From b25fbc772f349fb380dcd7d89f337184ec08a7d3 Mon Sep 17 00:00:00 2001
From: Yasasr1 <yasasramanayaka@gmail.com>
Date: Fri, 6 Dec 2024 10:48:05 +0530
Subject: [PATCH] Add unit tests.

---
 .../EmailDomainValidationHandlerTest.java     | 225 ++++++++++++++++++
 .../impl/email-domain-validation-sp.xml       |  55 +++++
 .../src/test/resources/testng.xml             |   1 +
 pom.xml                                       |   2 +-
 4 files changed, 282 insertions(+), 1 deletion(-)
 create mode 100644 components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/EmailDomainValidationHandlerTest.java
 create mode 100644 components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/email-domain-validation-sp.xml

diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/EmailDomainValidationHandlerTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/EmailDomainValidationHandlerTest.java
new file mode 100644
index 000000000000..ae2fe0d6e1e7
--- /dev/null
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/EmailDomainValidationHandlerTest.java
@@ -0,0 +1,225 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.application.authentication.framework.handler.request.impl;
+
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.MockitoAnnotations;
+import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.identity.application.authentication.framework.AbstractFrameworkTest;
+import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
+import org.wso2.carbon.identity.application.authentication.framework.config.loader.UIBasedConfigurationLoader;
+import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
+import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
+import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
+import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
+import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
+import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus;
+import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
+import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
+import org.wso2.carbon.identity.application.common.model.ClaimMapping;
+import org.wso2.carbon.identity.application.common.model.ServiceProvider;
+import org.wso2.carbon.identity.common.testng.WithCarbonHome;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
+import org.wso2.carbon.identity.organization.config.service.OrganizationConfigManager;
+import org.wso2.carbon.identity.organization.config.service.model.ConfigProperty;
+import org.wso2.carbon.identity.organization.config.service.model.DiscoveryConfig;
+import org.wso2.carbon.identity.organization.discovery.service.OrganizationDiscoveryManager;
+import org.wso2.carbon.identity.organization.discovery.service.model.OrgDiscoveryAttribute;
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.when;
+
+/**
+ * This class contains the unit tests for {@link EmailDomainValidationHandler}
+ */
+@WithCarbonHome
+public class EmailDomainValidationHandlerTest extends AbstractFrameworkTest {
+
+    private static final String VALID_EMAIL = "user@test.com";
+    private static final String INVALID_EMAIL = "user@testInvalid.com";
+    private static final String SUPER_ORG_ID = "10084a8d-113f-4211-a0d5-efe36b082211";
+    private static final String SUB_ORG_ID = "93d996f9-a5ba-4275-a52b-adaad9eba869";
+    public static final String SUPER_ORG_TENANT_DOMAIN = "carbon.super";
+    public static final String SUB_ORG_TENANT_DOMAIN = "test";
+    public static final String EMAIL_ADDRESS_CLAIM_URI = "http://wso2.org/claims/emailaddress";
+
+    private MockedStatic<CarbonContext> carbonContextMockedStatic;
+    private MockedStatic<IdentityTenantUtil> identityTenantUtil;
+    @Mock
+    private OrganizationDiscoveryManager organizationDiscoveryManager;
+    @Mock
+    private OrganizationConfigManager organizationConfigManager;
+    @Mock
+    OrganizationManager organizationManager;
+    private CarbonContext carbonContext;
+    private EmailDomainValidationHandler emailDomainValidationHandler;
+    private HttpServletRequest request;
+    private HttpServletResponse response;
+    private UIBasedConfigurationLoader configurationLoader;
+    private ServiceProvider sp;
+    private AutoCloseable mocks;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+
+        mocks = MockitoAnnotations.openMocks(this);
+        request = mock(HttpServletRequest.class);
+        response = mock(HttpServletResponse.class);
+        configurationLoader = new UIBasedConfigurationLoader();
+
+        identityTenantUtil = mockStatic(IdentityTenantUtil.class);
+
+        emailDomainValidationHandler = EmailDomainValidationHandler.getInstance();
+        sp = getTestServiceProvider("email-domain-validation-sp.xml");
+
+        FrameworkServiceDataHolder.getInstance().setOrganizationDiscoveryManager(organizationDiscoveryManager);
+        FrameworkServiceDataHolder.getInstance().setOrganizationConfigManager(organizationConfigManager);
