Search in sources :

Example 6 with OAuthRevocationResponseDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthAdminServiceImpl method updateApproveAlwaysForAppConsentByResourceOwner.

/**
 * Revoke approve always of the consent for OAuth apps by resource owners
 *
 * @param appName name of the app
 * @param state   state of the approve always
 * @return revokeRespDTO DTO representing success or failure message
 */
public OAuthRevocationResponseDTO updateApproveAlwaysForAppConsentByResourceOwner(String appName, String state) throws IdentityOAuthAdminException {
    OAuthRevocationResponseDTO revokeRespDTO = new OAuthRevocationResponseDTO();
    String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    String tenantAwareUserName = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
    try {
        OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().updateApproveAlwaysForAppConsentByResourceOwner(tenantAwareUserName, tenantDomain, appName, state);
    } catch (IdentityOAuth2Exception e) {
        String errorMsg = "Error occurred while revoking OAuth Consent approve always of Application " + appName + " of user " + tenantAwareUserName;
        LOG.error(errorMsg, e);
        revokeRespDTO.setError(true);
        revokeRespDTO.setErrorCode(OAuth2ErrorCodes.INVALID_REQUEST);
        revokeRespDTO.setErrorMsg("Invalid revocation request");
    }
    return revokeRespDTO;
}
Also used : IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) OAuthRevocationResponseDTO(org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO) OAuth2Util.buildScopeString(org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)

Example 7 with OAuthRevocationResponseDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthRevocationEndpoint method revokeAccessToken.

@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
public Response revokeAccessToken(@Context HttpServletRequest request, MultivaluedMap<String, String> paramMap) throws OAuthSystemException, InvalidRequestParentException {
    try {
        startSuperTenantFlow();
        Map<String, Object> params = new HashMap<>();
        if (MapUtils.isNotEmpty(paramMap)) {
            paramMap.forEach((key, value) -> {
                if (TOKEN_PARAM.equals(key) && CollectionUtils.isNotEmpty(value)) {
                    params.put("token", value.get(0).replaceAll(".", "*"));
                } else {
                    params.put(key, value);
                }
            });
        }
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Successfully received token revocation request.", "receive-revoke-request", null);
        }
        validateRepeatedParams(request, paramMap);
        HttpServletRequestWrapper httpRequest = new OAuthRequestWrapper(request, paramMap);
        String token = getToken(paramMap, httpRequest);
        String callback = getCallback(paramMap, httpRequest);
        if (isEmpty(token)) {
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "'token' parameter is missing in the revoke request.", "validate-input-parameters", null);
            }
            return handleClientFailure(callback);
        }
        String tokenType = getTokenType(paramMap, httpRequest);
        OAuthRevocationRequestDTO revokeRequest = buildOAuthRevocationRequest(httpRequest, paramMap, token, tokenType);
        OAuthRevocationResponseDTO oauthRevokeResp = revokeTokens(revokeRequest);
        if (oauthRevokeResp.getErrorMsg() != null) {
            return handleErrorResponse(callback, oauthRevokeResp);
        } else {
            return handleRevokeResponse(callback, oauthRevokeResp);
        }
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}
Also used : OAuthRevocationRequestDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO) OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper) HashMap(java.util.HashMap) HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) OAuthRevocationResponseDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 8 with OAuthRevocationResponseDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ServiceTest method testRevokeTokenByOAuthClientWithAccessTokenWithInvalidBinding.

@Test
public void testRevokeTokenByOAuthClientWithAccessTokenWithInvalidBinding() throws Exception {
    setUpRevokeToken();
    AccessTokenDO accessTokenDO = getAccessToken();
    when(OAuth2Util.findAccessToken(anyString(), anyBoolean())).thenReturn(accessTokenDO);
    OAuthAppDO oAuthAppDO = new OAuthAppDO();
    oAuthAppDO.setTokenBindingValidationEnabled(true);
    when(OAuth2Util.getAppInformationByClientId(anyString())).thenReturn(oAuthAppDO);
    OAuthRevocationRequestDTO revokeRequestDTO = getOAuthRevocationRequestDTO();
    OAuthRevocationResponseDTO oAuthRevocationResponseDTO = oAuth2Service.revokeTokenByOAuthClient(revokeRequestDTO);
    assertNotNull(oAuthRevocationResponseDTO);
    assertEquals(oAuthRevocationResponseDTO.getErrorMsg(), "Valid token binding value not present in the request.");
}
Also used : AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) OAuthRevocationRequestDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO) OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO) OAuthRevocationResponseDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Example 9 with OAuthRevocationResponseDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthAdminServiceImplTest method testRevokeIssuedTokensByApplication.

