From 6475502ce20c7d2e8d25a59c17e1b1f30b83e6e2 Mon Sep 17 00:00:00 2001 From: margaretha Date: Tue, 18 Jun 2024 10:30:59 +0200 Subject: [PATCH] Introduce filter_by and deprecate authorized_only (close #579) in the OAuth2ClientList web-service. Also cleaned up dory access and refresh tokens for confidentialClientId (see OAuth2TestBase) Change-Id: I47e2416c0a6ce9fc3f500f5f30e3ca021f984142 --- Changes | 2 + .../korap/oauth2/dto/OAuth2ClientInfoDto.java | 8 +- .../web/controller/OAuthClientController.java | 31 ++++- .../web/controller/OAuth2AccessTokenTest.java | 80 ++++++------ .../controller/OAuth2AdminControllerTest.java | 2 +- .../OAuth2AuthorizationPostTest.java | 9 +- .../OAuth2ClientControllerTest.java | 37 +++++- .../web/controller/OAuth2ControllerTest.java | 20 +-- .../web/controller/OAuth2PluginTest.java | 2 +- .../korap/web/controller/OAuth2TestBase.java | 116 +++++++++++------- src/test/resources/test-config.xml | 4 + 11 files changed, 204 insertions(+), 107 deletions(-) diff --git a/Changes b/Changes index a8d2d272..4fa4ecd2 100644 --- a/Changes +++ b/Changes @@ -1,6 +1,8 @@ # version 0.74.1-SNAPSHOT - Switch Docker image to temurin (diewald). +- - Introduce filter_by and deprecate authorized_only in OAuth2 + client list (close #579) # version 0.74 diff --git a/src/main/java/de/ids_mannheim/korap/oauth2/dto/OAuth2ClientInfoDto.java b/src/main/java/de/ids_mannheim/korap/oauth2/dto/OAuth2ClientInfoDto.java index 6f45900b..6f7ab074 100644 --- a/src/main/java/de/ids_mannheim/korap/oauth2/dto/OAuth2ClientInfoDto.java +++ b/src/main/java/de/ids_mannheim/korap/oauth2/dto/OAuth2ClientInfoDto.java @@ -19,7 +19,7 @@ * */ @JsonInclude(Include.NON_EMPTY) -public class OAuth2ClientInfoDto { +public class OAuth2ClientInfoDto implements Comparable{ @JsonProperty("super") private boolean isSuper; @@ -84,6 +84,12 @@ public OAuth2ClientInfoDto (OAuth2Client client, boolean showAllInfo) throws Kus } } } + + @Override + public int compareTo (OAuth2ClientInfoDto o) { + return this.getClientName().compareTo(o.getClientName()); + } + public boolean isSuper () { return isSuper; diff --git a/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java index ee2d72f4..1c419987 100644 --- a/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java +++ b/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java @@ -7,6 +7,7 @@ import de.ids_mannheim.korap.constant.OAuth2Scope; import de.ids_mannheim.korap.exceptions.KustvaktException; +import de.ids_mannheim.korap.exceptions.StatusCodes; import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientDto; import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientInfoDto; import de.ids_mannheim.korap.oauth2.service.OAuth2ClientService; @@ -16,7 +17,6 @@ import de.ids_mannheim.korap.web.filter.APIVersionFilter; import de.ids_mannheim.korap.web.filter.AuthenticationFilter; import de.ids_mannheim.korap.web.filter.BlockingFilter; -import de.ids_mannheim.korap.web.filter.DemoFilter; import de.ids_mannheim.korap.web.filter.DemoUserFilter; import de.ids_mannheim.korap.web.input.OAuth2ClientJson; import de.ids_mannheim.korap.web.utils.ResourceFilters; @@ -220,7 +220,8 @@ public List listUserClients ( @Context SecurityContext context, @FormParam("super_client_id") String superClientId, @FormParam("super_client_secret") String superClientSecret, - @FormParam("authorized_only") boolean authorizedOnly) { + @FormParam("authorized_only") boolean authorizedOnly, // deprecated + @FormParam("filter_by") String filterBy) { TokenContext tokenContext = (TokenContext) context.getUserPrincipal(); String username = tokenContext.getUsername(); @@ -230,12 +231,34 @@ public List listUserClients ( OAuth2Scope.LIST_USER_CLIENT); clientService.verifySuperClient(superClientId, superClientSecret); + + List clients = null; + if (authorizedOnly) { - return clientService.listUserAuthorizedClients(username); + clients = clientService.listUserAuthorizedClients(username); } else { - return clientService.listUserRegisteredClients(username); + if (filterBy !