use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImpl method updateApproveAlwaysForAppConsentByResourceOwner.
/**
* Revoke approve always of the consent for OAuth apps by resource owners
*
* @param appName name of the app
* @param state state of the approve always
* @return revokeRespDTO DTO representing success or failure message
*/
public OAuthRevocationResponseDTO updateApproveAlwaysForAppConsentByResourceOwner(String appName, String state) throws IdentityOAuthAdminException {
OAuthRevocationResponseDTO revokeRespDTO = new OAuthRevocationResponseDTO();
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String tenantAwareUserName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
try {
OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().updateApproveAlwaysForAppConsentByResourceOwner(tenantAwareUserName, tenantDomain, appName, state);
} catch (IdentityOAuth2Exception e) {
String errorMsg = "Error occurred while revoking OAuth Consent approve always of Application " + appName + " of user " + tenantAwareUserName;
LOG.error(errorMsg, e);
revokeRespDTO.setError(true);
revokeRespDTO.setErrorCode(OAuth2ErrorCodes.INVALID_REQUEST);
revokeRespDTO.setErrorMsg("Invalid revocation request");
}
return revokeRespDTO;
}
use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthRevocationEndpoint method revokeAccessToken.
@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
public Response revokeAccessToken(@Context HttpServletRequest request, MultivaluedMap<String, String> paramMap) throws OAuthSystemException, InvalidRequestParentException {
try {
startSuperTenantFlow();
Map<String, Object> params = new HashMap<>();
if (MapUtils.isNotEmpty(paramMap)) {
paramMap.forEach((key, value) -> {
if (TOKEN_PARAM.equals(key) && CollectionUtils.isNotEmpty(value)) {
params.put("token", value.get(0).replaceAll(".", "*"));
} else {
params.put(key, value);
}
});
}
if (LoggerUtils.isDiagnosticLogsEnabled()) {
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Successfully received token revocation request.", "receive-revoke-request", null);
}
validateRepeatedParams(request, paramMap);
HttpServletRequestWrapper httpRequest = new OAuthRequestWrapper(request, paramMap);
String token = getToken(paramMap, httpRequest);
String callback = getCallback(paramMap, httpRequest);
if (isEmpty(token)) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "'token' parameter is missing in the revoke request.", "validate-input-parameters", null);
}
return handleClientFailure(callback);
}
String tokenType = getTokenType(paramMap, httpRequest);
OAuthRevocationRequestDTO revokeRequest = buildOAuthRevocationRequest(httpRequest, paramMap, token, tokenType);
OAuthRevocationResponseDTO oauthRevokeResp = revokeTokens(revokeRequest);
if (oauthRevokeResp.getErrorMsg() != null) {
return handleErrorResponse(callback, oauthRevokeResp);
} else {
return handleRevokeResponse(callback, oauthRevokeResp);
}
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ServiceTest method testRevokeTokenByOAuthClientWithAccessTokenWithInvalidBinding.
@Test
public void testRevokeTokenByOAuthClientWithAccessTokenWithInvalidBinding() throws Exception {
setUpRevokeToken();
AccessTokenDO accessTokenDO = getAccessToken();
when(OAuth2Util.findAccessToken(anyString(), anyBoolean())).thenReturn(accessTokenDO);
OAuthAppDO oAuthAppDO = new OAuthAppDO();
oAuthAppDO.setTokenBindingValidationEnabled(true);
when(OAuth2Util.getAppInformationByClientId(anyString())).thenReturn(oAuthAppDO);
OAuthRevocationRequestDTO revokeRequestDTO = getOAuthRevocationRequestDTO();
OAuthRevocationResponseDTO oAuthRevocationResponseDTO = oAuth2Service.revokeTokenByOAuthClient(revokeRequestDTO);
assertNotNull(oAuthRevocationResponseDTO);
assertEquals(oAuthRevocationResponseDTO.getErrorMsg(), "Valid token binding value not present in the request.");
}
use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImplTest method testRevokeIssuedTokensByApplication.
