use of org.wso2.carbon.identity.oauth2.ResponseHeader in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthRevocationEndpointTest method testRevokeAccessToken.
@Test(dataProvider = "testRevokeAccessTokenDataProvider")
public void testRevokeAccessToken(String authzHeader, boolean addReqParams, String token, String tokenHint, String callback, String clientId, String secret, String respError, Object headerObj, Exception e, int expectedStatus, String expectedErrorCode) throws Exception {
MultivaluedMap<String, String> parameterMap = new MultivaluedHashMap<String, String>();
ResponseHeader[] responseHeaders = (ResponseHeader[]) headerObj;
parameterMap.add(TOKEN_PARAM, token);
parameterMap.add(TOKEN_TYPE_HINT_PARAM, tokenHint);
parameterMap.add(CALLBACK_PARAM, callback);
Map<String, String[]> requestedParams = new HashMap<>();
if (addReqParams) {
requestedParams.put(TOKEN_PARAM, new String[] { "" });
requestedParams.put(TOKEN_TYPE_HINT_PARAM, new String[] { "" });
requestedParams.put(CALLBACK_PARAM, new String[] { "" });
}
mockStatic(LoggerUtils.class);
when(LoggerUtils.isDiagnosticLogsEnabled()).thenReturn(true);
mockStatic(IdentityTenantUtil.class);
when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
HttpServletRequest request = mockHttpRequest(requestedParams, new HashMap<String, Object>());
when(request.getHeader(OAuthConstants.HTTP_REQ_HEADER_AUTHZ)).thenReturn(authzHeader);
spy(EndpointUtil.class);
doReturn(oAuth2Service).when(EndpointUtil.class, "getOAuth2Service");
final OAuthRevocationRequestDTO[] revokeReqDTO;
revokeReqDTO = new OAuthRevocationRequestDTO[1];
doAnswer(new Answer<Object>() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
revokeReqDTO[0] = (OAuthRevocationRequestDTO) invocation.getArguments()[0];
return oAuthRevocationResponseDTO;
}
}).when(oAuth2Service).revokeTokenByOAuthClient(any(OAuthRevocationRequestDTO.class));
when(oAuthRevocationResponseDTO.getErrorCode()).thenReturn(respError);
when(oAuthRevocationResponseDTO.getErrorMsg()).thenReturn(respError);
when(oAuthRevocationResponseDTO.getResponseHeaders()).thenReturn(responseHeaders);
Response response;
try {
response = revocationEndpoint.revokeAccessToken(request, parameterMap);
} catch (InvalidRequestParentException ire) {
InvalidRequestExceptionMapper invalidRequestExceptionMapper = new InvalidRequestExceptionMapper();
response = invalidRequestExceptionMapper.toResponse(ire);
}
assertNotNull(response, "Token response is null");
assertEquals(response.getStatus(), expectedStatus, "Unexpected HTTP response status");
assertNotNull(response.getEntity(), "Response entity is null");
if (expectedErrorCode != null) {
assertTrue(response.getEntity().toString().contains(expectedErrorCode), "Expected error code not found");
if (StringUtils.isNotEmpty(callback)) {
assertTrue(response.getEntity().toString().contains(callback), "Callback is not added to the response");
}
}
}
use of org.wso2.carbon.identity.oauth2.ResponseHeader in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthRevocationEndpointTest method testRevokeAccessTokenDataProvider.
@DataProvider(name = "testRevokeAccessTokenDataProvider")
public Object[][] testRevokeAccessTokenDataProvider() {
String inCorrectAuthzHeader = "Basic value1 value2";
ResponseHeader contentType = new ResponseHeader();
contentType.setKey(OAuth.HeaderType.CONTENT_TYPE);
contentType.setValue(OAuth.ContentType.URL_ENCODED);
ResponseHeader[] headers1 = new ResponseHeader[] { contentType };
ResponseHeader[] headers2 = new ResponseHeader[] { null };
ResponseHeader[] headers3 = new ResponseHeader[0];
return new Object[][] { // Will return unauthorized error since multiple methods of authentication
{ AUTHORIZATION_HEADER, true, ACCESS_TOKEN, TOKEN_HINT, APP_REDIRECT_URL, CLIENT_ID_VALUE, SECRET, OAuth2ErrorCodes.INVALID_CLIENT, null, null, HttpServletResponse.SC_UNAUTHORIZED, OAuth2ErrorCodes.INVALID_CLIENT }, // Will return unauthorized error since multiple methods of authentication
{ AUTHORIZATION_HEADER, false, ACCESS_TOKEN, TOKEN_HINT, null, CLIENT_ID_VALUE, SECRET, OAuth2ErrorCodes.INVALID_CLIENT, null, null, HttpServletResponse.SC_UNAUTHORIZED, OAuth2ErrorCodes.INVALID_CLIENT }, // Invalid authz header. Will return unauthorized error response.
