Search in sources :

Example 1 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class DeviceEndpointTest method testDevice.

/**
 * Test the device_authorize endpoint.
 *
 * @param clientId       Consumer key of the application.
 * @param expectedStatus Expected status for response.
 * @param status         Status of user code.
 * @throws IdentityOAuth2Exception If failed at device endpoint
 * @throws OAuthSystemException If failed at device endpoint.
 */
@Test(dataProvider = "dataValues")
public void testDevice(String clientId, int expectedStatus, boolean status) throws Exception {
    DeviceEndpoint deviceEndpoint = PowerMockito.spy(new DeviceEndpoint());
    mockOAuthServerConfiguration();
    mockStatic(ServiceURLBuilder.class);
    mockStatic(ServiceURL.class);
    ServiceURLBuilder mockServiceURLBuilder = Mockito.mock(ServiceURLBuilder.class);
    ServiceURL mockServiceURL = Mockito.mock(ServiceURL.class);
    when(ServiceURLBuilder.create()).thenReturn(mockServiceURLBuilder);
    when(mockServiceURLBuilder.addPath(anyString())).thenReturn(mockServiceURLBuilder);
    when(mockServiceURLBuilder.addParameter(anyString(), anyString())).thenReturn(mockServiceURLBuilder);
    when(mockServiceURLBuilder.build()).thenReturn(mockServiceURL);
    when(mockServiceURL.getAbsolutePublicURL()).thenReturn("http://localhost:9443/authenticationendpoint/device.do");
    mockStatic(HttpServletRequest.class);
    OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
    oAuthClientAuthnContext.setClientId(clientId);
    oAuthClientAuthnContext.setAuthenticated(status);
    when(request.getAttribute(anyString())).thenReturn(oAuthClientAuthnContext);
    DeviceAuthServiceImpl deviceAuthService = new DeviceAuthServiceImpl();
    deviceEndpoint.setDeviceAuthService(deviceAuthService);
    mockStatic(IdentityDatabaseUtil.class);
    when(IdentityDatabaseUtil.getDBConnection(true)).thenReturn(connection);
    when(IdentityDatabaseUtil.getDBConnection(false)).thenReturn(connection);
    when(httpServletRequest.getParameter(anyString())).thenReturn(clientId);
    Response response;
    mockStatic(IdentityUtil.class);
    when(IdentityUtil.getServerURL(anyString(), anyBoolean(), anyBoolean())).thenReturn(TEST_URL);
    mockStatic(DeviceFlowPersistenceFactory.class);
    when(DeviceFlowPersistenceFactory.getInstance()).thenReturn(deviceFlowPersistenceFactory);
    when(deviceFlowPersistenceFactory.getDeviceFlowDAO()).thenReturn(deviceFlowDAO);
    when(deviceFlowDAO.checkClientIdExist(anyString())).thenReturn(status);
    PowerMockito.when(deviceEndpoint, "getValidationObject", httpServletRequest).thenReturn(oAuthClientAuthnContext);
    response = deviceEndpoint.authorize(httpServletRequest, new MultivaluedHashMap<String, String>(), httpServletResponse);
    Assert.assertEquals(expectedStatus, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) ServiceURL(org.wso2.carbon.identity.core.ServiceURL) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) ServiceURLBuilder(org.wso2.carbon.identity.core.ServiceURLBuilder) DeviceAuthServiceImpl(org.wso2.carbon.identity.oauth2.device.api.DeviceAuthServiceImpl) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 2 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class ResponseTypeHandlerUtil method buildAuthenticatedOAuthClientAuthnContext.

/**
 * This method is used to avoid client validation failure in OAuth2Service.revokeTokenByOAuthClient.
 *
 * @param clientId client id of the application.
 * @return Returns a OAuthClientAuthnContext with isAuthenticated set to true.
 */
private static OAuthClientAuthnContext buildAuthenticatedOAuthClientAuthnContext(String clientId) {
    OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
    oAuthClientAuthnContext.setAuthenticated(true);
    oAuthClientAuthnContext.setClientId(clientId);
    return oAuthClientAuthnContext;
}
Also used : OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext)

Example 3 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class ResponseTypeHandlerUtil method revokeExistingToken.