+        FrameworkServiceDataHolder.getInstance().setOrganizationManager(organizationManager);
+
+        List<OrgDiscoveryAttribute> orgDiscoveryAttributes = new ArrayList<>();
+        OrgDiscoveryAttribute orgDiscoveryAttribute = new OrgDiscoveryAttribute();
+        orgDiscoveryAttribute.setType("emailDomain");
+        orgDiscoveryAttribute.setValues(Collections.singletonList("test.com"));
+        orgDiscoveryAttributes.add(orgDiscoveryAttribute);
+        when(organizationDiscoveryManager.getOrganizationDiscoveryAttributes(anyString(), anyBoolean())).thenReturn(
+                orgDiscoveryAttributes);
+
+        carbonContextMockedStatic = mockStatic(CarbonContext.class);
+        carbonContext = mock(CarbonContext.class);
+        carbonContextMockedStatic.when(CarbonContext::getThreadLocalCarbonContext).thenReturn(carbonContext);
+        when(carbonContext.getTenantDomain()).thenReturn(SUPER_ORG_TENANT_DOMAIN);
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+
+        carbonContextMockedStatic.close();
+        identityTenantUtil.close();
+        mocks.close();
+    }
+
+    @Test(description = "Test whether the email domain validation handler is disabled for primary organizations")
+    public void testIsDisabledForPrimaryOrganizations() throws Exception {
+
+        when(carbonContext.getTenantDomain()).thenReturn(SUPER_ORG_TENANT_DOMAIN);
+        when(organizationManager.resolveOrganizationId(SUPER_ORG_TENANT_DOMAIN)).thenReturn(SUPER_ORG_ID);
+        when(organizationManager.isPrimaryOrganization(SUPER_ORG_ID)).thenReturn(true);
+        Assert.assertFalse(emailDomainValidationHandler.isEnabled(),
+                "Email domain validation handler should be disabled for primary organizations");
+
+    }
+
+    @Test(description = "Test whether the email domain validation handler is enabled for sub organizations when " +
+            "email domain discovery is enabled")
+    public void testIsEnabledForSubOrganizationsWhenEmailDomainDiscoveryEnabled() throws Exception {
+
+        when(carbonContext.getTenantDomain()).thenReturn(SUB_ORG_TENANT_DOMAIN);
+        when(organizationManager.resolveOrganizationId(SUB_ORG_TENANT_DOMAIN)).thenReturn(SUB_ORG_ID);
+        when(organizationManager.isPrimaryOrganization(SUB_ORG_ID)).thenReturn(false);
+        when(organizationManager.getPrimaryOrganizationId(SUB_ORG_ID)).thenReturn(SUPER_ORG_ID);
+        when(organizationManager.resolveTenantDomain(SUPER_ORG_ID)).thenReturn(SUPER_ORG_TENANT_DOMAIN);
+
+        identityTenantUtil.when(() -> IdentityTenantUtil.getTenantId(SUPER_ORG_TENANT_DOMAIN)).thenReturn(-1234);
+
+        List<ConfigProperty> configProperties = new ArrayList<>();
+        ConfigProperty configProperty = new ConfigProperty("emailDomain.enable", "true");
+        configProperties.add(configProperty);
+        DiscoveryConfig discoveryConfig = new DiscoveryConfig(configProperties);
+        when(organizationConfigManager.getDiscoveryConfigurationByTenantId(-1234)).thenReturn(discoveryConfig);
+
+        Assert.assertTrue(emailDomainValidationHandler.isEnabled(),
+                "Email domain validation handler should be enabled for" +
+                        "sub organizations when email domain discovery is enabled");
+    }
+
+    @Test(description = "Test if the validation pass with a valid email domain for the authenticated user")
+    public void testAuthenticatedUserWithValidEmailDomain() throws Exception {
+
+        AuthenticationContext context = buildAuthenticationContext(sp, VALID_EMAIL);
+        PostAuthnHandlerFlowStatus status = emailDomainValidationHandler.handle(request, response, context);
+        Assert.assertEquals(status, PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED,
+                "Expected the email domain validation handler to succeed with a valid email domain");
+    }
+
+    @Test(description = "Test if the validation fails with an invalid email domain for the authenticated user",
+            expectedExceptions = PostAuthenticationFailedException.class)
+    public void testAuthenticatedUserWithInvalidEmailDomain() throws Exception {
+
+        AuthenticationContext context = buildAuthenticationContext(sp, INVALID_EMAIL);
+        emailDomainValidationHandler.handle(request, response, context);
+    }
+
+    private AuthenticationContext buildAuthenticationContext(ServiceProvider sp, String userEmail) throws Exception {
+
+        AuthenticationContext authenticationContext = getAuthenticationContext(sp);
+        authenticationContext.setProperty(FrameworkConstants.STEP_BASED_SEQUENCE_HANDLER_TRIGGERED, true);
+        SequenceConfig sequenceConfig =
+                configurationLoader.getSequenceConfig(authenticationContext, Collections.emptyMap(), sp);
+        authenticationContext.setSequenceConfig(sequenceConfig);
+
+        FederatedApplicationAuthenticator authenticator = mock(FederatedApplicationAuthenticator.class);