@Test
public void testRevokeIssuedTokensByApplication() throws Exception {
    String userId = UUID.randomUUID().toString();
    String consumerKey = UUID.randomUUID().toString();
    String accessToken = UUID.randomUUID().toString();
    String refreshToken = UUID.randomUUID().toString();
    OAuthAppDO oAuthAppDO = new OAuthAppDO();
    oAuthAppDO.setOauthConsumerKey(consumerKey);
    oAuthAppDO.setApplicationName("some-user-name");
    when(oAuthAppDAO.getAppInformation(consumerKey)).thenReturn(oAuthAppDO);
    PowerMockito.whenNew(OAuthAppDAO.class).withNoArguments().thenReturn(oAuthAppDAO);
    AuthenticatedUser user = buildUser("some-user-name");
    user.setUserId(userId);
    user.setFederatedIdPName(TestConstants.LOCAL_IDP);
    OAuthAppRevocationRequestDTO oAuthAppRevocationRequestDTO = new OAuthAppRevocationRequestDTO();
    oAuthAppRevocationRequestDTO.setConsumerKey(consumerKey);
    AccessTokenDO dummyToken = new AccessTokenDO();
    dummyToken.setAccessToken(accessToken);
    dummyToken.setRefreshToken(refreshToken);
    dummyToken.setAuthzUser(user);
    dummyToken.setScope(new String[] { "openid" });
    Set<AccessTokenDO> accessTokenDOSet = new HashSet<>();
    accessTokenDOSet.add(dummyToken);
    OAuthTokenPersistenceFactory tokenPersistenceFactory = OAuthTokenPersistenceFactory.getInstance();
    TokenManagementDAOImpl mockTokenManagementDAOImpl = mock(TokenManagementDAOImpl.class);
    Whitebox.setInternalState(tokenPersistenceFactory, "managementDAO", mockTokenManagementDAOImpl);
    AccessTokenDAO mockAccessTokenDAO = mock(AccessTokenDAO.class);
    Whitebox.setInternalState(tokenPersistenceFactory, "tokenDAO", mockAccessTokenDAO);
    when(mockAccessTokenDAO.getActiveAcessTokenDataByConsumerKey(anyString())).thenReturn(accessTokenDOSet);
    OAuthRevocationResponseDTO expectedOAuthRevocationResponseDTO = new OAuthRevocationResponseDTO();
    expectedOAuthRevocationResponseDTO.setError(false);
    ApplicationManagementService appMgtService = mock(ApplicationManagementService.class);
    when(appMgtService.getServiceProviderNameByClientId(consumerKey, INBOUND_AUTH2_TYPE, user.getTenantDomain())).thenReturn(oAuthAppDO.getApplicationName());
    OAuth2ServiceComponentHolder.setApplicationMgtService(appMgtService);
    OAuthAdminServiceImpl oAuthAdminServiceImpl = spy(new OAuthAdminServiceImpl());
    doNothing().when(oAuthAdminServiceImpl, "triggerPreApplicationTokenRevokeListeners", anyObject());
    doNothing().when(oAuthAdminServiceImpl, "triggerPostApplicationTokenRevokeListeners", anyObject(), anyObject(), anyObject());
    OAuthRevocationResponseDTO actualOAuthRevocationResponseDTO = oAuthAdminServiceImpl.revokeIssuedTokensByApplication(oAuthAppRevocationRequestDTO);
    Assert.assertEquals(actualOAuthRevocationResponseDTO.isError(), expectedOAuthRevocationResponseDTO.isError());
}
Also used : TokenManagementDAOImpl(org.wso2.carbon.identity.oauth2.dao.TokenManagementDAOImpl) OAuthRevocationResponseDTO(org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO) AccessTokenDAO(org.wso2.carbon.identity.oauth2.dao.AccessTokenDAO) Matchers.anyString(org.mockito.Matchers.anyString) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) OAuthTokenPersistenceFactory(org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory) OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO) OAuthAppRevocationRequestDTO(org.wso2.carbon.identity.oauth.dto.OAuthAppRevocationRequestDTO) ApplicationManagementService(org.wso2.carbon.identity.application.mgt.ApplicationManagementService) HashSet(java.util.HashSet) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Example 10 with OAuthRevocationResponseDTO

use of org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthAdminServiceImplTest method testRevokeIssuedTokensByApplicationWithEmptyConsumerKey.

@Test
public void testRevokeIssuedTokensByApplicationWithEmptyConsumerKey() throws Exception {
    OAuthAppRevocationRequestDTO oAuthAppRevocationRequestDTO = new OAuthAppRevocationRequestDTO();
    oAuthAppRevocationRequestDTO.setConsumerKey("");
    OAuthAdminServiceImpl oAuthAdminServiceImpl = spy(new OAuthAdminServiceImpl());
    doNothing().when(oAuthAdminServiceImpl, "triggerPreApplicationTokenRevokeListeners", anyObject());
    OAuthRevocationResponseDTO actualOAuthRevocationResponseDTO = oAuthAdminServiceImpl.revokeIssuedTokensByApplication(oAuthAppRevocationRequestDTO);
    Assert.assertEquals(actualOAuthRevocationResponseDTO.getErrorCode(), OAuth2ErrorCodes.INVALID_REQUEST);
}
Also used : OAuthRevocationResponseDTO(org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO) OAuthAppRevocationRequestDTO(org.wso2.carbon.identity.oauth.dto.OAuthAppRevocationRequestDTO) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Aggregations

OAuthRevocationResponseDTO (org.wso2.carbon.identity.oauth.dto.OAuthRevocationResponseDTO)9 AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)7 OAuthRevocationResponseDTO (org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO)6 HashMap (java.util.HashMap)5 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)5 Test (org.testng.annotations.Test)5 OAuthRevocationRequestDTO (org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO)5 PowerMockIdentityBaseTest (org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)5 IdentityOAuthAdminException (org.wso2.carbon.identity.oauth.IdentityOAuthAdminException)4 OAuthRevocationRequestDTO (org.wso2.carbon.identity.oauth.dto.OAuthRevocationRequestDTO)4 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)4 OAuth2Util.buildScopeString (org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)4 OAuthAppRevocationRequestDTO (org.wso2.carbon.identity.oauth.dto.OAuthAppRevocationRequestDTO)3 OAuthConsumerAppDTO (org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO)3 OAuthEventInterceptor (org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor)3 Arrays (java.util.Arrays)2 List (java.util.List)2 Optional (java.util.Optional)2 Collectors (java.util.stream.Collectors)2 Response (javax.ws.rs.core.Response)2