Search in sources :

Example 16 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class AccessTokenIssuerTest method testIssueFailedMultipleClientAuthentication.

/**
 * Multiple Client Authentication mechanisms used to authenticate the request.
 *
 * @throws Exception
 */
@Test
public void testIssueFailedMultipleClientAuthentication() throws Exception {
    OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
    reqDTO.setGrantType(DUMMY_GRANT_TYPE);
    OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
    oAuthClientAuthnContext.addAuthenticator("ClientAuthenticator1");
    oAuthClientAuthnContext.addAuthenticator("ClientAuthenticator2");
    reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
    OAuth2AccessTokenRespDTO tokenRespDTO = AccessTokenIssuer.getInstance().issue(reqDTO);
    assertNotNull(tokenRespDTO);
    assertTrue(tokenRespDTO.isError());
    assertEquals(tokenRespDTO.getErrorCode(), OAuthError.TokenResponse.INVALID_REQUEST, "Error Code has been " + "changed. Previously it was: " + OAuthError.TokenResponse.INVALID_REQUEST);
}
Also used : OAuth2AccessTokenRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO) OAuth2AccessTokenReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Example 17 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class AccessTokenIssuerTest method testIssue.

@Test(dataProvider = "AccessTokenIssue")
public void testIssue(boolean isAuthorizedClient, boolean isValidGrant, boolean isAuthorizedAccessDelegation, boolean isValidScope, boolean isAuthenticatedClient, boolean isTokenIssueSuccess) throws IdentityException {
    mockPasswordGrantHandler(isAuthorizedClient, isValidGrant, isAuthorizedAccessDelegation, isValidScope);
    OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
    reqDTO.setGrantType(OAuthConstants.GrantTypes.PASSWORD);
    reqDTO.setClientId(SOME_CLIENT_ID);
    OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
    oAuthClientAuthnContext.setAuthenticated(isAuthenticatedClient);
    reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
    AccessTokenIssuer tokenIssuer = AccessTokenIssuer.getInstance();
    OAuth2AccessTokenRespDTO tokenRespDTO = tokenIssuer.issue(reqDTO);
    if (isTokenIssueSuccess) {
        Assert.assertFalse(tokenRespDTO.isError());
    }
}
Also used : OAuth2AccessTokenRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO) OAuth2AccessTokenReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Example 18 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class AccessTokenIssuerTest method testClientAuthenticaion.

/**
 * Make sure oauth client authenticaion is done with context data.
 *
 * @throws Exception
 */
@Test(dataProvider = "clientAuthContextDataProvider")
public void testClientAuthenticaion(String clientId, String errorCode, boolean isAuthenticated, String authenticator1, String authenticator2, String expectedErrorCode, boolean isConfidential, boolean authnResult) throws Exception {
    OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
    oAuthClientAuthnContext.setClientId(clientId);
    oAuthClientAuthnContext.setErrorCode(errorCode);
    oAuthClientAuthnContext.setAuthenticated(isAuthenticated);
    if (StringUtils.isNotEmpty(authenticator1)) {
        oAuthClientAuthnContext.addAuthenticator(authenticator1);
    }
    if (StringUtils.isNotEmpty(authenticator2)) {
        oAuthClientAuthnContext.addAuthenticator(authenticator2);
    }
    AuthorizationGrantHandler dummyGrantHandler = getMockGrantHandlerForSuccess(true);
    final ResponseHeader responseHeader = new ResponseHeader();
    responseHeader.setKey("Header");
    responseHeader.setValue("HeaderValue");
    final ResponseHeader[] responseHeaders = new ResponseHeader[] { responseHeader };
    when(dummyGrantHandler.issue(any(OAuthTokenReqMessageContext.class))).then(new Answer<Object>() {

        @Override
        public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
            OAuthTokenReqMessageContext context = invocationOnMock.getArgumentAt(0, OAuthTokenReqMessageContext.class);
            // set some response headers
            context.addProperty(OAuthConstants.RESPONSE_HEADERS_PROPERTY, responseHeaders);
            String[] scopeArray = context.getOauth2AccessTokenReqDTO().getScope();
            context.setScope(scopeArray);
            return new OAuth2AccessTokenRespDTO();
        }
    });
    when(dummyGrantHandler.isConfidentialClient()).thenReturn(isConfidential);
    HashMap<String, AuthorizationGrantHandler> authorizationGrantHandlers = new HashMap<>();
    authorizationGrantHandlers.put(DUMMY_GRANT_TYPE, dummyGrantHandler);
    mockOAuth2ServerConfiguration(authorizationGrantHandlers);
    OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
    reqDTO.setGrantType(DUMMY_GRANT_TYPE);
    reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
    OAuth2AccessTokenRespDTO tokenRespDTO = AccessTokenIssuer.getInstance().issue(reqDTO);
    assertNotNull(tokenRespDTO);
    assertEquals(tokenRespDTO.isError(), !authnResult);
    assertEquals(tokenRespDTO.getErrorCode(), expectedErrorCode);
}
Also used : ResponseHeader(org.wso2.carbon.identity.oauth2.ResponseHeader) AuthorizationGrantHandler(org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler) HashMap(java.util.HashMap) Matchers.anyString(org.mockito.Matchers.anyString) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) OAuth2AccessTokenReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO) OAuth2AccessTokenRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO) InvocationOnMock(org.mockito.invocation.InvocationOnMock) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Example 19 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class AccessTokenIssuerTest method testIssueErrorUnauthorizedClient.

