Skip to content

Commit

Permalink
Remove oidc-agent client linking
Browse files Browse the repository at this point in the history
  • Loading branch information
federicaagostini committed Oct 29, 2024
1 parent b712586 commit f8ecfdd
Show file tree
Hide file tree
Showing 3 changed files with 0 additions and 184 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -54,14 +54,11 @@

import it.infn.mw.iam.api.account.AccountUtils;
import it.infn.mw.iam.api.client.service.ClientService;
import it.infn.mw.iam.persistence.model.IamAccount;

@SuppressWarnings("deprecation")
@Component("iamUserApprovalHandler")
public class IamUserApprovalHandler implements UserApprovalHandler {

public static final String OIDC_AGENT_PREFIX_NAME = "oidc-agent:";

@Autowired
private ClientDetailsEntityService clientDetailsService;

Expand Down Expand Up @@ -187,12 +184,6 @@ public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizati

setAuthTime(authorizationRequest);

IamAccount account = accountUtils.getAuthenticatedUserAccount(userAuthentication).orElseThrow();

if (client.getClientName().startsWith(OIDC_AGENT_PREFIX_NAME)) {
clientService.linkClientToAccount(client, account);
}

return authorizationRequest;

}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
import static java.lang.String.format;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.springframework.security.core.authority.AuthorityUtils.commaSeparatedStringToAuthorityList;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext;
Expand All @@ -35,7 +34,6 @@

import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.mock.web.MockHttpSession;
Expand Down Expand Up @@ -78,9 +76,6 @@ public class AuthorizationCodeTests {
@Autowired
private IamAupRepository aupRepo;

@Autowired
private IamClientRepository clientRepo;

@Value("${iam.baseUrl}")
private String iamBaseUrl;

Expand Down Expand Up @@ -245,96 +240,4 @@ public void testNormalClientNotLinkedToUser() throws Exception {

}

@Test
public void testOidcAgentClientNotLinkedToUserWhoNotApproved() throws Exception {

ClientDetailsEntity entity = clientRepo.findByClientId(TEST_CLIENT_ID).orElseThrow();
entity.setClientName("oidc-agent:test-client");
clientRepo.save(entity);

User testUser = new User(TEST_USER_ID, TEST_USER_PASSWORD,
commaSeparatedStringToAuthorityList("ROLE_USER"));

MockHttpSession session = (MockHttpSession) mvc
.perform(get(AUTHORIZE_URL).param("response_type", RESPONSE_TYPE_CODE)
.param("client_id", TEST_CLIENT_ID)
.param("redirect_uri", TEST_CLIENT_REDIRECT_URI)
.param("scope", SCOPE)
.param("nonce", "1")
.param("state", "1")
.with(SecurityMockMvcRequestPostProcessors.user(testUser)))
.andExpect(status().isOk())
.andExpect(forwardedUrl("/oauth/confirm_access"))
.andReturn()
.getRequest()
.getSession();

mvc
.perform(post("/authorize").session(session)
.param("user_oauth_approval", "false")
.param("scope_openid", "openid")
.param("scope_profile", "profile")
.param("authorize", "Authorize")
.param("remember", "none")
.with(csrf()))
.andExpect(status().is3xxRedirection())
.andReturn();

mvc.perform(get("/iam/account/me/clients").session(session))
.andDo(print())
.andExpect(status().isOk())
.andExpect(jsonPath("$.Resources", is(empty())));

entity.setClientName("Test Client");
clientRepo.save(entity);

}

@Test
public void testOidcAgentClientIsLinkedToUser() throws Exception {

ClientDetailsEntity entity = clientRepo.findByClientId(TEST_CLIENT_ID).orElseThrow();
entity.setClientName("oidc-agent:test-client");
clientRepo.save(entity);

User testUser = new User(TEST_USER_ID, TEST_USER_PASSWORD,
commaSeparatedStringToAuthorityList("ROLE_USER"));

