@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { Map<String, String> approvalParameters = authorizationRequest.getApprovalParameters(); String flag = approvalParameters.get(approvalParameter); boolean approved = flag != null && flag.toLowerCase().equals("true"); authorizationRequest.setApproved(approved); return authorizationRequest; }
@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { Map<String, String> approvalParameters = authorizationRequest.getApprovalParameters(); String flag = approvalParameters.get(approvalParameter); boolean approved = flag != null && flag.toLowerCase().equals("true"); authorizationRequest.setApproved(approved); return authorizationRequest; }
@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { Map<String, String> approvalParameters = authorizationRequest.getApprovalParameters(); String flag = approvalParameters.get(approvalParameter); boolean approved = flag != null && flag.toLowerCase().equals("true"); authorizationRequest.setApproved(approved); return authorizationRequest; }
authorizationRequest.setApproved(true); return authorizationRequest; authorizationRequest.setApproved(approved);
approved = true; authorizationRequest.setApproved(approved); return authorizationRequest;
if (clientAuth.isAuthenticated()) { authorizationRequest.setApproved(true);
@Test(expected = InvalidRequestException.class) public void testApproveWithModifiedApproved() { AuthorizationRequest authorizationRequest = getAuthorizationRequest( "foo", "http://anywhere.com", "state-1234", "read", Collections.singleton("code")); authorizationRequest.setApproved(false); model.put("authorizationRequest", authorizationRequest); model.put("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST", uaaAuthorizationEndpoint.unmodifiableMap(authorizationRequest)); authorizationRequest.setApproved(true); // Modify authorization request Map<String, String> approvalParameters = new HashMap<>(); approvalParameters.put("user_oauth_approval", "true"); uaaAuthorizationEndpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal); }
private Authentication performClientAuthentication(HttpServletRequest req, Map<String, String> loginInfo, String clientId) { String clientSecret = loginInfo.get(CLIENT_SECRET); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(clientId, clientSecret); authentication.setDetails(new UaaAuthenticationDetails(req, clientId)); try { Authentication auth = clientAuthenticationManager.authenticate(authentication); if (auth == null || !auth.isAuthenticated()) { throw new BadCredentialsException("Client Authentication failed."); } loginInfo.remove(CLIENT_SECRET); AuthorizationRequest authorizationRequest = new AuthorizationRequest(clientId, getScope(req)); authorizationRequest.setRequestParameters(getSingleValueMap(req)); authorizationRequest.setApproved(true); //must set this to true in order for //Authentication.isAuthenticated to return true OAuth2Authentication result = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); result.setAuthenticated(true); return result; } catch (AuthenticationException e) { throw new BadCredentialsException(e.getMessage(), e); } catch (Exception e) { logger.debug("Unable to authenticate client: " + clientId, e); throw new BadCredentialsException(e.getMessage(), e); } }
@Override protected void setUp() throws Exception { super.setUp(); authenticationManager = new ScopeAuthenticationManager(); authenticationManager.setThrowOnNotAuthenticated(true); authenticationManager.setRequiredScopes(Collections.singletonList("oauth.login")); clientCredentials = new HashMap<>(); clientCredentials.put("client_id","login"); clientCredentials.put("grant_type","client_credentials"); clientCredentials.put("scope","oauth.login oauth.approval"); ClientDetails loginClient = mock(ClientDetails.class); when(loginClient.getScope()).thenReturn(new HashSet<>(Arrays.asList("oauth.login","oauth.approval"))); ClientDetailsService service = mock(ClientDetailsService.class); when(service.loadClientByClientId("login")).thenReturn(loginClient); AuthorizationRequest authorizationRequest = new DefaultOAuth2RequestFactory(service).createAuthorizationRequest(clientCredentials); authorizationRequest.setApproved(true); request = authorizationRequest.createOAuth2Request(); }
@Test public void testNoPreviouslyApprovedScopes() { AuthorizationRequest request = new AuthorizationRequest( "foo", new HashSet<>( Arrays.asList("cloud_controller.read", "cloud_controller.write") ) ); request.setApproved(false); // The request needs user approval for scopes. The user has also not // approved any scopes prior to this request. // Not approved. assertFalse(handler.isApproved(request, userAuthentication)); }
