From 2955cc087b66a27225542d53e6a098428039904f Mon Sep 17 00:00:00 2001
From: Okke Harsta <oharsta@zilverline.com>
Date: Mon, 28 Oct 2024 10:42:35 +0100
Subject: [PATCH] Feature toggle for device flow

---
 .../DeviceAuthorizationEndpoint.java          |  2 +
 src/main/resources/application.yml            |  3 +-
 ...viceAuthorizationEndpointDisabledTest.java | 57 +++++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/oidc/endpoints/DeviceAuthorizationEndpointDisabledTest.java

diff --git a/src/main/java/oidc/endpoints/DeviceAuthorizationEndpoint.java b/src/main/java/oidc/endpoints/DeviceAuthorizationEndpoint.java
index 32244c25..a1993c45 100644
--- a/src/main/java/oidc/endpoints/DeviceAuthorizationEndpoint.java
+++ b/src/main/java/oidc/endpoints/DeviceAuthorizationEndpoint.java
@@ -17,6 +17,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.context.i18n.LocaleContextHolder;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -45,6 +46,7 @@
 import static oidc.endpoints.AuthorizationEndpoint.validateScopes;
 
 @RestController
+@ConditionalOnExpression("${features.oidcng_device_flow:false}")
 public class DeviceAuthorizationEndpoint implements OidcEndpoint{
 
     private static final Log LOG = LogFactory.getLog(DeviceAuthorizationEndpoint.class);
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index fad913b1..c0c58d31 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -47,7 +47,8 @@ features:
   enforce-eduid-resource-server-linked-account: true
   # Do we show consent if configured for a RP in manage
   consent-enabled: true
-
+  # Do we allow for Device Authorization flow
+  oidcng_device_flow: true
 sp:
   entity_id: https://org.openconext.local.oidc.ng
   acs_location: http://localhost:8080/login/saml2/sso/oidcng
diff --git a/src/test/java/oidc/endpoints/DeviceAuthorizationEndpointDisabledTest.java b/src/test/java/oidc/endpoints/DeviceAuthorizationEndpointDisabledTest.java
new file mode 100644
index 00000000..ee496497
--- /dev/null
+++ b/src/test/java/oidc/endpoints/DeviceAuthorizationEndpointDisabledTest.java
@@ -0,0 +1,57 @@
+package oidc.endpoints;
+
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.oauth2.sdk.GrantType;
+import io.restassured.filter.cookie.CookieFilter;
+import io.restassured.http.ContentType;
+import io.restassured.response.Response;
+import lombok.SneakyThrows;
+import oidc.AbstractIntegrationTest;
+import oidc.model.DeviceAuthorization;
+import oidc.model.DeviceAuthorizationStatus;
+import org.apache.commons.io.IOUtils;
+import org.junit.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.query.Query;
+
+import java.io.InputStream;
+import java.nio.charset.Charset;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.regex.Pattern;
+import java.util.stream.IntStream;
+
+import static io.restassured.RestAssured.given;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
+        properties = {
+                "cron.node-cron-job-responsible=false",
+                "features.oidcng_device_flow=false"
+        })
+public class DeviceAuthorizationEndpointDisabledTest extends AbstractIntegrationTest {
+
+    @SneakyThrows
+    @Test
+    public void deviceAuthorizationHappyFlow() {
+        Map<String, Object> body = given()
+                .when()
+                .header("Content-type", "application/x-www-form-urlencoded")
+                .formParam("grant_type", GrantType.AUTHORIZATION_CODE.getValue())
+                .formParam("client_id", "mock-sp")
+                .formParam("scope", String.join(",", List.of("openid", "groups")))
+                .post("oidc/device_authorization")
+                .as(mapTypeRef);
+        assertEquals(404, body.get("status"));
+
+    }
+
+
+}
\ No newline at end of file