use of org.wso2.carbon.identity.oauth2.OAuth2ScopeService in project identity-inbound-auth-oauth by wso2-extensions.
the class ScopesApiServiceImplTest method testUpdateScope.
@Test(dataProvider = "BuildUpdateScope")
public void testUpdateScope(Response.Status expectation, Throwable throwable) throws Exception {
ScopeToUpdateDTO scopeToUpdateDTO = new ScopeToUpdateDTO();
scopeToUpdateDTO.setDescription("some description");
scopeToUpdateDTO.setBindings(Collections.<String>emptyList());
if (Response.Status.OK.equals(expectation)) {
when(ScopeUtils.getScopeDTO(any(Scope.class))).thenReturn(any(ScopeDTO.class));
assertEquals(scopesApiService.updateScope(scopeToUpdateDTO, someScopeName).getStatus(), Response.Status.OK.getStatusCode(), "Error occurred while updating scopes");
} else if (Response.Status.BAD_REQUEST.equals(expectation)) {
when(oAuth2ScopeService.updateScope(any(Scope.class))).thenThrow(IdentityOAuth2ScopeClientException.class);
callRealMethod();
try {
scopesApiService.updateScope(scopeToUpdateDTO, someScopeName);
} catch (ScopeEndpointException e) {
assertEquals(e.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Cannot find HTTP Response, Bad Request in Case of " + "IdentityOAuth2ScopeClientException");
assertEquals(((ErrorDTO) (e.getResponse().getEntity())).getMessage(), Response.Status.BAD_REQUEST.getReasonPhrase(), "Cannot find appropriate error message " + "for HTTP Response, Bad Request");
} finally {
reset(oAuth2ScopeService);
}
} else if (Response.Status.NOT_FOUND.equals(expectation)) {
((IdentityOAuth2ScopeException) throwable).setErrorCode(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE.getCode());
when(oAuth2ScopeService.updateScope(any(Scope.class))).thenThrow(throwable);
callRealMethod();
try {
scopesApiService.updateScope(scopeToUpdateDTO, someScopeName);
} catch (ScopeEndpointException e) {
assertEquals(e.getResponse().getStatus(), Response.Status.NOT_FOUND.getStatusCode(), "Cannot find HTTP Response, Not Found in Case of " + "IdentityOAuth2ScopeClientException");
assertEquals(((ErrorDTO) (e.getResponse().getEntity())).getMessage(), Response.Status.NOT_FOUND.getReasonPhrase(), "Cannot find appropriate error message " + "for HTTP Response, Not Found");
} finally {
reset(oAuth2ScopeService);
}
} else if (Response.Status.INTERNAL_SERVER_ERROR.equals(expectation)) {
when(oAuth2ScopeService.updateScope(any(Scope.class))).thenThrow(IdentityOAuth2ScopeException.class);
callRealMethod();
try {
scopesApiService.updateScope(scopeToUpdateDTO, someScopeName);
} catch (ScopeEndpointException e) {
assertEquals(e.getResponse().getStatus(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), "Cannot find HTTP Response, Internal Server Error in case of " + "IdentityOAuth2ScopeException");
assertNull(e.getResponse().getEntity(), "Do not include error message in case of " + "Server Exception");
} finally {
reset(oAuth2ScopeService);
}
}
}
use of org.wso2.carbon.identity.oauth2.OAuth2ScopeService in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2ServiceComponent method activate.
