public void testNoUsernameOnlyEmail() {
String email = "joe@test.org";
userDetails = mock(UserDetails.class, withSettings().extraInterfaces(Mailable.class));
when(((Mailable) userDetails).getEmailAddress()).thenReturn(email);
mockUserDetails(userDetails);
mockUaaWithUser();
UaaAuthenticationDetails uaaAuthenticationDetails = mock(UaaAuthenticationDetails.class);
when(uaaAuthenticationDetails.getOrigin()).thenReturn(origin);
when(uaaAuthenticationDetails.getClientId()).thenReturn(null);
when(uaaAuthenticationDetails.getSessionId()).thenReturn(new RandomValueStringGenerator().generate());
when(inputAuth.getDetails()).thenReturn(uaaAuthenticationDetails);
when(user.getUsername()).thenReturn(email);
when(uaaUserDatabase.retrieveUserByName(email, origin)).thenReturn(user);
when(userDetails.getUsername()).thenReturn(null);
Authentication result = manager.authenticate(inputAuth);
assertNotNull(result);
assertEquals(UaaAuthentication.class, result.getClass());
UaaAuthentication uaaAuthentication = (UaaAuthentication) result;
assertEquals(email, uaaAuthentication.getPrincipal().getName());
assertEquals(origin, uaaAuthentication.getPrincipal().getOrigin());
assertEquals(userId, uaaAuthentication.getPrincipal().getId());
}
Also used :
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
Mailable(org.cloudfoundry.identity.uaa.user.Mailable)
LdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
ExtendedLdapUserDetails(org.cloudfoundry.identity.uaa.provider.ldap.ExtendedLdapUserDetails)
UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
Authentication(org.springframework.security.core.Authentication)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator)
Test(org.junit.Test)
Example 13 with RandomValueStringGenerator
use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.
the class ExternalLoginAuthenticationManagerTest method testAuthenticateWithAuthDetails.
@Test
public void testAuthenticateWithAuthDetails() {
UaaAuthenticationDetails uaaAuthenticationDetails = mock(UaaAuthenticationDetails.class);
when(uaaAuthenticationDetails.getOrigin()).thenReturn(origin);
when(uaaAuthenticationDetails.getClientId()).thenReturn(null);
when(uaaAuthenticationDetails.getSessionId()).thenReturn(new RandomValueStringGenerator().generate());
when(inputAuth.getDetails()).thenReturn(uaaAuthenticationDetails);
Authentication result = manager.authenticate(inputAuth);
assertNotNull(result);
assertEquals(UaaAuthentication.class, result.getClass());
UaaAuthentication uaaAuthentication = (UaaAuthentication) result;
assertEquals(userName, uaaAuthentication.getPrincipal().getName());
assertEquals(origin, uaaAuthentication.getPrincipal().getOrigin());
assertEquals(userId, uaaAuthentication.getPrincipal().getId());
}
Also used :
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
Authentication(org.springframework.security.core.Authentication)
RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator)
Test(org.junit.Test)
Example 14 with RandomValueStringGenerator
use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.
the class ClientAdminEndpointsIntegrationTests method createClientWithCommaDelimitedScopesValidatesAllTheScopes.