@Test public void testApproveWithModifiedApprovalParameters() { AuthorizationRequest authorizationRequest = getAuthorizationRequest( "foo", "http://anywhere.com", "state-1234", "read", Collections.singleton("code")); authorizationRequest.setApproved(false); model.put("authorizationRequest", authorizationRequest); model.put("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST", uaaAuthorizationEndpoint.unmodifiableMap(authorizationRequest)); Map<String, String> approvalParameters = new HashMap<>(); approvalParameters.put("user_oauth_approval", "true"); approvalParameters.put("scope.0", "foobar"); View view = uaaAuthorizationEndpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal); assertThat(view, instanceOf(RedirectView.class)); assertThat(((RedirectView)view).getUrl(), containsString("error=invalid_scope")); }
@Test public void testAuthzApprovedButNoPreviouslyApprovedScopes() { AuthorizationRequest request = new AuthorizationRequest( "foo", new HashSet<>( Arrays.asList("cloud_controller.read", "cloud_controller.write") ) ); request.setApproved(true); // The request needs user approval for scopes. The user has also not // approved any scopes prior to this request. // Not approved. assertFalse(handler.isApproved(request, userAuthentication)); }
@Test public void testNoScopeApproval() { AuthorizationRequest request = new AuthorizationRequest("testclient", Collections.<String>emptySet()); request.setApproved(true); // The request is approved but does not request any scopes. The user has // also not approved any scopes. Approved. assertTrue(handler.isApproved(request, userAuthentication)); }
authorizationRequest.setApproved(approved);
(Authentication) principal); boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal); authorizationRequest.setApproved(approved);
@Test public void testRequestedScopesDontMatchApprovalsAtAll() { AuthorizationRequest request = new AuthorizationRequest( "foo", new HashSet<>( Arrays.asList("openid") ) ); request.setApproved(false); long theFuture = System.currentTimeMillis() + (86400 * 7 * 1000); Date nextWeek = new Date(theFuture); approvalStore.addApproval(new Approval() .setUserId(userAuthentication.getId()) .setClientId("foo") .setScope("cloud_controller.read") .setExpiresAt(nextWeek) .setStatus(APPROVED), IdentityZoneHolder.get().getId()); approvalStore.addApproval(new Approval() .setUserId(userAuthentication.getId()) .setClientId("foo") .setScope("cloud_controller.write") .setExpiresAt(nextWeek) .setStatus(DENIED), IdentityZoneHolder.get().getId()); // The request is not approved because the user has not yet approved the // scopes requested assertFalse(handler.isApproved(request, userAuthentication)); }
@Test public void testNoRequestedScopesButSomeApprovedScopes() { AuthorizationRequest request = new AuthorizationRequest("foo", new HashSet<String>()); request.setApproved(false); long theFuture = System.currentTimeMillis() + (86400 * 7 * 1000); Date nextWeek = new Date(theFuture); approvalStore.addApproval(new Approval() .setUserId(userAuthentication.getId()) .setClientId("foo") .setScope("cloud_controller.read") .setExpiresAt(nextWeek) .setStatus(APPROVED), IdentityZoneHolder.get().getId()); approvalStore.addApproval(new Approval() .setUserId(userAuthentication.getId()) .setClientId("foo") .setScope("cloud_controller.write") .setExpiresAt(nextWeek) .setStatus(DENIED), IdentityZoneHolder.get().getId()); // The request is approved because the user has not requested any scopes assertTrue(handler.isApproved(request, userAuthentication)); assertEquals(0, request.getScope().size()); }
@Test public void testOnlySomeRequestedScopeMatchesApproval() { AuthorizationRequest request = new AuthorizationRequest( "foo", new HashSet<>( Arrays.asList("openid", "cloud_controller.read") ) ); request.setApproved(false); long theFuture = System.currentTimeMillis() + (86400 * 7 * 1000); Date nextWeek = new Date(theFuture); approvalStore.addApproval(new Approval() .setUserId(userAuthentication.getId()) .setClientId("foo") .setScope("cloud_controller.read") .setExpiresAt(nextWeek) .setStatus(APPROVED), IdentityZoneHolder.get().getId()); approvalStore.addApproval(new Approval() .setUserId(userAuthentication.getId()) .setClientId("foo") .setScope("cloud_controller.write") .setExpiresAt(nextWeek) .setStatus(DENIED), IdentityZoneHolder.get().getId()); // The request is not approved because the user has not yet approved all // the scopes requested assertFalse(handler.isApproved(request, userAuthentication)); }
request.setApproved(false);
new HashSet<>(Arrays.asList("openid")) ); request.setApproved(false); long theFuture = System.currentTimeMillis() + (86400 * 7 * 1000); Date nextWeek = new Date(theFuture);