Skip to content

Commit

Permalink
Add unit tests for AbstractAuthorizationGrantHandler
Browse files Browse the repository at this point in the history
  • Loading branch information
KD23243 committed Nov 13, 2024
1 parent 94e241e commit 65305d6
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,6 @@ public abstract class AbstractAuthorizationGrantHandler implements Authorization
protected static final int SECONDS_TO_MILISECONDS_FACTOR = 1000;
private boolean isHashDisabled = OAuth2Util.isHashDisabled();

private static final boolean renewWithoutRevokingExistingEnabled = Boolean.parseBoolean(IdentityUtil.
getProperty(RENEW_TOKEN_WITHOUT_REVOKING_EXISTING_ENABLE_CONFIG));

@Override
public void init() throws IdentityOAuth2Exception {
callbackManager = new OAuthCallbackManager();
Expand Down Expand Up @@ -192,7 +189,7 @@ public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx)
based on the config.
*/
boolean isJWTAndRenewEnabled = (JWT.equalsIgnoreCase(tokenIssuerName) || JWT.equalsIgnoreCase(tokenType))
&& renewWithoutRevokingExistingEnabled;
&& getRenewWithoutRevokingExistingStatus();
boolean isGrantTypeAllowed = OAuth2ServiceComponentHolder.getJwtRenewWithoutRevokeAllowedGrantTypes()
.contains(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType());

Expand Down Expand Up @@ -246,6 +243,13 @@ If the application does not have a token binding type (i.e., no specific binding
}
}

private boolean getRenewWithoutRevokingExistingStatus() {

return Boolean.parseBoolean(IdentityUtil.
getProperty(RENEW_TOKEN_WITHOUT_REVOKING_EXISTING_ENABLE_CONFIG));

}

private void setDetailsToMessageContext(OAuthTokenReqMessageContext tokReqMsgCtx, AccessTokenDO existingToken) {

if (existingToken.getIssuedTime() != null) {
Expand Down Expand Up @@ -1242,7 +1246,7 @@ protected String getTokenBindingReference(OAuthTokenReqMessageContext tokReqMsgC
}

if (JWT.equalsIgnoreCase(tokenIssuerName) || JWT.equalsIgnoreCase(tokenType)) {
if (renewWithoutRevokingExistingEnabled && tokReqMsgCtx != null && (tokReqMsgCtx.getTokenBinding() == null
if (getRenewWithoutRevokingExistingStatus() && tokReqMsgCtx != null && (tokReqMsgCtx.getTokenBinding() == null
|| StringUtils.isBlank(tokReqMsgCtx.getTokenBinding().getBindingReference()))) {
if (OAuth2ServiceComponentHolder.getJwtRenewWithoutRevokeAllowedGrantTypes()
.contains(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType())) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package org.wso2.carbon.identity.oauth2.token.handlers.grant;

import org.mockito.Mock;
import org.mockito.MockedStatic;
import org.mockito.MockitoAnnotations;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
Expand All @@ -36,6 +37,7 @@
import org.wso2.carbon.identity.common.testng.WithH2Database;
import org.wso2.carbon.identity.common.testng.WithRealmService;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.services.IdentityEventService;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.common.GrantType;
Expand All @@ -52,6 +54,7 @@
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinding;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeHandler;

import java.util.Collections;
Expand All @@ -63,7 +66,9 @@

import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyMap;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.testng.Assert.assertEquals;
Expand Down Expand Up @@ -198,6 +203,56 @@ public void testIssue(boolean cacheEnabled, boolean cacheEntryAvailable, long ca
assertNotNull(tokenRespDTO.getAccessToken());
}


@DataProvider(name = "IssueWithRenewDataProvider")
public Object[][] issueWithRenewDataProvider() {
return new Object[][]{
{true, true, 3600L, 3600L, 0L, 0L, false, TOKEN_STATE_ACTIVE, false, true, true},
{true, true, 3600L, 3600L, 0L, 0L, false, TOKEN_STATE_ACTIVE, false, true, false}
};
}

@Test(dataProvider = "IssueWithRenewDataProvider")
public void testIssueWithRenewWithoutRevokingExistingEnabled(boolean cacheEnabled, boolean cacheEntryAvailable, long cachedTokenValidity,
long cachedRefreshTokenValidity, long dbTokenValidity, long dbRefreshTokenValidity,
boolean dbEntryAvailable, String dbTokenState, boolean tokenLoggable,
boolean isIDPIdColumnEnabled, boolean setBindingReference) throws Exception {

OAuth2ServiceComponentHolder.setIDPIdColumnEnabled(isIDPIdColumnEnabled);

Map<String, AuthorizationGrantHandler> supportedGrantTypes = new HashMap<>();
supportedGrantTypes.put("refresh_token", refreshGrantHandler);

OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = new OAuth2AccessTokenReqDTO();
oAuth2AccessTokenReqDTO.setClientId(clientId);
oAuth2AccessTokenReqDTO.setGrantType(PASSWORD_GRANT); // Ensure the grant type is valid for renewal

OAuthTokenReqMessageContext tokReqMsgCtx = new OAuthTokenReqMessageContext(oAuth2AccessTokenReqDTO);
tokReqMsgCtx.setAuthorizedUser(authenticatedUser);
tokReqMsgCtx.setScope(new String[]{"scope1", "scope2"});

oAuthAppDO.setTokenType("JWT");
tokReqMsgCtx.addProperty("OAuthAppDO", oAuthAppDO);

TokenBinding tokenBinding = new TokenBinding();
if (setBindingReference) {
tokenBinding.setBindingReference("bindingReference");
}
tokReqMsgCtx.setTokenBinding(tokenBinding);

try (MockedStatic<IdentityUtil> identityUtil = mockStatic(IdentityUtil.class)) {
identityUtil.when(() -> IdentityUtil.getProperty(anyString()))
.thenReturn(Boolean.TRUE.toString());

// Set allowed grant types (ensure PASSWORD_GRANT is allowed for renewal)
OAuth2ServiceComponentHolder.setJwtRenewWithoutRevokeAllowedGrantTypes(
Collections.singletonList("password")); // This allows PASSWORD_GRANT

OAuth2AccessTokenRespDTO tokenRespDTO = handler.issue(tokReqMsgCtx);
assertNotNull(tokenRespDTO.getAccessToken());
}
}

@DataProvider(name = "AuthorizeAccessDelegationDataProvider")
public Object[][] buildAuthorizeAccessDelegationDataProvider() {

Expand Down

0 comments on commit 65305d6

Please sign in to comment.