use of org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleAuthFlowThroughFramework.
/**
* This method use to call authentication framework directly via API other than using HTTP redirects.
* Sending wrapper request object to doGet method since other original request doesn't exist required parameters
* Doesn't check SUCCESS_COMPLETED since taking decision with INCOMPLETE status
*
* @param type authenticator type
* @throws URISyntaxException
* @throws InvalidRequestParentException
* @Param type OAuthMessage
*/
private Response handleAuthFlowThroughFramework(OAuthMessage oAuthMessage, String type) throws URISyntaxException, InvalidRequestParentException {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oAuthMessage.getClientId());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Forward authorization request to framework for user authentication.", "hand-over-to-framework", null);
}
try {
String sessionDataKey = (String) oAuthMessage.getRequest().getAttribute(FrameworkConstants.SESSION_DATA_KEY);
CommonAuthenticationHandler commonAuthenticationHandler = new CommonAuthenticationHandler();
CommonAuthRequestWrapper requestWrapper = new CommonAuthRequestWrapper(oAuthMessage.getRequest());
requestWrapper.setParameter(FrameworkConstants.SESSION_DATA_KEY, sessionDataKey);
requestWrapper.setParameter(FrameworkConstants.RequestParams.TYPE, type);
CommonAuthResponseWrapper responseWrapper = new CommonAuthResponseWrapper(oAuthMessage.getResponse());
commonAuthenticationHandler.doGet(requestWrapper, responseWrapper);
Object attribute = oAuthMessage.getRequest().getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
if (attribute != null) {
if (attribute == AuthenticatorFlowStatus.INCOMPLETE) {
if (responseWrapper.isRedirect()) {
return Response.status(HttpServletResponse.SC_FOUND).location(buildURI(responseWrapper.getRedirectURL())).build();
} else {
return Response.status(HttpServletResponse.SC_OK).entity(responseWrapper.getContent()).build();
}
} else {
return authorize(requestWrapper, responseWrapper);
}
} else {
requestWrapper.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.UNKNOWN);
return authorize(requestWrapper, responseWrapper);
}
} catch (ServletException | IOException | URLBuilderException e) {
log.error("Error occurred while sending request to authentication framework.");
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oAuthMessage.getClientId());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Server error occurred.", "hand-over-to-framework", null);
}
return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).build();
}
}
use of org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method invokeCommonauthFlow.
private void invokeCommonauthFlow(OAuthMessage oAuthMessage, CommonAuthResponseWrapper responseWrapper) throws ServletException, IOException {
CommonAuthenticationHandler commonAuthenticationHandler = new CommonAuthenticationHandler();
commonAuthenticationHandler.doGet(oAuthMessage.getRequest(), responseWrapper);
}
use of org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class OIDCLogoutServlet method sendRequestToFramework.
private void sendRequestToFramework(HttpServletRequest request, HttpServletResponse response, String sessionDataKey, String type) throws ServletException, IOException {
CommonAuthenticationHandler commonAuthenticationHandler = new CommonAuthenticationHandler();
CommonAuthRequestWrapper requestWrapper = new CommonAuthRequestWrapper(request);
requestWrapper.setParameter(FrameworkConstants.SESSION_DATA_KEY, sessionDataKey);
requestWrapper.setParameter(FrameworkConstants.RequestParams.TYPE, type);
CommonAuthResponseWrapper responseWrapper = new CommonAuthResponseWrapper(response);
commonAuthenticationHandler.doGet(requestWrapper, responseWrapper);
Object object = request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
if (object != null) {
AuthenticatorFlowStatus status = (AuthenticatorFlowStatus) object;
if (status == AuthenticatorFlowStatus.INCOMPLETE) {
if (responseWrapper.isRedirect()) {
response.sendRedirect(responseWrapper.getRedirectURL());
} else if (responseWrapper.getContent().length > 0) {
responseWrapper.write();
}
} else {
handleLogoutResponseFromFramework(requestWrapper, response);
}
} else {
handleLogoutResponseFromFramework(requestWrapper, response);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class OIDCLogoutServletTest method testDoGet.
