Skip to content

Commit

Permalink
Merge pull request #17342 from AnuradhaSK/oauth2xacml-fix
Browse files Browse the repository at this point in the history
Fix test failures in OAuth2XACMLScopeValidatorTestCase
AnuradhaSK authored Oct 28, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents ebc3658 + 0526b7c commit a4b9fce
Showing 1 changed file with 44 additions and 2 deletions.
Original file line number Diff line number Diff line change
@@ -44,9 +44,14 @@
import org.wso2.carbon.identity.entitlement.stub.dto.PolicyDTO;
import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;
import org.wso2.identity.integration.common.clients.entitlement.EntitlementPolicyServiceClient;
import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationPatchModel;
import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.AssociatedRolesConfig;
import org.wso2.identity.integration.test.utils.CarbonUtils;
import org.wso2.identity.integration.test.utils.OAuth2Constant;

import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;

/**
* Test cases to check the functionality of the XACML based scope validator.
@@ -56,6 +61,7 @@ public class OAuth2XACMLScopeValidatorTestCase extends OAuth2ServiceAbstractInte
private static final String VALIDATE_SCOPE_BASED_POLICY_ID = "validate_scope_based_policy_template";
private static final String VALID_SCOPE = "SCOPE1";
private static final String INTROSPECT_SCOPE = "internal_application_mgt_view";
private static final String INTROSPECT_SCOPE_IN_NEW_AUTHZ_RUNTIME = "internal_oauth2_introspect";
private static final String SCOPE_VALIDATOR_NAME = "XACML Scope Validator";
private static final String CALLBACK_URL = "https://localhost/callback";
private static final String SCOPE_POLICY = "<Policy xmlns=\"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17\" " +
@@ -105,11 +111,13 @@ public class OAuth2XACMLScopeValidatorTestCase extends OAuth2ServiceAbstractInte
"</Policy>";
private CloseableHttpClient client;
private EntitlementPolicyServiceClient entitlementPolicyClient;
private static boolean isLegacyRuntimeEnabled;

@BeforeClass(alwaysRun = true)
public void testInit() throws Exception {

super.init(TestUserMode.SUPER_TENANT_USER);
isLegacyRuntimeEnabled = CarbonUtils.isLegacyAuthzRuntimeEnabled();
entitlementPolicyClient = new EntitlementPolicyServiceClient(backendURL, sessionCookie);
}

@@ -134,6 +142,29 @@ public void testRegisterApplication() throws Exception {
Assert.assertNotNull(serviceProvider, "OAuth App creation failed.");
Assert.assertNotNull(consumerKey, "Consumer Key is null.");
Assert.assertNotNull(consumerSecret, "Consumer Secret is null.");
String applicationId = serviceProvider.getApplicationResourceId();
if (!isLegacyRuntimeEnabled) {
// Authorize few system APIs.
authorizeSystemAPIs(applicationId,
new ArrayList<>(Arrays.asList("/api/server/v1/tenants", "/scim2/Users", "/oauth2/introspect")));
// Associate roles.
ApplicationPatchModel applicationPatch = new ApplicationPatchModel();
AssociatedRolesConfig associatedRolesConfig =
new AssociatedRolesConfig().allowedAudience(AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION);
// Get Roles.
String adminRoleId = getRoleV2ResourceId("admin",
AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION.toString().toLowerCase(), null);
String everyoneRoleId = getRoleV2ResourceId("everyone",
AssociatedRolesConfig.AllowedAudienceEnum.ORGANIZATION.toString().toLowerCase(), null);
applicationPatch = applicationPatch.associatedRoles(associatedRolesConfig);
associatedRolesConfig.addRolesItem(
new org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.Role().id(
adminRoleId));
associatedRolesConfig.addRolesItem(
new org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.Role().id(
everyoneRoleId));
updateApplication(applicationId, applicationPatch);
}
}

@Test(groups = "wso2.is", description = "Check publishing a policy", dependsOnMethods = "testRegisterApplication")
@@ -163,15 +194,26 @@ public void testValidateTokenWithInValidScope() throws Exception {
dependsOnMethods = "testValidateTokenWithInValidScope")
public void testValidateTokenWithValidScope() throws Exception {

boolean result = getTokenAndValidate(new Scope(VALID_SCOPE, INTROSPECT_SCOPE));
boolean result;
if (isLegacyRuntimeEnabled) {
result = getTokenAndValidate(new Scope(VALID_SCOPE, INTROSPECT_SCOPE));
} else {
result = getTokenAndValidate(new Scope(VALID_SCOPE, INTROSPECT_SCOPE_IN_NEW_AUTHZ_RUNTIME));
}
Assert.assertTrue(result, "Introspection is false.");
}

@Test(groups = "wso2.is", description = "Request access token with multiple token and validate it.",
dependsOnMethods = "testValidateTokenWithValidScope")
public void testValidateTokenWithMultipleScope() throws Exception {

boolean result = getTokenAndValidate(new Scope(VALID_SCOPE, OAuth2Constant.OAUTH2_SCOPE_EMAIL, INTROSPECT_SCOPE));
boolean result;
if (isLegacyRuntimeEnabled) {
result = getTokenAndValidate(new Scope(VALID_SCOPE, OAuth2Constant.OAUTH2_SCOPE_EMAIL, INTROSPECT_SCOPE));
} else {
result = getTokenAndValidate(new Scope(VALID_SCOPE, OAuth2Constant.OAUTH2_SCOPE_EMAIL,
INTROSPECT_SCOPE_IN_NEW_AUTHZ_RUNTIME));
}
Assert.assertTrue(result, "Introspection is false.");
}

0 comments on commit a4b9fce

Please sign in to comment.