@Test
public void testRevokeIssuedTokensByApplication() throws Exception {
String userId = UUID.randomUUID().toString();
String consumerKey = UUID.randomUUID().toString();
String accessToken = UUID.randomUUID().toString();
String refreshToken = UUID.randomUUID().toString();
OAuthAppDO oAuthAppDO = new OAuthAppDO();
oAuthAppDO.setOauthConsumerKey(consumerKey);
oAuthAppDO.setApplicationName("some-user-name");
when(oAuthAppDAO.getAppInformation(consumerKey)).thenReturn(oAuthAppDO);
PowerMockito.whenNew(OAuthAppDAO.class).withNoArguments().thenReturn(oAuthAppDAO);
AuthenticatedUser user = buildUser("some-user-name");
user.setUserId(userId);
user.setFederatedIdPName(TestConstants.LOCAL_IDP);
OAuthAppRevocationRequestDTO oAuthAppRevocationRequestDTO = new OAuthAppRevocationRequestDTO();
oAuthAppRevocationRequestDTO.setConsumerKey(consumerKey);
AccessTokenDO dummyToken = new AccessTokenDO();
dummyToken.setAccessToken(accessToken);
dummyToken.setRefreshToken(refreshToken);
dummyToken.setAuthzUser(user);
dummyToken.setScope(new String[] { "openid" });
Set<AccessTokenDO> accessTokenDOSet = new HashSet<>();
accessTokenDOSet.add(dummyToken);
OAuthTokenPersistenceFactory tokenPersistenceFactory = OAuthTokenPersistenceFactory.getInstance();
TokenManagementDAOImpl mockTokenManagementDAOImpl = mock(TokenManagementDAOImpl.class);
Whitebox.setInternalState(tokenPersistenceFactory, "managementDAO", mockTokenManagementDAOImpl);
AccessTokenDAO mockAccessTokenDAO = mock(AccessTokenDAO.class);
Whitebox.setInternalState(tokenPersistenceFactory, "tokenDAO", mockAccessTokenDAO);
when(mockAccessTokenDAO.getActiveAcessTokenDataByConsumerKey(anyString())).thenReturn(accessTokenDOSet);
OAuthRevocationResponseDTO expectedOAuthRevocationResponseDTO = new OAuthRevocationResponseDTO();
expectedOAuthRevocationResponseDTO.setError(false);
ApplicationManagementService appMgtService = mock(ApplicationManagementService.class);
when(appMgtService.getServiceProviderNameByClientId(consumerKey, INBOUND_AUTH2_TYPE, user.getTenantDomain())).thenReturn(oAuthAppDO.getApplicationName());
OAuth2ServiceComponentHolder.setApplicationMgtService(appMgtService);
OAuthAdminServiceImpl oAuthAdminServiceImpl = spy(new OAuthAdminServiceImpl());
doNothing().when(oAuthAdminServiceImpl, "triggerPreApplicationTokenRevokeListeners", anyObject());
doNothing().when(oAuthAdminServiceImpl, "triggerPostApplicationTokenRevokeListeners", anyObject(), anyObject(), anyObject());
OAuthRevocationResponseDTO actualOAuthRevocationResponseDTO = oAuthAdminServiceImpl.revokeIssuedTokensByApplication(oAuthAppRevocationRequestDTO);
Assert.assertEquals(actualOAuthRevocationResponseDTO.isError(), expectedOAuthRevocationResponseDTO.isError());
}
use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImplTest method testRevokeIssuedTokensByApplicationWithEmptyConsumerKey.
@Test
public void testRevokeIssuedTokensByApplicationWithEmptyConsumerKey() throws Exception {
OAuthAppRevocationRequestDTO oAuthAppRevocationRequestDTO = new OAuthAppRevocationRequestDTO();
oAuthAppRevocationRequestDTO.setConsumerKey("");
OAuthAdminServiceImpl oAuthAdminServiceImpl = spy(new OAuthAdminServiceImpl());
doNothing().when(oAuthAdminServiceImpl, "triggerPreApplicationTokenRevokeListeners", anyObject());
OAuthRevocationResponseDTO actualOAuthRevocationResponseDTO = oAuthAdminServiceImpl.revokeIssuedTokensByApplication(oAuthAppRevocationRequestDTO);
Assert.assertEquals(actualOAuthRevocationResponseDTO.getErrorCode(), OAuth2ErrorCodes.INVALID_REQUEST);
}
Aggregations