Examples with OAuth2ScopeConsentResponse org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse used on opensource projects

Search in sources :

Example 6 with OAuth2ScopeConsentResponse

use of org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse in project identity-inbound-auth-oauth by wso2-extensions.

the class EndpointUtil method setConsentRequiredScopesToOAuthParams.

private static void setConsentRequiredScopesToOAuthParams(AuthenticatedUser user, OAuth2Parameters params) throws OAuthSystemException {
    try {
        String consentRequiredScopes = StringUtils.EMPTY;
        List<String> allowedOAuthScopes = getAllowedOAuthScopes(params);
        if (user != null && !isPromptContainsConsent(params)) {
            String userId = getUserIdOfAuthenticatedUser(user);
            String appId = getAppIdFromClientId(params.getClientId());
            OAuth2ScopeConsentResponse existingUserConsent = oAuth2ScopeService.getUserConsentForApp(userId, appId, IdentityTenantUtil.getTenantId(user.getTenantDomain()));
            if (existingUserConsent != null) {
                if (CollectionUtils.isNotEmpty(existingUserConsent.getApprovedScopes())) {
                    allowedOAuthScopes.removeAll(existingUserConsent.getApprovedScopes());
                }
            }
        }
        if (CollectionUtils.isNotEmpty(allowedOAuthScopes)) {
            // Filter out internal scopes to be validated.
            String[] requestedScopes = Oauth2ScopeUtils.getRequestedScopes(allowedOAuthScopes.toArray(new String[0]));
            if (ArrayUtils.isNotEmpty(requestedScopes)) {
                // Remove the filtered internal scopes from the allowedOAuthScopes list.
                allowedOAuthScopes.removeAll(Arrays.asList(requestedScopes));
                JDBCPermissionBasedInternalScopeValidator scopeValidator = new JDBCPermissionBasedInternalScopeValidator();
                String[] validatedScope = scopeValidator.validateScope(requestedScopes, user, params.getClientId());
                // Filter out requested scopes from the validated scope array.
                for (String scope : requestedScopes) {
                    if (ArrayUtils.contains(validatedScope, scope)) {
                        allowedOAuthScopes.add(scope);
                    }
                }
            }
            params.setConsentRequiredScopes(new HashSet<>(allowedOAuthScopes));
            consentRequiredScopes = String.join(" ", allowedOAuthScopes).trim();
        }
        if (log.isDebugEnabled()) {
            log.debug("Consent required scopes : " + consentRequiredScopes + " for request from client : " + params.getClientId());
        }
    } catch (IdentityOAuth2ScopeException e) {
        throw new OAuthSystemException("Error occurred while retrieving user consents OAuth scopes.");
    }
}
Also used : OAuth2ScopeConsentResponse(org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse) JDBCPermissionBasedInternalScopeValidator(org.wso2.carbon.identity.oauth2.validators.JDBCPermissionBasedInternalScopeValidator) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) IdentityOAuth2ScopeException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException)

Example 7 with OAuth2ScopeConsentResponse

use of org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeServiceTest method testUpdateUserConsentForApplication.

@Test(dataProvider = "userConsentScopesForApplicationProvider")
public void testUpdateUserConsentForApplication(List<String> newApprovedScopes, List<String> newDeniedScopes, int approvedScopeSize, int deniedScopeSize) throws Exception {
    List<String> approvedScopes = new ArrayList<>(Arrays.asList("read"));
    List<String> deniedScopes = new ArrayList<>(Arrays.asList("write"));
    String uuid = UUID.randomUUID().toString();
    insertAppId(uuid);
    oAuth2ScopeService.addUserConsentForApplication("user_id", uuid, 1, approvedScopes, deniedScopes);
    oAuth2ScopeService.updateUserConsentForApplication("user_id", uuid, 1, newApprovedScopes, newDeniedScopes);
    OAuth2ScopeConsentResponse oAuth2ScopeConsentResponse = oAuth2ScopeService.getUserConsentForApp("user_id", uuid, 1);
    assertEquals(oAuth2ScopeConsentResponse.getApprovedScopes().size(), approvedScopeSize);
    assertEquals(oAuth2ScopeConsentResponse.getDeniedScopes().size(), deniedScopeSize);
}
Also used : OAuth2ScopeConsentResponse(org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse) ArrayList(java.util.ArrayList) Test(org.testng.annotations.Test)

Example 8 with OAuth2ScopeConsentResponse

use of org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ScopeServiceTest method testGetUserConsentForApp.

