Exemplo n.º 1
0
  @Test
  public void shouldReadResourceSet() throws Exception {

    // Given
    ServerContext context = mock(ServerContext.class);
    ReadRequest request = mock(ReadRequest.class);
    given(request.getFields()).willReturn(Arrays.asList(new JsonPointer("/fred")));
    ResultHandler<Resource> handler = mock(ResultHandler.class);
    ResourceSetDescription resourceSet = new ResourceSetDescription();
    resourceSet.setDescription(json(object()));
    Promise<ResourceSetDescription, ResourceException> resourceSetPromise =
        Promises.newSuccessfulPromise(resourceSet);

    given(contextHelper.getRealm(context)).willReturn("REALM");
    given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
    given(
            resourceSetService.getResourceSet(
                context, "REALM", "RESOURCE_SET_ID", "RESOURCE_OWNER_ID", false))
        .willReturn(resourceSetPromise);

    // When
    resource.readInstance(context, "RESOURCE_SET_ID", request, handler);

    // Then
    verify(handler).handleResult(Matchers.<Resource>anyObject());
  }
Exemplo n.º 2
0
  @Test
  public void nameQueryShouldBeSupported() throws Exception {

    // Given
    ServerContext context = mock(ServerContext.class);
    QueryRequest request = mock(QueryRequest.class);
    given(request.getFields()).willReturn(Arrays.asList(new JsonPointer("/fred")));
    QueryResultHandler handler = mock(QueryResultHandler.class);
    ResourceSetDescription resourceSet = mock(ResourceSetDescription.class);
    QueryFilter queryFilter =
        QueryFilter.and(
            QueryFilter.equalTo("/name", "NAME"),
            QueryFilter.equalTo("/resourceServer", "myclient"),
            QueryFilter.equalTo("/policy/permissions/subject", "SUBJECT"));
    Promise<Collection<ResourceSetDescription>, ResourceException> resourceSetsPromise =
        Promises.newSuccessfulPromise((Collection<ResourceSetDescription>) asSet(resourceSet));

    given(contextHelper.getRealm(context)).willReturn("REALM");
    given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
    given(request.getQueryFilter()).willReturn(queryFilter);
    given(
            resourceSetService.getResourceSets(
                eq(context),
                eq("REALM"),
                Matchers.<ResourceSetWithPolicyQuery>anyObject(),
                eq("RESOURCE_OWNER_ID"),
                eq(false)))
        .willReturn(resourceSetsPromise);

    // When
    resource.queryCollection(context, request, handler);

    // Then
    ArgumentCaptor<ResourceSetWithPolicyQuery> queryCaptor =
        ArgumentCaptor.forClass(ResourceSetWithPolicyQuery.class);
    verify(resourceSetService)
        .getResourceSets(
            eq(context), eq("REALM"), queryCaptor.capture(), eq("RESOURCE_OWNER_ID"), eq(false));
    assertThat(queryCaptor.getValue().getOperator()).isEqualTo(AggregateQuery.Operator.AND);
    assertThat(queryCaptor.getValue().getPolicyQuery())
        .isEqualTo(QueryFilter.equalTo("/permissions/subject", "SUBJECT"));
    assertThat(queryCaptor.getValue().getResourceSetQuery())
        .isEqualTo(
            org.forgerock.util.query.QueryFilter.and(
                org.forgerock.util.query.QueryFilter.equalTo("name", "NAME"),
                org.forgerock.util.query.QueryFilter.equalTo("clientId", "myclient")));
    verify(handler).handleResult(any(QueryResult.class));
  }
Exemplo n.º 3
0
  @Test
  public void revokeAllUserPoliciesActionShouldHandleResourceException() {

    // Given
    ServerContext context = mock(ServerContext.class);
    ActionRequest request = mock(ActionRequest.class);
    ResultHandler<JsonValue> handler = mock(ResultHandler.class);

    given(contextHelper.getRealm(context)).willReturn("REALM");
    given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
    given(request.getAction()).willReturn("revokeAll");
    given(resourceSetService.revokeAllPolicies(context, "REALM", "RESOURCE_OWNER_ID"))
        .willReturn(Promises.<Void, ResourceException>newFailedPromise(new NotFoundException()));

    // When
    resource.actionCollection(context, request, handler);