/**
 * Builds the revocation request and calls the revoke oauth service.
 *
 * @param clientId client id.
 * @param accessToken access token.
 */
private static void revokeExistingToken(String clientId, String accessToken) throws IdentityOAuth2Exception {
    // This is used to avoid client validation failure in revokeTokenByOAuthClient.
    // This will not affect the flow negatively as the client is already authenticated by this point.
    OAuthClientAuthnContext oAuthClientAuthnContext = buildAuthenticatedOAuthClientAuthnContext(clientId);
    OAuthRevocationRequestDTO revocationRequestDTO = OAuth2Util.buildOAuthRevocationRequest(oAuthClientAuthnContext, accessToken);
    OAuthRevocationResponseDTO revocationResponseDTO = getOauth2Service().revokeTokenByOAuthClient(revocationRequestDTO);
    if (revocationResponseDTO.isError()) {
        String msg = "Error while revoking tokens for clientId:" + clientId + " Error Message:" + revocationResponseDTO.getErrorMsg();
        if (revocationResponseDTO.getErrorCode().equals(OAuth2ErrorCodes.SERVER_ERROR)) {
            log.error(msg);
        }
        if (log.isDebugEnabled()) {
            log.debug(msg);
        }
        throw new IdentityOAuth2Exception(msg);
    }
}
Also used : OAuthRevocationRequestDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) OAuthRevocationResponseDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext)

Example 4 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2CibaEndpoint method ciba.

@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response ciba(@Context HttpServletRequest request, @Context HttpServletResponse response, MultivaluedMap paramMap) {
    OAuthClientAuthnContext oAuthClientAuthnContext = getClientAuthnContext(request);
    if (!oAuthClientAuthnContext.isAuthenticated()) {
        return getErrorResponse(new CibaAuthFailureException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Client authentication required"));
    }
    request = new OAuthRequestWrapper(request, (Map<String, List<String>>) paramMap);
    if (log.isDebugEnabled()) {
        log.debug("Authentication request has hit Client Initiated Back-channel Authentication EndPoint.");
    }
    try {
        // Check whether request has the 'request' parameter.
        checkForRequestParam(request);
        // Capturing authentication request.
        String authRequest = request.getParameter(CibaConstants.REQUEST);
        // Validate authentication request.
        validateAuthenticationRequest(authRequest, oAuthClientAuthnContext.getClientId());
        // Prepare RequestDTO with validated parameters.
        cibaAuthCodeRequest = getCibaAuthCodeRequest(authRequest);
        // Obtain Response from service layer of CIBA.
        cibaAuthCodeResponse = getCibaAuthCodeResponse(cibaAuthCodeRequest);
        // Create an internal authorize call to the authorize endpoint.
        generateAuthorizeCall(request, response, cibaAuthCodeResponse);
        // Create and return Ciba Authentication Response.
        return getAuthResponse(response, cibaAuthCodeResponse);
    } catch (CibaAuthFailureException e) {
        // Returning error response.
        return getErrorResponse(e);
    }
}
Also used : OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper) CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) Map(java.util.Map) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 5 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthRevocationEndpoint method buildOAuthRevocationRequest.

private OAuthRevocationRequestDTO buildOAuthRevocationRequest(HttpServletRequest request, MultivaluedMap<String, String> paramMap, String token, String tokenType) {
    OAuthRevocationRequestDTO revokeRequest = new OAuthRevocationRequestDTO();
    Object oauthClientAuthnContextObj = request.getAttribute(OAuthConstants.CLIENT_AUTHN_CONTEXT);
    if (oauthClientAuthnContextObj instanceof OAuthClientAuthnContext) {
        OAuthClientAuthnContext oAuthClientAuthnContext = (OAuthClientAuthnContext) oauthClientAuthnContextObj;
        revokeRequest.setOauthClientAuthnContext(oAuthClientAuthnContext);
        revokeRequest.setConsumerKey(oAuthClientAuthnContext.getClientId());
        if (oAuthClientAuthnContext.getParameter(OAuth.OAUTH_CLIENT_SECRET) != null) {
            revokeRequest.setConsumerSecret((String) oAuthClientAuthnContext.getParameter(OAuth.OAUTH_CLIENT_SECRET));
        }
    }
    revokeRequest.setToken(token);
    if (isNotEmpty(tokenType)) {
        revokeRequest.setTokenType(tokenType);
    }
    revokeRequest.setRequest(request);
    return revokeRequest;
}
Also used : OAuthRevocationRequestDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext)

Aggregations

OAuthClientAuthnContext (org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext)39 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)24 Test (org.testng.annotations.Test)24 PowerMockIdentityBaseTest (org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)21 OAuth2AccessTokenReqDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO)12 OAuth2AccessTokenRespDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO)10 Matchers.anyString (org.mockito.Matchers.anyString)9 HashMap (java.util.HashMap)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)8 OAuthRevocationRequestDTO (org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO)7 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)6 AuthorizationGrantHandler (org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler)6 Map (java.util.Map)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)3 Response (javax.ws.rs.core.Response)3 BeforeTest (org.testng.annotations.BeforeTest)3 Consumes (javax.ws.rs.Consumes)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2