@Test
public void testGetUserConsentForApp() throws Exception {
    List<String> approvedScopes = new ArrayList<>(Arrays.asList("read", "write"));
    List<String> deniedScopes = new ArrayList<>(Arrays.asList("delete"));
    String appId = UUID.randomUUID().toString();
    insertAppId(appId);
    int tenantId = 1;
    String userId = "dummyUserId";
    oAuth2ScopeService.addUserConsentForApplication(userId, appId, tenantId, approvedScopes, deniedScopes);
    OAuth2ScopeConsentResponse oAuth2ScopeConsentResponse = oAuth2ScopeService.getUserConsentForApp(userId, appId, tenantId);
    assertEquals(oAuth2ScopeConsentResponse.getAppId(), appId);
    assertEquals(oAuth2ScopeConsentResponse.getUserId(), userId);
    assertEquals(oAuth2ScopeConsentResponse.getApprovedScopes().size(), approvedScopes.size());
    assertEquals(oAuth2ScopeConsentResponse.getDeniedScopes().size(), deniedScopes.size());
}
Also used : OAuth2ScopeConsentResponse(org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse) ArrayList(java.util.ArrayList) Test(org.testng.annotations.Test)

Example 9 with OAuth2ScopeConsentResponse

use of org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse in project identity-inbound-auth-oauth by wso2-extensions.

the class EndpointUtilTest method testGetUserConsentURL.

