From 480cd3f03e864260a5baa0395921dec16a6e84dd Mon Sep 17 00:00:00 2001 From: Kumuditha - KD Date: Wed, 13 Nov 2024 09:24:53 +0530 Subject: [PATCH] Add unit tests for AbstractAuthorizationGrantHandler --- .../AbstractAuthorizationGrantHandler.java | 15 +++-- ...AbstractAuthorizationGrantHandlerTest.java | 56 +++++++++++++++++++ 2 files changed, 66 insertions(+), 5 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java index 16c2bcfe21..9432cb268f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java @@ -103,9 +103,6 @@ public abstract class AbstractAuthorizationGrantHandler implements Authorization protected static final int SECONDS_TO_MILISECONDS_FACTOR = 1000; private boolean isHashDisabled = OAuth2Util.isHashDisabled(); - private static final boolean renewWithoutRevokingExistingEnabled = Boolean.parseBoolean(IdentityUtil. - getProperty(RENEW_TOKEN_WITHOUT_REVOKING_EXISTING_ENABLE_CONFIG)); - @Override public void init() throws IdentityOAuth2Exception { callbackManager = new OAuthCallbackManager(); @@ -192,7 +189,7 @@ public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx) based on the config. */ boolean isJWTAndRenewEnabled = (JWT.equalsIgnoreCase(tokenIssuerName) || JWT.equalsIgnoreCase(tokenType)) - && renewWithoutRevokingExistingEnabled; + && getRenewWithoutRevokingExistingStatus(); boolean isGrantTypeAllowed = OAuth2ServiceComponentHolder.getJwtRenewWithoutRevokeAllowedGrantTypes() .contains(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType()); @@ -246,6 +243,13 @@ If the application does not have a token binding type (i.e., no specific binding } } + private boolean getRenewWithoutRevokingExistingStatus() { + + return Boolean.parseBoolean(IdentityUtil. + getProperty(RENEW_TOKEN_WITHOUT_REVOKING_EXISTING_ENABLE_CONFIG)); + + } + private void setDetailsToMessageContext(OAuthTokenReqMessageContext tokReqMsgCtx, AccessTokenDO existingToken) { if (existingToken.getIssuedTime() != null) { @@ -1242,7 +1246,8 @@ protected String getTokenBindingReference(OAuthTokenReqMessageContext tokReqMsgC } if (JWT.equalsIgnoreCase(tokenIssuerName) || JWT.equalsIgnoreCase(tokenType)) { - if (renewWithoutRevokingExistingEnabled && tokReqMsgCtx != null && (tokReqMsgCtx.getTokenBinding() == null + if (getRenewWithoutRevokingExistingStatus() && tokReqMsgCtx != null + && (tokReqMsgCtx.getTokenBinding() == null || StringUtils.isBlank(tokReqMsgCtx.getTokenBinding().getBindingReference()))) { if (OAuth2ServiceComponentHolder.getJwtRenewWithoutRevokeAllowedGrantTypes() .contains(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType())) { diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandlerTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandlerTest.java index a11198a8a7..1b2ad782b1 100644 --- a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandlerTest.java +++ b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandlerTest.java @@ -19,6 +19,7 @@ package org.wso2.carbon.identity.oauth2.token.handlers.grant; import org.mockito.Mock; +import org.mockito.MockedStatic; import org.mockito.MockitoAnnotations; import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; @@ -36,6 +37,7 @@ import org.wso2.carbon.identity.common.testng.WithH2Database; import org.wso2.carbon.identity.common.testng.WithRealmService; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.event.services.IdentityEventService; import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException; import org.wso2.carbon.identity.oauth.common.GrantType; @@ -52,6 +54,7 @@ import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; +import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinding; import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeHandler; import java.util.Collections; @@ -63,7 +66,9 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyMap; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.mockStatic; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.testng.Assert.assertEquals; @@ -198,6 +203,57 @@ public void testIssue(boolean cacheEnabled, boolean cacheEntryAvailable, long ca assertNotNull(tokenRespDTO.getAccessToken()); } + + @DataProvider(name = "IssueWithRenewDataProvider") + public Object[][] issueWithRenewDataProvider() { + return new Object[][]{ + {true, true, 3600L, 3600L, 0L, 0L, false, TOKEN_STATE_ACTIVE, false, true, true}, + {true, true, 3600L, 3600L, 0L, 0L, false, TOKEN_STATE_ACTIVE, false, true, false} + }; + } + + @Test(dataProvider = "IssueWithRenewDataProvider") + public void testIssueWithRenewWithoutRevokingExistingEnabled + (boolean cacheEnabled, boolean cacheEntryAvailable, long cachedTokenValidity, + long cachedRefreshTokenValidity, long dbTokenValidity, long dbRefreshTokenValidity, + boolean dbEntryAvailable, String dbTokenState, boolean tokenLoggable, boolean isIDPIdColumnEnabled, + boolean setBindingReference) throws Exception { + + OAuth2ServiceComponentHolder.setIDPIdColumnEnabled(isIDPIdColumnEnabled); + + Map supportedGrantTypes = new HashMap<>(); + supportedGrantTypes.put("refresh_token", refreshGrantHandler); + + OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = new OAuth2AccessTokenReqDTO(); + oAuth2AccessTokenReqDTO.setClientId(clientId); + oAuth2AccessTokenReqDTO.setGrantType(PASSWORD_GRANT); // Ensure the grant type is valid for renewal + + OAuthTokenReqMessageContext tokReqMsgCtx = new OAuthTokenReqMessageContext(oAuth2AccessTokenReqDTO); + tokReqMsgCtx.setAuthorizedUser(authenticatedUser); + tokReqMsgCtx.setScope(new String[]{"scope1", "scope2"}); + + oAuthAppDO.setTokenType("JWT"); + tokReqMsgCtx.addProperty("OAuthAppDO", oAuthAppDO); + + TokenBinding tokenBinding = new TokenBinding(); + if (setBindingReference) { + tokenBinding.setBindingReference("bindingReference"); + } + tokReqMsgCtx.setTokenBinding(tokenBinding); + + try (MockedStatic identityUtil = mockStatic(IdentityUtil.class)) { + identityUtil.when(() -> IdentityUtil.getProperty(anyString())) + .thenReturn(Boolean.TRUE.toString()); + + // Set allowed grant types (ensure PASSWORD_GRANT is allowed for renewal) + OAuth2ServiceComponentHolder.setJwtRenewWithoutRevokeAllowedGrantTypes( + Collections.singletonList("password")); // This allows PASSWORD_GRANT + + OAuth2AccessTokenRespDTO tokenRespDTO = handler.issue(tokReqMsgCtx); + assertNotNull(tokenRespDTO.getAccessToken()); + } + } + @DataProvider(name = "AuthorizeAccessDelegationDataProvider") public Object[][] buildAuthorizeAccessDelegationDataProvider() {