From f8ecfdd595dfb5451eca7849f71cf7ecfedc2d9c Mon Sep 17 00:00:00 2001 From: Federica Agostini Date: Tue, 29 Oct 2024 18:02:22 +0100 Subject: [PATCH] Remove oidc-agent client linking --- .../core/oauth/IamUserApprovalHandler.java | 9 -- .../authzcode/AuthorizationCodeTests.java | 97 ------------------- .../devicecode/DeviceCodeApprovalTests.java | 78 --------------- 3 files changed, 184 deletions(-) diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/IamUserApprovalHandler.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/IamUserApprovalHandler.java index ad47ad70e..08b69c010 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/IamUserApprovalHandler.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/IamUserApprovalHandler.java @@ -54,14 +54,11 @@ import it.infn.mw.iam.api.account.AccountUtils; import it.infn.mw.iam.api.client.service.ClientService; -import it.infn.mw.iam.persistence.model.IamAccount; @SuppressWarnings("deprecation") @Component("iamUserApprovalHandler") public class IamUserApprovalHandler implements UserApprovalHandler { - public static final String OIDC_AGENT_PREFIX_NAME = "oidc-agent:"; - @Autowired private ClientDetailsEntityService clientDetailsService; @@ -187,12 +184,6 @@ public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizati setAuthTime(authorizationRequest); - IamAccount account = accountUtils.getAuthenticatedUserAccount(userAuthentication).orElseThrow(); - - if (client.getClientName().startsWith(OIDC_AGENT_PREFIX_NAME)) { - clientService.linkClientToAccount(client, account); - } - return authorizationRequest; } diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/authzcode/AuthorizationCodeTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/authzcode/AuthorizationCodeTests.java index 35aeff342..5740c97b2 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/authzcode/AuthorizationCodeTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/authzcode/AuthorizationCodeTests.java @@ -18,7 +18,6 @@ import static java.lang.String.format; import static org.hamcrest.Matchers.empty; import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.not; import static org.springframework.security.core.authority.AuthorityUtils.commaSeparatedStringToAuthorityList; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext; @@ -35,7 +34,6 @@ import org.junit.Test; import org.junit.runner.RunWith; -import org.mitre.oauth2.model.ClientDetailsEntity; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.mock.web.MockHttpSession; @@ -78,9 +76,6 @@ public class AuthorizationCodeTests { @Autowired private IamAupRepository aupRepo; - @Autowired - private IamClientRepository clientRepo; - @Value("${iam.baseUrl}") private String iamBaseUrl; @@ -245,96 +240,4 @@ public void testNormalClientNotLinkedToUser() throws Exception { } - @Test - public void testOidcAgentClientNotLinkedToUserWhoNotApproved() throws Exception { - - ClientDetailsEntity entity = clientRepo.findByClientId(TEST_CLIENT_ID).orElseThrow(); - entity.setClientName("oidc-agent:test-client"); - clientRepo.save(entity); - - User testUser = new User(TEST_USER_ID, TEST_USER_PASSWORD, - commaSeparatedStringToAuthorityList("ROLE_USER")); - - MockHttpSession session = (MockHttpSession) mvc - .perform(get(AUTHORIZE_URL).param("response_type", RESPONSE_TYPE_CODE) - .param("client_id", TEST_CLIENT_ID) - .param("redirect_uri", TEST_CLIENT_REDIRECT_URI) - .param("scope", SCOPE) - .param("nonce", "1") - .param("state", "1") - .with(SecurityMockMvcRequestPostProcessors.user(testUser))) - .andExpect(status().isOk()) - .andExpect(forwardedUrl("/oauth/confirm_access")) - .andReturn() - .getRequest() - .getSession(); - - mvc - .perform(post("/authorize").session(session) - .param("user_oauth_approval", "false") - .param("scope_openid", "openid") - .param("scope_profile", "profile") - .param("authorize", "Authorize") - .param("remember", "none") - .with(csrf())) - .andExpect(status().is3xxRedirection()) - .andReturn(); - - mvc.perform(get("/iam/account/me/clients").session(session)) - .andDo(print()) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.Resources", is(empty()))); - - entity.setClientName("Test Client"); - clientRepo.save(entity); - - } - - @Test - public void testOidcAgentClientIsLinkedToUser() throws Exception { - - ClientDetailsEntity entity = clientRepo.findByClientId(TEST_CLIENT_ID).orElseThrow(); - entity.setClientName("oidc-agent:test-client"); - clientRepo.save(entity); - - User testUser = new