@Test public void allowedIdpsforClientOIDCProvider() throws Exception { // mock session and saved request MockHttpServletRequest request = getMockHttpServletRequest(); List<String> allowedProviders = Arrays.asList("my-OIDC-idp1", "my-OIDC-idp2", OriginKeys.LDAP); // mock Client service BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); ClientServicesExtension clientDetailsService = mock(ClientServicesExtension.class); when(clientDetailsService.loadClientByClientId("client-id", "uaa")).thenReturn(clientDetails); List<IdentityProvider> clientAllowedIdps = new LinkedList<>(); clientAllowedIdps.add(createOIDCIdentityProvider("my-OIDC-idp1")); clientAllowedIdps.add(createOIDCIdentityProvider("my-OIDC-idp2")); clientAllowedIdps.add(createOIDCIdentityProvider("my-OIDC-idp3")); when(identityProviderProvisioning.retrieveAll(eq(true), anyString())).thenReturn(clientAllowedIdps); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setClientDetailsService(clientDetailsService); endpoint.loginForHtml(model, null, request, Collections.singletonList(MediaType.TEXT_HTML)); Map<String, AbstractXOAuthIdentityProviderDefinition> idpDefinitions = (Map<String, AbstractXOAuthIdentityProviderDefinition>) model.asMap().get(OAUTH_LINKS); assertEquals(2, idpDefinitions.size()); }
@Test public void no_self_service_links_if_internal_user_management_disabled() throws Exception { UaaIdentityProviderDefinition uaaIdentityProviderDefinition = new UaaIdentityProviderDefinition(); uaaIdentityProviderDefinition.setDisableInternalUserManagement(true); uaaProvider.setConfig(uaaIdentityProviderDefinition); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl())); Map<String, Object> links = (Map<String, Object>) model.asMap().get("links"); assertNotNull(links); assertNull(links.get("register")); assertNull(links.get("passwd")); assertNull(links.get("createAccountLink")); assertNull(links.get("forgotPasswordLink")); assertNull(model.asMap().get("createAccountLink")); assertNull(model.asMap().get("forgotPasswordLink")); }
@Test public void testFilterIdpsWithNoSavedRequest() throws Exception { // mock SamlIdentityProviderConfigurator when(mockIDPConfigurator.getIdentityProviderDefinitions((List<String>) isNull(), eq(IdentityZone.getUaa()))).thenReturn(idps); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.loginForHtml(model, null, new MockHttpServletRequest(), Collections.singletonList(MediaType.TEXT_HTML)); Collection<SamlIdentityProviderDefinition> idpDefinitions = (Collection<SamlIdentityProviderDefinition>) model.asMap().get("idpDefinitions"); assertEquals(2, idpDefinitions.size()); Iterator<SamlIdentityProviderDefinition> iterator = idpDefinitions.iterator(); SamlIdentityProviderDefinition clientIdp = iterator.next(); assertEquals("awesome-idp", clientIdp.getIdpEntityAlias()); assertEquals(true, clientIdp.isShowSamlLink()); clientIdp = iterator.next(); assertEquals("my-client-awesome-idp", clientIdp.getIdpEntityAlias()); assertEquals(true, clientIdp.isShowSamlLink()); assertEquals(true, model.asMap().get("fieldUsernameShow")); assertEquals(true, model.asMap().get("linkCreateAccountShow")); }
@Test public void no_ui_links_for_json() throws Exception { LoginInfoEndpoint endpoint = getEndpoint(); endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl())); Map<String, Object> links = (Map<String, Object>) model.asMap().get("links"); assertNotNull(links); assertNull(links.get("linkCreateAccountShow")); assertNull(links.get("fieldUsernameShow")); assertNull(links.get("forgotPasswordLink")); assertNull(links.get("createAccountLink")); assertEquals("http://someurl", links.get("login")); assertEquals("http://someurl", links.get("uaa")); assertEquals("/create_account", links.get("register")); assertEquals("/forgot_password", links.get("passwd")); }