@Test(dataProvider = "provideDataForTestDoGet")
public void testDoGet(Object cookie, boolean sessionExists, String redirectUrl, String expected, String consent, String sessionDataKey, boolean skipUserConsent, String idTokenHint, boolean isJWTSignedWithSPKey, String postLogoutUrl, Object flowStatus) throws Exception {
TestUtil.startTenantFlow(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
mockStatic(OIDCSessionManagementUtil.class);
when(OIDCSessionManagementUtil.handleAlreadyLoggedOutSessionsGracefully()).thenReturn(false);
when(OIDCSessionManagementUtil.getOPBrowserStateCookie(request)).thenReturn((Cookie) cookie);
when(OIDCSessionManagementUtil.getErrorPageURL(anyString(), anyString())).thenReturn(redirectUrl);
mockStatic(OIDCSessionManager.class);
when(OIDCSessionManagementUtil.getSessionManager()).thenReturn(oidcSessionManager);
when(oidcSessionManager.sessionExists(OPBROWSER_STATE, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)).thenReturn(sessionExists);
when(request.getParameter("consent")).thenReturn(consent);
when(request.getHeaderNames()).thenReturn(Collections.enumeration(Arrays.asList(new String[] { "cookie" })));
when(request.getHeader("COOKIE")).thenReturn("opbs");
when(request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS)).thenReturn(flowStatus);
doThrow(new ServletException()).when(commonAuthenticationHandler).doPost(request, response);
when(request.getSession()).thenReturn(httpSession);
when(httpSession.getMaxInactiveInterval()).thenReturn(2);
mockStatic(IdentityConfigParser.class);
when(IdentityConfigParser.getInstance()).thenReturn(identityConfigParser);
when(request.getParameter("sessionDataKey")).thenReturn(sessionDataKey);
mockStatic(OAuthServerConfiguration.class);
when(OAuthServerConfiguration.getInstance()).thenReturn(oAuthServerConfiguration);
when(oAuthServerConfiguration.getOpenIDConnectSkipLogoutConsentConfig()).thenReturn(skipUserConsent);
when(request.getParameter("id_token_hint")).thenReturn(idTokenHint);
when(OIDCSessionManagementUtil.removeOPBrowserStateCookie(any(HttpServletRequest.class), any(HttpServletResponse.class))).thenReturn((Cookie) cookie);
when(OIDCSessionManagementUtil.getOIDCLogoutConsentURL()).thenReturn(redirectUrl);
when(OIDCSessionManagementUtil.getOIDCLogoutURL()).thenReturn(redirectUrl);
mockStatic(IdentityTenantUtil.class);
when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(TENANT_ID);
when(IdentityTenantUtil.getTenantDomain(TENANT_ID)).thenReturn(SUPER_TENANT_DOMAIN_NAME);
mockStatic(OAuthServerConfiguration.class);
when(OAuthServerConfiguration.getInstance()).thenReturn(oAuthServerConfiguration);
when(oAuthServerConfiguration.isJWTSignedWithSPKey()).thenReturn(isJWTSignedWithSPKey);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(TENANT_ID)).thenReturn(keyStoreManager);
when(keyStoreManager.getDefaultPublicKey()).thenReturn(TestUtil.getPublicKey(TestUtil.loadKeyStoreFromFileSystem(TestUtil.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS"), "wso2carbon"));
mockStatic(OIDCSessionManagementComponentServiceHolder.class);
when(OIDCSessionManagementComponentServiceHolder.getApplicationMgtService()).thenReturn(mockedApplicationManagementService);
when(mockedApplicationManagementService.getServiceProviderNameByClientId(anyString(), anyString(), anyString())).thenReturn("SP1");
mockStatic(OAuthServerConfiguration.class);
when(OAuthServerConfiguration.getInstance()).thenReturn(oAuthServerConfiguration);
when(oAuthServerConfiguration.getPersistenceProcessor()).thenReturn(tokenPersistenceProcessor);
when(tokenPersistenceProcessor.getProcessedClientId(anyString())).thenAnswer(invocation -> invocation.getArguments()[0]);
when(request.getParameter("post_logout_redirect_uri")).thenReturn(postLogoutUrl);
mockStatic(IdentityDatabaseUtil.class);
when(IdentityDatabaseUtil.getDBConnection()).thenAnswer(invocationOnMock -> dataSource.getConnection());
mockStatic(OAuth2Util.class);
