Add unit tests for revoke token flow for app audience role update

wso2-extensions · Jan 2, 2025 · c8efd77 · c8efd77
1 parent 74b2650
commit c8efd77
Showing 1 changed file with 132 additions and 4 deletions.
diff --git a/...so2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth/OAuthUtilTest.java b/...so2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth/OAuthUtilTest.java
@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * Copyright (c) 2017-2025, WSO2 LLC. (http://www.wso2.com).
  *
- * WSO2 Inc. licenses this file to you under the Apache License,
+ * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License.
  * You may obtain a copy of the License at
@@ -11,23 +11,56 @@
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
+ * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 package org.wso2.carbon.identity.oauth;
 
 import org.apache.commons.lang.StringUtils;
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.MockitoAnnotations;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
+import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
+import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
+import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
+import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.common.model.User;
+import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
+import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
 import org.wso2.carbon.identity.common.testng.WithCarbonHome;
 import org.wso2.carbon.identity.common.testng.WithRealmService;
 import org.wso2.carbon.identity.oauth.cache.CacheEntry;
 import org.wso2.carbon.identity.oauth.cache.OAuthCache;
 import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
-
+import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
+import org.wso2.carbon.identity.oauth2.dao.AccessTokenDAO;
+import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
+import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
+import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
+import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
+import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
+import org.wso2.carbon.user.api.RealmConfiguration;
+import org.wso2.carbon.user.core.UserStoreManager;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.nullable;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.when;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNotNull;
 import static org.testng.Assert.assertNull;
@@ -40,6 +73,37 @@
 @WithCarbonHome
 @WithRealmService
 public class OAuthUtilTest {
+
+    @Mock
+    RoleManagementService roleManagementService;
+    @Mock
+    ApplicationManagementService applicationManagementService;
+
+    private AutoCloseable closeable;
+    private MockedStatic<OrganizationManagementUtil> organizationManagementUtil;
+    private MockedStatic<OAuthComponentServiceHolder> oAuthComponentServiceHolder;
+    private MockedStatic<OAuth2Util> oAuth2Util;
+    private MockedStatic<OAuthTokenPersistenceFactory> oAuthTokenPersistenceFactory;
+
+    @BeforeMethod
+    public void setUp() throws Exception {
+
+        organizationManagementUtil = mockStatic(OrganizationManagementUtil.class);
+        oAuthComponentServiceHolder = mockStatic(OAuthComponentServiceHolder.class);
+        oAuth2Util = mockStatic(OAuth2Util.class);
+        oAuthTokenPersistenceFactory = mockStatic(OAuthTokenPersistenceFactory.class);
+        closeable = MockitoAnnotations.openMocks(this);
+    }
+
+    @AfterMethod
+    public void tearDown() throws Exception {
+
+        organizationManagementUtil.close();
+        oAuthComponentServiceHolder.close();
+        oAuth2Util.close();
+        oAuthTokenPersistenceFactory.close();
+        closeable.close();
+    }
 
     @DataProvider(name = "testGetAuthenticatedUser")
     public Object[][] fullQualifiedUserName() {
@@ -160,6 +224,70 @@ public void testGetAuthenticatedUserException() throws Exception {
         OAuthUtil.getAuthenticatedUser("");
     }
 
+    @Test
+    public void testRevokeTokensForApplicationAudienceRoles() throws Exception {
+
+        String username = "testUser";
+        String roleId = "testRoleId";
+        String roleName = "testRole";
+        String appId = "testAppId";
+        String clientId = "testClientId";
+        String accessToken = "testAccessToken";
+
+        UserStoreManager userStoreManager = mock(UserStoreManager.class);
+        when(userStoreManager.getTenantId()).thenReturn(-1234);
+        when(userStoreManager.getRealmConfiguration()).thenReturn(mock(RealmConfiguration.class));
+        when(userStoreManager.getRealmConfiguration().getUserStoreProperty(anyString())).thenReturn("PRIMARY");
+
+        when(OrganizationManagementUtil.isOrganization(anyString())).thenReturn(false);
+        when(OAuth2Util.getTenantId(anyString())).thenReturn(-1234);
+
+        OAuthComponentServiceHolder mockOAuthComponentServiceHolder = mock(OAuthComponentServiceHolder.class);
+        when(OAuthComponentServiceHolder.getInstance()).thenReturn(mockOAuthComponentServiceHolder);
+
+        when(mockOAuthComponentServiceHolder.getRoleV2ManagementService()).thenReturn(roleManagementService);
+        RoleBasicInfo roleBasicInfo = new RoleBasicInfo();
+        roleBasicInfo.setId(roleId);
+        roleBasicInfo.setAudience(RoleConstants.APPLICATION);
+        roleBasicInfo.setAudienceId(appId);
+        roleBasicInfo.setName(roleName);
+        when(roleManagementService.getRoleBasicInfoById(roleId, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME))
+                .thenReturn(roleBasicInfo);
+
+        when(mockOAuthComponentServiceHolder.getApplicationManagementService())
+                .thenReturn(applicationManagementService);
+        ServiceProvider serviceProvider = new ServiceProvider();
+        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
+        InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs =
+                new InboundAuthenticationRequestConfig[1];
+        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig =
+                new InboundAuthenticationRequestConfig();
+        inboundAuthenticationRequestConfig.setInboundAuthKey(clientId);
+        inboundAuthenticationRequestConfig.setInboundAuthType(ApplicationConstants.StandardInboundProtocols.OAUTH2);
+        inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig;
+        inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs);
+        serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
+        when(applicationManagementService.getApplicationByResourceId(
+                appId, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)).thenReturn(serviceProvider);
+
+        OAuthTokenPersistenceFactory mockOAuthTokenPersistenceFactory = mock(OAuthTokenPersistenceFactory.class);
+        when(OAuthTokenPersistenceFactory.getInstance()).thenReturn(mockOAuthTokenPersistenceFactory);
+        AccessTokenDAO mockAccessTokenDAO = mock(AccessTokenDAO.class);
+        when(mockOAuthTokenPersistenceFactory.getAccessTokenDAO()).thenReturn(mockAccessTokenDAO);
+        Set<AccessTokenDO> accessTokens = new HashSet<>();
+        AccessTokenDO accessTokenDO = new AccessTokenDO();
+        accessTokenDO.setAccessToken(accessToken);
+        accessTokenDO.setConsumerKey(clientId);
+        accessTokenDO.setScope(new String[]{"default"});
+        accessTokenDO.setAuthzUser(new AuthenticatedUser());
+        accessTokens.add(accessTokenDO);
+        when(mockAccessTokenDAO.getAccessTokens(anyString(),
+                any(AuthenticatedUser.class), nullable(String.class), anyBoolean())).thenReturn(accessTokens);
+
+        boolean result = OAuthUtil.revokeTokens(username, userStoreManager, roleId);
+        assertTrue(result, "Token revocation failed.");
+    }
+
     private OAuthCache getOAuthCache(OAuthCacheKey oAuthCacheKey) {