Example 1 with AuthorizationException
use of uk.nhs.digital.intranet.model.exception.AuthorizationException in project hippo by NHS-digital-website.
the class AccessTokenValveTest method failsGracefullyIfCannotRequestNewAccessToken.
@Test
public void failsGracefullyIfCannotRequestNewAccessToken() throws Exception {
final AccessToken expiredAccessToken = new AccessToken("token", null, -3600);
final AccessToken completeAccessToken = new AccessToken("token", REFRESH_TOKEN, -3600);
when(servletRequest.getCookies()).thenReturn(new Cookie[] { ACCESS_TOKEN_COOKIE, REFRESH_TOKEN_COOKIE });
when(encoder.decode(ENCODED_COOKIE_VALUE)).thenReturn(expiredAccessToken);
when(authorizationProvider.refreshAccessToken(completeAccessToken)).thenThrow(new AuthorizationException(HttpStatus.BAD_REQUEST, new RuntimeException()));
valve.invoke(valveContext);
verify(requestContext).removeAttribute(Constants.ACCESS_TOKEN_PROPERTY_NAME);
verify(servletResponse).addCookie(CookieProvider.EMPTY_ACCESS_TOKEN_COOKIE);
verify(servletResponse).addCookie(CookieProvider.EMPTY_REFRESH_TOKEN_COOKIE);
verify(valveContext).invokeNext();
}
Also used :
AuthorizationException(uk.nhs.digital.intranet.model.exception.AuthorizationException)
AccessToken(uk.nhs.digital.intranet.model.AccessToken)
Test(org.junit.Test)
Example 2 with AuthorizationException
use of uk.nhs.digital.intranet.model.exception.AuthorizationException in project hippo by NHS-digital-website.
the class AccessTokenValveTest method usesNullRefreshTokenIfRefreshTokenCookieNotPresent.
@Test
public void usesNullRefreshTokenIfRefreshTokenCookieNotPresent() throws Exception {
final AccessToken expiredAccessToken = new AccessToken("token", null, -3600);
when(servletRequest.getCookies()).thenReturn(new Cookie[] { ACCESS_TOKEN_COOKIE });
when(encoder.decode(ENCODED_COOKIE_VALUE)).thenReturn(expiredAccessToken);
when(authorizationProvider.refreshAccessToken(expiredAccessToken)).thenThrow(new AuthorizationException(HttpStatus.BAD_REQUEST, new RuntimeException()));
valve.invoke(valveContext);
verify(requestContext).removeAttribute(Constants.ACCESS_TOKEN_PROPERTY_NAME);
verify(servletResponse).addCookie(CookieProvider.EMPTY_ACCESS_TOKEN_COOKIE);
verify(servletResponse).addCookie(CookieProvider.EMPTY_REFRESH_TOKEN_COOKIE);
verify(valveContext).invokeNext();
}
Also used :
AuthorizationException(uk.nhs.digital.intranet.model.exception.AuthorizationException)
AccessToken(uk.nhs.digital.intranet.model.AccessToken)
Test(org.junit.Test)
Example 3 with AuthorizationException
use of uk.nhs.digital.intranet.model.exception.AuthorizationException in project hippo by NHS-digital-website.
the class AccessTokenValve method getNewAccessToken.
private AccessToken getNewAccessToken(final HstRequestContext requestContext, final AccessToken accessToken) throws AuthorizationException {
try {
final String refreshToken = getCookie(requestContext.getServletRequest(), Constants.REFRESH_TOKEN_COOKIE_NAME).map(Cookie::getValue).orElse(null);
final AccessToken completeAccessToken = new AccessToken(accessToken.getToken(), refreshToken, accessToken.getExpirationDate());
final AccessToken newAccessToken = authorizationProvider.refreshAccessToken(completeAccessToken);
final Cookie accessTokenCookie = cookieProvider.getAccessTokenCookie(newAccessToken);
final Cookie refreshTokenCookie = cookieProvider.getRefreshTokenCookie(newAccessToken);
requestContext.getServletResponse().addCookie(accessTokenCookie);
requestContext.getServletResponse().addCookie(refreshTokenCookie);
return newAccessToken;
} catch (final AuthorizationException e) {
LOGGER.error("Received exception with status code {} from Microsoft Graph API when trying to refresh access token.", e.getStatusCode().value(), e.getCause());
throw e;
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthorizationException(uk.nhs.digital.intranet.model.exception.AuthorizationException)
AccessToken(uk.nhs.digital.intranet.model.AccessToken)
Example 4 with AuthorizationException
use of uk.nhs.digital.intranet.model.exception.AuthorizationException in project hippo by NHS-digital-website.
the class AuthenticationResourceTest method redirectsToUriIfCannotRequestAccessToken.
@Test
public void redirectsToUriIfCannotRequestAccessToken() throws Exception {
when(authorizationProvider.processAuthorizationResponse(AUTHORIZATION_CODE)).thenThrow(new AuthorizationException(HttpStatus.BAD_REQUEST, null));
authenticationResource.processResponse(response, AUTHORIZATION_CODE);
verify(response, never()).addCookie(any(Cookie.class));
verify(response).sendRedirect(REDIRECT_URI);
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthorizationException(uk.nhs.digital.intranet.model.exception.AuthorizationException)
Test(org.junit.Test)
Example 5 with AuthorizationException
use of uk.nhs.digital.intranet.model.exception.AuthorizationException in project hippo by NHS-digital-website.
the class AuthenticationResource method processResponse.
@GET
@Path("/response")
public boolean processResponse(@Context HttpServletResponse response, @QueryParam("code") final String authorizationCode) throws IOException {
try {
final AccessToken accessToken = authorizationProvider.processAuthorizationResponse(authorizationCode);
final Cookie accessTokenCookie = cookieProvider.getAccessTokenCookie(accessToken);
final Cookie refreshTokenCookie = cookieProvider.getRefreshTokenCookie(accessToken);
response.addCookie(accessTokenCookie);
response.addCookie(refreshTokenCookie);
} catch (final AuthorizationException e) {
LOGGER.error("Received exception with status code {} from Microsoft Graph API when trying to acquire access token.", e.getStatusCode().value(), e.getCause());
} finally {
response.sendRedirect(redirectUri);
}
return true;
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthorizationException(uk.nhs.digital.intranet.model.exception.AuthorizationException)
AccessToken(uk.nhs.digital.intranet.model.AccessToken)
Aggregations
AuthorizationException (uk.nhs.digital.intranet.model.exception.AuthorizationException)7
AccessToken (uk.nhs.digital.intranet.model.AccessToken)6
Cookie (javax.servlet.http.Cookie)4
Test (org.junit.Test)3
HstRequestContext (org.hippoecm.hst.core.request.HstRequestContext)1
HttpEntity (org.springframework.http.HttpEntity)1
HttpHeaders (org.springframework.http.HttpHeaders)1
LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)1
MultiValueMap (org.springframework.util.MultiValueMap)1
HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)1
TokenResponse (uk.nhs.digital.intranet.json.TokenResponse)1
