-
Notifications
You must be signed in to change notification settings - Fork 731
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #21653 from malithie/pre-issue-access-token-action…
…-tests Pre issue access token action tests for failure cases
- Loading branch information
Showing
15 changed files
with
1,786 additions
and
10 deletions.
There are no files selected for viewing
201 changes: 201 additions & 0 deletions
201
...egration/test/actions/PreIssueAccessTokenActionFailureClientCredentialsGrantTestCase.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,201 @@ | ||
/* | ||
* Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). | ||
* | ||
* WSO2 LLC. licenses this file to you under the Apache License, | ||
* Version 2.0 (the "License"); you may not use this file except | ||
* in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.wso2.identity.integration.test.actions; | ||
|
||
import org.apache.http.Header; | ||
import org.apache.http.HttpResponse; | ||
import org.apache.http.NameValuePair; | ||
import org.apache.http.impl.client.CloseableHttpClient; | ||
import org.apache.http.impl.client.HttpClientBuilder; | ||
import org.apache.http.message.BasicHeader; | ||
import org.apache.http.message.BasicNameValuePair; | ||
import org.apache.http.util.EntityUtils; | ||
import org.json.JSONObject; | ||
import org.testng.annotations.AfterClass; | ||
import org.testng.annotations.BeforeClass; | ||
import org.testng.annotations.DataProvider; | ||
import org.testng.annotations.Factory; | ||
import org.testng.annotations.Test; | ||
import org.wso2.carbon.automation.engine.context.TestUserMode; | ||
import org.wso2.identity.integration.test.actions.dataprovider.model.ActionResponse; | ||
import org.wso2.identity.integration.test.actions.dataprovider.model.ExpectedTokenResponse; | ||
import org.wso2.identity.integration.test.actions.mockserver.ActionsMockServer; | ||
import org.wso2.identity.integration.test.rest.api.server.action.management.v1.model.ActionModel; | ||
import org.wso2.identity.integration.test.rest.api.server.action.management.v1.model.AuthenticationType; | ||
import org.wso2.identity.integration.test.rest.api.server.action.management.v1.model.Endpoint; | ||
import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationResponseModel; | ||
import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.OpenIDConnectConfiguration; | ||
import org.wso2.identity.integration.test.utils.FileUtils; | ||
import org.wso2.identity.integration.test.utils.OAuth2Constant; | ||
|
||
import java.io.IOException; | ||
import java.util.ArrayList; | ||
import java.util.Arrays; | ||
import java.util.HashMap; | ||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import static org.testng.Assert.assertEquals; | ||
import static org.testng.Assert.assertNotNull; | ||
import static org.wso2.identity.integration.test.utils.OAuth2Constant.ACCESS_TOKEN_ENDPOINT; | ||
import static org.wso2.identity.integration.test.utils.OAuth2Constant.AUTHORIZATION_HEADER; | ||
|
||
/** | ||
* Tests the pre-issue access token action failure scenarios with password grant type. | ||
*/ | ||
public class PreIssueAccessTokenActionFailureClientCredentialsGrantTestCase extends ActionsBaseTestCase { | ||
|
||
private static final String USERNAME_PROPERTY = "username"; | ||
private static final String PASSWORD_PROPERTY = "password"; | ||
private static final String EXTERNAL_SERVICE_URI = "http://localhost:8587/test/action"; | ||
private static final String PRE_ISSUE_ACCESS_TOKEN_API_PATH = "preIssueAccessToken"; | ||
private static final String MOCK_SERVER_ENDPOINT_RESOURCE_PATH = "/test/action"; | ||
private static final String MOCK_SERVER_AUTH_BASIC_USERNAME = "test"; | ||
private static final String MOCK_SERVER_AUTH_BASIC_PASSWORD = "test"; | ||
private static final String CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials"; | ||
private CloseableHttpClient client; | ||
private List<String> requestedScopes; | ||
private String clientId; | ||
private String clientSecret; | ||
private String actionId; | ||
private String applicationId; | ||
private final TestUserMode userMode; | ||
private ActionsMockServer actionsMockServer; | ||
private final ActionResponse actionResponse; | ||
private final ExpectedTokenResponse expectedTokenResponse; | ||
|
||
@Factory(dataProvider = "testExecutionContextProvider") | ||
public PreIssueAccessTokenActionFailureClientCredentialsGrantTestCase(TestUserMode testUserMode, | ||
ActionResponse actionResponse, | ||
ExpectedTokenResponse expectedTokenResponse) { | ||
|
||
this.userMode = testUserMode; | ||
this.actionResponse = actionResponse; | ||
this.expectedTokenResponse = expectedTokenResponse; | ||
} | ||
|
||
@DataProvider(name = "testExecutionContextProvider") | ||
public static Object[][] getTestExecutionContext() throws Exception { | ||
|
||
return new Object[][]{ | ||
{TestUserMode.SUPER_TENANT_USER, new ActionResponse(200, | ||
FileUtils.readFileInClassPathAsString("actions/response/failure-response.json")), | ||
new ExpectedTokenResponse(400, "Some failure reason", "Some description")}, | ||
{TestUserMode.TENANT_USER, new ActionResponse(200, | ||
FileUtils.readFileInClassPathAsString("actions/response/failure-response.json")), | ||
new ExpectedTokenResponse(400, "Some failure reason", "Some description")}, | ||
{TestUserMode.TENANT_USER, new ActionResponse(500, | ||
FileUtils.readFileInClassPathAsString("actions/response/error-response.json")), | ||
new ExpectedTokenResponse(500, "server_error", "Internal Server Error.")}, | ||
{TestUserMode.TENANT_USER, new ActionResponse(401, "Unauthorized"), | ||
new ExpectedTokenResponse(500, "server_error", "Internal Server Error.")}, | ||
}; | ||
} | ||
|
||
@BeforeClass(alwaysRun = true) | ||
public void testInit() throws Exception { | ||
|
||
super.init(userMode); | ||
client = HttpClientBuilder.create().build(); | ||
|
||
ApplicationResponseModel application = addApplicationWithGrantType(CLIENT_CREDENTIALS_GRANT_TYPE); | ||
applicationId = application.getId(); | ||
OpenIDConnectConfiguration oidcConfig = getOIDCInboundDetailsOfApplication(applicationId); | ||
clientId = oidcConfig.getClientId(); | ||
clientSecret = oidcConfig.getClientSecret(); | ||
actionId = createPreIssueAccessTokenAction(); | ||
|
||
requestedScopes = new ArrayList<>(Arrays.asList("scope_1", "scope_2")); | ||
|
||
actionsMockServer = new ActionsMockServer(); | ||
actionsMockServer.startServer(); | ||
actionsMockServer.setupStub(MOCK_SERVER_ENDPOINT_RESOURCE_PATH, | ||
"Basic " + getBase64EncodedString(MOCK_SERVER_AUTH_BASIC_USERNAME, MOCK_SERVER_AUTH_BASIC_PASSWORD), | ||
actionResponse.getResponseBody(), actionResponse.getStatusCode()); | ||
} | ||
|
||
@AfterClass(alwaysRun = true) | ||
public void atEnd() throws Exception { | ||
|
||
actionsMockServer.stopServer(); | ||
|
||
deleteAction(PRE_ISSUE_ACCESS_TOKEN_API_PATH, actionId); | ||
deleteApp(applicationId); | ||
|
||
restClient.closeHttpClient(); | ||
actionsRestClient.closeHttpClient(); | ||
client.close(); | ||
|
||
actionsMockServer = null; | ||
} | ||
|
||
@Test(groups = "wso2.is", description = "Verify token response when pre-issue access token action fails with " + | ||
"client credentials grant type.") | ||
public void testPreIssueAccessTokenActionFailure() throws Exception { | ||
|
||
HttpResponse response = sendTokenRequestForClientCredentialsGrant(); | ||
|
||
assertNotNull(response); | ||
assertEquals(response.getStatusLine().getStatusCode(), expectedTokenResponse.getStatusCode()); | ||
|
||
String responseString = EntityUtils.toString(response.getEntity(), "UTF-8"); | ||
JSONObject jsonResponse = new JSONObject(responseString); | ||
assertEquals(jsonResponse.getString("error"), expectedTokenResponse.getErrorMessage()); | ||
assertEquals(jsonResponse.getString("error_description"), expectedTokenResponse.getErrorDescription()); | ||
} | ||
|
||
public HttpResponse sendTokenRequestForClientCredentialsGrant() throws Exception { | ||
|
||
List<NameValuePair> parameters = new ArrayList<>(); | ||
parameters.add(new BasicNameValuePair("grant_type", OAuth2Constant.OAUTH2_GRANT_TYPE_CLIENT_CREDENTIALS)); | ||
|
||
String scopes = String.join(" ", requestedScopes); | ||
parameters.add(new BasicNameValuePair("scope", scopes)); | ||
|
||
List<Header> headers = new ArrayList<>(); | ||
headers.add(new BasicHeader(AUTHORIZATION_HEADER, OAuth2Constant.BASIC_HEADER + " " + | ||
getBase64EncodedString(clientId, clientSecret))); | ||
headers.add(new BasicHeader("Content-Type", "application/x-www-form-urlencoded")); | ||
headers.add(new BasicHeader("User-Agent", OAuth2Constant.USER_AGENT)); | ||
|
||
return sendPostRequest(client, headers, parameters, | ||
getTenantQualifiedURL(ACCESS_TOKEN_ENDPOINT, tenantInfo.getDomain())); | ||
} | ||
|
||
private String createPreIssueAccessTokenAction() throws IOException { | ||
|
||
AuthenticationType authenticationType = new AuthenticationType(); | ||
authenticationType.setType(AuthenticationType.TypeEnum.BASIC); | ||
Map<String, Object> authProperties = new HashMap<>(); | ||
authProperties.put(USERNAME_PROPERTY, MOCK_SERVER_AUTH_BASIC_USERNAME); | ||
authProperties.put(PASSWORD_PROPERTY, MOCK_SERVER_AUTH_BASIC_PASSWORD); | ||
authenticationType.setProperties(authProperties); | ||
|
||
Endpoint endpoint = new Endpoint(); | ||
endpoint.setUri(EXTERNAL_SERVICE_URI); | ||
endpoint.setAuthentication(authenticationType); | ||
|
||
ActionModel actionModel = new ActionModel(); | ||
actionModel.setName("Access Token Pre Issue"); | ||
actionModel.setDescription("This is a test pre issue access token type"); | ||
actionModel.setEndpoint(endpoint); | ||
|
||
return createAction(PRE_ISSUE_ACCESS_TOKEN_API_PATH, actionModel); | ||
} | ||
} |
Oops, something went wrong.