{ inCorrectAuthzHeader, true, ACCESS_TOKEN, null, "", null, null, OAuth2ErrorCodes.INVALID_CLIENT, null, null, HttpServletResponse.SC_UNAUTHORIZED, OAuth2ErrorCodes.INVALID_CLIENT }, // Will return bad request when the tocken is empty in the request
{ AUTHORIZATION_HEADER, true, null, null, "", null, null, OAuth2ErrorCodes.INVALID_CLIENT, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // Token not found in the request (callback is empty). Will return bad request error response.
{ AUTHORIZATION_HEADER, false, null, null, "", null, null, null, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // Token not found in the request (callback is null). Will return bad request error response.
{ AUTHORIZATION_HEADER, false, null, null, null, null, null, null, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // Auth revocation response has invalid client error. Will return unauthorized error response.
{ AUTHORIZATION_HEADER, true, ACCESS_TOKEN, TOKEN_HINT, "", null, SECRET, OAuth2ErrorCodes.INVALID_CLIENT, null, null, HttpServletResponse.SC_UNAUTHORIZED, OAuth2ErrorCodes.INVALID_CLIENT }, // Will return unauthorized error response.
{ AUTHORIZATION_HEADER, true, ACCESS_TOKEN, TOKEN_HINT, APP_REDIRECT_URL, CLIENT_ID_VALUE, null, OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, null, null, HttpServletResponse.SC_UNAUTHORIZED, OAuth2ErrorCodes.UNAUTHORIZED_CLIENT }, // Will return unauthorized error response.
{ AUTHORIZATION_HEADER, true, ACCESS_TOKEN, TOKEN_HINT, "", null, null, OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, null, null, HttpServletResponse.SC_UNAUTHORIZED, OAuth2ErrorCodes.UNAUTHORIZED_CLIENT }, // Auth revocation response will return invalid request error. Will return bad request error response.
{ null, true, ACCESS_TOKEN, null, APP_REDIRECT_URL, null, null, OAuth2ErrorCodes.INVALID_REQUEST, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // Auth revocation response will return invalid request error. Will return bad request error response.
{ null, true, ACCESS_TOKEN, null, "", null, null, OAuth2ErrorCodes.INVALID_REQUEST, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // (No headers in the request). Will return 200 ok
{ AUTHORIZATION_HEADER, true, ACCESS_TOKEN, TOKEN_HINT, APP_REDIRECT_URL, null, null, null, null, null, HttpServletResponse.SC_OK, null }, // client id and secret sent as params (with content type header). Will return 200 ok
{ null, true, ACCESS_TOKEN, TOKEN_HINT, APP_REDIRECT_URL, CLIENT_ID_VALUE, SECRET, null, headers1, null, HttpServletResponse.SC_OK, null }, // client id and secret sent as params (header with null value). Will return 200 ok
{ null, true, ACCESS_TOKEN, TOKEN_HINT, "", CLIENT_ID_VALUE, SECRET, null, headers2, null, HttpServletResponse.SC_OK, null }, // client id and secret sent as params (header array without values). Will return 200 ok
{ null, true, ACCESS_TOKEN, TOKEN_HINT, APP_REDIRECT_URL, CLIENT_ID_VALUE, SECRET, null, headers3, null, HttpServletResponse.SC_OK, null } };
}
use of org.wso2.carbon.identity.oauth2.ResponseHeader in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2TokenEndpointTest method testTokenErrorResponseDataProvider.
@DataProvider(name = "testTokenErrorResponseDataProvider")
public Object[][] testTokenErrorResponseDataProvider() {
ResponseHeader contentType = new ResponseHeader();
contentType.setKey(OAuth.HeaderType.CONTENT_TYPE);
contentType.setValue(OAuth.ContentType.URL_ENCODED);
ResponseHeader[] headers1 = new ResponseHeader[] { contentType };
ResponseHeader[] headers2 = new ResponseHeader[] { null };
ResponseHeader[] headers3 = new ResponseHeader[0];
// This object provides data to cover all the scenarios with token error response
return new Object[][] { { OAuth2ErrorCodes.INVALID_CLIENT, null, HttpServletResponse.SC_UNAUTHORIZED, OAuth2ErrorCodes.INVALID_CLIENT }, { OAuth2ErrorCodes.SERVER_ERROR, null, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, OAuth2ErrorCodes.SERVER_ERROR }, { SQL_ERROR, null, HttpServletResponse.SC_BAD_GATEWAY, OAuth2ErrorCodes.SERVER_ERROR }, { TOKEN_ERROR, null, HttpServletResponse.SC_BAD_REQUEST, TOKEN_ERROR }, { TOKEN_ERROR, headers1, HttpServletResponse.SC_BAD_REQUEST, TOKEN_ERROR }, { TOKEN_ERROR, headers2, HttpServletResponse.SC_BAD_REQUEST, TOKEN_ERROR }, { TOKEN_ERROR, headers3, HttpServletResponse.SC_BAD_REQUEST, TOKEN_ERROR } };
}
use of org.wso2.carbon.identity.oauth2.ResponseHeader in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2TokenEndpointTest method testIssueAccessTokenDataProvider.