=null && !filterBy.isEmpty()) { + if (filterBy.equals("authorized_only")) { + clients = clientService.listUserAuthorizedClients(username); + } + else if (filterBy.equals("owned_only")) { + clients = clientService.listUserRegisteredClients(username); + } + else { + throw new KustvaktException( + StatusCodes.UNSUPPORTED_VALUE, "filter_by"); + } + } + else { +// clients = clientService.listUserAuthorizedClients(username); +// clients.addAll(clientService.listUserRegisteredClients(username)); + + clients = clientService.listUserRegisteredClients(username); + } } + + return clients; } catch (KustvaktException e) { throw responseHandler.throwit(e); diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java index 6b5627d6..6aa29247 100644 --- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java +++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java @@ -6,16 +6,9 @@ import java.io.IOException; -import jakarta.ws.rs.client.Entity; -import jakarta.ws.rs.core.Form; -import jakarta.ws.rs.core.Response; -import jakarta.ws.rs.core.Response.Status; - -import org.apache.http.entity.ContentType; import org.junit.jupiter.api.Test; + import com.fasterxml.jackson.databind.JsonNode; -import com.google.common.net.HttpHeaders; -import com.nimbusds.oauth2.sdk.GrantType; import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler; import de.ids_mannheim.korap.config.Attributes; @@ -24,6 +17,8 @@ import de.ids_mannheim.korap.exceptions.KustvaktException; import de.ids_mannheim.korap.exceptions.StatusCodes; import de.ids_mannheim.korap.utils.JsonUtils; +import jakarta.ws.rs.core.Response; +import jakarta.ws.rs.core.Response.Status; public class OAuth2AccessTokenTest extends OAuth2TestBase { @@ -38,7 +33,7 @@ public OAuth2AccessTokenTest () throws KustvaktException { .createBasicAuthorizationHeaderValue(confidentialClientId, clientSecret); } - + @Test public void testScopeWithSuperClient () throws KustvaktException { Response response = requestTokenWithDoryPassword(superClientId, @@ -65,6 +60,8 @@ public void testCustomScope () throws KustvaktException { confidentialClientId, clientSecret, code); JsonNode node = JsonUtils.readTree(response.readEntity(String.class)); String token = node.at("/access_token").asText(); + String refreshToken = node.at("/refresh_token").asText(); + assertTrue(node.at("/scope").asText() .contains(OAuth2Scope.VC_INFO.toString())); // test list vc using the token @@ -73,6 +70,11 @@ public void testCustomScope () throws KustvaktException { assertEquals(Status.OK.getStatusCode(), response.getStatus()); node = JsonUtils.readTree(response.readEntity(String.class)); assertEquals(4, node.size()); + + revokeToken(token, confidentialClientId, clientSecret, + ACCESS_TOKEN_TYPE); + revokeToken(refreshToken, confidentialClientId, clientSecret, + REFRESH_TOKEN_TYPE); } @Test @@ -84,9 +86,15 @@ public void testDefaultScope () throws KustvaktException, IOException { assertEquals(Status.OK.getStatusCode(), response.getStatus()); JsonNode node = JsonUtils.readTree(response.readEntity(String.class)); String accessToken = node.at("/access_token").asText(); + String refreshToken = node.at("/refresh_token").asText(); testScopeNotAuthorized(accessToken); testScopeNotAuthorize2(accessToken); testSearchWithOAuth2Token(accessToken); + + revokeToken(accessToken, confidentialClientId, clientSecret, + ACCESS_TOKEN_TYPE); + revokeToken(refreshToken, confidentialClientId, clientSecret, + REFRESH_TOKEN_TYPE); } private void testScopeNotAuthorized (String accessToken) @@ -140,17 +148,14 @@ public void testRevokeAccessTokenConfidentialClient () JsonNode node = requestTokenWithAuthorizationCodeAndHeader( confidentialClientId, code, clientAuthHeader); String accessToken = node.at("/access_token").asText(); - Form form = new Form(); - form.param("token", accessToken); - form.param("client_id", confidentialClientId); - form.param("client_secret", "secret"); - Response