protected void activate(ComponentContext context) {
try {
if (OAuth2ServiceComponentHolder.getInstance().getScopeClaimMappingDAO() == null) {
OAuth2ServiceComponentHolder.getInstance().setScopeClaimMappingDAO(new ScopeClaimMappingDAOImpl());
}
loadScopeConfigFile();
loadOauthScopeBinding();
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
boolean isRecordExist = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().hasScopesPopulated(tenantId);
if (!isRecordExist) {
OAuth2Util.initiateOIDCScopes(tenantId);
}
TenantCreationEventListener scopeTenantMgtListener = new TenantCreationEventListener();
bundleContext = context.getBundleContext();
// Registering TenantCreationEventListener
ServiceRegistration scopeTenantMgtListenerSR = bundleContext.registerService(TenantMgtListener.class.getName(), scopeTenantMgtListener, null);
if (scopeTenantMgtListenerSR != null) {
if (log.isDebugEnabled()) {
log.debug(" TenantMgtListener is registered");
}
} else {
log.error("TenantMgtListener could not be registered");
}
// iniating oauth scopes
OAuth2Util.initiateOAuthScopePermissionsBindings(tenantId);
// exposing server configuration as a service
OAuthServerConfiguration oauthServerConfig = OAuthServerConfiguration.getInstance();
bundleContext.registerService(OAuthServerConfiguration.class.getName(), oauthServerConfig, null);
OAuth2TokenValidationService tokenValidationService = new OAuth2TokenValidationService();
bundleContext.registerService(OAuth2TokenValidationService.class.getName(), tokenValidationService, null);
OAuthClientAuthnService clientAuthnService = new OAuthClientAuthnService();
bundleContext.registerService(OAuthClientAuthnService.class.getName(), clientAuthnService, null);
BasicAuthClientAuthenticator basicAuthClientAuthenticator = new BasicAuthClientAuthenticator();
bundleContext.registerService(OAuthClientAuthenticator.class.getName(), basicAuthClientAuthenticator, null);
PublicClientAuthenticator publicClientAuthenticator = new PublicClientAuthenticator();
bundleContext.registerService(OAuthClientAuthenticator.class.getName(), publicClientAuthenticator, null);
// Register cookie based access token binder.
CookieBasedTokenBinder cookieBasedTokenBinder = new CookieBasedTokenBinder();
bundleContext.registerService(TokenBinderInfo.class.getName(), cookieBasedTokenBinder, null);
// SSO session based access token binder.
SSOSessionBasedTokenBinder ssoSessionBasedTokenBinder = new SSOSessionBasedTokenBinder();
bundleContext.registerService(TokenBinderInfo.class.getName(), ssoSessionBasedTokenBinder, null);
if (log.isDebugEnabled()) {
log.debug("Identity OAuth bundle is activated");
}
if (OAuth2ServiceComponentHolder.getKeyIDProvider() == null) {
KeyIDProvider defaultKeyIDProvider = new DefaultKeyIDProviderImpl();
OAuth2ServiceComponentHolder.setKeyIDProvider(defaultKeyIDProvider);
if (log.isDebugEnabled()) {
log.debug("Key ID Provider " + DefaultKeyIDProviderImpl.class.getSimpleName() + " registered as the default Key ID Provider implementation.");
}
}
ServiceRegistration tenantMgtListenerSR = bundleContext.registerService(TenantMgtListener.class.getName(), new OAuthTenantMgtListenerImpl(), null);
if (tenantMgtListenerSR != null) {
if (log.isDebugEnabled()) {
log.debug("OAuth - TenantMgtListener registered.");
}
} else {
log.error("OAuth - TenantMgtListener could not be registered.");
}
ServiceRegistration userStoreConfigEventSR = bundleContext.registerService(UserStoreConfigListener.class.getName(), new OAuthUserStoreConfigListenerImpl(), null);
if (userStoreConfigEventSR != null) {
if (log.isDebugEnabled()) {
log.debug("OAuth - UserStoreConfigListener registered.");
}
} else {
log.error("OAuth - UserStoreConfigListener could not be registered.");
}
ServiceRegistration oauthApplicationMgtListenerSR = bundleContext.registerService(ApplicationMgtListener.class.getName(), new OAuthApplicationMgtListener(), null);
if (oauthApplicationMgtListenerSR != null) {
if (log.isDebugEnabled()) {
log.debug("OAuth - ApplicationMgtListener registered.");
}
} else {
log.error("OAuth - ApplicationMgtListener could not be registered.");
}
// PKCE enabled by default.
OAuth2ServiceComponentHolder.setPkceEnabled(true);
// Register device auth service.
