Example 66 with Store
use of org.wso2.siddhi.query.api.execution.query.input.store.Store in project carbon-apimgt by wso2.
the class APIStoreImplTestCase method getAllLabels.
@Test(description = "get all labels")
public void getAllLabels() throws Exception {
LabelDAO labelDao = Mockito.mock(LabelDAO.class);
APIStore apiStore = getApiStoreImpl(labelDao);
List<Label> labels = new ArrayList<>();
Label label = new Label.Builder().id("123").name("Default").type("STORE").accessUrls(new ArrayList<>()).build();
labels.add(label);
Mockito.when(labelDao.getLabels()).thenReturn(labels);
List<Label> returnedLabels = apiStore.getAllLabels();
Assert.assertNotNull(returnedLabels);
Mockito.verify(labelDao, Mockito.atLeastOnce()).getLabels();
}Example 67 with Store
use of org.wso2.siddhi.query.api.execution.query.input.store.Store in project carbon-apimgt by wso2.
the class AuthenticatorAPI method callback.
/**
* This is the API which IDP redirects the user after authentication.
*
* @param request Request to call /callback api
* @param appName Name of the application (publisher/store/admin)
* @param authorizationCode Authorization-Code
* @return Response - Response with redirect URL
*/
@OPTIONS
@GET
@Path("/callback/{appName}")
@Produces(MediaType.APPLICATION_JSON)
public Response callback(@Context Request request, @PathParam("appName") String appName, @QueryParam("code") String authorizationCode) {
String grantType = KeyManagerConstants.AUTHORIZATION_CODE_GRANT_TYPE;
try {
AuthenticatorService authenticatorService = AuthenticatorAPIFactory.getInstance().getService();
AuthResponseBean authResponseBean;
Map<String, NewCookie> cookies = new HashMap<>();
Map<String, String> contextPaths = AuthUtil.getContextPaths(appName);
AccessTokenInfo accessTokenInfo = authenticatorService.getTokens(appName, grantType, null, null, null, 0, authorizationCode, null, null);
authResponseBean = authenticatorService.getResponseBeanFromTokenInfo(accessTokenInfo);
authenticatorService.setupAccessTokenParts(cookies, authResponseBean, accessTokenInfo.getAccessToken(), contextPaths, true);
log.debug("Set cookies for {} application.", appName);
if (AuthenticatorConstants.PUBLISHER_APPLICATION.equals(appName) || AuthenticatorConstants.STORE_APPLICATION.equals(appName)) {
URI targetURIForRedirection = authenticatorService.getUIServiceRedirectionURI(appName, authResponseBean);
return Response.status(Response.Status.FOUND).header(HttpHeaders.LOCATION, targetURIForRedirection).cookie(cookies.get(AuthenticatorConstants.Context.REST_API_CONTEXT), cookies.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT)).build();
} else {
URI targetURIForRedirection = authenticatorService.getUIServiceRedirectionURI(appName, null);
return Response.status(Response.Status.FOUND).header(HttpHeaders.LOCATION, targetURIForRedirection).entity(authResponseBean).cookie(cookies.get(AuthenticatorConstants.Context.REST_API_CONTEXT), cookies.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT), cookies.get(AuthenticatorConstants.AUTH_USER)).build();
}
} catch (APIManagementException e) {
ErrorDTO errorDTO = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
log.error(e.getMessage(), e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
} catch (URISyntaxException e) {
log.error(e.getMessage(), e);
return Response.status(e.getIndex()).build();
} catch (UnsupportedEncodingException e) {
log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
}
}
Also used :
HashMap(java.util.HashMap)
ErrorDTO(org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
AuthResponseBean(org.wso2.carbon.apimgt.rest.api.authenticator.utils.bean.AuthResponseBean)
AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
NewCookie(javax.ws.rs.core.NewCookie)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
OPTIONS(javax.ws.rs.OPTIONS)
Example 68 with Store
use of org.wso2.siddhi.query.api.execution.query.input.store.Store in project carbon-apimgt by wso2.
the class AuthenticatorAPI method authenticate.
/**
* This method authenticate the user for store app.
