diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java index 58f004c7fd9..19ef89c2dcb 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java @@ -1312,7 +1312,7 @@ private Response handleSuccessfulAuthentication(OAuthMessage oAuthMessage, OAuth } } - if (isOIDCRequest) { + if (isOIDCRequest && !Constants.RESPONSE_TYPE_DEVICE.equalsIgnoreCase(oauth2Params.getResponseType())) { String sessionStateParam = manageOIDCSessionState(oAuthMessage, sessionState, oauth2Params, authenticatedUser.getAuthenticatedSubjectIdentifier(), oAuthMessage.getSessionDataCacheEntry(), authorizationResponseDTO); diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/test/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpointTest.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/test/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpointTest.java index 145f6b2795b..a6c540cefa6 100644 --- a/components/org.wso2.carbon.identity.oauth.endpoint/src/test/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpointTest.java +++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/test/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpointTest.java @@ -107,6 +107,7 @@ import org.wso2.carbon.identity.oauth2.RequestObjectException; import org.wso2.carbon.identity.oauth2.authz.AuthorizationHandlerManager; import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext; +import org.wso2.carbon.identity.oauth2.device.constants.Constants; import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO; import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientValidationResponseDTO; @@ -828,6 +829,122 @@ public void testAuthorizeForAuthenticationResponse(boolean isResultInRequest, bo } } + @Test + public void testAuthorizeForDeviceFlowAuthenticationResponse() throws Exception { + + try (MockedStatic oAuthServerConfiguration = mockStatic( + OAuthServerConfiguration.class);) { + mockOAuthServerConfiguration(oAuthServerConfiguration); + try (MockedStatic sessionDataCache = mockStatic(SessionDataCache.class); + MockedStatic loggerUtils = mockStatic(LoggerUtils.class); + MockedStatic frameworkUtils = mockStatic(FrameworkUtils.class, + Mockito.CALLS_REAL_METHODS); + MockedStatic identityTenantUtil = mockStatic(IdentityTenantUtil.class); + MockedStatic oAuthURL = mockStatic(OAuth2Util.OAuthURL.class); + MockedStatic authorizationHandlerManager = + mockStatic(AuthorizationHandlerManager.class); + MockedStatic openIDConnectUserRPStore = + mockStatic(OpenIDConnectUserRPStore.class); + MockedStatic identityUtil = mockStatic(IdentityUtil.class, + Mockito.CALLS_REAL_METHODS); + MockedStatic serviceURLBuilder = mockStatic(ServiceURLBuilder.class); + MockedStatic endpointUtil = mockStatic(EndpointUtil.class, Mockito.CALLS_REAL_METHODS)) { + + sessionDataCache.when(SessionDataCache::getInstance).thenReturn(mockSessionDataCache); + SessionDataCacheKey loginDataCacheKey = new SessionDataCacheKey(SESSION_DATA_KEY_VALUE); + when(mockSessionDataCache.getValueFromCache(loginDataCacheKey)).thenReturn(loginCacheEntry); + loggerUtils.when(LoggerUtils::isDiagnosticLogsEnabled).thenReturn(false); + + AuthenticationResult result = + setAuthenticationResult(true, new HashMap<>(), null, null, null); + + Map requestParams = new HashMap<>(); + Map requestAttributes = new HashMap<>(); + + requestParams.put(CLIENT_ID, new String[]{CLIENT_ID_VALUE}); + requestParams.put(FrameworkConstants.RequestParams.TO_COMMONAUTH, new String[]{"false"}); + requestParams.put(OAuthConstants.OAuth20Params.SCOPE, new String[]{OAuthConstants.Scope.OPENID}); + + requestAttributes.put(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE); + requestAttributes.put(FrameworkConstants.SESSION_DATA_KEY, SESSION_DATA_KEY_VALUE); + requestAttributes.put(FrameworkConstants.RequestAttribute.AUTH_RESULT, result); + + mockHttpRequest(requestParams, requestAttributes, HttpMethod.POST); + + frameworkUtils.when(FrameworkUtils::getRequestCoordinator).thenReturn(requestCoordinator); + frameworkUtils.when(() -> FrameworkUtils.startTenantFlow(anyString())).thenAnswer(invocation -> null); + frameworkUtils.when(FrameworkUtils::endTenantFlow).thenAnswer(invocation -> null); + frameworkUtils.when(() -> FrameworkUtils.resolveUserIdFromUsername(anyInt(), anyString(), anyString())) + .thenReturn("sample"); + + identityUtil.when(() -> IdentityUtil.getServerURL(anyString(), anyBoolean(), anyBoolean())) + .thenReturn("https://localhost:9443/carbon"); + + Set scopes = new HashSet<>(Collections.singletonList(OAuthConstants.Scope.OPENID)); + OAuth2Parameters oAuth2Params = setOAuth2Parameters(scopes, APP_NAME, null, null); + oAuth2Params.setClientId(CLIENT_ID_VALUE); + oAuth2Params.setState(STATE); + oAuth2Params.setResponseType(Constants.RESPONSE_TYPE_DEVICE); + when(loginCacheEntry.getoAuth2Parameters()).thenReturn(oAuth2Params); + when(loginCacheEntry.getLoggedInUser()).thenReturn(result.getSubject()); + + identityTenantUtil.when(() -> IdentityTenantUtil.getTenantDomain(anyInt())) + .thenReturn(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); + identityTenantUtil.when(() -> IdentityTenantUtil.getTenantId(anyString())) + .thenReturn(MultitenantConstants.SUPER_TENANT_ID); + identityTenantUtil.when(IdentityTenantUtil::getLoginTenantId) + .thenReturn(MultitenantConstants.SUPER_TENANT_ID); + + oAuthURL.when(OAuth2Util.OAuthURL::getOAuth2ErrorPageUrl).thenReturn(ERROR_PAGE_URL); + + authorizationHandlerManager.when( + AuthorizationHandlerManager::getInstance).thenReturn(mockAuthorizationHandlerManager); + + OAuth2AuthorizeReqDTO authzReqDTO = new OAuth2AuthorizeReqDTO(); + authzReqDTO.setConsumerKey(CLIENT_ID_VALUE); + authzReqDTO.setScopes(new String[]{OAuthConstants.Scope.OPENID}); + authzReqDTO.setCallbackUrl(null); + authzReqDTO.setUser(loginCacheEntry.getLoggedInUser()); + OAuthAuthzReqMessageContext authzReqMsgCtx = new OAuthAuthzReqMessageContext(authzReqDTO); + authzReqMsgCtx.setApprovedScope(new String[]{OAuthConstants.Scope.OPENID}); + when(oAuth2Service.validateScopesBeforeConsent(any(OAuth2AuthorizeReqDTO.class))).thenReturn( + authzReqMsgCtx); + when(mockAuthorizationHandlerManager.validateScopesBeforeConsent(any(OAuth2AuthorizeReqDTO.class))) + .thenReturn(authzReqMsgCtx); + + when(loginCacheEntry.getAuthzReqMsgCtx()).thenReturn(authzReqMsgCtx); + + openIDConnectUserRPStore.when( + OpenIDConnectUserRPStore::getInstance).thenReturn(mockOpenIDConnectUserRPStore); + when(mockOpenIDConnectUserRPStore.hasUserApproved(any(AuthenticatedUser.class), anyString(), + anyString())). + thenReturn(true); + + mockEndpointUtil(false, endpointUtil); + when(oAuth2Service.getOauthApplicationState(CLIENT_ID_VALUE)).thenReturn("ACTIVE"); + + mockApplicationManagementService(); + + mockEndpointUtil(false, endpointUtil); + when(oAuth2ScopeService.hasUserProvidedConsentForAllRequestedScopes( + anyString(), isNull(), anyInt(), anyList())).thenReturn(true); + + OAuth2AuthorizeRespDTO authzRespDTO = new OAuth2AuthorizeRespDTO(); + authzRespDTO.setCallbackURI("https://localhost:9443/authenticationendpoint/device_success.do" + + "?app_name=" + APP_NAME); + when(oAuth2Service.authorize(authzReqMsgCtx)).thenReturn(authzRespDTO); + + mockServiceURLBuilder(serviceURLBuilder); + setSupportedResponseModes(); + Response response = oAuth2AuthzEndpoint.authorize(httpServletRequest, httpServletResponse); + assertEquals(response.getStatus(), HttpServletResponse.SC_FOUND, "Unexpected HTTP response status"); + String expectedState = OAuthConstants.OAuth20Params.STATE + "=" + STATE; + MultivaluedMap responseMetadata = response.getMetadata(); + assertTrue(responseMetadata.get("Location").toString().contains(expectedState)); + } + } + } + @DataProvider(name = "provideConsentData") public Object[][] provideConsentData() {