@Test
public void shouldReadResourceSet() throws Exception {
// Given
ServerContext context = mock(ServerContext.class);
ReadRequest request = mock(ReadRequest.class);
given(request.getFields()).willReturn(Arrays.asList(new JsonPointer("/fred")));
ResultHandler<Resource> handler = mock(ResultHandler.class);
ResourceSetDescription resourceSet = new ResourceSetDescription();
resourceSet.setDescription(json(object()));
Promise<ResourceSetDescription, ResourceException> resourceSetPromise =
Promises.newSuccessfulPromise(resourceSet);
given(contextHelper.getRealm(context)).willReturn("REALM");
given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
given(
resourceSetService.getResourceSet(
context, "REALM", "RESOURCE_SET_ID", "RESOURCE_OWNER_ID", false))
.willReturn(resourceSetPromise);
// When
resource.readInstance(context, "RESOURCE_SET_ID", request, handler);
// Then
verify(handler).handleResult(Matchers.<Resource>anyObject());
}
@Test
public void nameQueryShouldBeSupported() throws Exception {
// Given
ServerContext context = mock(ServerContext.class);
QueryRequest request = mock(QueryRequest.class);
given(request.getFields()).willReturn(Arrays.asList(new JsonPointer("/fred")));
QueryResultHandler handler = mock(QueryResultHandler.class);
ResourceSetDescription resourceSet = mock(ResourceSetDescription.class);
QueryFilter queryFilter =
QueryFilter.and(
QueryFilter.equalTo("/name", "NAME"),
QueryFilter.equalTo("/resourceServer", "myclient"),
QueryFilter.equalTo("/policy/permissions/subject", "SUBJECT"));
Promise<Collection<ResourceSetDescription>, ResourceException> resourceSetsPromise =
Promises.newSuccessfulPromise((Collection<ResourceSetDescription>) asSet(resourceSet));
given(contextHelper.getRealm(context)).willReturn("REALM");
given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
given(request.getQueryFilter()).willReturn(queryFilter);
given(
resourceSetService.getResourceSets(
eq(context),
eq("REALM"),
Matchers.<ResourceSetWithPolicyQuery>anyObject(),
eq("RESOURCE_OWNER_ID"),
eq(false)))
.willReturn(resourceSetsPromise);
// When
resource.queryCollection(context, request, handler);
// Then
ArgumentCaptor<ResourceSetWithPolicyQuery> queryCaptor =
ArgumentCaptor.forClass(ResourceSetWithPolicyQuery.class);
verify(resourceSetService)
.getResourceSets(
eq(context), eq("REALM"), queryCaptor.capture(), eq("RESOURCE_OWNER_ID"), eq(false));
assertThat(queryCaptor.getValue().getOperator()).isEqualTo(AggregateQuery.Operator.AND);
assertThat(queryCaptor.getValue().getPolicyQuery())
.isEqualTo(QueryFilter.equalTo("/permissions/subject", "SUBJECT"));
assertThat(queryCaptor.getValue().getResourceSetQuery())
.isEqualTo(
org.forgerock.util.query.QueryFilter.and(
org.forgerock.util.query.QueryFilter.equalTo("name", "NAME"),
org.forgerock.util.query.QueryFilter.equalTo("clientId", "myclient")));
verify(handler).handleResult(any(QueryResult.class));
}
@Test
public void revokeAllUserPoliciesActionShouldHandleResourceException() {
// Given
ServerContext context = mock(ServerContext.class);
ActionRequest request = mock(ActionRequest.class);
ResultHandler<JsonValue> handler = mock(ResultHandler.class);
given(contextHelper.getRealm(context)).willReturn("REALM");
given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
given(request.getAction()).willReturn("revokeAll");
given(resourceSetService.revokeAllPolicies(context, "REALM", "RESOURCE_OWNER_ID"))
.willReturn(Promises.<Void, ResourceException>newFailedPromise(new NotFoundException()));
// When
resource.actionCollection(context, request, handler);
// Then
verify(handler).handleError(Matchers.<ResourceException>anyObject());
verify(handler, never()).handleResult(Matchers.<JsonValue>anyObject());
}
/**
* Allows users to revoke an OAuth2 application. This will remove their consent and revoke any
* access and refresh tokens with a matching client id.
*
* @param context The request context.
* @param resourceId The id of the OAuth2 client.
* @return A promise of the removed application.
