diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java index f2ca498b..1afb837e 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java @@ -1,6 +1,10 @@ package it.gov.pagopa.payhub.auth.service; +import it.gov.pagopa.payhub.auth.exception.custom.InvalidGrantTypeException; +import it.gov.pagopa.payhub.auth.service.a2a.ClientCredentialService; +import it.gov.pagopa.payhub.auth.service.a2a.ValidateClientCredentialsService; import it.gov.pagopa.payhub.auth.service.exchange.ExchangeTokenService; +import it.gov.pagopa.payhub.auth.service.exchange.ValidateExternalTokenService; import it.gov.pagopa.payhub.auth.service.logout.LogoutService; import it.gov.pagopa.payhub.auth.service.user.UserService; import it.gov.pagopa.payhub.model.generated.AccessToken; @@ -11,19 +15,25 @@ @Slf4j @Service public class AuthnServiceImpl implements AuthnService { + private final ClientCredentialService clientCredentialService; private final ExchangeTokenService exchangeTokenService; private final UserService userService; private final LogoutService logoutService; - public AuthnServiceImpl(ExchangeTokenService exchangeTokenService, UserService userService, LogoutService logoutService) { - this.exchangeTokenService = exchangeTokenService; - this.userService = userService; - this.logoutService = logoutService; + public AuthnServiceImpl(ClientCredentialService clientCredentialService, ExchangeTokenService exchangeTokenService, UserService userService, LogoutService logoutService) { + this.clientCredentialService = clientCredentialService; + this.exchangeTokenService = exchangeTokenService; + this.userService = userService; + this.logoutService = logoutService; } @Override public AccessToken postToken(String clientId, String grantType, String scope, String subjectToken, String subjectIssuer, String subjectTokenType, String clientSecret) { - return exchangeTokenService.postToken(clientId, grantType, subjectToken, subjectIssuer, subjectTokenType, scope); + return switch (grantType) { + case ValidateExternalTokenService.ALLOWED_GRANT_TYPE -> exchangeTokenService.postToken(clientId, subjectToken, subjectIssuer, subjectTokenType, scope); + case ValidateClientCredentialsService.ALLOWED_GRANT_TYPE -> clientCredentialService.postToken(clientId, scope, clientSecret); + default -> throw new InvalidGrantTypeException("Invalid grantType " + grantType); + }; } @Override diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialService.java new file mode 100644 index 00000000..b5343c80 --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialService.java @@ -0,0 +1,7 @@ +package it.gov.pagopa.payhub.auth.service.a2a; + +import it.gov.pagopa.payhub.model.generated.AccessToken; + +public interface ClientCredentialService { + AccessToken postToken(String clientId, String scope, String clientSecret); +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialServiceImpl.java new file mode 100644 index 00000000..9e000df1 --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialServiceImpl.java @@ -0,0 +1,23 @@ +package it.gov.pagopa.payhub.auth.service.a2a; + +import it.gov.pagopa.payhub.model.generated.AccessToken; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; + +@Service +@Slf4j +public class ClientCredentialServiceImpl implements ClientCredentialService { + + private final ValidateClientCredentialsService validateClientCredentialsService; + + public ClientCredentialServiceImpl(ValidateClientCredentialsService validateClientCredentialsService) { + this.validateClientCredentialsService = validateClientCredentialsService; + } + + @Override + public AccessToken postToken(String clientId, String scope, String clientSecret) { + log.info("Client {} requested authentication with client_credentials grant type and scope {}", clientId, scope); + validateClientCredentialsService.validate(scope, clientSecret); + return AccessToken.builder().accessToken("accessToken").build(); + } +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientService.java index c4356153..1abb977a 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientService.java @@ -1,13 +1,16 @@ package it.gov.pagopa.payhub.auth.service.a2a; +import it.gov.pagopa.payhub.auth.model.Client; import it.gov.pagopa.payhub.model.generated.ClientDTO; import it.gov.pagopa.payhub.model.generated.ClientNoSecretDTO; import java.util.List; +import