use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class DeviceEndpointTest method testDevice.
/**
* Test the device_authorize endpoint.
*
* @param clientId Consumer key of the application.
* @param expectedStatus Expected status for response.
* @param status Status of user code.
* @throws IdentityOAuth2Exception If failed at device endpoint
* @throws OAuthSystemException If failed at device endpoint.
*/
@Test(dataProvider = "dataValues")
public void testDevice(String clientId, int expectedStatus, boolean status) throws Exception {
DeviceEndpoint deviceEndpoint = PowerMockito.spy(new DeviceEndpoint());
mockOAuthServerConfiguration();
mockStatic(ServiceURLBuilder.class);
mockStatic(ServiceURL.class);
ServiceURLBuilder mockServiceURLBuilder = Mockito.mock(ServiceURLBuilder.class);
ServiceURL mockServiceURL = Mockito.mock(ServiceURL.class);
when(ServiceURLBuilder.create()).thenReturn(mockServiceURLBuilder);
when(mockServiceURLBuilder.addPath(anyString())).thenReturn(mockServiceURLBuilder);
when(mockServiceURLBuilder.addParameter(anyString(), anyString())).thenReturn(mockServiceURLBuilder);
when(mockServiceURLBuilder.build()).thenReturn(mockServiceURL);
when(mockServiceURL.getAbsolutePublicURL()).thenReturn("http://localhost:9443/authenticationendpoint/device.do");
mockStatic(HttpServletRequest.class);
OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
oAuthClientAuthnContext.setClientId(clientId);
oAuthClientAuthnContext.setAuthenticated(status);
when(request.getAttribute(anyString())).thenReturn(oAuthClientAuthnContext);
DeviceAuthServiceImpl deviceAuthService = new DeviceAuthServiceImpl();
deviceEndpoint.setDeviceAuthService(deviceAuthService);
mockStatic(IdentityDatabaseUtil.class);
when(IdentityDatabaseUtil.getDBConnection(true)).thenReturn(connection);
when(IdentityDatabaseUtil.getDBConnection(false)).thenReturn(connection);
when(httpServletRequest.getParameter(anyString())).thenReturn(clientId);
Response response;
mockStatic(IdentityUtil.class);
when(IdentityUtil.getServerURL(anyString(), anyBoolean(), anyBoolean())).thenReturn(TEST_URL);
mockStatic(DeviceFlowPersistenceFactory.class);
when(DeviceFlowPersistenceFactory.getInstance()).thenReturn(deviceFlowPersistenceFactory);
when(deviceFlowPersistenceFactory.getDeviceFlowDAO()).thenReturn(deviceFlowDAO);
when(deviceFlowDAO.checkClientIdExist(anyString())).thenReturn(status);
PowerMockito.when(deviceEndpoint, "getValidationObject", httpServletRequest).thenReturn(oAuthClientAuthnContext);
response = deviceEndpoint.authorize(httpServletRequest, new MultivaluedHashMap<String, String>(), httpServletResponse);
Assert.assertEquals(expectedStatus, response.getStatus());
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class ResponseTypeHandlerUtil method buildAuthenticatedOAuthClientAuthnContext.
/**
* This method is used to avoid client validation failure in OAuth2Service.revokeTokenByOAuthClient.
*
* @param clientId client id of the application.
* @return Returns a OAuthClientAuthnContext with isAuthenticated set to true.
*/
private static OAuthClientAuthnContext buildAuthenticatedOAuthClientAuthnContext(String clientId) {
OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
oAuthClientAuthnContext.setAuthenticated(true);
oAuthClientAuthnContext.setClientId(clientId);
return oAuthClientAuthnContext;
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class ResponseTypeHandlerUtil method revokeExistingToken.
/**
* Builds the revocation request and calls the revoke oauth service.
*
* @param clientId client id.
* @param accessToken access token.