*/
@OPTIONS
@POST
@Path("/token/{appName}")
@Produces(MediaType.APPLICATION_JSON)
@Consumes({ MediaType.APPLICATION_FORM_URLENCODED, MediaType.MULTIPART_FORM_DATA })
public Response authenticate(@Context Request request, @PathParam("appName") String appName, @FormDataParam("username") String userName, @FormDataParam("password") String password, @FormDataParam("assertion") String assertion, @FormDataParam("grant_type") String grantType, @FormDataParam("validity_period") String validityPeriod, @FormDataParam("remember_me") boolean isRememberMe, @FormDataParam("scopes") String scopesList) {
try {
AuthenticatorService authenticatorService = AuthenticatorAPIFactory.getInstance().getService();
IdentityProvider identityProvider = APIManagerFactory.getInstance().getIdentityProvider();
AuthResponseBean authResponseBean;
Map<String, NewCookie> cookies = new HashMap<>();
String refreshToken = null;
if (AuthenticatorConstants.REFRESH_GRANT.equals(grantType)) {
String environmentName = APIMConfigurationService.getInstance().getEnvironmentConfigurations().getEnvironmentLabel();
refreshToken = AuthUtil.extractTokenFromHeaders(request, AuthenticatorConstants.REFRESH_TOKEN_2, environmentName);
if (refreshToken == null) {
ErrorDTO errorDTO = new ErrorDTO();
errorDTO.setCode(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorCode());
errorDTO.setMessage(ExceptionCodes.INVALID_AUTHORIZATION_HEADER.getErrorMessage());
return Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build();
}
}
Map<String, String> contextPaths = AuthUtil.getContextPaths(appName);
AccessTokenInfo accessTokenInfo = authenticatorService.getTokens(appName, grantType, userName, password, refreshToken, Long.parseLong(validityPeriod), null, assertion, identityProvider);
authResponseBean = authenticatorService.getResponseBeanFromTokenInfo(accessTokenInfo);
authenticatorService.setupAccessTokenParts(cookies, authResponseBean, accessTokenInfo.getAccessToken(), contextPaths, false);
String refreshTokenNew = accessTokenInfo.getRefreshToken();
// Refresh token is not set to cookie if remember me is not set.
if (refreshTokenNew != null && (AuthenticatorConstants.REFRESH_GRANT.equals(grantType) || (AuthenticatorConstants.PASSWORD_GRANT.equals(grantType) && isRememberMe))) {
authenticatorService.setupRefreshTokenParts(cookies, refreshTokenNew, contextPaths);
return Response.ok(authResponseBean, MediaType.APPLICATION_JSON).cookie(cookies.get(AuthenticatorConstants.Context.REST_API_CONTEXT), cookies.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT), cookies.get(AuthenticatorConstants.Context.APP_CONTEXT), cookies.get(AuthenticatorConstants.Context.LOGIN_CONTEXT)).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null && request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? "" : request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "").build();
} else {
return Response.ok(authResponseBean, MediaType.APPLICATION_JSON).cookie(cookies.get(AuthenticatorConstants.Context.REST_API_CONTEXT), cookies.get(AuthenticatorConstants.Context.LOGOUT_CONTEXT)).header(AuthenticatorConstants.REFERER_HEADER, (request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null && request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER).equals(request.getHeader(AuthenticatorConstants.REFERER_HEADER))) ? "" : request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) != null ? request.getHeader(AuthenticatorConstants.X_ALT_REFERER_HEADER) : "").build();
}
} catch (APIManagementException e) {
ErrorDTO errorDTO = AuthUtil.getErrorDTO(e.getErrorHandler(), null);
log.error(e.getMessage(), e);
return Response.status(e.getErrorHandler().getHttpStatusCode()).entity(errorDTO).build();
}
}
Also used :
AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
HashMap(java.util.HashMap)
ErrorDTO(org.wso2.carbon.apimgt.rest.api.authenticator.dto.ErrorDTO)
IdentityProvider(org.wso2.carbon.apimgt.core.api.IdentityProvider)
AuthResponseBean(org.wso2.carbon.apimgt.rest.api.authenticator.utils.bean.AuthResponseBean)
NewCookie(javax.ws.rs.core.NewCookie)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
OPTIONS(javax.ws.rs.OPTIONS)
Example 69 with Store
use of org.wso2.siddhi.query.api.execution.query.input.store.Store in project carbon-apimgt by wso2.
the class AuthenticatorServiceTestCase method testGetAuthenticationConfigurationsForPublisher.