*/
@Delete
public Promise<ResourceResponse, ResourceException> deleteInstance(
Context context, String resourceId) {
String userId = contextHelper.getUserId(context);
String realm = contextHelper.getRealm(context);
debug.message("Revoking access to OAuth2 client {} for user {}", resourceId, userId);
try {
oAuth2ProviderSettingsFactory.get(context).revokeConsent(userId, resourceId);
QueryFilter<CoreTokenField> queryFilter =
and(getQueryFilter(userId, realm), equalTo(CLIENT_ID.getField(), resourceId));
JsonValue tokens = tokenStore.query(queryFilter);
if (tokens.asCollection().isEmpty()) {
return new org.forgerock.json.resource.NotFoundException().asPromise();
}
for (JsonValue token : tokens) {
String tokenId = getAttributeValue(token, ID.getOAuthField());
debug.message(
"Removing OAuth2 token {} with client {} for user {}", tokenId, resourceId, userId);
tokenStore.delete(tokenId);
}
return getResourceResponse(context, resourceId, tokens).asPromise();
} catch (CoreTokenException | InvalidClientException | NotFoundException | ServerException e) {
debug.message(
"Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
return new InternalServerErrorException(e).asPromise();
} catch (InternalServerErrorException e) {
debug.message(
"Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e);
return e.asPromise();
}
}
/**
* Allows users to query OAuth2 applications that they have given their consent access to and that
* have active access and/or refresh tokens.
*
* <p>Applications consist of an id, a name (the client id), a set of scopes and an expiry time.
* The scopes field is the union of the scopes of the individual access/refresh tokens. The expiry
* time is the time when the last access/refresh token will expire, or null if the server is
* configured to allow tokens to be refreshed indefinitely.
*
* @param context The request context.
* @param queryHandler The query handler.
* @param request Unused but necessary for used of the {@link @Query} annotation.
* @return A promise of a query response.
*/
@Query
public Promise<QueryResponse, ResourceException> query(
Context context, QueryResourceHandler queryHandler, QueryRequest request) {
String userId = contextHelper.getUserId(context);
String realm = contextHelper.getRealm(context);
try {
QueryFilter<CoreTokenField> queryFilter = getQueryFilter(userId, realm);
JsonValue tokens = tokenStore.query(queryFilter);
Map<String, Set<JsonValue>> applicationTokensMap = new HashMap<>();
for (JsonValue token : tokens) {
String clientId = getAttributeValue(token, CLIENT_ID.getOAuthField());
Set<JsonValue> applicationTokens = applicationTokensMap.get(clientId);
if (applicationTokens == null) {
applicationTokens = new HashSet<>();
applicationTokensMap.put(clientId, applicationTokens);
}
applicationTokens.add(token);
}
for (Map.Entry<String, Set<JsonValue>> applicationTokens : applicationTokensMap.entrySet()) {
ResourceResponse resource =
getResourceResponse(context, applicationTokens.getKey(), applicationTokens.getValue());
queryHandler.handleResource(resource);
}
return Promises.newResultPromise(Responses.newQueryResponse());
} catch (CoreTokenException | ServerException | InvalidClientException | NotFoundException e) {
debug.message("Failed to query OAuth2 clients for user {}", userId, e);
return new InternalServerErrorException(e).asPromise();
} catch (InternalServerErrorException e) {
debug.message("Failed to query OAuth2 clients for user {}", userId, e);
return e.asPromise();
}
}
@Test
public void shouldRevokeAllUserPolicies() {
// Given
ServerContext context = mock(ServerContext.class);
ActionRequest request = mock(ActionRequest.class);
ResultHandler<JsonValue> handler = mock(ResultHandler.class);
given(contextHelper.getRealm(context)).willReturn("REALM");
given(contextHelper.getUserId(context)).willReturn("RESOURCE_OWNER_ID");
given(request.getAction()).willReturn("revokeAll");
given(resourceSetService.revokeAllPolicies(context, "REALM", "RESOURCE_OWNER_ID"))
.willReturn(Promises.<Void, ResourceException>newSuccessfulPromise(null));
// When
resource.actionCollection(context, request, handler);
// Then
ArgumentCaptor<JsonValue> jsonCaptor = ArgumentCaptor.forClass(JsonValue.class);
verify(handler).handleResult(jsonCaptor.capture());
verify(handler, never()).handleError(Matchers.<ResourceException>anyObject());
assertThat(jsonCaptor.getValue().asMap()).isEmpty();
}