ServiceRegistration deviceAuthService = bundleContext.registerService(DeviceAuthService.class.getName(), new DeviceAuthServiceImpl(), null);
if (deviceAuthService != null) {
if (log.isDebugEnabled()) {
log.debug("DeviceAuthService registered.");
}
} else {
log.error("DeviceAuthService could not be registered.");
}
// Register the default OpenIDConnect claim filter
bundleContext.registerService(OpenIDConnectClaimFilter.class, new OpenIDConnectClaimFilterImpl(), null);
if (log.isDebugEnabled()) {
log.debug("Default OpenIDConnect Claim filter registered successfully.");
}
bundleContext.registerService(AbstractEventHandler.class.getName(), new TokenBindingExpiryEventHandler(), null);
if (log.isDebugEnabled()) {
log.debug("TokenBindingExpiryEventHandler is successfully registered.");
}
// Registering OAuth2Service as a OSGIService
bundleContext.registerService(OAuth2Service.class.getName(), new OAuth2Service(), null);
// Registering OAuth2ScopeService as a OSGIService
bundleContext.registerService(OAuth2ScopeService.class.getName(), new OAuth2ScopeService(), null);
// Note : DO NOT add any activation related code below this point,
// to make sure the server doesn't start up if any activation failures occur
} catch (Throwable e) {
String errMsg = "Error while activating OAuth2ServiceComponent.";
log.error(errMsg, e);
throw new RuntimeException(errMsg, e);
}
if (checkAudienceEnabled()) {
if (log.isDebugEnabled()) {
log.debug("OAuth - OIDC audiences enabled.");
}
OAuth2ServiceComponentHolder.setAudienceEnabled(true);
} else {
if (log.isDebugEnabled()) {
log.debug("OAuth - OIDC audiences disabled.");
}
OAuth2ServiceComponentHolder.setAudienceEnabled(false);
}
if (checkIDPIdColumnAvailable()) {
if (log.isDebugEnabled()) {
log.debug("IDP_ID column is available in all relevant tables. " + "Setting isIDPIdColumnEnabled to true.");
}
OAuth2ServiceComponentHolder.setIDPIdColumnEnabled(true);
} else {
if (log.isDebugEnabled()) {
log.debug("IDP_ID column is not available in all relevant tables. " + "Setting isIDPIdColumnEnabled to false.");
}
OAuth2ServiceComponentHolder.setIDPIdColumnEnabled(false);
}
}
use of org.wso2.carbon.identity.oauth2.OAuth2ScopeService in project identity-inbound-auth-oauth by wso2-extensions.
the class EndpointUtilTest method testGetUserConsentURL.
@Test(dataProvider = "provideDataForUserConsentURL")
public void testGetUserConsentURL(Object oAuth2ParamObject, boolean isOIDC, boolean cacheEntryExists, boolean throwError, String queryString, boolean isDebugEnabled) throws Exception {
setMockedLog(isDebugEnabled);
OAuth2Parameters parameters = (OAuth2Parameters) oAuth2ParamObject;
mockStatic(OAuthServerConfiguration.class);
when(OAuthServerConfiguration.getInstance()).thenReturn(mockedOAuthServerConfiguration);
EndpointUtil.setOauthServerConfiguration(mockedOAuthServerConfiguration);
when(mockedOAuthServerConfiguration.isDropUnregisteredScopes()).thenReturn(false);
EndpointUtil.setOAuth2ScopeService(oAuth2ScopeService);
when(oAuth2ScopeService.getUserConsentForApp(anyString(), anyString(), anyInt())).thenReturn(oAuth2ScopeConsentResponse);
mockStatic(OAuth2Util.class);
mockStatic(OAuth2Util.OAuthURL.class);
when(OAuth2Util.OAuthURL.getOIDCConsentPageUrl()).thenReturn(OIDC_CONSENT_PAGE_URL);
when(OAuth2Util.OAuthURL.getOAuth2ConsentPageUrl()).thenReturn(OAUTH2_CONSENT_PAGE_URL);
mockStatic(IdentityTenantUtil.class);
when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(MultitenantConstants.SUPER_TENANT_ID);
mockStatic(FrameworkUtils.class);