@DataProvider(name = "testIssueAccessTokenDataProvider")
public Object[][] testIssueAccessTokenDataProvider() {
MultivaluedMap<String, String> mapWithCredentials = new MultivaluedHashMap<String, String>();
List<String> clientId = new ArrayList<>();
clientId.add(CLIENT_ID_VALUE);
List<String> secret = new ArrayList<>();
secret.add(SECRET);
mapWithCredentials.put(OAuth.OAUTH_CLIENT_ID, clientId);
mapWithCredentials.put(OAuth.OAUTH_CLIENT_SECRET, secret);
MultivaluedMap<String, String> mapWithClientId = new MultivaluedHashMap<>();
mapWithClientId.put(OAuth.OAUTH_CLIENT_ID, clientId);
String inactiveClientHeader = "Basic " + Base64Utils.encode((INACTIVE_CLIENT_ID_VALUE + ":dummySecret").getBytes());
String invalidClientHeader = "Basic " + Base64Utils.encode(("invalidId:dummySecret").getBytes());
String inCorrectAuthzHeader = "Basic value1 value2";
ResponseHeader contentType = new ResponseHeader();
contentType.setKey(OAuth.HeaderType.CONTENT_TYPE);
contentType.setValue(OAuth.ContentType.URL_ENCODED);
ResponseHeader[] headers1 = new ResponseHeader[] { contentType };
ResponseHeader[] headers2 = new ResponseHeader[] { null };
ResponseHeader[] headers3 = new ResponseHeader[0];
Map<String, String> customResponseParamMap = new HashMap<>();
customResponseParamMap.put("param_key_1", "param_value_1");
customResponseParamMap.put("param_key_2", "param_value_2");
return new Object[][] { // Request with multivalued client_id parameter. Will return bad request error
{ CLIENT_ID_VALUE + ",clientId2", null, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), null, null, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // Request with invalid authorization header. Will return bad request error
{ CLIENT_ID_VALUE, inCorrectAuthzHeader, mapWithClientId, GrantType.PASSWORD.toString(), null, null, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // in access token issuer
{ INACTIVE_CLIENT_ID_VALUE, inactiveClientHeader, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), null, null, null, null, HttpServletResponse.SC_OK, "" }, // Request from invalid client. Will give correct response, invalid-id is handles in access token issuer
{ "invalidId", invalidClientHeader, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), null, null, null, null, HttpServletResponse.SC_OK, "" }, // Request without client id and authz header. Will give bad request error
{ null, null, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), null, null, null, null, HttpServletResponse.SC_BAD_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST }, // Request with client id but no authz header. Will give bad request error
{ CLIENT_ID_VALUE, null, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), null, null, null, null, HttpServletResponse.SC_BAD_REQUEST, null }, // Request with unsupported grant type. Will give bad request error
{ CLIENT_ID_VALUE, AUTHORIZATION_HEADER, new MultivaluedHashMap<String, String>(), "dummyGrant", null, null, null, null, HttpServletResponse.SC_BAD_REQUEST, null }, // Successful request without id token request. No headers
{ CLIENT_ID_VALUE, AUTHORIZATION_HEADER, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), null, null, null, null, HttpServletResponse.SC_OK, null }, // Successful request with id token request. With header values
{ CLIENT_ID_VALUE, AUTHORIZATION_HEADER, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), "idTokenValue", headers1, null, null, HttpServletResponse.SC_OK, null }, // Successful request with id token request. With header which contains null values
{ CLIENT_ID_VALUE, AUTHORIZATION_HEADER, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), "idTokenValue", headers2, null, null, HttpServletResponse.SC_OK, null }, // Successful request with id token request. With empty header array
{ CLIENT_ID_VALUE, AUTHORIZATION_HEADER, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), "idTokenValue", headers3, null, null, HttpServletResponse.SC_OK, null }, // Successful token request that will return custom response parameters in response.
{ CLIENT_ID_VALUE, AUTHORIZATION_HEADER, new MultivaluedHashMap<String, String>(), GrantType.PASSWORD.toString(), null, null, customResponseParamMap, null, HttpServletResponse.SC_OK, null } };
}
use of org.wso2.carbon.identity.oauth2.ResponseHeader in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2TokenEndpointTest method testIssueAccessToken.