when(OAuth2Util.getAppInformationByClientId(anyString())).thenCallRealMethod();
when(OAuth2Util.getTenantDomainOfOauthApp(anyString())).thenReturn("wso2.com");
when(OAuth2Util.getTenantDomainOfOauthApp(any(oAuthAppDO.getClass()))).thenReturn("wso2.com");
when(keyStoreManager.getKeyStore(anyString())).thenReturn(TestUtil.loadKeyStoreFromFileSystem(TestUtil.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS"));
mockServiceURLBuilder(OIDCSessionConstants.OIDCEndpoints.OIDC_LOGOUT_ENDPOINT);
ArgumentCaptor<String> captor = ArgumentCaptor.forClass(String.class);
mockStatic(OIDCSessionDataCache.class);
when(OIDCSessionDataCache.getInstance()).thenReturn(oidcSessionDataCache);
OIDCSessionDataCacheKey opbsKey = mock(OIDCSessionDataCacheKey.class);
OIDCSessionDataCacheKey sessionIdKey = mock(OIDCSessionDataCacheKey.class);
when(opbsKey.getSessionDataId()).thenReturn(OPBROWSER_STATE);
when(sessionIdKey.getSessionDataId()).thenReturn(sessionDataKey);
when(OIDCSessionDataCache.getInstance().getValueFromCache(opbsKey)).thenReturn(opbsCacheEntry);
when(OIDCSessionDataCache.getInstance().getValueFromCache(sessionIdKey)).thenReturn(sessionIdCacheEntry);
ConcurrentMap<String, String> paramMap = new ConcurrentHashMap<>();
paramMap.put(OIDCSessionConstants.OIDC_CACHE_CLIENT_ID_PARAM, CLIENT_ID_VALUE);
paramMap.put(OIDCSessionConstants.OIDC_CACHE_TENANT_DOMAIN_PARAM, SUPER_TENANT_DOMAIN_NAME);
when(opbsCacheEntry.getParamMap()).thenReturn(paramMap);
when(sessionIdCacheEntry.getParamMap()).thenReturn(paramMap);
logoutServlet.doGet(request, response);
verify(response).sendRedirect(captor.capture());
assertTrue(captor.getValue().contains(expected));
}
use of org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpointTest method testHandleOAuthAuthorizationRequest.
/**
* Tests the scenario of authorization request from the client
*/
@Test(dataProvider = "provideAuthzRequestData", groups = "testWithConnection")
public void testHandleOAuthAuthorizationRequest(String clientId, String redirectUri, String pkceChallengeCode, String pkceChallengeMethod, String prompt, boolean clientValid, boolean pkceEnabled, boolean supportPlainPkce, String expectedLocation) throws Exception {
Map<String, String[]> requestParams = new HashMap();
Map<String, Object> requestAttributes = new HashMap();
requestParams.put(CLIENT_ID, new String[] { clientId });
// No consent data is saved in the cache yet and client doesn't send cache key
requestParams.put(OAuthConstants.SESSION_DATA_KEY_CONSENT, new String[] { null });
requestParams.put(FrameworkConstants.RequestParams.TO_COMMONAUTH, new String[] { "false" });
requestParams.put(REDIRECT_URI, new String[] { APP_REDIRECT_URL });
requestParams.put(OAuthConstants.OAUTH_PKCE_CODE_CHALLENGE, new String[] { pkceChallengeCode });
requestParams.put(OAuthConstants.OAUTH_PKCE_CODE_CHALLENGE_METHOD, new String[] { pkceChallengeMethod });
requestParams.put(OAuth.OAUTH_RESPONSE_TYPE, new String[] { ResponseType.TOKEN.toString() });
if (redirectUri != null) {
requestParams.put("acr_values", new String[] { redirectUri });
requestParams.put("claims", new String[] { "essentialClaims" });
requestParams.put(MultitenantConstants.TENANT_DOMAIN, new String[] { MultitenantConstants.SUPER_TENANT_DOMAIN_NAME });
}
requestAttributes.put(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
// No authentication data is saved in the cache yet and client doesn't send cache key
requestAttributes.put(FrameworkConstants.SESSION_DATA_KEY, null);
if (prompt != null) {
requestParams.put(OAuthConstants.OAuth20Params.PROMPT, new String[] { prompt });
}
boolean checkErrorCode = ERROR_PAGE_URL.equals(expectedLocation);
mockHttpRequest(requestParams, requestAttributes, HttpMethod.POST);
mockOAuthServerConfiguration();
Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> responseTypeValidators = new Hashtable<>();
responseTypeValidators.put(ResponseType.CODE.toString(), CodeValidator.class);
responseTypeValidators.put(ResponseType.TOKEN.toString(), TokenValidator.class);
