protected TestProcess testDelete(String api) throws Exception { MockHttpServletRequestBuilder msrb = initDefaultSetting(delete(api)); return test(msrb); }
private ResultActions deleteZoneScope(IdentityZone zone, ScimGroup group) throws Exception { String removeS = String.format("zones.%s.", zone.getId()); String scope = group.getDisplayName().substring(removeS.length()); MockHttpServletRequestBuilder delete = delete("/Groups/zones/{userId}/{zoneId}/{scope}", scimUser.getId(), zone.getId(), scope) .accept(APPLICATION_JSON) .header("Authorization", "Bearer " + identityClientToken); return getMockMvc().perform(delete); }
@AfterEach void teardownClients() { for (ClientDetails clientDetail : clientDetails) { delete("/oauth/clients/" + clientDetail.getClientId()) .header("Authorization", "Bearer" + adminUserToken) .accept(APPLICATION_JSON); } }
public static void deleteClient(MockMvc mockMvc, String accessToken, String clientId, String zoneSubdomain) throws Exception { MockHttpServletRequestBuilder createClientDelete = delete("/oauth/clients/" + clientId) .header("Authorization", "Bearer " + accessToken) .accept(APPLICATION_JSON); if (!zoneSubdomain.equals(IdentityZone.getUaa())) { createClientDelete = createClientDelete.header(IdentityZoneSwitchingFilter.SUBDOMAIN_HEADER, zoneSubdomain); } mockMvc.perform(createClientDelete) .andExpect(status().is(not(500))); }
@Test void delete_zone_as_with_uaa_admin() throws Exception { for (String token : Arrays.asList(uaaAdminClientToken, uaaAdminUserToken)) { IdentityZone zone = createZoneUsingToken(token); mockMvc.perform( delete("/identity-zones/{id}", zone.getId()) .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON)) .andExpect(status().isOk()); } }
@Test void test_delete_with_invalid_id_returns_404() throws Exception { String accessToken = setUpAccessToken(); mockMvc.perform( delete("/identity-providers/invalid-id") .header("Authorization", "Bearer" + accessToken) ).andExpect(status().isNotFound()); }
@Test public void deleteWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations( this.xml("AutoConfig") ).autowire(); this.mvc.perform(delete("/csrf")) .andExpect(status().isForbidden()) .andExpect(csrfCreated()); }
@Test public void testDeleteExternalGroupMapUsingNonExistentId() throws Exception { String externalGroup = "cn=developers,ou=scopes,dc=test,dc=com"; String groupId = "non-existent"; MockHttpServletRequestBuilder post = MockMvcRequestBuilders.delete("/Groups/External/groupId/" + groupId + "/externalGroup/" + externalGroup + "/origin/ldap") .header("Authorization", "Bearer " + scimWriteToken) .accept(APPLICATION_JSON); ResultActions result = getMockMvc().perform(post); result.andExpect(status().isNotFound()); }
@Test public void deleteWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations( this.xml("CsrfEnabled") ).autowire(); this.mvc.perform(delete("/csrf")) .andExpect(status().isForbidden()) .andExpect(csrfCreated()); }
@Test void testDeleteMfaUserCredentialsNotAuthorized() throws Exception { ScimUser user = createUser(uaaAdminToken); MockHttpServletRequestBuilder delete = delete("/Users/" + user.getId() + "/mfa") .header("Authorization", "Bearer " + scimCreateToken) .contentType(APPLICATION_JSON); mockMvc.perform(delete) .andExpect(status().isForbidden()); }
@Test public void testNonExistentMfaProviderDelete() throws Exception { mockMvc.perform(delete("/mfa-providers/invalid") .header("Authorization", "Bearer " + adminToken)) .andExpect(status().isNotFound()) .andReturn(); assertEquals(0, eventListener.getEventCount()); }
@Test public void testDeleteForbiddenForNonAdmin() throws Exception { mockMvc.perform(delete("/mfa-providers/invalid") .header("Authorization", "Bearer " + nonAdminToken)) .andExpect(status().isForbidden()) .andReturn(); assertEquals(0, eventListener.getEventCount()); }
