From 525880f223a483f1bf4c2ee9ba3462ebdf1ef0dd Mon Sep 17 00:00:00 2001 From: Shenali Date: Mon, 2 Dec 2024 21:42:50 +0530 Subject: [PATCH 1/2] Validate handling of duplicated scopes in standard based OIDC IdPs --- .../api/server/idp/v1/IdPFailureTest.java | 57 +++++++++++++++++ .../idp/v1/add-idp-oidc-standard-based.json | 61 +++++++++++++++++++ ...oidc-standard-based-duplicated-scopes.json | 15 +++++ 3 files changed, 133 insertions(+) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/update-idp-oidc-standard-based-duplicated-scopes.json diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java index 45623e50f00..40cc3f70e13 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java @@ -36,6 +36,7 @@ import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.core.IsNull.notNullValue; +import static org.testng.Assert.assertNotNull; /** * Test class for Identity Provider Management REST APIs failure paths. @@ -43,6 +44,7 @@ public class IdPFailureTest extends IdPTestBase { private String idPId; + private static final String OIDC_IDP_ID = "T3BlbklEQ29ubmVjdEF1dGhlbnRpY2F0b3I"; @Factory(dataProvider = "restAPIUserConfigProvider") public IdPFailureTest(TestUserMode userMode) throws Exception { @@ -179,4 +181,59 @@ public void testPatchIdPNonExistentProperties() throws IOException { Response response = getResponseOfPatch(IDP_API_BASE_PATH + PATH_SEPARATOR + idPId, body); validateErrorResponse(response, HttpStatus.SC_NOT_FOUND, "IDP-65005", "JWKS URI"); } + + @Test + public void testUpdateIdPWithDuplicateOIDCScopes() throws IOException { + + String body = readResource("add-idp-oidc-standard-based.json"); + Response response = getResponseOfPost(IDP_API_BASE_PATH, body); + response.then() + .log().ifValidationFails() + .assertThat() + .statusCode(HttpStatus.SC_CREATED) + .header(HttpHeaders.LOCATION, notNullValue()); + + String location = response.getHeader(HttpHeaders.LOCATION); + assertNotNull(location); + String oidcIdPId = location.substring(location.lastIndexOf("/") + 1); + assertNotNull(oidcIdPId); + + // update the OIDC IDP with duplicated scopes + String updateBody = readResource("update-idp-oidc-standard-based-duplicated-scopes.json"); + Response updateResponse = getResponseOfPut(IDP_API_BASE_PATH + PATH_SEPARATOR + oidcIdPId + + PATH_SEPARATOR + IDP_FEDERATED_AUTHENTICATORS_PATH + PATH_SEPARATOR + OIDC_IDP_ID, updateBody); + updateResponse.then() + .log().ifValidationFails() + .assertThat() + .statusCode(HttpStatus.SC_BAD_REQUEST) + .body("message", equalTo("Duplicate OIDC Scopes.")) + .body("description", equalTo("Cannot set scopes in both Scopes and Additional Query Parameters. " + + "Recommend to use Scopes field.")); + + deleteCreatedIdP(oidcIdPId); + } + + /** + * Deletes an Identity Provider by its ID and verifies the deletion. + * + * @param idPId ID of the Identity Provider to be deleted. + */ + private void deleteCreatedIdP(String idPId) { + + Response response = getResponseOfDelete(IDP_API_BASE_PATH + PATH_SEPARATOR + idPId); + response.then() + .log().ifValidationFails() + .assertThat() + .statusCode(HttpStatus.SC_NO_CONTENT); + + Response responseOfGet = getResponseOfGet(IDP_API_BASE_PATH + PATH_SEPARATOR + idPId); + responseOfGet.then() + .log().ifValidationFails() + .assertThat() + .assertThat() + .statusCode(HttpStatus.SC_NOT_FOUND) + .body("message", equalTo("Resource not found.")) + .body("description", equalTo("Unable to find a resource matching the provided identity " + + "provider identifier " + idPId + ".")); + } } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json new file mode 100644 index 00000000000..4d0697e56fb --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json @@ -0,0 +1,61 @@ +{ + "name": "OIDC IdP", + "alias": "", + "description": "Authenticate users with Enterprise OIDC connections.", + "image": "assets/images/logos/enterprise.svg", + "isPrimary": false, + "roles": { + "mappings": [], + "outboundProvisioningRoles": [] + }, + "certificate": { + "jwksUri": "https://test.com/jwks", + "certificates": [ + "" + ] + }, + "claims": { + "userIdClaim": { + "uri": "" + }, + "provisioningClaims": [], + "roleClaim": { + "uri": "" + } + }, + "federatedAuthenticators": { + "defaultAuthenticatorId": "T3BlbklEQ29ubmVjdEF1dGhlbnRpY2F0b3I", + "authenticators": [ + { + "isEnabled": true, + "authenticatorId": "T3BlbklEQ29ubmVjdEF1dGhlbnRpY2F0b3I", + "properties": [ + { + "key": "ClientId", + "value": "abcd1234wxyz5678ijklmnopqrst9012" + }, + { + "key": "ClientSecret", + "value": "mnop3456qrst1234uvwx5678abcd9012" + }, + { + "key": "OAuth2AuthzEPUrl", + "value": "https://test.com/authz" + }, + { + "key": "OAuth2TokenEPUrl", + "value": "https://test.com/token" + }, + { + "key": "callbackUrl", + "value": "https://test.com/commonauth" + } + ] + } + ] + }, + "homeRealmIdentifier": "", + "isFederationHub": false, + "idpIssuerName": "", + "templateId": "enterprise-oidc-idp" +} \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/update-idp-oidc-standard-based-duplicated-scopes.json b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/update-idp-oidc-standard-based-duplicated-scopes.json new file mode 100644 index 00000000000..701256b2539 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/update-idp-oidc-standard-based-duplicated-scopes.json @@ -0,0 +1,15 @@ +{ + "authenticatorId": "T3BlbklEQ29ubmVjdEF1dGhlbnRpY2F0b3I", + "isEnabled": true, + "isDefault": true, + "properties": [ + { + "key": "commonAuthQueryParams", + "value": "scope=openid country profile" + }, + { + "key": "Scopes", + "value": "openid country profile" + } + ] +} From e21d169e1176d4f00914fb72d1f624a22a0a85ea Mon Sep 17 00:00:00 2001 From: Shenali Date: Tue, 3 Dec 2024 15:42:23 +0530 Subject: [PATCH 2/2] Add a test case for search functionality --- .../api/server/idp/v1/IdPFailureTest.java | 1 - .../api/server/idp/v1/IdPSuccessTest.java | 20 +++++++++++++++++++ .../idp/v1/add-idp-oidc-standard-based.json | 2 +- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java index 40cc3f70e13..b79c1eb9209 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java @@ -230,7 +230,6 @@ private void deleteCreatedIdP(String idPId) { responseOfGet.then() .log().ifValidationFails() .assertThat() - .assertThat() .statusCode(HttpStatus.SC_NOT_FOUND) .body("message", equalTo("Resource not found.")) .body("description", equalTo("Unable to find a resource matching the provided identity " + diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPSuccessTest.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPSuccessTest.java index ba7dfcc0609..d009c0a5c7d 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPSuccessTest.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPSuccessTest.java @@ -31,9 +31,12 @@ import org.wso2.carbon.automation.engine.context.TestUserMode; import java.io.IOException; +import java.util.Collections; import java.util.HashMap; import java.util.Map; +import javax.xml.xpath.XPathExpressionException; + import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.core.IsNull.notNullValue; import static org.hamcrest.core.IsNull.nullValue; @@ -46,6 +49,7 @@ public class IdPSuccessTest extends IdPTestBase { private String idPId; private String idPTemplateId; + private static final String IDP_NAME = "Google"; @Factory(dataProvider = "restAPIUserConfigProvider") public IdPSuccessTest(TestUserMode userMode) throws Exception { @@ -310,6 +314,22 @@ public void testGetIdPs() throws Exception { context.getContextTenant().getDomain()))); } + @Test(dependsOnMethods = "testGetIdP") + public void testSearchAllIdPs() throws XPathExpressionException { + + Response response = getResponseOfGetWithQueryParams(IDP_API_BASE_PATH, Collections.singletonMap("filter", + "name sw " + IDP_NAME)); + response.then() + .log().ifValidationFails() + .assertThat() + .statusCode(HttpStatus.SC_OK) + .body("identityProviders.find { it.id == '" + idPId + "' }.name", equalTo(IDP_NAME)) + .body("identityProviders.find { it.id == '" + idPId + "' }.isEnabled", equalTo(true)) + .body("identityProviders.find { it.id == '" + idPId + "' }.self", equalTo(getTenantedRelativePath( + "/api/server/v1/identity-providers/" + idPId, + context.getContextTenant().getDomain()))); + } + @Test(dependsOnMethods = {"testGetIdPs"}) public void testGetIdPsWithRequiredAttribute() throws Exception { diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json index 4d0697e56fb..1d5831d2577 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-oidc-standard-based.json @@ -58,4 +58,4 @@ "isFederationHub": false, "idpIssuerName": "", "templateId": "enterprise-oidc-idp" -} \ No newline at end of file +}