use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class AccessTokenIssuerTest method testIssueFailedMultipleClientAuthentication.
/**
* Multiple Client Authentication mechanisms used to authenticate the request.
*
* @throws Exception
*/
@Test
public void testIssueFailedMultipleClientAuthentication() throws Exception {
OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
reqDTO.setGrantType(DUMMY_GRANT_TYPE);
OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
oAuthClientAuthnContext.addAuthenticator("ClientAuthenticator1");
oAuthClientAuthnContext.addAuthenticator("ClientAuthenticator2");
reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
OAuth2AccessTokenRespDTO tokenRespDTO = AccessTokenIssuer.getInstance().issue(reqDTO);
assertNotNull(tokenRespDTO);
assertTrue(tokenRespDTO.isError());
assertEquals(tokenRespDTO.getErrorCode(), OAuthError.TokenResponse.INVALID_REQUEST, "Error Code has been " + "changed. Previously it was: " + OAuthError.TokenResponse.INVALID_REQUEST);
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class AccessTokenIssuerTest method testIssue.
@Test(dataProvider = "AccessTokenIssue")
public void testIssue(boolean isAuthorizedClient, boolean isValidGrant, boolean isAuthorizedAccessDelegation, boolean isValidScope, boolean isAuthenticatedClient, boolean isTokenIssueSuccess) throws IdentityException {
mockPasswordGrantHandler(isAuthorizedClient, isValidGrant, isAuthorizedAccessDelegation, isValidScope);
OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
reqDTO.setGrantType(OAuthConstants.GrantTypes.PASSWORD);
reqDTO.setClientId(SOME_CLIENT_ID);
OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
oAuthClientAuthnContext.setAuthenticated(isAuthenticatedClient);
reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
AccessTokenIssuer tokenIssuer = AccessTokenIssuer.getInstance();
OAuth2AccessTokenRespDTO tokenRespDTO = tokenIssuer.issue(reqDTO);
if (isTokenIssueSuccess) {
Assert.assertFalse(tokenRespDTO.isError());
}
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class AccessTokenIssuerTest method testClientAuthenticaion.
/**
* Make sure oauth client authenticaion is done with context data.
*
* @throws Exception
*/
@Test(dataProvider = "clientAuthContextDataProvider")
public void testClientAuthenticaion(String clientId, String errorCode, boolean isAuthenticated, String authenticator1, String authenticator2, String expectedErrorCode, boolean isConfidential, boolean authnResult) throws Exception {
OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
oAuthClientAuthnContext.setClientId(clientId);
oAuthClientAuthnContext.setErrorCode(errorCode);
oAuthClientAuthnContext.setAuthenticated(isAuthenticated);
if (StringUtils.isNotEmpty(authenticator1)) {
oAuthClientAuthnContext.addAuthenticator(authenticator1);
}
if (StringUtils.isNotEmpty(authenticator2)) {
oAuthClientAuthnContext.addAuthenticator(authenticator2);
}
AuthorizationGrantHandler dummyGrantHandler = getMockGrantHandlerForSuccess(true);
final ResponseHeader responseHeader = new ResponseHeader();
responseHeader.setKey("Header");
responseHeader.setValue("HeaderValue");
final ResponseHeader[] responseHeaders = new ResponseHeader[] { responseHeader };
when(dummyGrantHandler.issue(any(OAuthTokenReqMessageContext.class))).then(new Answer<Object>() {
@Override
public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
OAuthTokenReqMessageContext context = invocationOnMock.getArgumentAt(0, OAuthTokenReqMessageContext.class);
// set some response headers
context.addProperty(OAuthConstants.RESPONSE_HEADERS_PROPERTY, responseHeaders);
String[] scopeArray = context.getOauth2AccessTokenReqDTO().getScope();
context.setScope(scopeArray);
return new OAuth2AccessTokenRespDTO();
}
});
when(dummyGrantHandler.isConfidentialClient()).thenReturn(isConfidential);
HashMap<String, AuthorizationGrantHandler> authorizationGrantHandlers = new HashMap<>();
authorizationGrantHandlers.put(DUMMY_GRANT_TYPE, dummyGrantHandler);
mockOAuth2ServerConfiguration(authorizationGrantHandlers);
OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
reqDTO.setGrantType(DUMMY_GRANT_TYPE);
reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
OAuth2AccessTokenRespDTO tokenRespDTO = AccessTokenIssuer.getInstance().issue(reqDTO);
assertNotNull(tokenRespDTO);
assertEquals(tokenRespDTO.isError(), !authnResult);
assertEquals(tokenRespDTO.getErrorCode(), expectedErrorCode);
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class AccessTokenIssuerTest method testIssueErrorUnauthorizedClient.
@Test(dataProvider = "unauthorizedClientErrorConditionProvider")
public void testIssueErrorUnauthorizedClient(boolean throwException, String exceptionMsg) throws Exception {
AuthorizationGrantHandler dummyGrantHandler = mock(AuthorizationGrantHandler.class);
when(dummyGrantHandler.isConfidentialClient()).thenReturn(false);
// Not a confidential client
when(dummyGrantHandler.isOfTypeApplicationUser()).thenReturn(true);
if (throwException) {
when(dummyGrantHandler.isAuthorizedClient(any(OAuthTokenReqMessageContext.class))).thenThrow(new IdentityOAuth2Exception(exceptionMsg));
} else {
// Unauthorized client
when(dummyGrantHandler.isAuthorizedClient(any(OAuthTokenReqMessageContext.class))).thenReturn(false);
}
HashMap<String, AuthorizationGrantHandler> authorizationGrantHandlers = new HashMap<>();
authorizationGrantHandlers.put(DUMMY_GRANT_TYPE, dummyGrantHandler);
mockOAuth2ServerConfiguration(authorizationGrantHandlers);
OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
reqDTO.setGrantType(DUMMY_GRANT_TYPE);
OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
oAuthClientAuthnContext.setClientId(SOME_CLIENT_ID);
reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
OAuth2AccessTokenRespDTO tokenRespDTO = AccessTokenIssuer.getInstance().issue(reqDTO);
assertNotNull(tokenRespDTO);
assertTrue(tokenRespDTO.isError());
assertEquals(tokenRespDTO.getErrorCode(), OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
assertEquals(tokenRespDTO.getErrorMsg(), exceptionMsg);
}
use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.
the class AccessTokenIssuerTest method testIssueWithInvalidClient.
/**
* Test whether the client ID sent in error response for a invalid client token request, is properly encoded.
*
* @throws Exception
*/
@Test
public void testIssueWithInvalidClient() throws Exception {
OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
oAuthClientAuthnContext.setClientId("sampleID");
oAuthClientAuthnContext.setErrorCode(OAuth2ErrorCodes.INVALID_CLIENT);
oAuthClientAuthnContext.setAuthenticated(false);
String malicousClientID = "<img src=a onerror=alert(1)>";
String encodedClientID = "<img src=a onerror=alert(1)>";
OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
reqDTO.setGrantType(DUMMY_GRANT_TYPE);
reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
reqDTO.setClientId(malicousClientID);
when(mockOAuthAppDO.getState()).thenReturn(null);
try {
AccessTokenIssuer.getInstance().issue(reqDTO);
} catch (InvalidOAuthClientException ex) {
assertTrue(ex.getMessage().contains(encodedClientID));
}
}
Aggregations