@Test
public void testGetAuthenticationConfigurationsForPublisher() throws Exception {
// Happy Path - 200
// // Mocked response object from DCR api
SystemApplicationDao systemApplicationDao = Mockito.mock(SystemApplicationDao.class);
Mockito.when(systemApplicationDao.isConsumerKeyExistForApplication("store")).thenReturn(false);
APIMConfigurationService apimConfigurationService = Mockito.mock(APIMConfigurationService.class);
EnvironmentConfigurations environmentConfigurations = new EnvironmentConfigurations();
Mockito.when(apimConfigurationService.getEnvironmentConfigurations()).thenReturn(environmentConfigurations);
APIMAppConfigurationService apimAppConfigurationService = Mockito.mock(APIMAppConfigurationService.class);
APIMAppConfigurations apimAppConfigurations = new APIMAppConfigurations();
Mockito.when(apimAppConfigurationService.getApimAppConfigurations()).thenReturn(apimAppConfigurations);
OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
oAuthApplicationInfo.setClientId("xxx-client-id-xxx");
oAuthApplicationInfo.setCallBackURL("https://localhost:9292/login/callback/publisher");
// // Expected data object to be passed to the front-end
JsonObject oAuthData = new JsonObject();
String scopes = "apim:api_view apim:api_create apim:api_update apim:api_delete apim:apidef_update " + "apim:api_publish apim:subscription_view apim:subscription_block openid " + "apim:external_services_discover apim:dedicated_gateway";
oAuthData.addProperty(KeyManagerConstants.OAUTH_CLIENT_ID, oAuthApplicationInfo.getClientId());
oAuthData.addProperty(KeyManagerConstants.OAUTH_CALLBACK_URIS, oAuthApplicationInfo.getCallBackURL());
oAuthData.addProperty(KeyManagerConstants.TOKEN_SCOPES, scopes);
oAuthData.addProperty(KeyManagerConstants.AUTHORIZATION_ENDPOINT, "https://localhost:9443/oauth2/authorize");
oAuthData.addProperty(AuthenticatorConstants.SSO_ENABLED, ServiceReferenceHolder.getInstance().getAPIMAppConfiguration().isSsoEnabled());
KeyManager keyManager = Mockito.mock(KeyManager.class);
MultiEnvironmentOverview multiEnvironmentOverview = new MultiEnvironmentOverview();
environmentConfigurations.setMultiEnvironmentOverview(multiEnvironmentOverview);
multiEnvironmentOverview.setEnabled(true);
AuthenticatorService authenticatorService = new AuthenticatorService(keyManager, systemApplicationDao, apimConfigurationService, apimAppConfigurationService);
// // Get data object to be passed to the front-end
Mockito.when(keyManager.createApplication(Mockito.any())).thenReturn(oAuthApplicationInfo);
JsonObject responseOAuthDataObj = authenticatorService.getAuthenticationConfigurations("publisher");
String[] scopesActual = responseOAuthDataObj.get(KeyManagerConstants.TOKEN_SCOPES).toString().split(" ");
String[] scopesExpected = oAuthData.get(KeyManagerConstants.TOKEN_SCOPES).toString().split(" ");
Assert.assertEquals(scopesActual.length, scopesExpected.length);
// Error Path - 500 - When OAuthApplicationInfo is null
JsonObject emptyOAuthDataObj = new JsonObject();
Mockito.when(keyManager.createApplication(Mockito.any())).thenReturn(null);
JsonObject responseEmptyOAuthDataObj = authenticatorService.getAuthenticationConfigurations("publisher");
Assert.assertEquals(responseEmptyOAuthDataObj, emptyOAuthDataObj);
// Error Path - When DCR application creation fails and throws an APIManagementException
Mockito.when(keyManager.createApplication(Mockito.any())).thenThrow(KeyManagementException.class);
try {
authenticatorService.getAuthenticationConfigurations("publisher");
} catch (APIManagementException e) {
Assert.assertEquals(e.getMessage(), "Error while creating the keys for OAuth application : publisher");
}
}
Also used :
JsonObject(com.google.gson.JsonObject)
APIMAppConfigurationService(org.wso2.carbon.apimgt.rest.api.authenticator.configuration.APIMAppConfigurationService)
EnvironmentConfigurations(org.wso2.carbon.apimgt.core.configuration.models.EnvironmentConfigurations)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
OAuthApplicationInfo(org.wso2.carbon.apimgt.core.models.OAuthApplicationInfo)
APIMAppConfigurations(org.wso2.carbon.apimgt.rest.api.authenticator.configuration.models.APIMAppConfigurations)
SystemApplicationDao(org.wso2.carbon.apimgt.core.dao.SystemApplicationDao)
MultiEnvironmentOverview(org.wso2.carbon.apimgt.core.configuration.models.MultiEnvironmentOverview)
KeyManager(org.wso2.carbon.apimgt.core.api.KeyManager)
APIMConfigurationService(org.wso2.carbon.apimgt.core.configuration.APIMConfigurationService)
Test(org.junit.Test)
Example 70 with Store
use of org.wso2.siddhi.query.api.execution.query.input.store.Store in project carbon-apimgt by wso2.
the class AuthenticatorServiceTestCase method testGetTokens.