*/
private static void revokeExistingToken(String clientId, String accessToken) throws IdentityOAuth2Exception {
// This is used to avoid client validation failure in revokeTokenByOAuthClient.
// This will not affect the flow negatively as the client is already authenticated by this point.
OAuthClientAuthnContext oAuthClientAuthnContext = buildAuthenticatedOAuthClientAuthnContext(clientId);
OAuthRevocationRequestDTO revocationRequestDTO = OAuth2Util.buildOAuthRevocationRequest(oAuthClientAuthnContext, accessToken);
OAuthRevocationResponseDTO revocationResponseDTO = getOauth2Service().revokeTokenByOAuthClient(revocationRequestDTO);
if (revocationResponseDTO.isError()) {
String msg = "Error while revoking tokens for clientId:" + clientId + " Error Message:" + revocationResponseDTO.getErrorMsg();
if (revocationResponseDTO.getErrorCode().equals(OAuth2ErrorCodes.SERVER_ERROR)) {
log.error(msg);
}
if (log.isDebugEnabled()) {
log.debug(msg);
}
throw new IdentityOAuth2Exception(msg);
}
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2CibaEndpoint method ciba.
@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response ciba(@Context HttpServletRequest request, @Context HttpServletResponse response, MultivaluedMap paramMap) {
OAuthClientAuthnContext oAuthClientAuthnContext = getClientAuthnContext(request);
if (!oAuthClientAuthnContext.isAuthenticated()) {
return getErrorResponse(new CibaAuthFailureException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Client authentication required"));
}
request = new OAuthRequestWrapper(request, (Map<String, List<String>>) paramMap);
if (log.isDebugEnabled()) {
log.debug("Authentication request has hit Client Initiated Back-channel Authentication EndPoint.");
}
try {
// Check whether request has the 'request' parameter.
checkForRequestParam(request);
// Capturing authentication request.
String authRequest = request.getParameter(CibaConstants.REQUEST);
// Validate authentication request.
validateAuthenticationRequest(authRequest, oAuthClientAuthnContext.getClientId());
// Prepare RequestDTO with validated parameters.
cibaAuthCodeRequest = getCibaAuthCodeRequest(authRequest);
// Obtain Response from service layer of CIBA.
cibaAuthCodeResponse = getCibaAuthCodeResponse(cibaAuthCodeRequest);
// Create an internal authorize call to the authorize endpoint.
generateAuthorizeCall(request, response, cibaAuthCodeResponse);
// Create and return Ciba Authentication Response.
return getAuthResponse(response, cibaAuthCodeResponse);
} catch (CibaAuthFailureException e) {
// Returning error response.
return getErrorResponse(e);
}
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthRevocationEndpoint method buildOAuthRevocationRequest.
private OAuthRevocationRequestDTO buildOAuthRevocationRequest(HttpServletRequest request, MultivaluedMap<String, String> paramMap, String token, String tokenType) {
OAuthRevocationRequestDTO revokeRequest = new OAuthRevocationRequestDTO();
Object oauthClientAuthnContextObj = request.getAttribute(OAuthConstants.CLIENT_AUTHN_CONTEXT);
if (oauthClientAuthnContextObj instanceof OAuthClientAuthnContext) {
OAuthClientAuthnContext oAuthClientAuthnContext = (OAuthClientAuthnContext) oauthClientAuthnContextObj;
revokeRequest.setOauthClientAuthnContext(oAuthClientAuthnContext);
revokeRequest.setConsumerKey(oAuthClientAuthnContext.getClientId());
if (oAuthClientAuthnContext.getParameter(OAuth.OAUTH_CLIENT_SECRET) != null) {
revokeRequest.setConsumerSecret((String) oAuthClientAuthnContext.getParameter(OAuth.OAUTH_CLIENT_SECRET));
}
}
revokeRequest.setToken(token);
if (isNotEmpty(tokenType)) {
revokeRequest.setTokenType(tokenType);
}
revokeRequest.setRequest(request);
return revokeRequest;
}
Aggregations