Merge pull request #17341 from AnuradhaSK/fix-introspect-test-fail

Fix password grant based token fail to introspect
wso2 · Oct 28, 2023 · ebc3658 · ebc3658
2 parents d0cfa78 + f2d4c54
commit ebc3658
Show file tree

Hide file tree

Showing 5 changed files with 173 additions and 20 deletions.
diff --git a/.../java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceAbstractIntegrationTest.java b/.../java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceAbstractIntegrationTest.java
@@ -933,4 +933,13 @@ public void authorizeSystemAPIs(String applicationId, List<String> apiIdentifier
 			}
 		});
 	}
+
+	public String getRoleV2ResourceId(String roleName, String audienceType, String OrganizationId) throws Exception {
+
+		List<String> roles = restClient.getRoles(roleName, audienceType, OrganizationId);
+		if (roles.size() == 1) {
+			return roles.get(0);
+		}
+		return null;
+	}
 }
diff --git a/...java/org/wso2/identity/integration/test/oauth2/PermissionBasedScopeValidatorTestCase.java b/...java/org/wso2/identity/integration/test/oauth2/PermissionBasedScopeValidatorTestCase.java
@@ -40,29 +40,37 @@
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 import org.wso2.carbon.automation.engine.context.TestUserMode;
+import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationPatchModel;
 import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationResponseModel;
+import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.AssociatedRolesConfig;
 import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.OpenIDConnectConfiguration;
+import org.wso2.identity.integration.test.utils.CarbonUtils;
 import org.wso2.identity.integration.test.utils.OAuth2Constant;
 
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Arrays;
 
 /**
  * Test cases to check the functionality of the Permission based scope validator.
  */
 public class PermissionBasedScopeValidatorTestCase extends OAuth2ServiceAbstractIntegrationTest {
 
     private static final String INTROSPECT_SCOPE = "internal_application_mgt_view";
+    private static final String INTROSPECT_SCOPE_IN_NEW_AUTHZ_RUNTIME = "internal_oauth2_introspect";
     private static final String SYSTEM_SCOPE = "SYSTEM";
     private static final String CALLBACK_URL = "https://localhost/callback";
     private CloseableHttpClient client;
     private String applicationId;
+    private static boolean isLegacyRuntimeEnabled;
 
     @BeforeClass(alwaysRun = true)
     public void testInit() throws Exception {
 
         super.init(TestUserMode.SUPER_TENANT_USER);
+        isLegacyRuntimeEnabled = CarbonUtils.isLegacyAuthzRuntimeEnabled();
         createOauthApplication();
     }
 
@@ -95,7 +103,13 @@ public void testValidateTokenWithoutScope() throws Exception {
             dependsOnMethods = "testValidateTokenWithoutScope")
     public void testValidateTokenWithValidScope() throws Exception {
 
-        Assert.assertTrue(getTokenAndValidate(new Scope(INTROSPECT_SCOPE)), "Introspection endpoint cannot call with the valid scope");
+        if (isLegacyRuntimeEnabled) {
+            Assert.assertTrue(getTokenAndValidate(new Scope(INTROSPECT_SCOPE)),
+                    "Introspection endpoint cannot call with the valid scope");
+        } else {
+            Assert.assertTrue(getTokenAndValidate(new Scope(INTROSPECT_SCOPE_IN_NEW_AUTHZ_RUNTIME)),
+                    "Introspection endpoint cannot call with the valid scope");
+        }
     }
 
     @Test(groups = "wso2.is", description = "Request access token with valid system scope and validate it.",
@@ -165,5 +179,27 @@ private void createOauthApplication() throws Exception {
         Assert.assertNotNull(consumerSecret, "Consumer Secret is null.");
 