response = target().path(API_VERSION).path("oauth2") - .path("revoke").request() - .header(HttpHeaders.CONTENT_TYPE, - ContentType.APPLICATION_FORM_URLENCODED) - .post(Entity.form(form)); - assertEquals(Status.OK.getStatusCode(), response.getStatus()); + String refreshToken = node.at("/refresh_token").asText(); + + revokeToken(accessToken, confidentialClientId, clientSecret, + ACCESS_TOKEN_TYPE); testSearchWithRevokedAccessToken(accessToken); + + revokeToken(refreshToken, confidentialClientId, clientSecret, + REFRESH_TOKEN_TYPE); } @Test @@ -161,7 +166,7 @@ public void testRevokeAccessTokenPublicClientViaSuperClient () publicClientId, "", code); JsonNode node = JsonUtils.readTree(response.readEntity(String.class)); String accessToken = node.at("/access_token").asText(); - testRevokeTokenViaSuperClient(accessToken, userAuthHeader); + revokeTokenViaSuperClient(accessToken, userAuthHeader); testSearchWithRevokedAccessToken(accessToken); } @@ -174,23 +179,18 @@ public void testAccessTokenAfterRequestRefreshToken () confidentialClientId, code, clientAuthHeader); String accessToken = node.at("/access_token").asText(); String refreshToken = node.at("/refresh_token").asText(); - Form form = new Form(); - form.param("grant_type", GrantType.REFRESH_TOKEN.toString()); - form.param("client_id", confidentialClientId); - form.param("client_secret", "secret"); - form.param("refresh_token", refreshToken); - Response response = target().path(API_VERSION).path("oauth2") - .path("token").request() - .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32") - .header(HttpHeaders.CONTENT_TYPE, - ContentType.APPLICATION_FORM_URLENCODED) - .post(Entity.form(form)); - String entity = response.readEntity(String.class); - assertEquals(Status.OK.getStatusCode(), response.getStatus()); - node = JsonUtils.readTree(entity); - assertNotNull(node.at("/access_token").asText()); - assertTrue(!refreshToken.equals(node.at("/refresh_token").asText())); + + node = requestTokenWithRefreshToken(confidentialClientId, clientSecret, + refreshToken); + String newAccessToken = node.at("/access_token").asText(); + String newRefreshToken = node.at("/refresh_token").asText(); + assertTrue(!refreshToken.equals(newRefreshToken)); + testSearchWithRevokedAccessToken(accessToken); + revokeToken(newAccessToken, confidentialClientId, clientSecret, + ACCESS_TOKEN_TYPE); + revokeToken(newRefreshToken, confidentialClientId, clientSecret, + REFRESH_TOKEN_TYPE); } @Test @@ -201,6 +201,7 @@ public void testRequestAuthorizationWithBearerTokenUnauthorized () JsonNode node = requestTokenWithAuthorizationCodeAndHeader( confidentialClientId, code, clientAuthHeader); String userAuthToken = node.at("/access_token").asText(); + String refreshToken = node.at("/refresh_token").asText(); Response response = requestAuthorizationCode("code", confidentialClientId, "", "search", "", "Bearer " + userAuthToken); @@ -210,6 +211,11 @@ public void testRequestAuthorizationWithBearerTokenUnauthorized () node.at("/errors/0/0").asInt()); assertEquals(node.at("/errors/0/1").asText(), "Scope authorize is not authorized"); + + revokeToken(userAuthToken, confidentialClientId, clientSecret, + ACCESS_TOKEN_TYPE); + revokeToken(refreshToken, confidentialClientId, clientSecret, + REFRESH_TOKEN_TYPE); } @Test @@ -227,5 +233,7 @@ public void testRequestAuthorizationWithBearerToken () String code = requestAuthorizationCode(superClientId, "Bearer " + userAuthToken); assertNotNull(code); + + revokeTokenViaSuperClient(userAuthToken, userAuthHeader); } } diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AdminControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AdminControllerTest.java index fabc2670..f5a8a61a 100644 --- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AdminControllerTest.java +++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AdminControllerTest.java @@ -114,7 +114,7 @@ public void testCleanRevokedTokens () throws KustvaktException { String entity = response.readEntity(String.class); JsonNode node = JsonUtils.readTree(entity); String accessToken = node.at("/access_token").asText(); - testRevokeToken(accessToken, publicClientId, null, ACCESS_TOKEN_TYPE); + revokeToken(accessToken, publicClientId, null, ACCESS_TOKEN_TYPE); int accessTokensAfter = accessDao.retrieveInvalidAccessTokens().size(); assertEquals(accessTokensAfter, accessTokensBefore + 1); target().path(API_VERSION).path("admin").path("oauth2").path("token") diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java index 8372accd..92252206 100644 --- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java +++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java @@ -78,10 +78,15 @@ public void testRequestTokenAuthorizationConfidential () confidentialClientId, clientSecret, code); String entity = response.readEntity(String.class); JsonNode node = JsonUtils.readTree(entity); - assertNotNull(node.at("/access_token").asText()); - assertNotNull(node.at("/refresh_token").asText()); + String token = node.at("/access_token").asText(); + String refreshToken = node.at("/refresh_token").asText(); assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText()); assertNotNull(node.at("/expires_in").asText()); + + revokeToken(token, confidentialClientId, clientSecret, + ACCESS_TOKEN_TYPE); + revokeToken(refreshToken, confidentialClientId, clientSecret, + REFRESH_TOKEN_TYPE); } } diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java index 20179fbd..fd746966 100644 --- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java +++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java @@ -102,6 +102,7 @@ public void testRegisterConfidentialClient () throws KustvaktException { assertFalse(clientId.contains("a")); testListConfidentialClient(username, clientId); testConfidentialClientInfo(clientId, username); +// testListAllUserClients(username); testResetConfidentialClientSecret(clientId, clientSecret); deregisterClient(username, clientId); } @@ -292,7 +293,7 @@ public void testRegisterPublicClient () assertNotNull(clientId); assertTrue(node.at("/client_secret").isMissingNode()); - node = listUserClients(username); + node = listUserClients(username,"owned_only"); assertFalse(node.at("/0/client_redirect_uri").isMissingNode()); assertFalse(node.at("/0/registration_date").isMissingNode()); assertEquals(username, @@ -508,7 +509,10 @@ private String testResetConfidentialClientSecret (String clientId, private void testListAuthorizedClients (String userAuthHeader) throws KustvaktException { Form form = getSuperClientForm(); - form.param("authorized_only", "true"); + // deprecated, use filter_by = authorized_only instead +// form.param("authorized_only", "true"); + + form.param("filter_by", "authorized_only"); Response response = target().path(API_VERSION).path("oauth2") .path("client").path("list").request() .header(Attributes.AUTHORIZATION, userAuthHeader) @@ -535,7 +539,7 @@ public void testListPublicClient () throws KustvaktException { OAuth2ClientJson json = createOAuth2ClientJson(clientName, OAuth2ClientType.PUBLIC, "Dory's client."); registerClient("dory", json); - JsonNode node = listUserClients("dory"); + JsonNode node = listUserClients("dory","owned_only"); assertEquals(1, node.size()); assertEquals(clientName, node.at("/0/client_name").asText()); assertEquals(OAuth2ClientType.PUBLIC.name(), @@ -544,12 +548,16 @@ public void testListPublicClient () throws KustvaktException { assertFalse(node.at("/0/registration_date").isMissingNode()); assertTrue(node.at("/refresh_token_expiry").isMissingNode()); String clientId = node.at("/0/client_id").asText(); + +// testListAllUserClients("dory"); testDeregisterPublicClient(clientId, "dory"); } private void testListConfidentialClient (String username, String clientId) throws ProcessingException, KustvaktException { - JsonNode node = listUserClients(username); + // means authorized_only = false + // this is deprecated, filter_by = owned_only should be use instead. + JsonNode node = listUserClients(username,""); assertEquals(1, node.size()); assertEquals(clientId, node.at("/0/client_id").asText()); assertEquals(node.at("/0/client_name").asText(), "OAuth2ClientTest"); @@ -566,8 +574,27 @@ private void testListConfidentialClient (String username, String clientId) assertTrue(node.at("/0/source").isMissingNode()); } + // not ready until the behavior for (filterBy=null || filterBy.isEmpty) is set + private void testListAllUserClients (String username) throws KustvaktException { + // authorize + String userAuthHeader = HttpAuthorizationHandler + .createBasicAuthorizationHeaderValue(username, "password"); + String code = requestAuthorizationCode(confidentialClientId, userAuthHeader); + Response response = requestTokenWithAuthorizationCodeAndForm( + confidentialClientId, this.clientSecret, code); + assertEquals(Status.OK.getStatusCode(), response.getStatus()); + JsonNode node = JsonUtils.readTree(response.readEntity(String.class)); + String accessToken = node.at("/access_token").asText(); + + node = listUserClients(username,null); + assertEquals(2, node.size()); + + testRevokeAllTokenViaSuperClient(confidentialClientId, userAuthHeader, + accessToken); + } + @Test - public void testListUserClients () throws KustvaktException { + public void testListAuthorizedUserClients () throws KustvaktException { String username = "pearl"; String password = "pwd"; userAuthHeader = HttpAuthorizationHandler diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java index ab2eb273..dfbb987c 100644 --- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java +++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java @@ -57,7 +57,7 @@ public void testRequestTokenAuthorizationPublic () assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText()); assertEquals(31536000, node.at("/expires_in").asInt()); - testRevokeToken(accessToken, publicClientId, null, ACCESS_TOKEN_TYPE); + revokeToken(accessToken, publicClientId, null, ACCESS_TOKEN_TYPE); assertTrue(node.at("/refresh_token").isMissingNode()); } @@ -487,7 +487,7 @@ private void testRequestRefreshToken (String clientId, String clientSecret, assertTrue(!newRefreshToken.equals(refreshToken)); testRequestTokenWithRevokedRefreshToken(clientId, clientSecret, refreshToken); - testRevokeToken(newRefreshToken, clientId, clientSecret, + revokeToken(newRefreshToken, clientId, clientSecret, REFRESH_TOKEN_TYPE); testRequestTokenWithRevokedRefreshToken(clientId, clientSecret, newRefreshToken); @@ -654,24 +654,24 @@ public void testListRefreshTokenConfidentialClient () node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE, confidentialClientId); assertEquals(2, node.size()); - testRevokeToken(refreshToken1, superClientId, clientSecret, + revokeToken(refreshToken1, superClientId, clientSecret, REFRESH_TOKEN_TYPE); - testRevokeToken(node.at("/0/token").asText(), confidentialClientId, + revokeToken(node.at("/0/token").asText(), confidentialClientId, clientSecret, REFRESH_TOKEN_TYPE); - testRevokeToken(node.at("/1/token").asText(), confidentialClientId2, + revokeToken(node.at("/1/token").asText(), confidentialClientId2, clientSecret, REFRESH_TOKEN_TYPE); node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE); assertEquals(1, node.size()); - testRevokeTokenViaSuperClient(node.at("/0/token").asText(), + revokeTokenViaSuperClient(node.at("/0/token").asText(), userAuthHeader); node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE); assertEquals(0, node.size()); // try revoking a token belonging to another user // should not return any errors - testRevokeTokenViaSuperClient(refreshToken5, userAuthHeader); + revokeTokenViaSuperClient(refreshToken5, userAuthHeader); node = requestTokenList(darlaAuthHeader, REFRESH_TOKEN_TYPE); assertEquals(1, node.size()); - testRevokeTokenViaSuperClient(refreshToken5, darlaAuthHeader); + revokeTokenViaSuperClient(refreshToken5, darlaAuthHeader); node = requestTokenList(darlaAuthHeader, REFRESH_TOKEN_TYPE); assertEquals(0, node.size()); } @@ -702,7 +702,7 @@ public void testListTokenPublicClient () throws KustvaktException { // list refresh tokens node = requestTokenList(userAuthHeader, REFRESH_TOKEN_TYPE); assertEquals(0, node.size()); - testRevokeTokenViaSuperClient(accessToken1, userAuthHeader); + revokeTokenViaSuperClient(accessToken1, userAuthHeader); node = requestTokenList(userAuthHeader, ACCESS_TOKEN_TYPE); // System.out.println(node); assertEquals(1, node.size()); @@ -715,7 +715,7 @@ public void testListTokenPublicClient () throws KustvaktException { assertNotNull(node.at("/0/client_name").asText()); assertNotNull(node.at("/0/client_description").asText()); assertNotNull(node.at("/0/client_url").asText()); - testRevokeTokenViaSuperClient(accessToken2, userAuthHeader); + revokeTokenViaSuperClient(accessToken2, userAuthHeader); node = requestTokenList(userAuthHeader, ACCESS_TOKEN_TYPE); assertEquals(0, node.size()); } diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java index a8c2139c..e150d5de 100644 --- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java +++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java @@ -113,7 +113,7 @@ private void testRetrievePluginInfo (String clientId) private void testListUserRegisteredPlugins (String username, String clientId, String clientName, int refreshTokenExpiry) throws ProcessingException, KustvaktException { - JsonNode node = listUserClients(username); + JsonNode node = listUserClients(username, "owned_only"); assertEquals(1, node.size()); assertEquals(clientId, node.at("/0/client_id").asText()); assertEquals(clientName, node.at("/0/client_name").asText()); diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java index 4ce03d1c..8a201965 100644 --- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java +++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java @@ -60,7 +60,7 @@ public abstract class OAuth2TestBase extends SpringJerseyTest { @Autowired - private AccessTokenDao tokenDao; + protected AccessTokenDao tokenDao; @Autowired private OAuth2ClientDao clientDao; @Autowired @@ -255,6 +255,24 @@ protected Response requestTokenWithPassword (String clientId, return requestToken(form); } + protected JsonNode requestTokenWithRefreshToken (String clientId, + String clientSecret, String refreshToken) throws KustvaktException { + Form form = new Form(); + form.param("grant_type", GrantType.REFRESH_TOKEN.toString()); + form.param("client_id", clientId); + form.param("client_secret", clientSecret); + form.param("refresh_token", refreshToken); + Response response = target().path(API_VERSION).path("oauth2") + .path("token").request() + .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32") + .header(HttpHeaders.CONTENT_TYPE, + ContentType.APPLICATION_FORM_URLENCODED) + .post(Entity.form(form)); + String entity = response.readEntity(String.class); + assertEquals(Status.OK.getStatusCode(), response.getStatus()); + return JsonUtils.readTree(entity); + } + protected void testRequestTokenWithRevokedRefreshToken (String clientId, String clientSecret, String refreshToken) throws KustvaktException { Form form = new Form(); @@ -280,6 +298,44 @@ protected void testRequestTokenWithRevokedRefreshToken (String clientId, assertEquals("Refresh token has been revoked", node.at("/error_description").asText()); } + + protected void revokeTokenViaSuperClient (String token, + String userAuthHeader) { + Form form = new Form(); + form.param("token", token); + form.param("super_client_id", superClientId); + form.param("super_client_secret", clientSecret); + + Response response = target().path(API_VERSION).path("oauth2") + .path("revoke").path("super").request() + .header(HttpHeaders.CONTENT_TYPE, + ContentType.APPLICATION_FORM_URLENCODED) + .header(Attributes.AUTHORIZATION, userAuthHeader) + .post(Entity.form(form)); + + assertEquals(Status.OK.getStatusCode(), response.getStatus()); + assertEquals("SUCCESS", response.readEntity(String.class)); + } + + protected void revokeToken (String token, String clientId, + String clientSecret, String tokenType) { + Form form = new Form(); + form.param("token_type", tokenType); + form.param("token", token); + form.param("client_id", clientId); + if (clientSecret != null) { + form.param("client_secret", clientSecret); + } + + Response response = target().path(API_VERSION).path("oauth2") + .path("revoke").request() + .header(HttpHeaders.CONTENT_TYPE, + ContentType.APPLICATION_FORM_URLENCODED) + .post(Entity.form(form)); + + assertEquals(Status.OK.getStatusCode(), response.getStatus()); + assertEquals("SUCCESS", response.readEntity(String.class)); + } protected Response registerClient (String username, OAuth2ClientJson json) throws ProcessingException, KustvaktException { @@ -392,55 +448,21 @@ protected void testSearchWithRevokedAccessToken (String accessToken) node.at("/errors/0/1").asText()); } - protected void testRevokeTokenViaSuperClient (String token, - String userAuthHeader) { - Form form = new Form(); - form.param("token", token); - form.param("super_client_id", superClientId); - form.param("super_client_secret", clientSecret); - - Response response = target().path(API_VERSION).path("oauth2") - .path("revoke").path("super").request() - .header(HttpHeaders.CONTENT_TYPE, - ContentType.APPLICATION_FORM_URLENCODED) - .header(Attributes.AUTHORIZATION, userAuthHeader) - .post(Entity.form(form)); - - assertEquals(Status.OK.getStatusCode(), response.getStatus()); - assertEquals("SUCCESS", response.readEntity(String.class)); - } - - protected void testRevokeToken (String token, String clientId, - String clientSecret, String tokenType) { - Form form = new Form(); - form.param("token_type", tokenType); - form.param("token", token); - form.param("client_id", clientId); - if (clientSecret != null) { - form.param("client_secret", clientSecret); - } - - Response response = target().path(API_VERSION).path("oauth2") - .path("revoke").request() - .header(HttpHeaders.CONTENT_TYPE, - ContentType.APPLICATION_FORM_URLENCODED) - .post(Entity.form(form)); - - assertEquals(Status.OK.getStatusCode(), response.getStatus()); - assertEquals("SUCCESS", response.readEntity(String.class)); - } - - protected JsonNode listUserClients (String username) + protected JsonNode listUserClients (String username, String filterBy) throws ProcessingException, KustvaktException { Form form = getSuperClientForm(); + + if (filterBy != null) { + form.param("filter_by", filterBy); + } Response response = target().path(API_VERSION).path("oauth2") - .path("client").path("list").request() - .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler - .createBasicAuthorizationHeaderValue(username, "pwd")) - .header(HttpHeaders.CONTENT_TYPE, - ContentType.APPLICATION_FORM_URLENCODED) - .post(Entity.form(form)); - + .path("client").path("list").request() + .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler + .createBasicAuthorizationHeaderValue(username, "pwd")) + .header(HttpHeaders.CONTENT_TYPE, + ContentType.APPLICATION_FORM_URLENCODED) + .post(Entity.form(form)); + assertEquals(Status.OK.getStatusCode(), response.getStatus()); String entity = response.readEntity(String.class); diff --git a/src/test/resources/test-config.xml b/src/test/resources/test-config.xml index f79f967c..cff51000 100644 --- a/src/test/resources/test-config.xml +++ b/src/test/resources/test-config.xml @@ -40,11 +40,15 @@ classpath:test-jdbc.properties file:./test-jdbc.properties + file:./data/test-jdbc.properties classpath:properties/mail.properties file:./mail.properties + file:./data/mail.properties classpath:test-hibernate.properties + file:./data/test-hibernate.properties file:./kustvakt-test.conf classpath:kustvakt-test.conf + file:./data/kustvakt-test.conf