Example 1 with AccessTokenStore
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldReturnAccessTokenInfoWhenAccessTokenIsValid.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldReturnAccessTokenInfoWhenAccessTokenIsValid(boolean identityEndpoint) throws JsonProcessingException, AccessTokenException {
if (identityEndpoint) {
accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
}
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue())));
AccessTokenInfo accessTokenInfo = validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint);
assertThat(accessTokenInfo.getAccessTokenStore().getToken(), equalTo(accessToken.getValue()));
assertThat(accessTokenInfo.getAccessTokenStore().getInternalSubjectId(), equalTo(INTERNAL_SUBJECT.getValue()));
assertThat(accessTokenInfo.getPublicSubject(), equalTo(SUBJECT.getValue()));
assertThat(accessTokenInfo.getScopes(), equalTo(SCOPES));
}
Also used :
AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
Example 2 with AccessTokenStore
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis(boolean identityEndpoint) throws JsonProcessingException {
if (identityEndpoint) {
accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
}
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(createSignedAccessTokenWithoutIdentityClaims().getValue(), INTERNAL_SUBJECT.getValue())));
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
Also used :
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
Example 3 with AccessTokenStore
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class IdentityServiceTest method shouldThrowExceptionWhenSpotCredentialIsNotFound.
@Test
void shouldThrowExceptionWhenSpotCredentialIsNotFound() {
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
when(dynamoSpotService.getSpotCredential(accessTokenInfo.getPublicSubject())).thenReturn(Optional.empty());
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> identityService.populateIdentityResponse(accessTokenInfo));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
verify(dynamoSpotService, never()).removeSpotCredential(accessTokenInfo.getPublicSubject());
}
Also used :
AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException)
Test(org.junit.jupiter.api.Test)
Example 4 with AccessTokenStore
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class UserInfoServiceTest method shouldPopulateUserInfo.
@Test
void shouldPopulateUserInfo() {
when(authenticationService.getUserProfileFromSubject(INTERNAL_SUBJECT.getValue())).thenReturn(generateUserprofile());
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
UserInfo userInfo = userInfoService.populateUserInfo(accessTokenInfo);
assertEquals(userInfo.getEmailAddress(), EMAIL);
assertEquals(userInfo.getEmailVerified(), true);
assertEquals(userInfo.getPhoneNumber(), PHONE_NUMBER);
assertEquals(userInfo.getPhoneNumberVerified(), true);
}
Also used :
AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo)
Test(org.junit.jupiter.api.Test)
Example 5 with AccessTokenStore
use of uk.gov.di.authentication.shared.entity.AccessTokenStore in project di-authentication-api by alphagov.
the class UserInfoIntegrationTest method shouldCallUserInfoWithAccessTokenAndReturn200.
@Test
public void shouldCallUserInfoWithAccessTokenAndReturn200() throws JsonProcessingException {
Subject internalSubject = new Subject();
Subject publicSubject = new Subject();
LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(10);
Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
List<String> scopes = new ArrayList<>();
scopes.add("email");
scopes.add("phone");
scopes.add("openid");
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().claim("scope", scopes).issuer("issuer-id").expirationTime(expiryDate).issueTime(Date.from(LocalDateTime.now().atZone(ZoneId.of("UTC")).toInstant())).claim("client_id", "client-id-one").subject(publicSubject.getValue()).jwtID(UUID.randomUUID().toString()).build();
SignedJWT signedJWT = tokenSigner.signJwt(claimsSet);
AccessToken accessToken = new BearerAccessToken(signedJWT.serialize());
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), internalSubject.getValue());
String accessTokenStoreString = new ObjectMapper().writeValueAsString(accessTokenStore);
redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + publicSubject, accessTokenStoreString, 300L);
setUpDynamo(internalSubject);
var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
assertThat(response, hasStatus(200));
UserInfo expectedUserInfoResponse = new UserInfo(publicSubject);
expectedUserInfoResponse.setEmailAddress(TEST_EMAIL_ADDRESS);
expectedUserInfoResponse.setEmailVerified(true);
expectedUserInfoResponse.setPhoneNumber(FORMATTED_PHONE_NUMBER);
expectedUserInfoResponse.setPhoneNumberVerified(true);
assertThat(response.getBody(), equalTo(expectedUserInfoResponse.toJSONString()));
assertNoAuditEventsReceived(auditTopic);
}
Also used :
LocalDateTime(java.time.LocalDateTime)
ArrayList(java.util.ArrayList)
UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Subject(com.nimbusds.oauth2.sdk.id.Subject)
Date(java.util.Date)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)
Aggregations
AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)13
Test (org.junit.jupiter.api.Test)9
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)5
AccessTokenInfo (uk.gov.di.authentication.oidc.entity.AccessTokenInfo)5
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)4
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4
SignedJWT (com.nimbusds.jwt.SignedJWT)3
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)3
OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)3
ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)3
Date (java.util.Date)3
AccessTokenException (uk.gov.di.authentication.shared.exceptions.AccessTokenException)3
ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)3
Subject (com.nimbusds.oauth2.sdk.id.Subject)2
UserInfo (com.nimbusds.openid.connect.sdk.claims.UserInfo)2
LocalDateTime (java.time.LocalDateTime)2
ArrayList (java.util.ArrayList)2
MethodSource (org.junit.jupiter.params.provider.MethodSource)2
IdentityResponse (uk.gov.di.authentication.oidc.entity.IdentityResponse)2