         applicationId = application.getId();
+        if (!isLegacyRuntimeEnabled) {
+            // Authorize few system APIs.
+            authorizeSystemAPIs(applicationId,
+                    new ArrayList<>(Arrays.asList("/api/server/v1/tenants", "/scim2/Users", "/oauth2/introspect")));
+            // Associate roles.
+            ApplicationPatchModel applicationPatch = new ApplicationPatchModel();
+            AssociatedRolesConfig associatedRolesConfig =
+                    new AssociatedRolesConfig().allowedAudience(AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION);
+            // Get Roles.
+            String adminRoleId = getRoleV2ResourceId("admin",
+                    AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION.toString().toLowerCase(), null);
+            String everyoneRoleId = getRoleV2ResourceId("everyone",
+                    AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION.toString().toLowerCase(), null);
+            applicationPatch = applicationPatch.associatedRoles(associatedRolesConfig);
+            associatedRolesConfig.addRolesItem(
+                    new org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.Role().id(
+                            adminRoleId));
+            associatedRolesConfig.addRolesItem(
+                    new org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.Role().id(
+                            everyoneRoleId));
+            updateApplication(applicationId, applicationPatch);
+        }
     }
 }
diff --git a/...va/org/wso2/identity/integration/test/oauth2/SystemScopePermissionValidationTestCase.java b/...va/org/wso2/identity/integration/test/oauth2/SystemScopePermissionValidationTestCase.java
@@ -42,7 +42,9 @@
 import org.testng.annotations.Test;
 import org.wso2.carbon.automation.engine.context.AutomationContext;
 import org.wso2.carbon.automation.engine.context.TestUserMode;
+import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationPatchModel;
 import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationResponseModel;
+import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.AssociatedRolesConfig;
 import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.OpenIDConnectConfiguration;
 import org.wso2.identity.integration.test.utils.CarbonUtils;
 import org.wso2.identity.integration.test.utils.DataExtractUtil;
@@ -128,6 +130,23 @@ public void testRegisterApplication() throws Exception {
             // Authorize few system APIs.
             authorizeSystemAPIs(applicationId,
                     new ArrayList<>(Arrays.asList("/api/server/v1/tenants", "/scim2/Users")));
+            // Associate roles.
+            ApplicationPatchModel applicationPatch = new ApplicationPatchModel();
+            AssociatedRolesConfig associatedRolesConfig =
+                    new AssociatedRolesConfig().allowedAudience(AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION);
+            // Get Roles.
+            String adminRoleId = getRoleV2ResourceId("admin",
+                    AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION.toString().toLowerCase(), null);
+            String everyoneRoleId = getRoleV2ResourceId("everyone",
+                    AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION.toString().toLowerCase(), null);
+            applicationPatch = applicationPatch.associatedRoles(associatedRolesConfig);
+            associatedRolesConfig.addRolesItem(
+                    new org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.Role().id(
+                            adminRoleId));
+            associatedRolesConfig.addRolesItem(
+                    new org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.Role().id(
+                            everyoneRoleId));
+            updateApplication(applicationId, applicationPatch);
         }
     }
 
@@ -190,10 +209,8 @@ public void getTokenAndValidate() throws Exception {
             AccessTokenResponse tokenResponse = AccessTokenResponse.parse(tokenHTTPResp);
             Assert.assertNotNull(tokenResponse, "Access token response is null.");
             accessToken = tokenResponse.getTokens().getAccessToken().getValue();
-            if (isLegacyRuntimeEnabled) {
-                String scope = getScopesFromIntrospectionResponse();
-                doTheScopeValidationBasedOnTheTestUserMode(scope, false);
-            }
+            String scope = getScopesFromIntrospectionResponse();
+            doTheScopeValidationBasedOnTheTestUserMode(scope, false);
         } finally {
             client.close();
         }

diff --git a/...tegration/test/rest/api/server/application/management/v1/model/ApplicationPatchModel.java b/...tegration/test/rest/api/server/application/management/v1/model/ApplicationPatchModel.java
@@ -33,6 +33,7 @@ public class ApplicationPatchModel {
     private String imageUrl;
     private String accessUrl;
     private String templateId;
+    private AssociatedRolesConfig associatedRoles;
     private ClaimConfiguration claimConfiguration;
     private AuthenticationSequence authenticationSequence;
     private AdvancedApplicationConfiguration advancedConfigurations;
@@ -46,11 +47,9 @@ public ApplicationPatchModel name(String name) {
         return this;
     }
 
-    @ApiModelProperty(example = "pickup", required = true)
+    @ApiModelProperty(example = "pickup", value = "")
     @JsonProperty("name")
     @Valid
-    @NotNull(message = "Property name cannot be null.")
-    @Pattern(regexp="^[a-zA-Z0-9._-]+(?: [a-zA-Z0-9._-]+)*$")
     public String getName() {
         return name;
     }
@@ -66,7 +65,7 @@ public ApplicationPatchModel description(String description) {
         return this;
     }
 
-    @ApiModelProperty(example = "This is the configuration for Pickup application.")
+    @ApiModelProperty(example = "This is the configuration for Pickup application.", value = "")
     @JsonProperty("description")
     @Valid
     public String getDescription() {
@@ -84,7 +83,7 @@ public ApplicationPatchModel imageUrl(String imageUrl) {
         return this;
     }
 
-    @ApiModelProperty(example = "https://example.com/logo/my-logo.png")
+    @ApiModelProperty(example = "https://example.com/logo/my-logo.png", value = "")
     @JsonProperty("imageUrl")
     @Valid
     public String getImageUrl() {
@@ -102,7 +101,7 @@ public ApplicationPatchModel accessUrl(String accessUrl) {
         return this;
     }
 
-    @ApiModelProperty(example = "https://example.com/accessUrl")
+    @ApiModelProperty(example = "https://example.com/login", value = "")
     @JsonProperty("accessUrl")
     @Valid
     public String getAccessUrl() {
@@ -120,7 +119,7 @@ public ApplicationPatchModel templateId(String templateId) {
         return this;
     }
 