java.util.Optional; public interface ClientService { ClientDTO registerClient(String clientName, String organizationIpaCode); String getClientSecret(String organizationIpaCode, String clientId); List getClients(String organizationIpaCode); + Optional getClientByClientId(String clientId); } diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java index ebda1341..d4ba9be7 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java @@ -10,6 +10,7 @@ import org.springframework.stereotype.Service; import java.util.List; +import java.util.Optional; @Service @Slf4j @@ -27,7 +28,6 @@ public ClientServiceImpl(ClientRegistrationService clientRegistrationService, Cl @Override public ClientDTO registerClient(String clientName, String organizationIpaCode) { - Client client = clientRegistrationService.registerClient(clientName, organizationIpaCode); return clientMapper.mapToDTO(client); } @@ -44,4 +44,9 @@ public List getClients(String organizationIpaCode) { return clientRetrieverService.getClients(organizationIpaCode); } + public Optional getClientByClientId(String clientId) { + log.info("Retrieving client for {}", clientId); + return clientRetrieverService.getClientByClientId(clientId); + } + } diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsService.java new file mode 100644 index 00000000..fd6960c0 --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsService.java @@ -0,0 +1,32 @@ +package it.gov.pagopa.payhub.auth.service.a2a; + +import it.gov.pagopa.payhub.auth.exception.custom.InvalidExchangeRequestException; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; +import org.springframework.util.StringUtils; + +@Service +@Slf4j +public class ValidateClientCredentialsService { + public static final String ALLOWED_GRANT_TYPE = "client_credentials"; + public static final String ALLOWED_SCOPE = "openid"; + + public void validate(String scope, String clientSecret) { + validateProtocolConfiguration(scope); + validateClientSecret(clientSecret); + log.debug("authorization granted"); + } + + private void validateProtocolConfiguration(String scope) { + if (!ALLOWED_SCOPE.equals(scope)){ + throw new InvalidExchangeRequestException("Invalid scope " + scope); + } + } + + private void validateClientSecret(String clientSecret) { + if (!StringUtils.hasText(clientSecret)) { + throw new InvalidExchangeRequestException("clientSecret is mandatory with client-credentials grant type"); + } + } + +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverService.java index 0d9c9418..d9d46de0 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverService.java @@ -10,6 +10,7 @@ import org.springframework.stereotype.Service; import java.util.List; +import java.util.Optional; @Service @Slf4j @@ -41,4 +42,6 @@ public List getClients(String organizationIpaCode) { .toList(); } + public Optional getClientByClientId(String clientId) { return clientRepository.findById(clientId); } + } diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenService.java index 9455a364..8361b3e4 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenService.java @@ -3,5 +3,5 @@ import it.gov.pagopa.payhub.model.generated.AccessToken; public interface ExchangeTokenService { - AccessToken postToken(String clientId, String grantType, String subjectToken, String subjectIssuer, String subjectTokenType, String scope); + AccessToken postToken(String clientId, String subjectToken, String subjectIssuer, String subjectTokenType, String scope); } diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceImpl.java index aa48932d..7c8cdbc1 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceImpl.java @@ -37,13 +37,13 @@ public ExchangeTokenServiceImpl( } @Override - public AccessToken postToken(String clientId, String grantType, String subjectToken, String subjectIssuer, String subjectTokenType, String scope) { - log.info("Client {} requested to exchange a {} token provided by {} asking for grant type {} and scope {}", - clientId, subjectTokenType, subjectIssuer, grantType, scope); + public AccessToken postToken(String clientId, String subjectToken, String subjectIssuer, String subjectTokenType, String scope) { + log.info("Client {} requested to exchange a {} token provided by {} asking for token-exchange grant type and scope {}", + clientId, subjectTokenType, subjectIssuer, scope); if(SUBJECT_TOKEN_TYPE_FAKE.equals(subjectTokenType)){ return handleFakeAuth(subjectToken, subjectIssuer); } - Map claims = validateExternalTokenService.validate(clientId, grantType, subjectToken, subjectIssuer, subjectTokenType, scope); + Map claims = validateExternalTokenService.validate(clientId, subjectToken, subjectIssuer, subjectTokenType, scope); AccessToken accessToken = accessTokenBuilderService.build(); IamUserInfoDTO iamUser = idTokenClaimsMapper.apply(claims); User registeredUser = iamUserRegistrationService.registerUser(iamUser); diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenService.java index 72b730a5..3e6f1ca0 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenService.java @@ -35,9 +35,9 @@ public ValidateExternalTokenService(@Value("${jwt.audience:}")String allowedAudi this.jwtValidator = jwtValidator; } - public Map validate(String clientId, String grantType, String subjectToken, String subjectIssuer, String subjectTokenType, String scope) { + public Map validate(String clientId, String subjectToken, String subjectIssuer, String subjectTokenType, String scope) { validateClient(clientId); - validateProtocolConfiguration(grantType, subjectTokenType, scope); + validateProtocolConfiguration(subjectTokenType, scope); validateSubjectTokenIssuer(subjectIssuer); Map claims = validateSubjectToken(subjectToken); log.info("SubjectToken authorized"); @@ -50,13 +50,10 @@ public void validateClient(String clientId) { } } - private void validateProtocolConfiguration(String grantType, String subjectTokenType, String scope) { + private void validateProtocolConfiguration(String subjectTokenType, String scope) { if (!StringUtils.hasText(subjectTokenType)) { throw new InvalidExchangeRequestException("subjectTokenType is mandatory with token-exchange grant type"); } - if (!ALLOWED_GRANT_TYPE.equals(grantType)){ - throw new InvalidGrantTypeException("Invalid grantType " + grantType); - } if (!ALLOWED_SUBJECT_TOKEN_TYPE.equals(subjectTokenType)){ throw new InvalidTokenException("Invalid subjectTokenType " + subjectTokenType); } diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java index 343f6d57..503dc713 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java @@ -1,6 +1,10 @@ package it.gov.pagopa.payhub.auth.service; +import it.gov.pagopa.payhub.auth.exception.custom.InvalidGrantTypeException; +import it.gov.pagopa.payhub.auth.service.a2a.ClientCredentialService; +import it.gov.pagopa.payhub.auth.service.a2a.ValidateClientCredentialsService; import it.gov.pagopa.payhub.auth.service.exchange.ExchangeTokenService; +import it.gov.pagopa.payhub.auth.service.exchange.ValidateExternalTokenService; import it.gov.pagopa.payhub.auth.service.logout.LogoutService; import it.gov.pagopa.payhub.auth.service.user.UserService; import it.gov.pagopa.payhub.model.generated.AccessToken; @@ -14,9 +18,13 @@ import org.mockito.Mockito; import org.mockito.junit.jupiter.MockitoExtension; +import static org.junit.jupiter.api.Assertions.assertThrows; + @ExtendWith(MockitoExtension.class) class AuthnServiceTest { + @Mock + private ClientCredentialService clientCredentialService; @Mock private ExchangeTokenService exchangeTokenServiceMock; @Mock @@ -28,15 +36,16 @@ class AuthnServiceTest { @BeforeEach void init(){ - service = new AuthnServiceImpl(exchangeTokenServiceMock, userServiceMock, logoutServiceMock); + service = new AuthnServiceImpl(clientCredentialService, exchangeTokenServiceMock, userServiceMock, logoutServiceMock); } @AfterEach void verifyNotMoreInteractions(){ Mockito.verifyNoMoreInteractions( - exchangeTokenServiceMock, - userServiceMock, - logoutServiceMock + clientCredentialService, + exchangeTokenServiceMock, + userServiceMock, + logoutServiceMock ); } @@ -44,15 +53,15 @@ void verifyNotMoreInteractions(){ void whenPostTokenThenCallExchangeService(){ // Given String clientId="CLIENT_ID"; - String grantType="GRANT_TYPE"; String subjectToken="SUBJECT_TOKEN"; String subjectIssuer="SUBJECT_ISSUER"; String subjectTokenType="SUBJECT_TOKEN_TYPE"; String scope="SCOPE"; String clientSecret = "CLIENT_SECRET"; + String grantType= ValidateExternalTokenService.ALLOWED_GRANT_TYPE; AccessToken expectedResult = new AccessToken(); - Mockito.when(exchangeTokenServiceMock.postToken(clientId, grantType, subjectToken, subjectIssuer, subjectTokenType, scope)) + Mockito.when(exchangeTokenServiceMock.postToken(clientId, subjectToken, subjectIssuer, subjectTokenType, scope)) .thenReturn(expectedResult); // When @@ -62,6 +71,43 @@ void whenPostTokenThenCallExchangeService(){ Assertions.assertSame(expectedResult, result); } + @Test + void whenPostTokenThenCallClientCredentialService(){ + // Given + String clientId="CLIENT_ID"; + String subjectToken="SUBJECT_TOKEN"; + String subjectIssuer="SUBJECT_ISSUER"; + String subjectTokenType="SUBJECT_TOKEN_TYPE"; + String scope="SCOPE"; + String clientSecret = "CLIENT_SECRET"; + + String grantType= ValidateClientCredentialsService.ALLOWED_GRANT_TYPE; + AccessToken expectedResult = new AccessToken(); + Mockito.when(clientCredentialService.postToken(clientId, scope, clientSecret)).thenReturn(expectedResult); + + // When + AccessToken result = service.postToken(clientId, grantType, scope, subjectToken, subjectIssuer, subjectTokenType, clientSecret); + + // Then + Assertions.assertSame(expectedResult, result); + } + + @Test + void whenPostTokenWhenCallClientCredentialServiceThenInvalidGrantTypeException(){ + // Given + String clientId="CLIENT_ID"; + String subjectToken="SUBJECT_TOKEN"; + String subjectIssuer="SUBJECT_ISSUER"; + String subjectTokenType="SUBJECT_TOKEN_TYPE"; + String scope="SCOPE"; + String clientSecret = "CLIENT_SECRET"; + + String grantType="UNEXPECTED_GRANT_TYPE"; + // When, Then + assertThrows(InvalidGrantTypeException.class, () -> + service.postToken(clientId, grantType, scope, subjectToken, subjectIssuer, subjectTokenType, clientSecret)); + } + @Test void whenGetUserInfoThenCallUserService(){ // Given diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialsServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialsServiceTest.java new file mode 100644 index 00000000..7171bdc0 --- /dev/null +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialsServiceTest.java @@ -0,0 +1,39 @@ +package it.gov.pagopa.payhub.auth.service.a2a; + +import it.gov.pagopa.payhub.model.generated.AccessToken; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; + +@ExtendWith(MockitoExtension.class) +class ClientCredentialsServiceTest { + + @Mock + private ValidateClientCredentialsService validateClientCredentialsServiceMock; + private ClientCredentialService service; + + @BeforeEach + void init() { + service = new ClientCredentialServiceImpl(validateClientCredentialsServiceMock); + } + + @Test + void givenValidTokenWhenPostTokenThenSuccess(){ + // Given + String clientId="CLIENT_ID"; + String scope="SCOPE"; + String clientSecret="CLIENT_SECRET"; + + Mockito.doNothing().when(validateClientCredentialsServiceMock).validate(scope, clientSecret); + AccessToken expectedAccessToken = AccessToken.builder().accessToken("accessToken").build(); + //When + AccessToken result = service.postToken(clientId, scope, clientSecret); + //Then + Assertions.assertEquals(expectedAccessToken, result); + } + +} diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceTest.java index cab22443..4020d07e 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceTest.java @@ -16,6 +16,7 @@ import org.mockito.junit.jupiter.MockitoExtension; import java.util.List; +import java.util.Optional; import java.util.UUID; @ExtendWith(MockitoExtension.class) @@ -103,4 +104,17 @@ void givenOrganizationIpaCodeWhenGetClientsThenGetClientNoSecretDTOList() { Assertions.assertEquals(List.of(dto1, dto2), result); } + @Test + void givenClientIdWhenGetClientByClientIdThenInvokeClientService() { + // Given + String clientId = "clientId"; + Client expectedClient = new Client(); + + Mockito.when(clientRetrieverServiceMock.getClientByClientId(clientId)).thenReturn(Optional.of(expectedClient)); + //When + Optional result = service.getClientByClientId(clientId); + // Then + Assertions.assertEquals(Optional.of(expectedClient), result); + } + } diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsServiceTest.java new file mode 100644 index 00000000..6ce5d9e2 --- /dev/null +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsServiceTest.java @@ -0,0 +1,38 @@ +package it.gov.pagopa.payhub.auth.service.a2a; + +import it.gov.pagopa.payhub.auth.exception.custom.InvalidExchangeRequestException; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.InjectMocks; +import org.mockito.junit.jupiter.MockitoExtension; + +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; +import static