when(oAuthServerConfiguration.getSupportedResponseTypeValidators()).thenReturn(responseTypeValidators);
spy(FrameworkUtils.class);
doNothing().when(FrameworkUtils.class, "startTenantFlow", anyString());
doNothing().when(FrameworkUtils.class, "endTenantFlow");
mockStatic(IdentityTenantUtil.class);
when(IdentityTenantUtil.getTenantDomain(anyInt())).thenReturn(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(MultitenantConstants.SUPER_TENANT_ID);
mockStatic(LoggerUtils.class);
when(LoggerUtils.isDiagnosticLogsEnabled()).thenReturn(true);
IdentityEventService eventServiceMock = mock(IdentityEventService.class);
mockStatic(CentralLogMgtServiceComponentHolder.class);
when(CentralLogMgtServiceComponentHolder.getInstance()).thenReturn(centralLogMgtServiceComponentHolderMock);
when(centralLogMgtServiceComponentHolderMock.getIdentityEventService()).thenReturn(eventServiceMock);
PowerMockito.doNothing().when(eventServiceMock).handleEvent(any());
mockStatic(IdentityDatabaseUtil.class);
when(IdentityDatabaseUtil.getDBConnection()).thenReturn(connection);
mockEndpointUtil(false);
when(oAuth2Service.getOauthApplicationState(CLIENT_ID_VALUE)).thenReturn("ACTIVE");
when(oAuth2Service.isPKCESupportEnabled()).thenReturn(pkceEnabled);
if (ERROR_PAGE_URL.equals(expectedLocation) && OAuthConstants.Prompt.NONE.equals(prompt)) {
doThrow(new IdentityOAuth2Exception("error")).when(EndpointUtil.class, "getLoginPageURL", anyString(), anyString(), anyBoolean(), anyBoolean(), anySet(), anyMap(), any());
checkErrorCode = false;
}
mockStatic(OAuth2Util.OAuthURL.class);
when(OAuth2Util.OAuthURL.getOAuth2ErrorPageUrl()).thenReturn(ERROR_PAGE_URL);
OAuth2ClientValidationResponseDTO validationResponseDTO = new OAuth2ClientValidationResponseDTO();
validationResponseDTO.setValidClient(clientValid);
validationResponseDTO.setCallbackURL(APP_REDIRECT_URL);
if (!clientValid) {
validationResponseDTO.setErrorCode(OAuth2ErrorCodes.INVALID_REQUEST);
validationResponseDTO.setErrorMsg("client is invalid");
}
validationResponseDTO.setPkceMandatory(supportPlainPkce);
validationResponseDTO.setPkceSupportPlain(supportPlainPkce);
when(oAuth2Service.validateClientInfo(anyString(), anyString())).thenReturn(validationResponseDTO);
if (StringUtils.equals(expectedLocation, LOGIN_PAGE_URL) || StringUtils.equals(expectedLocation, ERROR_PAGE_URL)) {
CommonAuthenticationHandler handler = mock(CommonAuthenticationHandler.class);
doAnswer(invocation -> {
CommonAuthRequestWrapper request = (CommonAuthRequestWrapper) invocation.getArguments()[0];
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
CommonAuthResponseWrapper wrapper = (CommonAuthResponseWrapper) invocation.getArguments()[1];
wrapper.sendRedirect(expectedLocation);
return null;
}).when(handler).doGet(any(), any());
whenNew(CommonAuthenticationHandler.class).withNoArguments().thenReturn(handler);
}
mockServiceURLBuilder();
Response response;
try {
response = oAuth2AuthzEndpoint.authorize(httpServletRequest, httpServletResponse);
} catch (InvalidRequestParentException ire) {
InvalidRequestExceptionMapper invalidRequestExceptionMapper = new InvalidRequestExceptionMapper();
response = invalidRequestExceptionMapper.toResponse(ire);
}
assertNotNull(response);
assertEquals(response.getStatus(), HttpServletResponse.SC_FOUND, "Unexpected HTTP response status");
MultivaluedMap<String, Object> responseMetadata = response.getMetadata();
assertNotNull(responseMetadata, "Response metadata is null");
assertTrue(CollectionUtils.isNotEmpty(responseMetadata.get(HTTPConstants.HEADER_LOCATION)), "Location header not found in the response");
String location = String.valueOf(responseMetadata.get(HTTPConstants.HEADER_LOCATION).get(0));
assertTrue(location.contains(expectedLocation), "Unexpected redirect url in the response");
if (checkErrorCode) {
assertTrue(location.contains(OAuth2ErrorCodes.INVALID_REQUEST), "Expected error code not found in URL");
}
}
Aggregations