@Test
public void testGetTokens() throws Exception {
// Happy Path - 200 - Authorization code grant type
APIMConfigurationService apimConfigurationService = Mockito.mock(APIMConfigurationService.class);
EnvironmentConfigurations environmentConfigurations = new EnvironmentConfigurations();
Mockito.when(apimConfigurationService.getEnvironmentConfigurations()).thenReturn(environmentConfigurations);
APIMAppConfigurationService apimAppConfigurationService = Mockito.mock(APIMAppConfigurationService.class);
APIMAppConfigurations apimAppConfigurations = new APIMAppConfigurations();
Mockito.when(apimAppConfigurationService.getApimAppConfigurations()).thenReturn(apimAppConfigurations);
// // Mocked response from DCR endpoint
OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
oAuthApplicationInfo.setClientId("xxx-client-id-xxx");
oAuthApplicationInfo.setClientSecret("xxx-client-secret-xxx");
// // Expected response object from KeyManager
AccessTokenInfo tokenInfo = new AccessTokenInfo();
tokenInfo.setAccessToken("xxx-access-token-xxx");
tokenInfo.setScopes("apim:subscribe openid");
tokenInfo.setRefreshToken("xxx-refresh-token-xxx");
tokenInfo.setIdToken("xxx-id-token-xxx");
tokenInfo.setValidityPeriod(-2L);
KeyManager keyManager = Mockito.mock(KeyManager.class);
SystemApplicationDao systemApplicationDao = Mockito.mock(SystemApplicationDao.class);
Mockito.when(systemApplicationDao.isConsumerKeyExistForApplication("store")).thenReturn(false);
MultiEnvironmentOverview multiEnvironmentOverview = new MultiEnvironmentOverview();
environmentConfigurations.setMultiEnvironmentOverview(multiEnvironmentOverview);
AuthenticatorService authenticatorService = new AuthenticatorService(keyManager, systemApplicationDao, apimConfigurationService, apimAppConfigurationService);
Mockito.when(keyManager.createApplication(Mockito.any())).thenReturn(oAuthApplicationInfo);
// // Actual response - When authorization code is not null
Mockito.when(keyManager.getNewAccessToken(Mockito.any())).thenReturn(tokenInfo);
AccessTokenInfo tokenInfoResponseForValidAuthCode = authenticatorService.getTokens("store", "authorization_code", null, null, null, 0, "xxx-auth-code-xxx", null, null);
Assert.assertEquals(tokenInfoResponseForValidAuthCode, tokenInfo);
// Error Path - 500 - Authorization code grant type
// // When an error occurred - Eg: Access denied
AccessTokenInfo emptyTokenInfo = new AccessTokenInfo();
Mockito.when(keyManager.getNewAccessToken(Mockito.any())).thenReturn(emptyTokenInfo);
AccessTokenInfo tokenInfoResponseForInvalidAuthCode = new AccessTokenInfo();
try {
tokenInfoResponseForInvalidAuthCode = authenticatorService.getTokens("store", "authorization_code", null, null, null, 0, null, null, null);
} catch (APIManagementException e) {
Assert.assertEquals(e.getMessage(), "No Authorization Code available.");
Assert.assertEquals(tokenInfoResponseForInvalidAuthCode, emptyTokenInfo);
}
// Happy Path - 200 - Password grant type
Mockito.when(keyManager.getNewAccessToken(Mockito.any())).thenReturn(tokenInfo);
AccessTokenInfo tokenInfoResponseForPasswordGrant = authenticatorService.getTokens("store", "password", "admin", "admin", null, 0, null, null, null);
Assert.assertEquals(tokenInfoResponseForPasswordGrant, tokenInfo);
// Error Path - When token generation fails and throws APIManagementException
Mockito.when(keyManager.getNewAccessToken(Mockito.any())).thenThrow(KeyManagementException.class).thenReturn(tokenInfo);
try {
authenticatorService.getTokens("store", "password", "admin", "admin", null, 0, null, null, null);
} catch (APIManagementException e) {
Assert.assertEquals(e.getMessage(), "Error while receiving tokens for OAuth application : store");
}
// Happy Path - 200 - Refresh grant type
Mockito.when(keyManager.getNewAccessToken(Mockito.any())).thenReturn(tokenInfo);