@Test(dataProvider = "unauthorizedClientErrorConditionProvider")
public void testIssueErrorUnauthorizedClient(boolean throwException, String exceptionMsg) throws Exception {
    AuthorizationGrantHandler dummyGrantHandler = mock(AuthorizationGrantHandler.class);
    when(dummyGrantHandler.isConfidentialClient()).thenReturn(false);
    // Not a confidential client
    when(dummyGrantHandler.isOfTypeApplicationUser()).thenReturn(true);
    if (throwException) {
        when(dummyGrantHandler.isAuthorizedClient(any(OAuthTokenReqMessageContext.class))).thenThrow(new IdentityOAuth2Exception(exceptionMsg));
    } else {
        // Unauthorized client
        when(dummyGrantHandler.isAuthorizedClient(any(OAuthTokenReqMessageContext.class))).thenReturn(false);
    }
    HashMap<String, AuthorizationGrantHandler> authorizationGrantHandlers = new HashMap<>();
    authorizationGrantHandlers.put(DUMMY_GRANT_TYPE, dummyGrantHandler);
    mockOAuth2ServerConfiguration(authorizationGrantHandlers);
    OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
    reqDTO.setGrantType(DUMMY_GRANT_TYPE);
    OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
    oAuthClientAuthnContext.setClientId(SOME_CLIENT_ID);
    reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
    OAuth2AccessTokenRespDTO tokenRespDTO = AccessTokenIssuer.getInstance().issue(reqDTO);
    assertNotNull(tokenRespDTO);
    assertTrue(tokenRespDTO.isError());
    assertEquals(tokenRespDTO.getErrorCode(), OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
    assertEquals(tokenRespDTO.getErrorMsg(), exceptionMsg);
}
Also used : IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) OAuth2AccessTokenRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO) AuthorizationGrantHandler(org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler) HashMap(java.util.HashMap) Matchers.anyString(org.mockito.Matchers.anyString) OAuth2AccessTokenReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Example 20 with OAuthClientAuthnContext

use of org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext in project identity-inbound-auth-oauth by wso2-extensions.

the class AccessTokenIssuerTest method testIssueWithInvalidClient.

/**
 * Test whether the client ID sent in error response for a invalid client token request, is properly encoded.
 *
 * @throws Exception
 */
@Test
public void testIssueWithInvalidClient() throws Exception {
    OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
    oAuthClientAuthnContext.setClientId("sampleID");
    oAuthClientAuthnContext.setErrorCode(OAuth2ErrorCodes.INVALID_CLIENT);
    oAuthClientAuthnContext.setAuthenticated(false);
    String malicousClientID = "<img src=a onerror=alert(1)>";
    String encodedClientID = "&lt;img src=a onerror=alert(1)&gt;";
    OAuth2AccessTokenReqDTO reqDTO = new OAuth2AccessTokenReqDTO();
    reqDTO.setGrantType(DUMMY_GRANT_TYPE);
    reqDTO.setoAuthClientAuthnContext(oAuthClientAuthnContext);
    reqDTO.setClientId(malicousClientID);
    when(mockOAuthAppDO.getState()).thenReturn(null);
    try {
        AccessTokenIssuer.getInstance().issue(reqDTO);
    } catch (InvalidOAuthClientException ex) {
        assertTrue(ex.getMessage().contains(encodedClientID));
    }
}
Also used : Matchers.anyString(org.mockito.Matchers.anyString) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) OAuth2AccessTokenReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO) InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Aggregations

OAuthClientAuthnContext (org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext)39 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)24 Test (org.testng.annotations.Test)24 PowerMockIdentityBaseTest (org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)21 OAuth2AccessTokenReqDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO)12 OAuth2AccessTokenRespDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO)10 Matchers.anyString (org.mockito.Matchers.anyString)9 HashMap (java.util.HashMap)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)8 OAuthRevocationRequestDTO (org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO)7 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)6 AuthorizationGrantHandler (org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler)6 Map (java.util.Map)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)3 Response (javax.ws.rs.core.Response)3 BeforeTest (org.testng.annotations.BeforeTest)3 Consumes (javax.ws.rs.Consumes)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2