@Test(dataProvider = "provideDataForUserConsentURL")
public void testGetUserConsentURL(Object oAuth2ParamObject, boolean isOIDC, boolean cacheEntryExists, boolean throwError, String queryString, boolean isDebugEnabled) throws Exception {
    setMockedLog(isDebugEnabled);
    OAuth2Parameters parameters = (OAuth2Parameters) oAuth2ParamObject;
    mockStatic(OAuthServerConfiguration.class);
    when(OAuthServerConfiguration.getInstance()).thenReturn(mockedOAuthServerConfiguration);
    EndpointUtil.setOauthServerConfiguration(mockedOAuthServerConfiguration);
    when(mockedOAuthServerConfiguration.isDropUnregisteredScopes()).thenReturn(false);
    EndpointUtil.setOAuth2ScopeService(oAuth2ScopeService);
    when(oAuth2ScopeService.getUserConsentForApp(anyString(), anyString(), anyInt())).thenReturn(oAuth2ScopeConsentResponse);
    mockStatic(OAuth2Util.class);
    mockStatic(OAuth2Util.OAuthURL.class);
    when(OAuth2Util.OAuthURL.getOIDCConsentPageUrl()).thenReturn(OIDC_CONSENT_PAGE_URL);
    when(OAuth2Util.OAuthURL.getOAuth2ConsentPageUrl()).thenReturn(OAUTH2_CONSENT_PAGE_URL);
    mockStatic(IdentityTenantUtil.class);
    when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(MultitenantConstants.SUPER_TENANT_ID);
    mockStatic(FrameworkUtils.class);
    when(FrameworkUtils.resolveUserIdFromUsername(anyInt(), anyString(), anyString())).thenReturn("sample");
    when(FrameworkUtils.getRedirectURLWithFilteredParams(anyString(), anyMap())).then(i -> i.getArgumentAt(0, String.class));
    mockStatic(OAuth2Util.class);
    spy(EndpointUtil.class);
    doReturn("sampleId").when(EndpointUtil.class, "getAppIdFromClientId", anyString());
    mockStatic(SessionDataCache.class);
    when(SessionDataCache.getInstance()).thenReturn(mockedSessionDataCache);
    if (cacheEntryExists) {
        when(mockedSessionDataCache.getValueFromCache(any(SessionDataCacheKey.class))).thenReturn(mockedSessionDataCacheEntry);
        when(mockedSessionDataCacheEntry.getQueryString()).thenReturn(queryString);
        when(mockedSessionDataCacheEntry.getLoggedInUser()).thenReturn(user);
        when(mockedSessionDataCacheEntry.getEndpointParams()).thenReturn(new HashMap<>());
    } else {
        when(mockedSessionDataCache.getValueFromCache(any(SessionDataCacheKey.class))).thenReturn(null);
    }
    EndpointUtil.setOAuthAdminService(mockedOAuthAdminService);
    when(mockedOAuthAdminService.getScopeNames()).thenReturn(new String[0]);
    JDBCPermissionBasedInternalScopeValidator scopeValidatorSpy = PowerMockito.spy(new JDBCPermissionBasedInternalScopeValidator());
    doNothing().when(scopeValidatorSpy, method(JDBCPermissionBasedInternalScopeValidator.class, "endTenantFlow")).withNoArguments();
    when(scopeValidatorSpy, method(JDBCPermissionBasedInternalScopeValidator.class, "getUserAllowedScopes", AuthenticatedUser.class, String[].class, String.class)).withArguments(any(AuthenticatedUser.class), any(), anyString()).thenReturn(getScopeList());
    PowerMockito.whenNew(JDBCPermissionBasedInternalScopeValidator.class).withNoArguments().thenReturn(scopeValidatorSpy);
    String consentUrl;
    try {
        consentUrl = EndpointUtil.getUserConsentURL(parameters, username, sessionDataKey, isOIDC);
        if (isOIDC) {
            Assert.assertTrue(consentUrl.contains(OIDC_CONSENT_PAGE_URL), "Incorrect consent page url for OIDC");
        } else {
            Assert.assertTrue(consentUrl.contains(OAUTH2_CONSENT_PAGE_URL), "Incorrect consent page url for OAuth");
        }
        Assert.assertTrue(consentUrl.contains(URLEncoder.encode(username, "UTF-8")), "loggedInUser parameter value is not found in url");
        Assert.assertTrue(consentUrl.contains(URLEncoder.encode("TestApplication", "ISO-8859-1")), "application parameter value is not found in url");
        List<NameValuePair> nameValuePairList = URLEncodedUtils.parse(consentUrl, StandardCharsets.UTF_8);
        Optional<NameValuePair> optionalScope = nameValuePairList.stream().filter(nameValuePair -> nameValuePair.getName().equals("scope")).findAny();
        Assert.assertTrue(optionalScope.isPresent());
        NameValuePair scopeNameValuePair = optionalScope.get();
        String[] scopeArray = scopeNameValuePair.getValue().split(" ");
        Assert.assertTrue(ArrayUtils.contains(scopeArray, "scope2"), "scope parameter value " + "is not found in url");
        Assert.assertTrue(ArrayUtils.contains(scopeArray, "internal_login"), "internal_login " + "scope parameter value is not found in url");
        Assert.assertFalse(ArrayUtils.contains(scopeArray, "SYSTEM"), "SYSTEM scope" + "parameter should not contain in the url.");
        if (queryString != null && cacheEntryExists) {
            Assert.assertTrue(consentUrl.contains(queryString), "spQueryParams value is not found in url");
        }
    } catch (OAuthSystemException e) {
        Assert.assertTrue(e.getMessage().contains("Error while retrieving the application name"));
    }
}
