Package org.mitre.oauth2.web

Examples of org.mitre.oauth2.web.OAuthConfirmationController


   * Makes sure client has offline access granted scope if allowed refresh tokens.
   */
  @Test
  public void saveNewClient_yesOfflineAccess() {

    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(null);

    Mockito.when(client.isAllowRefresh()).thenReturn(true);

    // scopes returned by client entities are Strings
    @SuppressWarnings("unchecked")
    Set<String> scopes = Mockito.mock(Set.class);

    Mockito.when(client.getScope()).thenReturn(scopes);

    service.saveNewClient(client);

    Mockito.verify(scopes).add(SystemScopeService.OFFLINE_ACCESS);
  }
View Full Code Here


   * Makes sure client does not have offline access if not allowed to have refresh tokens.
   */
  @Test
  public void saveNewClient_noOfflineAccess() {

    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(null);

    Mockito.when(client.isAllowRefresh()).thenReturn(false);

    // scopes returned by client entities are Strings
    @SuppressWarnings("unchecked")
    Set<String> scopes = Mockito.mock(Set.class);

    Mockito.when(client.getScope()).thenReturn(scopes);

    service.saveNewClient(client);

    Mockito.verify(scopes).remove(SystemScopeService.OFFLINE_ACCESS);
  }
View Full Code Here

  @Test(expected = InvalidClientException.class)
  public void deleteClient_badId() {

    Long id = 12345L;
    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(id);
    Mockito.when(clientRepository.getById(id)).thenReturn(null);

    service.deleteClient(client);
  }
View Full Code Here

  public void deleteClient() {

    Long id = 12345L;
    String clientId = "b00g3r";

    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(id);
    Mockito.when(client.getClientId()).thenReturn(clientId);

    Mockito.when(clientRepository.getById(id)).thenReturn(client);

    WhitelistedSite site = Mockito.mock(WhitelistedSite.class);
    Mockito.when(whitelistedSiteService.getByClientId(clientId)).thenReturn(site);
View Full Code Here

  }

  @Test
  public void updateClient_nullClients() {

    ClientDetailsEntity oldClient = Mockito.mock(ClientDetailsEntity.class);
    ClientDetailsEntity newClient = Mockito.mock(ClientDetailsEntity.class);

    try {
      service.updateClient(oldClient, null);
      fail("New client is null. Expected an IllegalArgumentException.");
    } catch (IllegalArgumentException e) {
View Full Code Here

  }

  @Test(expected = IllegalArgumentException.class)
  public void updateClient_blacklistedUri() {

    ClientDetailsEntity oldClient = Mockito.mock(ClientDetailsEntity.class);
    ClientDetailsEntity newClient = Mockito.mock(ClientDetailsEntity.class);

    String badSite = "badsite.xxx";

    Mockito.when(newClient.getRegisteredRedirectUri()).thenReturn(Sets.newHashSet(badSite));
    Mockito.when(blacklistedSiteService.isBlacklisted(badSite)).thenReturn(true);

    service.updateClient(oldClient, newClient);
  }
View Full Code Here

  }

  @Test
  public void updateClient_yesOfflineAccess() {

    ClientDetailsEntity oldClient = Mockito.mock(ClientDetailsEntity.class);
    ClientDetailsEntity newClient = Mockito.mock(ClientDetailsEntity.class);

    Mockito.when(newClient.isAllowRefresh()).thenReturn(true);

    // scopes returned by client entities are Strings
    @SuppressWarnings("unchecked")
    Set<String> scopes = Mockito.mock(Set.class);

    Mockito.when(newClient.getScope()).thenReturn(scopes);

    service.updateClient(oldClient, newClient);

    Mockito.verify(scopes).add(SystemScopeService.OFFLINE_ACCESS);
  }
View Full Code Here

  }

  @Test
  public void updateClient_noOfflineAccess() {

    ClientDetailsEntity oldClient = Mockito.mock(ClientDetailsEntity.class);
    ClientDetailsEntity newClient = Mockito.mock(ClientDetailsEntity.class);

    Mockito.when(newClient.isAllowRefresh()).thenReturn(false);

    // scopes returned by client entities are Strings
    @SuppressWarnings("unchecked")
    Set<String> scopes = Mockito.mock(Set.class);

    Mockito.when(newClient.getScope()).thenReturn(scopes);

    service.updateClient(oldClient, newClient);

    Mockito.verify(scopes).remove(SystemScopeService.OFFLINE_ACCESS);
  }
View Full Code Here

  }

  @Override
  public UserInfo getByUsernameAndClientId(String username, String clientId) {

    ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

    UserInfo userInfo = getByUsername(username);

    if (client == null || userInfo == null) {
      return null;
    }

    if (SubjectType.PAIRWISE.equals(client.getSubjectType())) {
      String pairwiseSub = pairwiseIdentifierService.getIdentifier(userInfo, client);
      userInfo.setSub(pairwiseSub);
    }

    return userInfo;
View Full Code Here

  @PreAuthorize("hasRole('ROLE_ADMIN')")
  @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json")
  public String apiAddClient(@RequestBody String jsonString, Model m, Authentication auth) {

    JsonObject json = null;
    ClientDetailsEntity client = null;

    try {
      json = parser.parse(jsonString).getAsJsonObject();
      client = gson.fromJson(json, ClientDetailsEntity.class);
    }
    catch (JsonSyntaxException e) {
      logger.error("apiAddClient failed due to JsonSyntaxException", e);
      m.addAttribute("code", HttpStatus.BAD_REQUEST);
      m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
      return JsonErrorView.VIEWNAME;
    } catch (IllegalStateException e) {
      logger.error("apiAddClient failed due to IllegalStateException", e);
      m.addAttribute("code", HttpStatus.BAD_REQUEST);
      m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
      return JsonErrorView.VIEWNAME;
    }

    // if they leave the client identifier empty, force it to be generated
    if (Strings.isNullOrEmpty(client.getClientId())) {
      client = clientService.generateClientId(client);
    }   
   
    if (client.getTokenEndpointAuthMethod() == null ||
        client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
      // we shouldn't have a secret for this client
     
      client.setClientSecret(null);
     
    } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
        || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
        || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {
     
      // if they've asked for us to generate a client secret (or they left it blank but require one), do so here
      if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
          || Strings.isNullOrEmpty(client.getClientSecret())) {
        client = clientService.generateClientSecret(client);
      }

    } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {

      if (Strings.isNullOrEmpty(client.getJwksUri())) {
        logger.error("tried to create client with private key auth but no private key");
        m.addAttribute("code", HttpStatus.BAD_REQUEST);
        m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
        return JsonErrorView.VIEWNAME;
      }
     
      // otherwise we shouldn't have a secret for this client
      client.setClientSecret(null);
     
    } else {
     
      logger.error("unknown auth method");
      m.addAttribute("code", HttpStatus.BAD_REQUEST);
      m.addAttribute("errorMessage", "Unknown auth method requested");
      return JsonErrorView.VIEWNAME;
     
     
    }

    client.setDynamicallyRegistered(false);

    ClientDetailsEntity newClient = clientService.saveNewClient(client);
    m.addAttribute("entity", newClient);

    if (isAdmin(auth)) {
      return ClientEntityViewForAdmins.VIEWNAME;
    } else {
View Full Code Here

TOP

Related Classes of org.mitre.oauth2.web.OAuthConfirmationController

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.