org.junit.jupiter.api.Assertions.assertThrows; + +@ExtendWith(MockitoExtension.class) +class ValidateClientCredentialsServiceTest { + + @InjectMocks + private ValidateClientCredentialsService service; + + private static final String ALLOWED_CLIENT_SECRET = "CLIENTSECRET"; + + @Test + void givenValidRequestThenOk() { + assertDoesNotThrow(() -> + service.validate(ValidateClientCredentialsService.ALLOWED_SCOPE, ALLOWED_CLIENT_SECRET)); + } + + @Test + void givenInvalidScopeThenInvalidExchangeRequestException() { + assertThrows(InvalidExchangeRequestException.class, () -> + service.validate("UNEXPECTED_SCOPE", ALLOWED_CLIENT_SECRET)); + } + + @Test + void givenNullClientSecretThenInvalidExchangeRequestException() { + assertThrows(InvalidExchangeRequestException.class, () -> + service.validate(ValidateClientCredentialsService.ALLOWED_SCOPE, null)); + } + +} diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverServiceTest.java index bedd29e2..7cba6235 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverServiceTest.java @@ -103,5 +103,23 @@ void givenOrganizationIpaCodeWhenGetClientsThenInvokeClientRetrieverService(){ // Then Assertions.assertEquals(List.of(expectedDto1, expectedDto2), result); } - + + @Test + void givenClientIdWhenFindByIdThenInvokeClientRetrieverService(){ + // Given + String organizationIpaCode = "organizationIpaCode"; + String clientName = "clientName"; + String clientId = organizationIpaCode + clientName; + byte[] encryptedClientSecret = new byte[16]; + new Random().nextBytes(encryptedClientSecret); + Client storedClient = new Client(clientId, clientName, organizationIpaCode, encryptedClientSecret); + + Mockito.when(clientRepositoryMock.findById(clientId)).thenReturn(Optional.of(storedClient)); + + // When + Optional result = service.getClientByClientId(clientId); + + // Then + Assertions.assertEquals(Optional.of(storedClient), result); + } } diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceTest.java index c5e49454..d7654ba8 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ExchangeTokenServiceTest.java @@ -60,14 +60,13 @@ void verifyNotMoreInteractions(){ void givenValidTokenWhenPostTokenThenSuccess(){ // Given String clientId="CLIENT_ID"; - String grantType="GRANT_TYPE"; String subjectToken="SUBJECT_TOKEN"; String subjectIssuer="SUBJECT_ISSUER"; String subjectTokenType="SUBJECT_TOKEN_TYPE"; String scope="SCOPE"; HashMap expectedClaims = new HashMap<>(); - Mockito.when(validateExternalTokenServiceMock.validate(clientId, grantType, subjectToken, subjectIssuer, subjectTokenType, scope)) + Mockito.when(validateExternalTokenServiceMock.validate(clientId, subjectToken, subjectIssuer, subjectTokenType, scope)) .thenReturn(expectedClaims); AccessToken expectedAccessToken = AccessToken.builder().accessToken("accessToken").build(); @@ -83,7 +82,7 @@ void givenValidTokenWhenPostTokenThenSuccess(){ .thenReturn(registeredUser); // When - AccessToken result = service.postToken(clientId, grantType, subjectToken, subjectIssuer, subjectTokenType, scope); + AccessToken result = service.postToken(clientId, subjectToken, subjectIssuer, subjectTokenType, scope); // Then Assertions.assertSame(expectedAccessToken, result); @@ -95,7 +94,6 @@ void givenValidTokenWhenPostTokenThenSuccess(){ void givenValidTokenFakeWhenPostTokenThenSuccess() { // Given String clientId = "CLIENT_ID"; - String grantType = "GRANT_TYPE"; String subjectToken = "SUBJECT_TOKEN"; String subjectIssuer = "SUBJECT_ISSUER"; String subjectTokenType = "FAKE-AUTH"; @@ -110,7 +108,7 @@ void givenValidTokenFakeWhenPostTokenThenSuccess() { .thenReturn(iamUserInfo); // When - AccessToken result = service.postToken(clientId, grantType, subjectToken, subjectIssuer, subjectTokenType, scope); + AccessToken result = service.postToken(clientId, subjectToken, subjectIssuer, subjectTokenType, scope); // Then Assertions.assertSame(expectedAccessToken, result); diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenServiceTest.java index f760a9e6..af34b5ba 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/exchange/ValidateExternalTokenServiceTest.java @@ -59,7 +59,7 @@ void givenValidRequestThenOk() throws Exception { String wireMockUrl = utils.getUrlJwkProvider(); when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE); Mockito.verify(jwtValidator, times(1)).validate(subjectToken, wireMockUrl); } @@ -72,19 +72,7 @@ void givenInvalidClientThenInvalidExchangeClientException() throws Exception { when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidExchangeClientException.class, () -> - validateExternalTokenService.validate("UNEXPECTED_CLIENT_ID", ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); - } - - @Test - void givenInvalidGrantTypeException() throws Exception { - String subjectToken = utils.generateJWK(EXPIRES_AT); - Map claimsMap = createJWKClaims(ALLOWED_SUBECJECT_ISSUER, ALLOWED_AUDIENCE); - - String wireMockUrl = utils.getUrlJwkProvider(); - when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); - - assertThrows(InvalidGrantTypeException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, "UNEXPECTED_GRANT_TYPE", subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate("UNEXPECTED_CLIENT_ID", subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); } @Test @@ -96,7 +84,7 @@ void givenInvalidSubjectTokenIssuerThenInvalidTokenIssuerException() throws Exce when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidTokenIssuerException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, "UNEXPECTED_SUBECJECT_ISSUER", ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, "UNEXPECTED_SUBECJECT_ISSUER", ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); } @Test @@ -108,7 +96,7 @@ void givenInvalidSubjectTypeThenInvalidTokenException() throws Exception { when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidTokenException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, ALLOWED_SUBECJECT_ISSUER, "UNEXPECTED_SUBJECT_TOKEN_TYPE", ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, ALLOWED_SUBECJECT_ISSUER, "UNEXPECTED_SUBJECT_TOKEN_TYPE", ValidateExternalTokenService.ALLOWED_SCOPE)); } @Test @@ -120,7 +108,7 @@ void givenInvalidScopeThenInvalidExchangeRequestException() throws Exception { when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidExchangeRequestException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, "UNEXPECTED_SCOPE")); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, "UNEXPECTED_SCOPE")); } @Test @@ -132,7 +120,7 @@ void givenInvalidIssuerClaimThenInvalidTokenException() throws Exception { when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidTokenException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); } @@ -145,7 +133,7 @@ void givenInvalidAudienceClaimThenInvalidTokenException() throws Exception { when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidTokenException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); } @@ -158,7 +146,7 @@ void givenNullSubjectTokenIssuerThenIllegalArgumentException() throws Exception when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidExchangeRequestException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, null, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, null, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); } @Test @@ -170,11 +158,11 @@ void givenNullSubjectTypeThenIllegalArgumentException() throws Exception { when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidExchangeRequestException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, subjectToken, ALLOWED_SUBECJECT_ISSUER, null, ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, subjectToken, ALLOWED_SUBECJECT_ISSUER, null, ValidateExternalTokenService.ALLOWED_SCOPE)); } @Test - void givenNullSubjectTokenThenIllegalArgumentException() throws Exception { + void givenNullSubjectTokenThenInvalidExchangeRequestException() throws Exception { String subjectToken = utils.generateJWK(EXPIRES_AT); Map claimsMap = createJWKClaims(ALLOWED_SUBECJECT_ISSUER, ALLOWED_AUDIENCE); @@ -182,7 +170,7 @@ void givenNullSubjectTokenThenIllegalArgumentException() throws Exception { when(jwtValidator.validate(subjectToken, wireMockUrl)).thenReturn(claimsMap); assertThrows(InvalidExchangeRequestException.class, () -> - validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, ValidateExternalTokenService.ALLOWED_GRANT_TYPE, null, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); + validateExternalTokenService.validate(ValidateExternalTokenService.ALLOWED_CLIENT_ID, null, ALLOWED_SUBECJECT_ISSUER, ValidateExternalTokenService.ALLOWED_SUBJECT_TOKEN_TYPE, ValidateExternalTokenService.ALLOWED_SCOPE)); } private Map createJWKClaims (String iss, String aud){