Search in sources :

Example 1 with AccessTokenStore

use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method shouldReturnAccessTokenInfoWhenAccessTokenIsValid.

@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldReturnAccessTokenInfoWhenAccessTokenIsValid(boolean identityEndpoint) throws JsonProcessingException, AccessTokenException {
    if (identityEndpoint) {
        accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
    }
    when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
    when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
    when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue())));
    AccessTokenInfo accessTokenInfo = validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint);
    assertThat(accessTokenInfo.getAccessTokenStore().getToken(), equalTo(accessToken.getValue()));
    assertThat(accessTokenInfo.getAccessTokenStore().getInternalSubjectId(), equalTo(INTERNAL_SUBJECT.getValue()));
    assertThat(accessTokenInfo.getPublicSubject(), equalTo(SUBJECT.getValue()));
    assertThat(accessTokenInfo.getScopes(), equalTo(SCOPES));
}
Also used : AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 2 with AccessTokenStore

use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis.

@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis(boolean identityEndpoint) throws JsonProcessingException {
    if (identityEndpoint) {
        accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
    }
    when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
    when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
    when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(createSignedAccessTokenWithoutIdentityClaims().getValue(), INTERNAL_SUBJECT.getValue())));
    AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
    assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
    assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
Also used : AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 3 with AccessTokenStore

use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.

the class IdentityServiceTest method shouldThrowExceptionWhenSpotCredentialIsNotFound.

@Test
void shouldThrowExceptionWhenSpotCredentialIsNotFound() {
    AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
    AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
    when(dynamoSpotService.getSpotCredential(accessTokenInfo.getPublicSubject())).thenReturn(Optional.empty());
    AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> identityService.populateIdentityResponse(accessTokenInfo));
    assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
    assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
    verify(dynamoSpotService, never()).removeSpotCredential(accessTokenInfo.getPublicSubject());
}
Also used : AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) Test(org.junit.jupiter.api.Test)

Example 4 with AccessTokenStore

use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.

the class UserInfoServiceTest method shouldPopulateUserInfo.

@Test
void shouldPopulateUserInfo() {
    when(authenticationService.getUserProfileFromSubject(INTERNAL_SUBJECT.getValue())).thenReturn(generateUserprofile());
    AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
    AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
    UserInfo userInfo = userInfoService.populateUserInfo(accessTokenInfo);
    assertEquals(userInfo.getEmailAddress(), EMAIL);
    assertEquals(userInfo.getEmailVerified(), true);
    assertEquals(userInfo.getPhoneNumber(), PHONE_NUMBER);
    assertEquals(userInfo.getPhoneNumberVerified(), true);
}
Also used : AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo) Test(org.junit.jupiter.api.Test)

Example 5 with AccessTokenStore

use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.

the class UserInfoIntegrationTest method shouldCallUserInfoWithAccessTokenAndReturn200.

@Test
public void shouldCallUserInfoWithAccessTokenAndReturn200() throws JsonProcessingException {
    Subject internalSubject = new Subject();
    Subject publicSubject = new Subject();
    LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(10);
    Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
    List<String> scopes = new ArrayList<>();
    scopes.add("email");
    scopes.add("phone");
    scopes.add("openid");
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().claim("scope", scopes).issuer("issuer-id").expirationTime(expiryDate).issueTime(Date.from(LocalDateTime.now().atZone(ZoneId.of("UTC")).toInstant())).claim("client_id", "client-id-one").subject(publicSubject.getValue()).jwtID(UUID.randomUUID().toString()).build();
    SignedJWT signedJWT = tokenSigner.signJwt(claimsSet);
    AccessToken accessToken = new BearerAccessToken(signedJWT.serialize());
    AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), internalSubject.getValue());
    String accessTokenStoreString = new ObjectMapper().writeValueAsString(accessTokenStore);
    redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + publicSubject, accessTokenStoreString, 300L);
    setUpDynamo(internalSubject);
    var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
    assertThat(response, hasStatus(200));
    UserInfo expectedUserInfoResponse = new UserInfo(publicSubject);
    expectedUserInfoResponse.setEmailAddress(TEST_EMAIL_ADDRESS);
    expectedUserInfoResponse.setEmailVerified(true);
    expectedUserInfoResponse.setPhoneNumber(FORMATTED_PHONE_NUMBER);
    expectedUserInfoResponse.setPhoneNumberVerified(true);
    assertThat(response.getBody(), equalTo(expectedUserInfoResponse.toJSONString()));
    assertNoAuditEventsReceived(auditTopic);
}
Also used : LocalDateTime(java.time.LocalDateTime) ArrayList(java.util.ArrayList) UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo) SignedJWT(com.nimbusds.jwt.SignedJWT) Subject(com.nimbusds.oauth2.sdk.id.Subject) Date(java.util.Date) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.jupiter.api.Test) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)

Aggregations

AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)13 Test (org.junit.jupiter.api.Test)9 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)5 AccessTokenInfo (uk.gov.di.authentication.oidc.entity.AccessTokenInfo)5 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)4 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4 SignedJWT (com.nimbusds.jwt.SignedJWT)3 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)3 OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)3 ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)3 Date (java.util.Date)3 AccessTokenException (uk.gov.di.authentication.shared.exceptions.AccessTokenException)3 ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)3 Subject (com.nimbusds.oauth2.sdk.id.Subject)2 UserInfo (com.nimbusds.openid.connect.sdk.claims.UserInfo)2 LocalDateTime (java.time.LocalDateTime)2 ArrayList (java.util.ArrayList)2 MethodSource (org.junit.jupiter.params.provider.MethodSource)2 IdentityResponse (uk.gov.di.authentication.oidc.entity.IdentityResponse)2