    // Then
    verify(handler).handleError(Matchers.<ResourceException>anyObject());
    verify(handler, never()).handleResult(Matchers.<JsonValue>anyObject());
  }
  /**
   * Allows users to revoke an OAuth2 application. This will remove their consent and revoke any
   * access and refresh tokens with a matching client id.
   *
   * @param context The request context.
   * @param resourceId The id of the OAuth2 client.
   * @return A promise of the removed application.
   */
  @Delete
  public Promise<ResourceResponse, ResourceException> deleteInstance(
      Context context, String resourceId) {
    String userId = contextHelper.getUserId(context);
    String realm = contextHelper.getRealm(context);

    debug.message("Revoking access to OAuth2 client {} for user {}", resourceId, userId);

    try {
      oAuth2ProviderSettingsFactory.get(context).revokeConsent(userId, resourceId);

      QueryFilter<CoreTokenField> queryFilter =
          and(getQueryFilter(userId, realm), equalTo(CLIENT_ID.getField(), resourceId));

      JsonValue tokens = tokenStore.query(queryFilter);

      if (tokens.asCollection().isEmpty()) {
        return new org.forgerock.json.resource.NotFoundException().asPromise();
      }

      for (JsonValue token : tokens) {
        String tokenId = getAttributeValue(token, ID.getOAuthField());
        debug.message(
            "Removing OAuth2 token {} with client {} for user {}", tokenId, resourceId, userId);
        tokenStore.delete(tokenId);
      }

      return getResourceResponse(context, resourceId, tokens).asPromise();
    } catch (CoreTokenException | InvalidClientException | NotFoundException | ServerException e) {
      debug.message(
          "Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
      return new InternalServerErrorException(e).asPromise();
    } catch (InternalServerErrorException e) {
      debug.message(
          "Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
      return e.asPromise();
    }
  }
  /**
   * Allows users to query OAuth2 applications that they have given their consent access to and that
   * have active access and/or refresh tokens.
   *
   * <p>Applications consist of an id, a name (the client id), a set of scopes and an expiry time.
   * The scopes field is the union of the scopes of the individual access/refresh tokens. The expiry
   * time is the time when the last access/refresh token will expire, or null if the server is
   * configured to allow tokens to be refreshed indefinitely.
   *
   * @param context The request context.
   * @param queryHandler The query handler.
   * @param request Unused but necessary for used of the {@link @Query} annotation.
   * @return A promise of a query response.
   */
  @Query
  public Promise<QueryResponse, ResourceException> query(
      Context context, QueryResourceHandler queryHandler, QueryRequest request) {
    String userId = contextHelper.getUserId(context);
    String realm = contextHelper.getRealm(context);

    try {
      QueryFilter<CoreTokenField> queryFilter = getQueryFilter(userId, realm);

      JsonValue tokens = tokenStore.query(queryFilter);

      Map<String, Set<JsonValue>> applicationTokensMap = new HashMap<>();

      for (JsonValue token : tokens) {
        String clientId = getAttributeValue(token, CLIENT_ID.getOAuthField());
        Set<JsonValue> applicationTokens = applicationTokensMap.get(clientId);
        if (applicationTokens == null) {
          applicationTokens = new HashSet<>();
          applicationTokensMap.put(clientId, applicationTokens);
        }
        applicationTokens.add(token);
      }

      for (Map.Entry<String, Set<JsonValue>> applicationTokens : applicationTokensMap.entrySet()) {
        ResourceResponse resource =
            getResourceResponse(context, applicationTokens.getKey(), applicationTokens.getValue());
        queryHandler.handleResource(resource);
      }

      return Promises.newResultPromise(Responses.newQueryResponse());
    } catch (CoreTokenException | ServerException | InvalidClientException | NotFoundException e) {
      debug.message("Failed to query OAuth2 clients for user {}", userId, e);
      return new InternalServerErrorException(e).asPromise();
    } catch (InternalServerErrorException e) {
      debug.message("Failed to query OAuth2 clients for user {}", userId, e);
      return e.asPromise();
    }
  }
Exemplo n.º 6
0
  @Test
  public void shouldRevokeAllUserPolicies() {

    // Given
    ServerContext context = mock(ServerContext.class);
    ActionRequest request = mock(ActionRequest.class);
    ResultHandler<JsonValue> handler = mock(ResultHandler.class);

    given(contextHelper.getRealm(context)).willReturn("REALM");
    given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
    given(request.getAction()).willReturn("revokeAll");
    given(resourceSetService.revokeAllPolicies(context, "REALM", "RESOURCE_OWNER_ID"))
        .willReturn(Promises.<Void, ResourceException>newSuccessfulPromise(null));

    // When
    resource.actionCollection(context, request, handler);

    // Then
    ArgumentCaptor<JsonValue> jsonCaptor = ArgumentCaptor.forClass(JsonValue.class);
    verify(handler).handleResult(jsonCaptor.capture());
    verify(handler, never()).handleError(Matchers.<ResourceException>anyObject());
    assertThat(jsonCaptor.getValue().asMap()).isEmpty();
  }