diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/EmailDomainValidationHandlerTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/EmailDomainValidationHandlerTest.java new file mode 100644 index 000000000000..ae2fe0d6e1e7 --- /dev/null +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/EmailDomainValidationHandlerTest.java @@ -0,0 +1,225 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.application.authentication.framework.handler.request.impl; + +import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.MockitoAnnotations; +import org.testng.Assert; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.identity.application.authentication.framework.AbstractFrameworkTest; +import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; +import org.wso2.carbon.identity.application.authentication.framework.config.loader.UIBasedConfigurationLoader; +import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; +import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig; +import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig; +import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext; +import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException; +import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus; +import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder; +import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; +import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants; +import org.wso2.carbon.identity.application.common.model.ClaimMapping; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.common.testng.WithCarbonHome; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.organization.config.service.OrganizationConfigManager; +import org.wso2.carbon.identity.organization.config.service.model.ConfigProperty; +import org.wso2.carbon.identity.organization.config.service.model.DiscoveryConfig; +import org.wso2.carbon.identity.organization.discovery.service.OrganizationDiscoveryManager; +import org.wso2.carbon.identity.organization.discovery.service.model.OrgDiscoveryAttribute; +import org.wso2.carbon.identity.organization.management.service.OrganizationManager; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.mockStatic; +import static org.mockito.Mockito.when; + +/** + * This class contains the unit tests for {@link EmailDomainValidationHandler} + */ +@WithCarbonHome +public class EmailDomainValidationHandlerTest extends AbstractFrameworkTest { + + private static final String VALID_EMAIL = "user@test.com"; + private static final String INVALID_EMAIL = "user@testInvalid.com"; + private static final String SUPER_ORG_ID = "10084a8d-113f-4211-a0d5-efe36b082211"; + private static final String SUB_ORG_ID = "93d996f9-a5ba-4275-a52b-adaad9eba869"; + public static final String SUPER_ORG_TENANT_DOMAIN = "carbon.super"; + public static final String SUB_ORG_TENANT_DOMAIN = "test"; + public static final String EMAIL_ADDRESS_CLAIM_URI = "http://wso2.org/claims/emailaddress"; + + private MockedStatic carbonContextMockedStatic; + private MockedStatic identityTenantUtil; + @Mock + private OrganizationDiscoveryManager organizationDiscoveryManager; + @Mock + private OrganizationConfigManager organizationConfigManager; + @Mock + OrganizationManager organizationManager; + private CarbonContext carbonContext; + private EmailDomainValidationHandler emailDomainValidationHandler; + private HttpServletRequest request; + private HttpServletResponse response; + private UIBasedConfigurationLoader configurationLoader; + private ServiceProvider sp; + private AutoCloseable mocks; + + @BeforeClass + public void setUp() throws Exception { + + mocks = MockitoAnnotations.openMocks(this); + request = mock(HttpServletRequest.class); + response = mock(HttpServletResponse.class); + configurationLoader = new UIBasedConfigurationLoader(); + + identityTenantUtil = mockStatic(IdentityTenantUtil.class); + + emailDomainValidationHandler = EmailDomainValidationHandler.getInstance(); + sp = getTestServiceProvider("email-domain-validation-sp.xml"); + + FrameworkServiceDataHolder.getInstance().setOrganizationDiscoveryManager(organizationDiscoveryManager); + FrameworkServiceDataHolder.getInstance().setOrganizationConfigManager(organizationConfigManager); + FrameworkServiceDataHolder.getInstance().setOrganizationManager(organizationManager); + + List orgDiscoveryAttributes = new ArrayList<>(); + OrgDiscoveryAttribute orgDiscoveryAttribute = new OrgDiscoveryAttribute(); + orgDiscoveryAttribute.setType("emailDomain"); + orgDiscoveryAttribute.setValues(Collections.singletonList("test.com")); + orgDiscoveryAttributes.add(orgDiscoveryAttribute); + when(organizationDiscoveryManager.getOrganizationDiscoveryAttributes(anyString(), anyBoolean())).thenReturn( + orgDiscoveryAttributes); + + carbonContextMockedStatic = mockStatic(CarbonContext.class); + carbonContext = mock(CarbonContext.class); + carbonContextMockedStatic.when(CarbonContext::getThreadLocalCarbonContext).thenReturn(carbonContext); + when(carbonContext.getTenantDomain()).thenReturn(SUPER_ORG_TENANT_DOMAIN); + } + + @AfterClass + public void tearDown() throws Exception { + + carbonContextMockedStatic.close(); + identityTenantUtil.close(); + mocks.close(); + } + + @Test(description = "Test whether the email domain validation handler is disabled