AccessTokenInfo tokenInfoResponseForRefreshGrant = authenticatorService.getTokens("store", "refresh_token", null, null, null, 0, null, null, null);
Assert.assertEquals(tokenInfoResponseForPasswordGrant, tokenInfo);
// Happy Path - 200 - JWT grant type
// Multi-Environment Overview configuration
multiEnvironmentOverview.setEnabled(true);
IdentityProvider identityProvider = Mockito.mock(IdentityProvider.class);
String userFromIdentityProvider = "admin-user";
Mockito.when(identityProvider.getIdOfUser(Mockito.anyString())).thenThrow(IdentityProviderException.class);
Mockito.doReturn("xxx-admin-user-id-xxx").when(identityProvider).getIdOfUser(userFromIdentityProvider);
// A valid jwt with user "admin-user"
String idTokenWith_adminUser = "xxx+header+xxx.eyJzdWIiOiJhZG1pbi11c2VyIn0.xxx+signature+xxx";
tokenInfo.setIdToken(idTokenWith_adminUser);
Mockito.when(keyManager.getNewAccessToken(Mockito.any())).thenReturn(tokenInfo);
AccessTokenInfo tokenInfoResponseForValidJWTGrant = authenticatorService.getTokens("store", "urn:ietf:params:oauth:grant-type:jwt-bearer", null, null, null, 0, null, "xxx-assertion-xxx", identityProvider);
Assert.assertEquals(tokenInfoResponseForValidJWTGrant, tokenInfo);
// Error Path - When invalid user in JWT Token
// A valid jwt with user "John"
String idTokenWith_johnUser = "xxx+header+xxx.eyJzdWIiOiJKb2huIn0.xxx+signature+xxx";
tokenInfo.setIdToken(idTokenWith_johnUser);
Mockito.when(keyManager.getNewAccessToken(Mockito.any())).thenReturn(tokenInfo);
try {
AccessTokenInfo tokenInfoResponseForInvalidJWTGrant = authenticatorService.getTokens("store", "urn:ietf:params:oauth:grant-type:jwt-bearer", null, null, null, 0, null, "xxx-assertion-xxx", identityProvider);
Assert.assertEquals(tokenInfoResponseForInvalidJWTGrant, tokenInfo);
} catch (APIManagementException e) {
Assert.assertEquals(e.getMessage(), "User John does not exists in this environment.");
}
}
Also used :
IdentityProvider(org.wso2.carbon.apimgt.core.api.IdentityProvider)
APIMAppConfigurationService(org.wso2.carbon.apimgt.rest.api.authenticator.configuration.APIMAppConfigurationService)
KeyManagementException(org.wso2.carbon.apimgt.core.exception.KeyManagementException)
AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo)
EnvironmentConfigurations(org.wso2.carbon.apimgt.core.configuration.models.EnvironmentConfigurations)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
OAuthApplicationInfo(org.wso2.carbon.apimgt.core.models.OAuthApplicationInfo)
APIMAppConfigurations(org.wso2.carbon.apimgt.rest.api.authenticator.configuration.models.APIMAppConfigurations)
SystemApplicationDao(org.wso2.carbon.apimgt.core.dao.SystemApplicationDao)
MultiEnvironmentOverview(org.wso2.carbon.apimgt.core.configuration.models.MultiEnvironmentOverview)
KeyManager(org.wso2.carbon.apimgt.core.api.KeyManager)
APIMConfigurationService(org.wso2.carbon.apimgt.core.configuration.APIMConfigurationService)
Test(org.junit.Test)
Aggregations
HashMap (java.util.HashMap)25
Test (org.testng.annotations.Test)21
ArrayList (java.util.ArrayList)18
CharonException (org.wso2.charon3.core.exceptions.CharonException)18
SCIMResponse (org.wso2.charon3.core.protocol.SCIMResponse)18
UserManager (org.wso2.charon3.core.extensions.UserManager)15
Produces (javax.ws.rs.Produces)14
ApiOperation (io.swagger.annotations.ApiOperation)12
ApiResponses (io.swagger.annotations.ApiResponses)12
Path (javax.ws.rs.Path)10
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)10
Map (java.util.Map)9
APIStore (org.wso2.carbon.apimgt.core.api.APIStore)8
APIMgtDAOException (org.wso2.carbon.apimgt.core.exception.APIMgtDAOException)8
UserStoreException (org.wso2.carbon.user.api.UserStoreException)8
Consumes (javax.ws.rs.Consumes)7
SiddhiAppRuntime (org.wso2.siddhi.core.SiddhiAppRuntime)7
SiddhiManager (org.wso2.siddhi.core.SiddhiManager)7
Response (feign.Response)6
IOException (java.io.IOException)6
