Search in sources :

Example 1 with AccessTokenException

use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method shouldThrowExceptionWhenTokenHasExpired.

@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenTokenHasExpired(boolean identityEndpoint) throws JOSEException {
    accessToken = createSignedExpiredAccessToken();
    AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
    assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
    assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
Also used : AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 2 with AccessTokenException

use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method shouldThrowExceptionWhenTokenSignatureIsInvalid.

@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenTokenSignatureIsInvalid(boolean identityEndpoint) {
    when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(false);
    AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
    assertThat(accessTokenException.getMessage(), equalTo("Unable to validate AccessToken signature"));
    assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
Also used : AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 3 with AccessTokenException

use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method shouldThrowExceptionWhenClientIsNotFoundInClientRegistry.

@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenClientIsNotFoundInClientRegistry(boolean identityEndpoint) {
    when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
    when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.empty());
    AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
    assertThat(accessTokenException.getMessage(), equalTo("Client not found"));
    assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
Also used : AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 4 with AccessTokenException

use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis.

@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis(boolean identityEndpoint) throws JsonProcessingException {
    if (identityEndpoint) {
        accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
    }
    when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
    when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
    when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(createSignedAccessTokenWithoutIdentityClaims().getValue(), INTERNAL_SUBJECT.getValue())));
    AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
    assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
    assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
Also used : AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 5 with AccessTokenException

use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.

the class IdentityHandlerTest method shouldReturn401WhenBearerTokenIsNotParseable.

@Test
void shouldReturn401WhenBearerTokenIsNotParseable() throws AccessTokenException {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(Map.of("Authorization", "this-is-not-a-valid-token"));
    AccessTokenException accessTokenException = new AccessTokenException("Unable to parse AccessToken", INVALID_TOKEN);
    when(accessTokenService.parse("this-is-not-a-valid-token", true)).thenThrow(accessTokenException);
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(401));
    assertEquals(INVALID_TOKEN_RESPONSE, result.getMultiValueHeaders());
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Aggregations

AccessTokenException (uk.gov.di.authentication.shared.exceptions.AccessTokenException)15 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)8 MethodSource (org.junit.jupiter.params.provider.MethodSource)7 Test (org.junit.jupiter.api.Test)4 AccessTokenInfo (uk.gov.di.authentication.oidc.entity.AccessTokenInfo)4 AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)3 APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)2 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 UserInfoErrorResponse (com.nimbusds.openid.connect.sdk.UserInfoErrorResponse)2 UserInfo (com.nimbusds.openid.connect.sdk.claims.UserInfo)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)1 ParseException (java.text.ParseException)1 IdentityErrorResponse (uk.gov.di.authentication.oidc.entity.IdentityErrorResponse)1 IdentityResponse (uk.gov.di.authentication.oidc.entity.IdentityResponse)1