when(FrameworkUtils.resolveUserIdFromUsername(anyInt(), anyString(), anyString())).thenReturn("sample");
when(FrameworkUtils.getRedirectURLWithFilteredParams(anyString(), anyMap())).then(i -> i.getArgumentAt(0, String.class));
mockStatic(OAuth2Util.class);
spy(EndpointUtil.class);
doReturn("sampleId").when(EndpointUtil.class, "getAppIdFromClientId", anyString());
mockStatic(SessionDataCache.class);
when(SessionDataCache.getInstance()).thenReturn(mockedSessionDataCache);
if (cacheEntryExists) {
when(mockedSessionDataCache.getValueFromCache(any(SessionDataCacheKey.class))).thenReturn(mockedSessionDataCacheEntry);
when(mockedSessionDataCacheEntry.getQueryString()).thenReturn(queryString);
when(mockedSessionDataCacheEntry.getLoggedInUser()).thenReturn(user);
when(mockedSessionDataCacheEntry.getEndpointParams()).thenReturn(new HashMap<>());
} else {
when(mockedSessionDataCache.getValueFromCache(any(SessionDataCacheKey.class))).thenReturn(null);
}
EndpointUtil.setOAuthAdminService(mockedOAuthAdminService);
when(mockedOAuthAdminService.getScopeNames()).thenReturn(new String[0]);
JDBCPermissionBasedInternalScopeValidator scopeValidatorSpy = PowerMockito.spy(new JDBCPermissionBasedInternalScopeValidator());
doNothing().when(scopeValidatorSpy, method(JDBCPermissionBasedInternalScopeValidator.class, "endTenantFlow")).withNoArguments();
when(scopeValidatorSpy, method(JDBCPermissionBasedInternalScopeValidator.class, "getUserAllowedScopes", AuthenticatedUser.class, String[].class, String.class)).withArguments(any(AuthenticatedUser.class), any(), anyString()).thenReturn(getScopeList());
PowerMockito.whenNew(JDBCPermissionBasedInternalScopeValidator.class).withNoArguments().thenReturn(scopeValidatorSpy);
String consentUrl;
try {
consentUrl = EndpointUtil.getUserConsentURL(parameters, username, sessionDataKey, isOIDC);
if (isOIDC) {
Assert.assertTrue(consentUrl.contains(OIDC_CONSENT_PAGE_URL), "Incorrect consent page url for OIDC");
} else {
Assert.assertTrue(consentUrl.contains(OAUTH2_CONSENT_PAGE_URL), "Incorrect consent page url for OAuth");
}
Assert.assertTrue(consentUrl.contains(URLEncoder.encode(username, "UTF-8")), "loggedInUser parameter value is not found in url");
Assert.assertTrue(consentUrl.contains(URLEncoder.encode("TestApplication", "ISO-8859-1")), "application parameter value is not found in url");
List<NameValuePair> nameValuePairList = URLEncodedUtils.parse(consentUrl, StandardCharsets.UTF_8);
Optional<NameValuePair> optionalScope = nameValuePairList.stream().filter(nameValuePair -> nameValuePair.getName().equals("scope")).findAny();
Assert.assertTrue(optionalScope.isPresent());
NameValuePair scopeNameValuePair = optionalScope.get();
String[] scopeArray = scopeNameValuePair.getValue().split(" ");
Assert.assertTrue(ArrayUtils.contains(scopeArray, "scope2"), "scope parameter value " + "is not found in url");
Assert.assertTrue(ArrayUtils.contains(scopeArray, "internal_login"), "internal_login " + "scope parameter value is not found in url");
Assert.assertFalse(ArrayUtils.contains(scopeArray, "SYSTEM"), "SYSTEM scope" + "parameter should not contain in the url.");
if (queryString != null && cacheEntryExists) {
Assert.assertTrue(consentUrl.contains(queryString), "spQueryParams value is not found in url");
}
} catch (OAuthSystemException e) {
Assert.assertTrue(e.getMessage().contains("Error while retrieving the application name"));
}
}
use of org.wso2.carbon.identity.oauth2.OAuth2ScopeService in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpointTest method mockEndpointUtil.
