use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldReturnAccessTokenInfoWhenAccessTokenIsValid.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldReturnAccessTokenInfoWhenAccessTokenIsValid(boolean identityEndpoint) throws JsonProcessingException, AccessTokenException {
if (identityEndpoint) {
accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
}
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue())));
AccessTokenInfo accessTokenInfo = validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint);
assertThat(accessTokenInfo.getAccessTokenStore().getToken(), equalTo(accessToken.getValue()));
assertThat(accessTokenInfo.getAccessTokenStore().getInternalSubjectId(), equalTo(INTERNAL_SUBJECT.getValue()));
assertThat(accessTokenInfo.getPublicSubject(), equalTo(SUBJECT.getValue()));
assertThat(accessTokenInfo.getScopes(), equalTo(SCOPES));
}
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis(boolean identityEndpoint) throws JsonProcessingException {
if (identityEndpoint) {
accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
}
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(createSignedAccessTokenWithoutIdentityClaims().getValue(), INTERNAL_SUBJECT.getValue())));
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class IdentityServiceTest method shouldThrowExceptionWhenSpotCredentialIsNotFound.
@Test
void shouldThrowExceptionWhenSpotCredentialIsNotFound() {
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
when(dynamoSpotService.getSpotCredential(accessTokenInfo.getPublicSubject())).thenReturn(Optional.empty());
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> identityService.populateIdentityResponse(accessTokenInfo));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
verify(dynamoSpotService, never()).removeSpotCredential(accessTokenInfo.getPublicSubject());
}
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class UserInfoServiceTest method shouldPopulateUserInfo.
@Test
void shouldPopulateUserInfo() {
when(authenticationService.getUserProfileFromSubject(INTERNAL_SUBJECT.getValue())).thenReturn(generateUserprofile());
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
UserInfo userInfo = userInfoService.populateUserInfo(accessTokenInfo);
assertEquals(userInfo.getEmailAddress(), EMAIL);
assertEquals(userInfo.getEmailVerified(), true);
assertEquals(userInfo.getPhoneNumber(), PHONE_NUMBER);
assertEquals(userInfo.getPhoneNumberVerified(), true);
}
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class UserInfoIntegrationTest method shouldCallUserInfoWithAccessTokenAndReturn200.
@Test
public void shouldCallUserInfoWithAccessTokenAndReturn200() throws JsonProcessingException {
Subject internalSubject = new Subject();
Subject publicSubject = new Subject();
LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(10);
Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
List<String> scopes = new ArrayList<>();
scopes.add("email");
scopes.add("phone");
scopes.add("openid");
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().claim("scope", scopes).issuer("issuer-id").expirationTime(expiryDate).issueTime(Date.from(LocalDateTime.now().atZone(ZoneId.of("UTC")).toInstant())).claim("client_id", "client-id-one").subject(publicSubject.getValue()).jwtID(UUID.randomUUID().toString()).build();
SignedJWT signedJWT = tokenSigner.signJwt(claimsSet);
AccessToken accessToken = new BearerAccessToken(signedJWT.serialize());
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), internalSubject.getValue());
String accessTokenStoreString = new ObjectMapper().writeValueAsString(accessTokenStore);
redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + publicSubject, accessTokenStoreString, 300L);
setUpDynamo(internalSubject);
var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
assertThat(response, hasStatus(200));
UserInfo expectedUserInfoResponse = new UserInfo(publicSubject);
expectedUserInfoResponse.setEmailAddress(TEST_EMAIL_ADDRESS);
expectedUserInfoResponse.setEmailVerified(true);
expectedUserInfoResponse.setPhoneNumber(FORMATTED_PHONE_NUMBER);
expectedUserInfoResponse.setPhoneNumberVerified(true);
assertThat(response.getBody(), equalTo(expectedUserInfoResponse.toJSONString()));
assertNoAuditEventsReceived(auditTopic);
}
Aggregations