@Test(dataProvider = "testIssueAccessTokenDataProvider", groups = "testWithConnection")
public void testIssueAccessToken(String clientId, String authzHeader, Object paramMapObj, String grantType, String idToken, Object headerObj, Object customResponseParamObj, Exception e, int expectedStatus, String expectedErrorCode) throws Exception {
MultivaluedMap<String, String> paramMap = (MultivaluedMap<String, String>) paramMapObj;
ResponseHeader[] responseHeaders = (ResponseHeader[]) headerObj;
Map<String, String> customResponseParameters = (Map<String, String>) customResponseParamObj;
Map<String, String[]> requestParams = new HashMap<>();
if (clientId != null) {
requestParams.put(OAuth.OAUTH_CLIENT_ID, clientId.split(","));
}
requestParams.put(OAuth.OAUTH_GRANT_TYPE, new String[] { grantType });
requestParams.put(OAuth.OAUTH_SCOPE, new String[] { "scope1" });
requestParams.put(OAuth.OAUTH_REDIRECT_URI, new String[] { APP_REDIRECT_URL });
requestParams.put(OAuth.OAUTH_USERNAME, new String[] { USERNAME });
requestParams.put(OAuth.OAUTH_PASSWORD, new String[] { "password" });
mockStatic(LoggerUtils.class);
when(LoggerUtils.isDiagnosticLogsEnabled()).thenReturn(true);
mockStatic(IdentityTenantUtil.class);
when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
HttpServletRequest request = mockHttpRequest(requestParams, new HashMap<String, Object>());
when(request.getHeader(OAuthConstants.HTTP_REQ_HEADER_AUTHZ)).thenReturn(authzHeader);
when(request.getHeaderNames()).thenReturn(Collections.enumeration(new ArrayList<String>() {
{
add(OAuthConstants.HTTP_REQ_HEADER_AUTHZ);
}
}));
spy(EndpointUtil.class);
doReturn(REALM).when(EndpointUtil.class, "getRealmInfo");
doReturn(oAuth2Service).when(EndpointUtil.class, "getOAuth2Service");
when(oAuth2Service.issueAccessToken(any(OAuth2AccessTokenReqDTO.class))).thenReturn(oAuth2AccessTokenRespDTO);
when(oAuth2AccessTokenRespDTO.getAccessToken()).thenReturn(ACCESS_TOKEN);
when(oAuth2AccessTokenRespDTO.getRefreshToken()).thenReturn(REFRESH_TOKEN);
when(oAuth2AccessTokenRespDTO.getExpiresIn()).thenReturn(3600L);
when(oAuth2AccessTokenRespDTO.getAuthorizedScopes()).thenReturn("scope1");
when(oAuth2AccessTokenRespDTO.getIDToken()).thenReturn(idToken);
when(oAuth2AccessTokenRespDTO.getResponseHeaders()).thenReturn(responseHeaders);
when(oAuth2AccessTokenRespDTO.getParameters()).thenReturn(customResponseParameters);
mockOAuthServerConfiguration();
mockStatic(IdentityDatabaseUtil.class);
when(IdentityDatabaseUtil.getDBConnection()).thenReturn(connection);
Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> grantTypeValidators = new Hashtable<>();
grantTypeValidators.put(GrantType.PASSWORD.toString(), PasswordValidator.class);
when(oAuthServerConfiguration.getSupportedGrantTypeValidators()).thenReturn(grantTypeValidators);
when(oAuth2Service.getOauthApplicationState(CLIENT_ID_VALUE)).thenReturn("ACTIVE");
Response response;
try {
response = oAuth2TokenEndpoint.issueAccessToken(request, paramMap);
} catch (InvalidRequestParentException ire) {
InvalidRequestExceptionMapper invalidRequestExceptionMapper = new InvalidRequestExceptionMapper();
response = invalidRequestExceptionMapper.toResponse(ire);
}
assertNotNull(response, "Token response is null");
assertEquals(response.getStatus(), expectedStatus, "Unexpected HTTP response status");
assertNotNull(response.getEntity(), "Response entity is null");
final String responseBody = response.getEntity().toString();
if (customResponseParameters != null) {
customResponseParameters.forEach((key, value) -> assertTrue(responseBody.contains(key) && responseBody.contains(value), "Expected custom response parameter: " + key + " not found in token response."));
}
if (expectedErrorCode != null) {
assertTrue(responseBody.contains(expectedErrorCode), "Expected error code not found");
} else if (HttpServletResponse.SC_OK == expectedStatus) {
assertTrue(responseBody.contains(ACCESS_TOKEN), "Successful response should contain access token");
}
}
Aggregations