User(TEST_USER_ID, TEST_USER_PASSWORD, - commaSeparatedStringToAuthorityList("ROLE_USER")); - - MockHttpSession session = (MockHttpSession) mvc - .perform(get(AUTHORIZE_URL).param("response_type", RESPONSE_TYPE_CODE) - .param("client_id", TEST_CLIENT_ID) - .param("redirect_uri", TEST_CLIENT_REDIRECT_URI) - .param("scope", SCOPE) - .param("nonce", "1") - .param("state", "1") - .with(SecurityMockMvcRequestPostProcessors.user(testUser))) - .andExpect(status().isOk()) - .andExpect(forwardedUrl("/oauth/confirm_access")) - .andReturn() - .getRequest() - .getSession(); - - mvc - .perform(post("/authorize").session(session) - .param("user_oauth_approval", "true") - .param("scope_openid", "openid") - .param("scope_profile", "profile") - .param("authorize", "Authorize") - .param("remember", "none") - .with(csrf())) - .andExpect(status().is3xxRedirection()) - .andReturn(); - - mvc.perform(get("/iam/account/me/clients").session(session)) - .andDo(print()) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.totalResults", is(1))) - .andExpect(jsonPath("$.Resources", not(empty()))) - .andExpect(jsonPath("$.Resources[0].client_id", is(TEST_CLIENT_ID))); - - entity.setClientName("Test Client"); - clientRepo.save(entity); - - } - } diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/devicecode/DeviceCodeApprovalTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/devicecode/DeviceCodeApprovalTests.java index 9ad85c925..4e9adb959 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/devicecode/DeviceCodeApprovalTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/devicecode/DeviceCodeApprovalTests.java @@ -20,7 +20,6 @@ import static org.hamcrest.Matchers.empty; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.not; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED; @@ -557,83 +556,6 @@ public void testNormalClientNotLinkedToUser() throws Exception { } - @Test - public void testOidcAgentClientIsLinkedToUser() throws Exception { - - ClientDetailsEntity entity = clientRepo.findByClientId(DEVICE_CODE_CLIENT_ID).orElseThrow(); - entity.setClientName("oidc-agent:device-code-client"); - clientRepo.save(entity); - - String response = mvc - .perform(post(DEVICE_CODE_ENDPOINT).contentType(APPLICATION_FORM_URLENCODED) - .with(httpBasic(DEVICE_CODE_CLIENT_ID, DEVICE_CODE_CLIENT_SECRET)) - .param("client_id", "device-code-client") - .param("scope", "openid profile offline_access")) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.user_code").isString()) - .andExpect(jsonPath("$.device_code").isString()) - .andExpect(jsonPath("$.verification_uri", equalTo(DEVICE_USER_URL))) - .andReturn() - .getResponse() - .getContentAsString(); - - JsonNode responseJson = mapper.readTree(response); - String userCode = responseJson.get("user_code").asText(); - - MockHttpSession session = (MockHttpSession) mvc.perform(get(DEVICE_USER_URL)) - .andExpect(status().is3xxRedirection()) - .andExpect(redirectedUrl("http://localhost:8080/login")) - .andReturn() - .getRequest() - .getSession(); - - session = (MockHttpSession) mvc.perform(get("http://localhost:8080/login").session(session)) - .andExpect(status().isOk()) - .andExpect(view().name("iam/login")) - .andReturn() - .getRequest() - .getSession(); - - session = (MockHttpSession) mvc - .perform(post(LOGIN_URL).param("username", TEST_USERNAME) - .param("password", TEST_PASSWORD) - .param("submit", "Login") - .session(session)) - .andExpect(status().is3xxRedirection()) - .andExpect(redirectedUrl(DEVICE_USER_URL)) - .andReturn() - .getRequest() - .getSession(); - - session = (MockHttpSession) mvc - .perform(post(DEVICE_USER_VERIFY_URL).param("user_code", userCode).session(session)) - .andExpect(status().isOk()) - .andExpect(view().name("iam/approveDevice")) - .andReturn() - .getRequest() - .getSession(); - - session = (MockHttpSession) mvc - .perform(post(DEVICE_USER_APPROVE_URL).param("user_code", userCode) - .param("user_oauth_approval", "true") - .session(session)) - .andExpect(status().isOk()) - .andExpect(view().name("deviceApproved")) - .andReturn() - .getRequest() - .getSession(); - - mvc.perform(get("/iam/account/me/clients").session(session)) - .andDo(print()) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.totalResults", is(1))) - .andExpect(jsonPath("$.Resources", not(empty()))) - .andExpect(jsonPath("$.Resources[0].client_id", is(DEVICE_CODE_CLIENT_ID))); - - entity.setClientName("Device code client"); - clientRepo.save(entity); - } - @Test public void testRememberParameterAllowsToAddAnApprovedSite() throws Exception {