-    @ApiModelProperty(example = "templateId")
+    @ApiModelProperty(example = "adwefi2429asdfdf94444rraf44", value = "")
     @JsonProperty("templateId")
     @Valid
     public String getTemplateId() {
@@ -130,6 +129,24 @@ public void setTemplateId(String templateId) {
         this.templateId = templateId;
     }
 
+    /**
+     **/
+    public ApplicationPatchModel associatedRoles(AssociatedRolesConfig associatedRoles) {
+
+        this.associatedRoles = associatedRoles;
+        return this;
+    }
+
+    @ApiModelProperty(value = "")
+    @JsonProperty("associatedRoles")
+    @Valid
+    public AssociatedRolesConfig getAssociatedRoles() {
+        return associatedRoles;
+    }
+    public void setAssociatedRoles(AssociatedRolesConfig associatedRoles) {
+        this.associatedRoles = associatedRoles;
+    }
+
     /**
      **/
     public ApplicationPatchModel claimConfiguration(ClaimConfiguration claimConfiguration) {
@@ -138,7 +155,7 @@ public ApplicationPatchModel claimConfiguration(ClaimConfiguration claimConfigur
         return this;
     }
 
-    @ApiModelProperty()
+    @ApiModelProperty(value = "")
     @JsonProperty("claimConfiguration")
     @Valid
     public ClaimConfiguration getClaimConfiguration() {
@@ -156,7 +173,7 @@ public ApplicationPatchModel authenticationSequence(AuthenticationSequence authe
         return this;
     }
 
-    @ApiModelProperty()
+    @ApiModelProperty(value = "")
     @JsonProperty("authenticationSequence")
     @Valid
     public AuthenticationSequence getAuthenticationSequence() {
@@ -174,7 +191,7 @@ public ApplicationPatchModel advancedConfigurations(AdvancedApplicationConfigura
         return this;
     }
 
-    @ApiModelProperty()
+    @ApiModelProperty(value = "")
     @JsonProperty("advancedConfigurations")
     @Valid
     public AdvancedApplicationConfiguration getAdvancedConfigurations() {
@@ -192,7 +209,7 @@ public ApplicationPatchModel provisioningConfigurations(ProvisioningConfiguratio
         return this;
     }
 
-    @ApiModelProperty()
+    @ApiModelProperty(value = "")
     @JsonProperty("provisioningConfigurations")
     @Valid
     public ProvisioningConfiguration getProvisioningConfigurations() {
@@ -205,7 +222,7 @@ public void setProvisioningConfigurations(ProvisioningConfiguration provisioning
 
 
     @Override
-    public boolean equals(Object o) {
+    public boolean equals(java.lang.Object o) {
 
         if (this == o) {
             return true;
@@ -219,6 +236,7 @@ public boolean equals(Object o) {
                 Objects.equals(this.imageUrl, applicationPatchModel.imageUrl) &&
                 Objects.equals(this.accessUrl, applicationPatchModel.accessUrl) &&
                 Objects.equals(this.templateId, applicationPatchModel.templateId) &&
+                Objects.equals(this.associatedRoles, applicationPatchModel.associatedRoles) &&
                 Objects.equals(this.claimConfiguration, applicationPatchModel.claimConfiguration) &&
                 Objects.equals(this.authenticationSequence, applicationPatchModel.authenticationSequence) &&
                 Objects.equals(this.advancedConfigurations, applicationPatchModel.advancedConfigurations) &&
@@ -227,7 +245,7 @@ public boolean equals(Object o) {
 
     @Override
     public int hashCode() {
-        return Objects.hash(name, description, imageUrl, accessUrl, templateId, claimConfiguration, authenticationSequence, advancedConfigurations, provisioningConfigurations);
+        return Objects.hash(name, description, imageUrl, accessUrl, templateId, associatedRoles, claimConfiguration, authenticationSequence, advancedConfigurations, provisioningConfigurations);
     }
 
     @Override
@@ -241,6 +259,7 @@ public String toString() {
         sb.append("    imageUrl: ").append(toIndentedString(imageUrl)).append("\n");
         sb.append("    accessUrl: ").append(toIndentedString(accessUrl)).append("\n");
         sb.append("    templateId: ").append(toIndentedString(templateId)).append("\n");
+        sb.append("    associatedRoles: ").append(toIndentedString(associatedRoles)).append("\n");
         sb.append("    claimConfiguration: ").append(toIndentedString(claimConfiguration)).append("\n");
         sb.append("    authenticationSequence: ").append(toIndentedString(authenticationSequence)).append("\n");
         sb.append("    advancedConfigurations: ").append(toIndentedString(advancedConfigurations)).append("\n");
@@ -253,11 +272,11 @@ public String toString() {
      * Convert the given object to string with each line indented by 4 spaces
      * (except the first line).
      */
-    private String toIndentedString(Object o) {
+    private String toIndentedString(java.lang.Object o) {
 
         if (o == null) {
             return "null";
         }
-        return o.toString();
+        return o.toString().replace("\n", "\n");
     }
 }