@Test public void testDeleteExternalGroupMapUsingReadToken() throws Exception { String displayName = "internal.read"; String externalGroup = "cn=developers,ou=scopes,dc=test,dc=com"; String groupId = getGroupId(displayName); MockHttpServletRequestBuilder post = MockMvcRequestBuilders.delete("/Groups/External/id/" + groupId + "/" + externalGroup + "/origin/ldap") .header("Authorization", "Bearer " + scimReadToken) .accept(APPLICATION_JSON); ResultActions result = getMockMvc().perform(post); result.andExpect(status().isForbidden()); checkGetExternalGroups(); }
@Test public void delete_user_not_member_of_group() throws Exception { String groupId = getGroupId("acme"); getMockMvc().perform(delete("/Groups/" + groupId + "/members/" + scimUser.getId()) .header("Authorization", "Bearer " + scimWriteToken) .header("Content-Type", APPLICATION_JSON_VALUE)) .andExpect(status().isNotFound()); }
@Test void check_token_delete() throws Exception { check_token(MockMvcRequestBuilders.delete("/check_token"),status().isMethodNotAllowed()) .andExpect(jsonPath("$.error").value("method_not_allowed")) .andExpect(jsonPath("$.error_description").value(HtmlUtils.htmlEscape("Request method 'DELETE' not supported", "ISO-8859-1"))); }
@Test void token_endpoint_delete() throws Exception { try_token_with_non_post(delete("/oauth/token"), status().isMethodNotAllowed()) .andExpect(jsonPath("$.error").value("method_not_allowed")) .andExpect(jsonPath("$.error_description").value(HtmlUtils.htmlEscape("Request method 'DELETE' not supported", "ISO-8859-1"))); }
@Test void revokeOpaqueTokenWithOpaqueToken() throws Exception { ScimUser scimUser = setUpUser("testUser" + generator.generate()); String opaqueUserToken = testClient.getUserOAuthAccessToken("app", "appclientsecret", scimUser.getUserName(), "secret", null); mockMvc.perform(delete("/oauth/token/revoke/" + opaqueUserToken) .header("Authorization", "Bearer " + opaqueUserToken)) .andExpect(status().isOk()); try { revocableTokenProvisioning.retrieve(opaqueUserToken, IdentityZoneHolder.get().getId()); } catch (EmptyResultDataAccessException e) { } }
@Test public void delete_member_from_group() throws Exception { ScimUser user = createUserAndAddToGroups(IdentityZone.getUaa(), Collections.singleton("scim.read")); String groupId = getGroupId("scim.read"); String deleteResponseBody = getMockMvc().perform(delete("/Groups/" + groupId + "/members/" + user.getId()) .header("Authorization", "Bearer " + scimWriteToken) .header("Content-Type", APPLICATION_JSON_VALUE)) .andExpect(status().isOk()).andReturn().getResponse().getContentAsString(); ScimGroupMember deletedMember = JsonUtils.readValue(deleteResponseBody, ScimGroupMember.class); assertEquals(user.getId(), deletedMember.getMemberId()); }
@Test void userEndpointDeleteNotAllowed_For_Origin_LDAP() throws Exception { MockMvcUtils.setDisableInternalUserManagement(false, webApplicationContext); ResultActions result = createUser(OriginKeys.LDAP); ScimUser createdUser = JsonUtils.readValue(result.andReturn().getResponse().getContentAsString(), ScimUser.class); MockMvcUtils.setDisableInternalUserManagement(true, webApplicationContext); mockMvc.perform(delete("/Users/" + createdUser.getId()) .header("Authorization", "Bearer " + token)) .andExpect(status().isOk()); }
@After public void tearDown() throws Exception { getMockMvc().perform( delete("/identity-zones/{id}", zone.getZone().getIdentityZone().getId()) .header("Authorization", "Bearer " + zone.getDefaultZoneAdminToken()) .accept(APPLICATION_JSON)) .andExpect(status().isOk()); MockMvcUtils.removeEventListener(getWebApplicationContext(), listener); }