Also used : OAuthServerConfiguration(org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration) Scope(org.wso2.carbon.identity.oauth2.bean.Scope) Arrays(java.util.Arrays) DefaultOIDCProcessor(org.wso2.carbon.identity.discovery.DefaultOIDCProcessor) SessionDataCacheKey(org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey) OAuth2ScopeConsentResponse(org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse) Test(org.testng.annotations.Test) ServiceURL(org.wso2.carbon.identity.core.ServiceURL) PowerMockito.doNothing(org.powermock.api.mockito.PowerMockito.doNothing) AuthenticationRequestCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry) Map(java.util.Map) URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException) Matchers.anyInt(org.mockito.Matchers.anyInt) SessionDataCacheEntry(org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry) PowerMockito.whenNew(org.powermock.api.mockito.PowerMockito.whenNew) OAuthAdminServiceImpl(org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl) JDBCPermissionBasedInternalScopeValidator(org.wso2.carbon.identity.oauth2.validators.JDBCPermissionBasedInternalScopeValidator) ServiceURLBuilder(org.wso2.carbon.identity.core.ServiceURLBuilder) OAuth2Util(org.wso2.carbon.identity.oauth2.util.OAuth2Util) OAuthClientException(org.wso2.carbon.identity.oauth.common.exception.OAuthClientException) OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) OAuthASResponse(org.apache.oltu.oauth2.as.response.OAuthASResponse) Set(java.util.Set) PowerMockito.doReturn(org.powermock.api.mockito.PowerMockito.doReturn) HashedMap(org.apache.commons.collections.map.HashedMap) StandardCharsets(java.nio.charset.StandardCharsets) Matchers.any(org.mockito.Matchers.any) List(java.util.List) PowerMockito.mock(org.powermock.api.mockito.PowerMockito.mock) OAuth2Service(org.wso2.carbon.identity.oauth2.OAuth2Service) Matchers.anyMap(org.mockito.Matchers.anyMap) URLEncodedUtils(org.apache.http.client.utils.URLEncodedUtils) Modifier(java.lang.reflect.Modifier) PowerMockito.doAnswer(org.powermock.api.mockito.PowerMockito.doAnswer) Optional(java.util.Optional) OIDCProcessor(org.wso2.carbon.identity.discovery.OIDCProcessor) NameValuePair(org.apache.http.NameValuePair) FrameworkUtils(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils) MemberMatcher.method(org.powermock.api.support.membermodification.MemberMatcher.method) DefaultOIDCProviderRequestBuilder(org.wso2.carbon.identity.discovery.builders.DefaultOIDCProviderRequestBuilder) OAuth2ScopeService(org.wso2.carbon.identity.oauth2.OAuth2ScopeService) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) DataProvider(org.testng.annotations.DataProvider) PowerMockito.mockStatic(org.powermock.api.mockito.PowerMockito.mockStatic) Mock(org.mockito.Mock) Assert.assertEquals(org.testng.Assert.assertEquals) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) HashMap(java.util.HashMap) Constructor(java.lang.reflect.Constructor) Matchers.anyString(org.mockito.Matchers.anyString) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Answer(org.mockito.stubbing.Answer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) BeforeTest(org.testng.annotations.BeforeTest) HttpServletRequest(javax.servlet.http.HttpServletRequest) Assert(org.testng.Assert) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) Base64Utils(org.apache.axiom.util.base64.Base64Utils) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) LoggerUtils(org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils) MultitenantConstants(org.wso2.carbon.base.MultitenantConstants) SessionDataCache(org.wso2.carbon.identity.oauth.cache.SessionDataCache) WebFingerProcessor(org.wso2.carbon.identity.webfinger.WebFingerProcessor) PowerMockito(org.powermock.api.mockito.PowerMockito) SSOConsentService(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.SSOConsentService) IdentityTenantUtil(org.wso2.carbon.identity.core.util.IdentityTenantUtil) WithCarbonHome(org.wso2.carbon.identity.common.testng.WithCarbonHome) PowerMockito.when(org.powermock.api.mockito.PowerMockito.when) HttpServletResponse(javax.servlet.http.HttpServletResponse) Field(java.lang.reflect.Field) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) ServerConfiguration(org.wso2.carbon.base.ServerConfiguration) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) OAuth2TokenValidationService(org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest) URLEncoder(java.net.URLEncoder) FileBasedConfigurationBuilder(org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder) DefaultWebFingerProcessor(org.wso2.carbon.identity.webfinger.DefaultWebFingerProcessor) PowerMockito.spy(org.powermock.api.mockito.PowerMockito.spy) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) OIDCProviderRequestBuilder(org.wso2.carbon.identity.discovery.builders.OIDCProviderRequestBuilder) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) RequestObjectService(org.wso2.carbon.identity.openidconnect.RequestObjectService) IdentityUtil(org.wso2.carbon.identity.core.util.IdentityUtil) Assert.assertTrue(org.testng.Assert.assertTrue) Log(org.apache.commons.logging.Log) ArrayUtils(org.apache.commons.lang.ArrayUtils) NameValuePair(org.apache.http.NameValuePair) JDBCPermissionBasedInternalScopeValidator(org.wso2.carbon.identity.oauth2.validators.JDBCPermissionBasedInternalScopeValidator) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) Matchers.anyString(org.mockito.Matchers.anyString) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) OAuth2Util(org.wso2.carbon.identity.oauth2.util.OAuth2Util) SessionDataCacheKey(org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Aggregations

OAuth2ScopeConsentResponse (org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse)9 ArrayList (java.util.ArrayList)7 Test (org.testng.annotations.Test)5 BeforeTest (org.testng.annotations.BeforeTest)3 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)2 JDBCPermissionBasedInternalScopeValidator (org.wso2.carbon.identity.oauth2.validators.JDBCPermissionBasedInternalScopeValidator)2 Constructor (java.lang.reflect.Constructor)1 Field (java.lang.reflect.Field)1 Modifier (java.lang.reflect.Modifier)1 URLEncoder (java.net.URLEncoder)1 StandardCharsets (java.nio.charset.StandardCharsets)1 Arrays (java.util.Arrays)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 Optional (java.util.Optional)1 Set (java.util.Set)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial