Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modify the integration test #18589

Merged
merged 5 commits into from
Dec 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ private void sendAuthorizedPost() throws Exception {
urlParameters.add(new BasicNameValuePair("callbackurl", PLAYGROUND_APP_CALLBACK_URI));
urlParameters.add(new BasicNameValuePair("authorizeEndpoint", OAuth2Constant.APPROVAL_URL));
urlParameters.add(new BasicNameValuePair("authorize", OAuth2Constant.AUTHORIZE_PARAM));
urlParameters.add(new BasicNameValuePair("scope", ""));
urlParameters.add(new BasicNameValuePair("scope", "device_01"));
HttpResponse response = sendPostRequestWithParameters(client, urlParameters,
OAuth2Constant.AUTHORIZED_USER_URL);
Assert.assertNotNull(response, "Authorized response is null");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ public void testSendDeviceAuthorize() throws Exception {

List<NameValuePair> urlParameters = new ArrayList<>();
urlParameters.add(new BasicNameValuePair(CLIENT_ID_PARAM, consumerKey));
urlParameters.add(new BasicNameValuePair(SCOPE_PLAYGROUND_NAME, "device"));
urlParameters.add(new BasicNameValuePair(SCOPE_PLAYGROUND_NAME, "device_01"));
AutomationContext automationContext = new AutomationContext("IDENTITY",
TestUserMode.SUPER_TENANT_ADMIN);
String deviceAuthEndpoint = automationContext.getContextUrls().getBackEndUrl()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ public class OAuth2ServiceClientCredentialTestCase extends OAuth2ServiceAbstract

private CloseableHttpClient client;

private static final String VALID_RANDOM_SCOPE = "device_01";

@DataProvider(name = "configProvider")
public static Object[][] configProvider() {

Expand Down Expand Up @@ -125,7 +127,7 @@ public void testGetTokenUsingClientCredentialsGrant() throws Exception {
ClientID clientID = new ClientID(consumerKey);
Secret clientSecret = new Secret(consumerSecret);
ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret);
Scope scope = new Scope(OAUTH2_SCOPE_OPENID, "xyz");
Scope scope = new Scope(OAUTH2_SCOPE_OPENID, "xyz", VALID_RANDOM_SCOPE);

URI tokenEndpoint = new URI(getTenantQualifiedURL(OAuth2Constant.ACCESS_TOKEN_ENDPOINT, tenantInfo.getDomain()));
TokenRequest request = new TokenRequest(tokenEndpoint, clientAuth, clientCredentialsGrant, scope);
Expand All @@ -143,7 +145,10 @@ public void testGetTokenUsingClientCredentialsGrant() throws Exception {
Assert.assertNotNull(accessToken, "Access Token is null in the token response.");

Scope scopesInResponse = accessTokenResponse.getTokens().getAccessToken().getScope();
Assert.assertTrue(scopesInResponse.contains("xyz"), "Requested scope is missing in the token response");
Assert.assertFalse(scopesInResponse.contains("xyz"), "Not allowed random scope is issued for client credential " +
"grant type.");
Assert.assertTrue(scopesInResponse.contains(VALID_RANDOM_SCOPE), "Allowed random scope is not issued for " +
"client credential grant type.");

// This ensures that openid scopes are not issued for client credential grant type.
Assert.assertFalse(accessTokenResponse instanceof OIDCTokenResponse, "Client credential grant type cannot " +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

package org.wso2.identity.integration.test.oauth2;

import org.apache.commons.lang.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
Expand Down Expand Up @@ -73,6 +74,7 @@ public class OAuth2ServiceImplicitGrantTestCase extends OAuth2ServiceAbstractInt
private final AutomationContext context;
private Tenant tenantInfo;
private String applicationId;
private static final String VALID_SCOPES = "device_01";

@DataProvider(name = "configProvider")
public static Object[][] configProvider() {
Expand Down Expand Up @@ -104,7 +106,7 @@ public void testInit() throws Exception {
.setDefaultRequestConfig(requestConfig)
.setDefaultCookieSpecRegistry(cookieSpecRegistry)
.build();
scopes = "abc";
scopes = "abc " + VALID_SCOPES;
}

@AfterClass(alwaysRun = true)
Expand Down Expand Up @@ -223,7 +225,7 @@ public void testSendApprovalPost() throws Exception {
String urlScopes = DataExtractUtil.extractParamFromURIFragment(locationHeader.getValue(),
OAuth2Constant.OAUTH2_SCOPE);
Assert.assertNotNull(accessToken, "Access token is null.");
Assert.assertEquals(urlScopes, scopes, "Scopes are not equal.");
Assert.assertEquals(urlScopes, VALID_SCOPES, "Scopes are not equal.");
EntityUtils.consume(response.getEntity());
}

Expand All @@ -236,5 +238,7 @@ public void testValidateAccessToken() throws Exception {
username, userPassword);
Assert.assertNotNull(responseObj, "Validate access token failed. response is invalid.");
Assert.assertEquals(responseObj.get("active"), true, "Token Validation failed");
// Only the allowed scopes should be returned and Random Scope should not be returned.
Assert.assertTrue(StringUtils.equals((String) responseObj.get("scope"), VALID_SCOPES), "Scope Validation failed");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ public void testSendAuthorozedPost() throws Exception {
urlParameters.add(new BasicNameValuePair("authorizeEndpoint", OAuth2Constant.APPROVAL_URL));
urlParameters.add(new BasicNameValuePair("authorize", OAuth2Constant.AUTHORIZE_PARAM));
urlParameters.add(new BasicNameValuePair("consumerSecret", consumerSecret));
urlParameters.add(new BasicNameValuePair("scope", "device_01"));

HttpResponse response =
sendPostRequestWithParameters(client, urlParameters, OAuth2Constant.AUTHORIZED_USER_URL);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ public void testMultipleOIDCLogins() throws Exception {

private void testLoginToFirstSession() throws Exception {

initiateAuthorizationRequest(httpClientForFirstSession, OAuth2Constant.OAUTH2_SCOPE_OPENID + " " + "random");
initiateAuthorizationRequest(httpClientForFirstSession, OAuth2Constant.OAUTH2_SCOPE_OPENID + " " + "device_01");
authenticateUser(httpClientForFirstSession);
String authorizationCode = performConsentApproval(httpClientForFirstSession);
accessTokenInFirstSession = generateAuthzCodeAccessToken(authorizationCode, httpClientForFirstSession);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,15 @@
import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider;
import org.wso2.carbon.identity.entitlement.stub.dto.PolicyDTO;
import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;
import org.wso2.identity.integration.common.clients.entitlement.EntitlementPolicyServiceClient;
import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationPatchModel;
import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.AssociatedRolesConfig;
import org.wso2.identity.integration.test.util.Utils;
import org.wso2.identity.integration.test.utils.CarbonUtils;
import org.wso2.identity.integration.test.utils.OAuth2Constant;

import java.io.File;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
Expand All @@ -58,6 +61,7 @@
*/
public class OAuth2XACMLScopeValidatorTestCase extends OAuth2ServiceAbstractIntegrationTest {

private ServerConfigurationManager serverConfigurationManager;
private static final String VALIDATE_SCOPE_BASED_POLICY_ID = "validate_scope_based_policy_template";
private static final String VALID_SCOPE = "SCOPE1";
private static final String INTROSPECT_SCOPE = "internal_application_mgt_view";
Expand Down Expand Up @@ -116,6 +120,16 @@ public class OAuth2XACMLScopeValidatorTestCase extends OAuth2ServiceAbstractInte
@BeforeClass(alwaysRun = true)
public void testInit() throws Exception {

super.init(TestUserMode.SUPER_TENANT_USER);
String carbonHome = Utils.getResidentCarbonHome();
// Disabling dropping unregistered scopes to avoid scope validation failure.
File defaultTomlFile = getDeploymentTomlFile(carbonHome);
File configuredTomlFile = new File(getISResourceLocation() + File.separator
+ "xacml_scope_validator.toml");

serverConfigurationManager = new ServerConfigurationManager(isServer);
serverConfigurationManager.applyConfigurationWithoutRestart(configuredTomlFile, defaultTomlFile, true);
serverConfigurationManager.restartGracefully();
super.init(TestUserMode.SUPER_TENANT_USER);
isLegacyRuntimeEnabled = CarbonUtils.isLegacyAuthzRuntimeEnabled();
entitlementPolicyClient = new EntitlementPolicyServiceClient(backendURL, sessionCookie);
Expand All @@ -126,6 +140,7 @@ public void atEnd() throws Exception {

deleteApplication();
removeOAuthApplicationData();
serverConfigurationManager.restoreToLastConfiguration(false);
consumerKey = null;
consumerSecret = null;
entitlementPolicyClient.removePolicy(VALIDATE_SCOPE_BASED_POLICY_ID);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@
public class Oauth2HashAlgorithmTestCase extends OAuth2ServiceAbstractIntegrationTest {

private String accessToken;
private String sessionDataKeyConsent;
private String sessionDataKey;
private String consumerKey;
private String consumerSecret;
Expand Down Expand Up @@ -163,32 +162,6 @@ public void testSendLoginPost() throws Exception {
EntityUtils.consume(response.getEntity());

response = sendGetRequest(client, locationHeader.getValue());
Map<String, Integer> keyPositionMap = new HashMap<>(1);
keyPositionMap.put("name=\"" + OAuth2Constant.SESSION_DATA_KEY_CONSENT + "\"", 1);
List<DataExtractUtil.KeyValue> keyValues =
DataExtractUtil.extractSessionConsentDataFromResponse(response,
keyPositionMap);
Assert.assertNotNull(keyValues, "SessionDataKeyConsent key value is null");
sessionDataKeyConsent = keyValues.get(0).getValue();
EntityUtils.consume(response.getEntity());

Assert.assertNotNull(sessionDataKeyConsent, "Invalid session key consent.");
}

@Test(groups = "wso2.is", description = "Send approval post request", dependsOnMethods = "testSendLoginPost")
public void testSendApprovalPost() throws Exception {

HttpResponse response = sendApprovalPost(client, sessionDataKeyConsent);
Assert.assertNotNull(response, "Approval response is invalid.");

Header locationHeader =
response.getFirstHeader(OAuth2Constant.HTTP_RESPONSE_HEADER_LOCATION);
Assert.assertNotNull(locationHeader, "Approval Location header is null.");
EntityUtils.consume(response.getEntity());

response = sendPostRequest(client, locationHeader.getValue());
Assert.assertNotNull(response, "Get Activation response is invalid.");

Map<String, Integer> keyPositionMap = new HashMap<>(1);
keyPositionMap.put("Authorization Code", 1);
List<DataExtractUtil.KeyValue> keyValues =
Expand All @@ -201,10 +174,9 @@ public void testSendApprovalPost() throws Exception {
}
Assert.assertNotNull(authorizationCode, "Authorization code is null.");
EntityUtils.consume(response.getEntity());

}

@Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendApprovalPost")
@Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendLoginPost")
public void testGetAccessToken() throws Exception {

HttpResponse response = sendGetAccessTokenPost(client, consumerSecret);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@
public class Oauth2PersistenceProcessorInsertTokenTestCase extends OAuth2ServiceAbstractIntegrationTest {

private String accessToken;
private String sessionDataKeyConsent;
private String sessionDataKey;
private String consumerKey;
private String consumerSecret;
Expand Down Expand Up @@ -163,32 +162,6 @@ public void testSendLoginPost() throws Exception {
EntityUtils.consume(response.getEntity());

response = sendGetRequest(client, locationHeader.getValue());
Map<String, Integer> keyPositionMap = new HashMap<>(1);
keyPositionMap.put("name=\"" + OAuth2Constant.SESSION_DATA_KEY_CONSENT + "\"", 1);
List<DataExtractUtil.KeyValue> keyValues =
DataExtractUtil.extractSessionConsentDataFromResponse(response,
keyPositionMap);
Assert.assertNotNull(keyValues, "SessionDataKeyConsent key value is null");
sessionDataKeyConsent = keyValues.get(0).getValue();
EntityUtils.consume(response.getEntity());

Assert.assertNotNull(sessionDataKeyConsent, "Invalid session key consent.");
}

@Test(groups = "wso2.is", description = "Send approval post request", dependsOnMethods = "testSendLoginPost")
public void testSendApprovalPost() throws Exception {

HttpResponse response = sendApprovalPost(client, sessionDataKeyConsent);
Assert.assertNotNull(response, "Approval response is invalid.");

Header locationHeader =
response.getFirstHeader(OAuth2Constant.HTTP_RESPONSE_HEADER_LOCATION);
Assert.assertNotNull(locationHeader, "Approval Location header is null.");
EntityUtils.consume(response.getEntity());

response = sendPostRequest(client, locationHeader.getValue());
Assert.assertNotNull(response, "Get Activation response is invalid.");

Map<String, Integer> keyPositionMap = new HashMap<>(1);
keyPositionMap.put("Authorization Code", 1);
List<DataExtractUtil.KeyValue> keyValues =
Expand All @@ -201,10 +174,9 @@ public void testSendApprovalPost() throws Exception {
}
Assert.assertNotNull(authorizationCode, "Authorization code is null.");
EntityUtils.consume(response.getEntity());

}

@Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendApprovalPost")
@Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendLoginPost")
public void testGetAccessToken() throws Exception {

HttpResponse response = sendGetAccessTokenPost(client, consumerSecret);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,5 @@ hash = "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"
app_password = "dashboard"

[oauth]
drop_unregistered_scopes = false
allowed_scopes = ["internal_test", "test"]
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
[server]
hostname = "localhost"
node_ip = "127.0.0.1"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"

[super_admin]
username = "admin"
password = "admin"
create_admin_account = true

[user_store]
type = "database_unique_id"

[database.identity_db]
driver = "$env{IDENTITY_DATABASE_DRIVER}"
url = "$env{IDENTITY_DATABASE_URL}"
username = "$env{IDENTITY_DATABASE_USERNAME}"
password = "$env{IDENTITY_DATABASE_PASSWORD}"

[database.shared_db]
driver = "$env{SHARED_DATABASE_DRIVER}"
url = "$env{SHARED_DATABASE_URL}"
username = "$env{SHARED_DATABASE_USERNAME}"
password = "$env{SHARED_DATABASE_PASSWORD}"

[keystore.primary]
file_name = "wso2carbon.jks"
password = "wso2carbon"

[oauth]
drop_unregistered_scopes= false
allowed_scopes= []
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,6 @@
<class name="org.wso2.identity.integration.test.oauth2.OAuth2ServiceRefreshTokenGrantTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.OAuth2RoleClaimTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.OAuth2ScopesTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.OAuth2XACMLScopeValidatorTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.PermissionBasedScopeValidatorTestCase"/>
<class name="org.wso2.identity.integration.test.oidc.OIDCAuthzCodeIdTokenValidationTestCase"/>
<class name="org.wso2.identity.integration.test.oidc.OIDCSPWiseSkipLoginConsentTestCase"/>
Expand Down Expand Up @@ -343,6 +342,7 @@
<class name="org.wso2.identity.integration.test.identity.mgt.UserInformationRecoveryServiceTenantEmailUserTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.Oauth2HashAlgorithmTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.Oauth2PersistenceProcessorInsertTokenTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.OAuth2XACMLScopeValidatorTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.Oauth2PersistenceProcessorTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.OAuth2ServiceJWTGrantTestCase"/>
<class name="org.wso2.identity.integration.test.oauth2.Oauth2TokenRenewalPerRequestTestCase"/>
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2242,7 +2242,7 @@
<properties>

<!--Carbon Identity Framework Version-->
<carbon.identity.framework.version>5.25.626</carbon.identity.framework.version>
<carbon.identity.framework.version>5.25.627</carbon.identity.framework.version>
<carbon.identity.framework.version.range>[5.14.67, 6.0.0]</carbon.identity.framework.version.range>

<!--SAML Common Utils Version-->
Expand Down