MockHttpSession session = (MockHttpSession) mvc
.perform(get(AUTHORIZE_URL).param("response_type", RESPONSE_TYPE_CODE)
.param("client_id", TEST_CLIENT_ID)
.param("redirect_uri", TEST_CLIENT_REDIRECT_URI)
.param("scope", SCOPE)
.param("nonce", "1")
.param("state", "1")
.with(SecurityMockMvcRequestPostProcessors.user(testUser)))
.andExpect(status().isOk())
.andExpect(forwardedUrl("/oauth/confirm_access"))
.andReturn()
.getRequest()
.getSession();

mvc
.perform(post("/authorize").session(session)
.param("user_oauth_approval", "true")
.param("scope_openid", "openid")
.param("scope_profile", "profile")
.param("authorize", "Authorize")
.param("remember", "none")
.with(csrf()))
.andExpect(status().is3xxRedirection())
.andReturn();

mvc.perform(get("/iam/account/me/clients").session(session))
.andDo(print())
.andExpect(status().isOk())
.andExpect(jsonPath("$.totalResults", is(1)))
.andExpect(jsonPath("$.Resources", not(empty())))
.andExpect(jsonPath("$.Resources[0].client_id", is(TEST_CLIENT_ID)));

entity.setClientName("Test Client");
clientRepo.save(entity);

}

}
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED;
Expand Down Expand Up @@ -557,83 +556,6 @@ public void testNormalClientNotLinkedToUser() throws Exception {

}

@Test
public void testOidcAgentClientIsLinkedToUser() throws Exception {

ClientDetailsEntity entity = clientRepo.findByClientId(DEVICE_CODE_CLIENT_ID).orElseThrow();
entity.setClientName("oidc-agent:device-code-client");
clientRepo.save(entity);

String response = mvc
.perform(post(DEVICE_CODE_ENDPOINT).contentType(APPLICATION_FORM_URLENCODED)
.with(httpBasic(DEVICE_CODE_CLIENT_ID, DEVICE_CODE_CLIENT_SECRET))
.param("client_id", "device-code-client")
.param("scope", "openid profile offline_access"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.user_code").isString())
.andExpect(jsonPath("$.device_code").isString())
.andExpect(jsonPath("$.verification_uri", equalTo(DEVICE_USER_URL)))
.andReturn()
.getResponse()
.getContentAsString();

JsonNode responseJson = mapper.readTree(response);
String userCode = responseJson.get("user_code").asText();

MockHttpSession session = (MockHttpSession) mvc.perform(get(DEVICE_USER_URL))
.andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl("http://localhost:8080/login"))
.andReturn()
.getRequest()
.getSession();

session = (MockHttpSession) mvc.perform(get("http://localhost:8080/login").session(session))
.andExpect(status().isOk())
.andExpect(view().name("iam/login"))
.andReturn()
.getRequest()
.getSession();

session = (MockHttpSession) mvc
.perform(post(LOGIN_URL).param("username", TEST_USERNAME)
.param("password", TEST_PASSWORD)
.param("submit", "Login")
.session(session))
.andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl(DEVICE_USER_URL))
.andReturn()
.getRequest()
.getSession();

session = (MockHttpSession) mvc
.perform(post(DEVICE_USER_VERIFY_URL).param("user_code", userCode).session(session))
.andExpect(status().isOk())
.andExpect(view().name("iam/approveDevice"))
.andReturn()
.getRequest()
.getSession();

session = (MockHttpSession) mvc
.perform(post(DEVICE_USER_APPROVE_URL).param("user_code", userCode)
.param("user_oauth_approval", "true")
.session(session))
.andExpect(status().isOk())
.andExpect(view().name("deviceApproved"))
.andReturn()
.getRequest()
.getSession();

mvc.perform(get("/iam/account/me/clients").session(session))
.andDo(print())
.andExpect(status().isOk())
.andExpect(jsonPath("$.totalResults", is(1)))
.andExpect(jsonPath("$.Resources", not(empty())))
.andExpect(jsonPath("$.Resources[0].client_id", is(DEVICE_CODE_CLIENT_ID)));

entity.setClientName("Device code client");
clientRepo.save(entity);
}

@Test
public void testRememberParameterAllowsToAddAnApprovedSite() throws Exception {

Expand Down

0 comments on commit f8ecfdd

Please sign in to comment.