for primary organizations") + public void testIsDisabledForPrimaryOrganizations() throws Exception { + + when(carbonContext.getTenantDomain()).thenReturn(SUPER_ORG_TENANT_DOMAIN); + when(organizationManager.resolveOrganizationId(SUPER_ORG_TENANT_DOMAIN)).thenReturn(SUPER_ORG_ID); + when(organizationManager.isPrimaryOrganization(SUPER_ORG_ID)).thenReturn(true); + Assert.assertFalse(emailDomainValidationHandler.isEnabled(), + "Email domain validation handler should be disabled for primary organizations"); + + } + + @Test(description = "Test whether the email domain validation handler is enabled for sub organizations when " + + "email domain discovery is enabled") + public void testIsEnabledForSubOrganizationsWhenEmailDomainDiscoveryEnabled() throws Exception { + + when(carbonContext.getTenantDomain()).thenReturn(SUB_ORG_TENANT_DOMAIN); + when(organizationManager.resolveOrganizationId(SUB_ORG_TENANT_DOMAIN)).thenReturn(SUB_ORG_ID); + when(organizationManager.isPrimaryOrganization(SUB_ORG_ID)).thenReturn(false); + when(organizationManager.getPrimaryOrganizationId(SUB_ORG_ID)).thenReturn(SUPER_ORG_ID); + when(organizationManager.resolveTenantDomain(SUPER_ORG_ID)).thenReturn(SUPER_ORG_TENANT_DOMAIN); + + identityTenantUtil.when(() -> IdentityTenantUtil.getTenantId(SUPER_ORG_TENANT_DOMAIN)).thenReturn(-1234); + + List configProperties = new ArrayList<>(); + ConfigProperty configProperty = new ConfigProperty("emailDomain.enable", "true"); + configProperties.add(configProperty); + DiscoveryConfig discoveryConfig = new DiscoveryConfig(configProperties); + when(organizationConfigManager.getDiscoveryConfigurationByTenantId(-1234)).thenReturn(discoveryConfig); + + Assert.assertTrue(emailDomainValidationHandler.isEnabled(), + "Email domain validation handler should be enabled for" + + "sub organizations when email domain discovery is enabled"); + } + + @Test(description = "Test if the validation pass with a valid email domain for the authenticated user") + public void testAuthenticatedUserWithValidEmailDomain() throws Exception { + + AuthenticationContext context = buildAuthenticationContext(sp, VALID_EMAIL); + PostAuthnHandlerFlowStatus status = emailDomainValidationHandler.handle(request, response, context); + Assert.assertEquals(status, PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED, + "Expected the email domain validation handler to succeed with a valid email domain"); + } + + @Test(description = "Test if the validation fails with an invalid email domain for the authenticated user", + expectedExceptions = PostAuthenticationFailedException.class) + public void testAuthenticatedUserWithInvalidEmailDomain() throws Exception { + + AuthenticationContext context = buildAuthenticationContext(sp, INVALID_EMAIL); + emailDomainValidationHandler.handle(request, response, context); + } + + private AuthenticationContext buildAuthenticationContext(ServiceProvider sp, String userEmail) throws Exception { + + AuthenticationContext authenticationContext = getAuthenticationContext(sp); + authenticationContext.setProperty(FrameworkConstants.STEP_BASED_SEQUENCE_HANDLER_TRIGGERED, true); + SequenceConfig sequenceConfig = + configurationLoader.getSequenceConfig(authenticationContext, Collections.emptyMap(), sp); + authenticationContext.setSequenceConfig(sequenceConfig); + + FederatedApplicationAuthenticator authenticator = mock(FederatedApplicationAuthenticator.class); + AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig(); + authenticatorConfig.setApplicationAuthenticator(authenticator); + + AuthenticatedUser user = new AuthenticatedUser(); + user.setUserName(userEmail); + user.setAuthenticatedSubjectIdentifier(userEmail); + + Map userAttributes = new HashMap<>(); + userAttributes.put(ClaimMapping.build( + EMAIL_ADDRESS_CLAIM_URI, + EMAIL_ADDRESS_CLAIM_URI, + null, false), userEmail); + + user.setUserAttributes(userAttributes); + + for (Map.Entry entry : sequenceConfig.getStepMap().entrySet()) { + StepConfig stepConfig = entry.getValue(); + stepConfig.setAuthenticatedUser(user); + stepConfig.setAuthenticatedAutenticator(authenticatorConfig); + } + + authenticationContext.setSequenceConfig(sequenceConfig); + + Map unfilteredLocalClaimValues = new HashMap<>(); + unfilteredLocalClaimValues.put(EMAIL_ADDRESS_CLAIM_URI, userEmail); + authenticationContext.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, unfilteredLocalClaimValues); + + return authenticationContext; + } +} diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/email-domain-validation-sp.xml b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/email-domain-validation-sp.xml new file mode 100644 index 000000000000..c513d870defe --- /dev/null +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/email-domain-validation-sp.xml @@ -0,0 +1,55 @@ + + + + 1 + default + Default Service Provider + + + + default + + + + + + + + + 1 + + + BasicMockAuthenticator + basicauth + true + + + true + true + + + + + + + + true + + + diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml index 6a92baeb22da..4209f59bb02e 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml @@ -29,6 +29,7 @@ + diff --git a/pom.xml b/pom.xml index ab9c69d04a59..a297c01b7a79 100644 --- a/pom.xml +++ b/pom.xml @@ -1850,7 +1850,7 @@ ${project.version} [5.14.0, 8.0.0) - 1.0.90 + 1.1.19 1.4.57