@Test
public void createClientWithCommaDelimitedScopesValidatesAllTheScopes() throws Exception {
// log in as admin
OAuth2AccessToken adminToken = getClientCredentialsAccessToken("");
HttpHeaders adminHeaders = getAuthenticatedHeaders(adminToken);
// make client that can create other clients
String newClientId = new RandomValueStringGenerator().generate();
BaseClientDetails clientCreator = new BaseClientDetails(newClientId, "", "clients.write,uaa.user", "client_credentials", "clients.write,uaa.user");
clientCreator.setClientSecret("secret");
ResponseEntity<UaaException> result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), HttpMethod.POST, new HttpEntity<>(clientCreator, adminHeaders), UaaException.class);
// ensure success
assertEquals(HttpStatus.CREATED, result.getStatusCode());
// log in as new client
OAuth2AccessToken token = getClientCredentialsAccessToken(clientCreator.getClientId(), clientCreator.getClientSecret(), "");
HttpHeaders headers = getAuthenticatedHeaders(token);
// make client with restricted scopes
BaseClientDetails invalidClient = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", newClientId + ".admin,uaa.admin", "client_credentials", "uaa.none");
invalidClient.setClientSecret("secret");
ResponseEntity<UaaException> invalidClientRequest = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), HttpMethod.POST, new HttpEntity<>(invalidClient, headers), UaaException.class);
// ensure correct failure
assertEquals(HttpStatus.BAD_REQUEST, invalidClientRequest.getStatusCode());
assertEquals("invalid_client", invalidClientRequest.getBody().getErrorCode());
assertTrue("Error message is unexpected", invalidClientRequest.getBody().getMessage().startsWith("uaa.admin is not an allowed scope for caller"));
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
HttpHeaders(org.springframework.http.HttpHeaders)
UaaException(org.cloudfoundry.identity.uaa.error.UaaException)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator)
Test(org.junit.Test)
Example 15 with RandomValueStringGenerator
use of org.springframework.security.oauth2.common.util.RandomValueStringGenerator in project uaa by cloudfoundry.
the class OpenIdTokenAuthorizationWithApprovalIntegrationTests method doOpenIdHybridFlowForLoginClient.
private void doOpenIdHybridFlowForLoginClient(Set<String> responseTypes, String responseTypeMatcher) {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON, MediaType.ALL));
AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource();
StringBuilder responseType = new StringBuilder();
Iterator<String> rTypes = responseTypes.iterator();
while (rTypes.hasNext()) {
String type = rTypes.next();
responseType.append(type);
if (rTypes.hasNext()) {
responseType.append(" ");
}
}
String state = new RandomValueStringGenerator().generate();
String clientId = resource.getClientId();
String redirectUri = resource.getPreEstablishedRedirectUri();
String clientSecret = resource.getClientSecret();
String uri = serverRunning.getUrl("/oauth/authorize?response_type={response_type}&" + "state={state}&client_id={client_id}&client_secret={clientSecret}&redirect_uri={redirect_uri}&source=login&user_id={userId}&add_new=false");
HttpEntity<Void> request = new HttpEntity<>(null, headers);
ResponseEntity<Map> result = loginClient.exchange(serverRunning.getUrl(uri), HttpMethod.POST, request, Map.class, responseType, state, clientId, clientSecret, redirectUri, user.getId());
assertEquals(HttpStatus.FOUND, result.getStatusCode());
String location = UriUtils.decode(result.getHeaders().getLocation().toString(), "UTF-8");
assertTrue("Wrong location: " + location, location.matches(resource.getPreEstablishedRedirectUri() + responseTypeMatcher));
}
Also used :
AuthorizationCodeResourceDetails(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)
RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator)
MultiValueMap(org.springframework.util.MultiValueMap)
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
Aggregations
RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)271
Test (org.junit.jupiter.api.Test)111
Matchers.containsString (org.hamcrest.Matchers.containsString)92
ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)81
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)76
Test (org.junit.Test)52
BeforeEach (org.junit.jupiter.api.BeforeEach)45
IdentityZone (org.cloudfoundry.identity.uaa.zone.IdentityZone)40
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)36
RestTemplate (org.springframework.web.client.RestTemplate)34
IdentityProvider (org.cloudfoundry.identity.uaa.provider.IdentityProvider)30
SamlIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition)29
MvcResult (org.springframework.test.web.servlet.MvcResult)26
SetServerNameRequestPostProcessor (org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor)16
IdentityZoneConfiguration (org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)16
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)16
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)15
ScimGroup (org.cloudfoundry.identity.uaa.scim.ScimGroup)14
KeyWithCertTest (org.cloudfoundry.identity.uaa.util.KeyWithCertTest)14
Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)14
