use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenTokenHasExpired.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenTokenHasExpired(boolean identityEndpoint) throws JOSEException {
accessToken = createSignedExpiredAccessToken();
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenTokenSignatureIsInvalid.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenTokenSignatureIsInvalid(boolean identityEndpoint) {
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(false);
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Unable to validate AccessToken signature"));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenClientIsNotFoundInClientRegistry.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenClientIsNotFoundInClientRegistry(boolean identityEndpoint) {
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.empty());
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Client not found"));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis.
@ParameterizedTest
@MethodSource("identityEndpoint")
void shouldThrowExceptionWhenAccessTokenSentIsNotTheSameAsInRedis(boolean identityEndpoint) throws JsonProcessingException {
if (identityEndpoint) {
accessToken = createSignedAccessTokenWithIdentityClaims(oidcValidClaimsRequest);
}
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(new ObjectMapper().writeValueAsString(new AccessTokenStore(createSignedAccessTokenWithoutIdentityClaims().getValue(), INTERNAL_SUBJECT.getValue())));
AccessTokenException accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), identityEndpoint), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Invalid Access Token"));
assertThat(accessTokenException.getError(), equalTo(BearerTokenError.INVALID_TOKEN));
}
use of uk.gov.di.authentication.shared.exceptions.AccessTokenException in project di-authentication-api by alphagov.
the class IdentityHandlerTest method shouldReturn401WhenBearerTokenIsNotParseable.
@Test
void shouldReturn401WhenBearerTokenIsNotParseable() throws AccessTokenException {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Authorization", "this-is-not-a-valid-token"));
AccessTokenException accessTokenException = new AccessTokenException("Unable to parse AccessToken", INVALID_TOKEN);
when(accessTokenService.parse("this-is-not-a-valid-token", true)).thenThrow(accessTokenException);
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(401));
assertEquals(INVALID_TOKEN_RESPONSE, result.getMultiValueHeaders());
}
Aggregations