@Test public void testFilterIDPsForAuthcodeClientInOtherZone() throws Exception { // mock session and saved request MockHttpServletRequest request = getMockHttpServletRequest(); IdentityZone zone = MultitenancyFixture.identityZone("other-zone", "other-zone"); IdentityZoneHolder.set(zone); List<String> allowedProviders = Arrays.asList("my-client-awesome-idp1", "my-client-awesome-idp2"); // mock Client service BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); ClientServicesExtension clientDetailsService = mock(ClientServicesExtension.class); when(clientDetailsService.loadClientByClientId("client-id", "other-zone")).thenReturn(clientDetails); // mock SamlIdentityProviderConfigurator List<SamlIdentityProviderDefinition> clientIDPs = new LinkedList<>(); clientIDPs.add(createIdentityProviderDefinition("my-client-awesome-idp1", "uaa")); clientIDPs.add(createIdentityProviderDefinition("my-client-awesome-idp2", "uaa")); SamlIdentityProviderConfigurator mockIDPConfigurator = mock(SamlIdentityProviderConfigurator.class); when(mockIDPConfigurator.getIdentityProviderDefinitions(eq(allowedProviders), eq(zone))).thenReturn(clientIDPs); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setClientDetailsService(clientDetailsService); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.loginForHtml(model, null, request, Collections.singletonList(MediaType.TEXT_HTML)); Collection<SamlIdentityProviderDefinition> idpDefinitions = (Collection<SamlIdentityProviderDefinition>) model.asMap().get("idpDefinitions"); assertEquals(2, idpDefinitions.size()); assertThat(idpDefinitions, PredicateMatcher.<SamlIdentityProviderDefinition>has(c -> c.getIdpEntityAlias().equals("my-client-awesome-idp1"))); assertThat(idpDefinitions, PredicateMatcher.<SamlIdentityProviderDefinition>has(c -> c.isShowSamlLink())); assertEquals(false, model.asMap().get("fieldUsernameShow")); assertEquals(false, model.asMap().get("linkCreateAccountShow")); }
@Test public void testLoginReturnsSystemZone() throws Exception { LoginInfoEndpoint endpoint = getEndpoint(); assertFalse(model.containsAttribute("zone_name")); endpoint.loginForHtml(model, null, new MockHttpServletRequest(), Collections.singletonList(MediaType.TEXT_HTML)); assertEquals(OriginKeys.UAA, model.asMap().get("zone_name")); }
@Test public void testFilterIDPsForAuthcodeClientInDefaultZone() throws Exception { // mock session and saved request MockHttpServletRequest request = getMockHttpServletRequest(); List<String> allowedProviders = Arrays.asList("my-client-awesome-idp1", "my-client-awesome-idp2", OriginKeys.LDAP); // mock Client service BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); ClientServicesExtension clientDetailsService = mock(ClientServicesExtension.class); when(clientDetailsService.loadClientByClientId("client-id", "uaa")).thenReturn(clientDetails); // mock SamlIdentityProviderConfigurator List<SamlIdentityProviderDefinition> clientIDPs = new LinkedList<>(); clientIDPs.add(createIdentityProviderDefinition("my-client-awesome-idp1", "uaa")); clientIDPs.add(createIdentityProviderDefinition("my-client-awesome-idp2", "uaa")); when(mockIDPConfigurator.getIdentityProviderDefinitions(eq(allowedProviders), eq(IdentityZone.getUaa()))).thenReturn(clientIDPs); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setClientDetailsService(clientDetailsService); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.loginForHtml(model, null, request, Collections.singletonList(MediaType.TEXT_HTML)); Collection<SamlIdentityProviderDefinition> idpDefinitions = (Collection<SamlIdentityProviderDefinition>) model.asMap().get("idpDefinitions"); assertEquals(2, idpDefinitions.size()); assertThat(idpDefinitions, PredicateMatcher.<SamlIdentityProviderDefinition>has(c -> c.getIdpEntityAlias().equals("my-client-awesome-idp1"))); assertThat(idpDefinitions, PredicateMatcher.<SamlIdentityProviderDefinition>has(c -> c.isShowSamlLink())); assertEquals(true, model.asMap().get("fieldUsernameShow")); assertEquals(false, model.asMap().get("linkCreateAccountShow")); }
public String check_links_urls(IdentityZone zone) throws Exception { IdentityZoneHolder.set(zone); LoginInfoEndpoint endpoint = getEndpoint(); String baseUrl = "http://uaa.domain.com"; endpoint.setBaseUrl(baseUrl); endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl())); assertEquals(addSubdomainToUrl(baseUrl), ((Map<String, String>) model.asMap().get("links")).get("uaa")); assertEquals(addSubdomainToUrl(baseUrl.replace("uaa", "login")), ((Map<String, String>) model.asMap().get("links")).get("login")); String loginBaseUrl = "http://external-login.domain.com"; endpoint.setExternalLoginUrl(loginBaseUrl); endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl())); assertEquals(addSubdomainToUrl(baseUrl), ((Map<String, String>) model.asMap().get("links")).get("uaa")); assertEquals(loginBaseUrl, ((Map<String, String>) model.asMap().get("links")).get("login")); when(mockIDPConfigurator.getIdentityProviderDefinitions((List<String>) isNull(), eq(zone))).thenReturn(idps); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl())); Map mapPrompts = (Map) model.get("prompts"); assertNotNull(mapPrompts.get("passcode")); assertEquals("Temporary Authentication Code ( Get one at "+addSubdomainToUrl(HTTP_LOCALHOST_8080_UAA) + "/passcode )", ((String[])mapPrompts.get("passcode"))[1]); return baseUrl; }