private void mockEndpointUtil(boolean isConsentMgtEnabled) throws Exception {
spy(EndpointUtil.class);
doReturn(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME).when(EndpointUtil.class, "getSPTenantDomainFromClientId", anyString());
doReturn(oAuth2Service).when(EndpointUtil.class, "getOAuth2Service");
doReturn(oAuthServerConfiguration).when(EndpointUtil.class, "getOAuthServerConfiguration");
doReturn(USER_CONSENT_URL).when(EndpointUtil.class, "getUserConsentURL", any(OAuth2Parameters.class), anyString(), anyString(), anyBoolean(), any(OAuthMessage.class));
doReturn(LOGIN_PAGE_URL).when(EndpointUtil.class, "getLoginPageURL", anyString(), anyString(), anyBoolean(), anyBoolean(), anySet(), anyMap(), any());
doReturn(requestObjectService).when(EndpointUtil.class, "getRequestObjectService");
EndpointUtil.setOAuthAdminService(oAuthAdminService);
EndpointUtil.setOAuth2ScopeService(oAuth2ScopeService);
// TODO: Remove mocking consentUtil and test the consent flow as well
// https://github.com/wso2/product-is/issues/2679
SSOConsentService ssoConsentService = mock(SSOConsentService.class);
when(ssoConsentService.getConsentRequiredClaimsWithExistingConsents(any(ServiceProvider.class), any(AuthenticatedUser.class))).thenReturn(new ConsentClaimsData());
when(ssoConsentService.getConsentRequiredClaimsWithoutExistingConsents(any(ServiceProvider.class), any(AuthenticatedUser.class))).thenReturn(new ConsentClaimsData());
when(ssoConsentService.isSSOConsentManagementEnabled(any())).thenReturn(isConsentMgtEnabled);
doReturn(ssoConsentService).when(EndpointUtil.class, "getSSOConsentService");
}
use of org.wso2.carbon.identity.oauth2.OAuth2ScopeService in project identity-inbound-auth-oauth by wso2-extensions.
the class ScopesApiServiceImplTest method testRegisterScope.
@Test(dataProvider = "BuildRegisterScope")
public void testRegisterScope(Response.Status expectation, Throwable throwable) throws Exception {
ScopeDTO scopeDTO = new ScopeDTO();
scopeDTO.setDescription("some description");
scopeDTO.setBindings(Collections.<String>emptyList());
if (Response.Status.OK.equals(expectation)) {
when(oAuth2ScopeService.registerScope(any(Scope.class))).thenReturn(any(Scope.class));
assertEquals(scopesApiService.registerScope(scopeDTO).getStatus(), Response.Status.CREATED.getStatusCode(), "Error occurred while registering scopes");
} else if (Response.Status.BAD_REQUEST.equals(expectation)) {
when(oAuth2ScopeService.registerScope(any(Scope.class))).thenThrow(throwable);
callRealMethod();
try {
scopesApiService.registerScope(scopeDTO);
} catch (ScopeEndpointException e) {
assertEquals(e.getResponse().getStatus(), Response.Status.BAD_REQUEST.getStatusCode(), "Cannot find HTTP Response, Bad Request in Case of " + "IdentityOAuth2ScopeClientException");
assertEquals(((ErrorDTO) (e.getResponse().getEntity())).getMessage(), Response.Status.BAD_REQUEST.getReasonPhrase(), "Cannot find appropriate error message " + "for HTTP Response, Bad Request");
} finally {
reset(oAuth2ScopeService);
}
} else if (Response.Status.CONFLICT.equals(expectation)) {
((IdentityOAuth2ScopeException) throwable).setErrorCode(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE.getCode());
when(oAuth2ScopeService.registerScope(any(Scope.class))).thenThrow(throwable);
callRealMethod();
try {
scopesApiService.registerScope(scopeDTO);
} catch (ScopeEndpointException e) {
assertEquals(e.getResponse().getStatus(), Response.Status.CONFLICT.getStatusCode(), "Cannot find HTTP Response, Conflict in Case of " + "IdentityOAuth2ScopeClientException");
assertEquals(((ErrorDTO) (e.getResponse().getEntity())).getMessage(), Response.Status.CONFLICT.getReasonPhrase(), "Cannot find appropriate error message " + "for HTTP Response, Conflict");
} finally {
reset(oAuth2ScopeService);
}
} else if (Response.Status.INTERNAL_SERVER_ERROR.equals(expectation)) {
when(oAuth2ScopeService.registerScope(any(Scope.class))).thenThrow(IdentityOAuth2ScopeException.class);
callRealMethod();
try {
scopesApiService.registerScope(scopeDTO);
} catch (ScopeEndpointException e) {
assertEquals(e.getResponse().getStatus(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), "Cannot find HTTP Response, Internal Server Error in case of " + "IdentityOAuth2ScopeException");
assertNull(e.getResponse().getEntity(), "Do not include error message in case of " + "Server Exception");
} finally {
reset(oAuth2ScopeService);
}
}
}
Aggregations