+        AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig();
+        authenticatorConfig.setApplicationAuthenticator(authenticator);
+
+        AuthenticatedUser user = new AuthenticatedUser();
+        user.setUserName(userEmail);
+        user.setAuthenticatedSubjectIdentifier(userEmail);
+
+        Map<ClaimMapping, String> userAttributes = new HashMap<>();
+        userAttributes.put(ClaimMapping.build(
+                EMAIL_ADDRESS_CLAIM_URI,
+                EMAIL_ADDRESS_CLAIM_URI,
+                null, false), userEmail);
+
+        user.setUserAttributes(userAttributes);
+
+        for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
+            StepConfig stepConfig = entry.getValue();
+            stepConfig.setAuthenticatedUser(user);
+            stepConfig.setAuthenticatedAutenticator(authenticatorConfig);
+        }
+
+        authenticationContext.setSequenceConfig(sequenceConfig);
+
+        Map<String, String> unfilteredLocalClaimValues = new HashMap<>();
+        unfilteredLocalClaimValues.put(EMAIL_ADDRESS_CLAIM_URI, userEmail);
+        authenticationContext.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, unfilteredLocalClaimValues);
+
+        return authenticationContext;
+    }
+}
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/email-domain-validation-sp.xml b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/email-domain-validation-sp.xml
new file mode 100644
index 000000000000..c513d870defe
--- /dev/null
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/email-domain-validation-sp.xml
@@ -0,0 +1,55 @@
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServiceProvider>
+    <ApplicationID>1</ApplicationID>
+    <ApplicationName>default</ApplicationName>
+    <Description>Default Service Provider</Description>
+    <InboundAuthenticationConfig>
+        <InboundAuthenticationRequestConfigs>
+            <InboundAuthenticationRequestConfig>
+                <InboundAuthKey>default</InboundAuthKey>
+                <InboundAuthType></InboundAuthType>
+                <Properties></Properties>
+            </InboundAuthenticationRequestConfig>
+        </InboundAuthenticationRequestConfigs>
+    </InboundAuthenticationConfig>
+    <LocalAndOutBoundAuthenticationConfig>
+        <AuthenticationSteps>
+            <AuthenticationStep>
+                <StepOrder>1</StepOrder>
+                <LocalAuthenticatorConfigs>
+                    <LocalAuthenticatorConfig>
+                        <Name>BasicMockAuthenticator</Name>
+                        <DisplayName>basicauth</DisplayName>
+                        <IsEnabled>true</IsEnabled>
+                    </LocalAuthenticatorConfig>
+                </LocalAuthenticatorConfigs>
+                <SubjectStep>true</SubjectStep>
+                <AttributeStep>true</AttributeStep>
+            </AuthenticationStep>
+        </AuthenticationSteps>
+    </LocalAndOutBoundAuthenticationConfig>
+    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
+    <InboundProvisioningConfig></InboundProvisioningConfig>
+    <OutboundProvisioningConfig></OutboundProvisioningConfig>
+    <ClaimConfig>
+        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
+    </ClaimConfig>
+    <PermissionAndRoleConfig></PermissionAndRoleConfig>
+</ServiceProvider>
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml
index 6a92baeb22da..4209f59bb02e 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml
@@ -29,6 +29,7 @@
             <class name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.SSOConsentServiceImplTest"/>
             <class name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinatorTest"/>
             <class name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.JITProvisioningPostAuthenticationHandlerTest"/>
+            <class name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.EmailDomainValidationHandlerTest"/>
             <class name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.PostAuthAssociationHandlerTest"/>
             <class name="org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandlerTest"/>
             <class name="org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandlerTest"/>
diff --git a/pom.xml b/pom.xml
index ab9c69d04a59..a297c01b7a79 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1850,7 +1850,7 @@
         <carbon.identity.package.export.version>${project.version}</carbon.identity.package.export.version>
         <carbon.identity.package.import.version.range>[5.14.0, 8.0.0)</carbon.identity.package.import.version.range>
 
-        <org.wso2.carbon.identity.organization.management.core.version>1.0.90
+        <org.wso2.carbon.identity.organization.management.core.version>1.1.19
         </org.wso2.carbon.identity.organization.management.core.version>
         <org.wso2.carbon.identity.organization.management.version>1.4.57
         </org.wso2.carbon.identity.organization.management.version>