@Test public void testFilterIdpsForDefaultZone() throws Exception { // mock session and saved request MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); when(savedRequest.getRedirectUrl()).thenReturn("http://localhost:8080/uaa"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); // mock SamlIdentityProviderConfigurator when(mockIDPConfigurator.getIdentityProviderDefinitions((List<String>) isNull(), eq(IdentityZone.getUaa()))).thenReturn(idps); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.loginForHtml(model, null, request, Collections.singletonList(MediaType.TEXT_HTML)); Collection<SamlIdentityProviderDefinition> idpDefinitions = (Collection<SamlIdentityProviderDefinition>) model.asMap().get("idpDefinitions"); assertEquals(2, idpDefinitions.size()); Iterator<SamlIdentityProviderDefinition> iterator = idpDefinitions.iterator(); SamlIdentityProviderDefinition clientIdp = iterator.next(); assertEquals("awesome-idp", clientIdp.getIdpEntityAlias()); assertEquals(true, clientIdp.isShowSamlLink()); clientIdp = iterator.next(); assertEquals("my-client-awesome-idp", clientIdp.getIdpEntityAlias()); assertEquals(true, clientIdp.isShowSamlLink()); assertEquals(true, model.asMap().get("fieldUsernameShow")); assertEquals(true, model.asMap().get("linkCreateAccountShow")); }
@Test public void saml_links_for_json() throws Exception { LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setIdpDefinitions(mockIDPConfigurator); when(mockIDPConfigurator.getIdentityProviderDefinitions(any(), any())).thenReturn(idps); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl())); Map<String, Object> links = (Map<String, Object>) model.asMap().get("links"); assertEquals("http://someurl", links.get("login")); assertTrue(model.get(LoginInfoEndpoint.IDP_DEFINITIONS) instanceof Map); Map<String,String> idpDefinitions = (Map<String,String>)model.get(LoginInfoEndpoint.IDP_DEFINITIONS); for (SamlIdentityProviderDefinition def : idps) { assertEquals( "http://someurl/saml/discovery?returnIDParam=idp&entityID=" + endpoint.getZonifiedEntityId() + "&idp="+def.getIdpEntityAlias()+"&isPassive=true", idpDefinitions.get(def.getIdpEntityAlias()) ); } }
@Test public void saml_links_for_html() throws Exception { LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.loginForHtml(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl()), null); Map<String, Object> links = (Map<String, Object>) model.asMap().get("links"); assertNotNull(links); assertEquals("http://someurl", links.get("login")); assertTrue(model.get(LoginInfoEndpoint.IDP_DEFINITIONS) instanceof Collection); }
@Test public void testLoginReturnsOtherZone() throws Exception { IdentityZone zone = new IdentityZone(); zone.setName("some_other_zone"); zone.setId("other-zone-id"); zone.setSubdomain(zone.getName()); IdentityZoneHolder.set(zone); LoginInfoEndpoint endpoint = getEndpoint(); assertFalse(model.containsAttribute("zone_name")); endpoint.loginForHtml(model, null, new MockHttpServletRequest(), Collections.singletonList(MediaType.TEXT_HTML)); assertEquals("some_other_zone", model.asMap().get("zone_name")); }
@Test public void no_self_service_links_if_self_service_disabled() throws Exception { IdentityZone zone = MultitenancyFixture.identityZone("zone","zone"); zone.setConfig(new IdentityZoneConfiguration()); zone.getConfig().getLinks().getSelfService().setSelfServiceLinksEnabled(false); IdentityZoneHolder.set(zone); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl())); Map<String, Object> links = (Map<String, Object>) model.asMap().get("links"); assertNotNull(links); assertNull(links.get("register")); assertNull(links.get("passwd")); }