Skip to content

Commit

Permalink
Test also other IAM APIs
Browse files Browse the repository at this point in the history
  • Loading branch information
@federicaagostini
federicaagostini committed Oct 30, 2023
1 parent d61875f commit 81ebe8f
Show file tree
Hide file tree
Showing 2 changed files with 160 additions and 1 deletion.
159 changes: 158 additions & 1 deletion .../src/test/java/it/infn/mw/iam/test/oauth/authzcode/AuthorizationCodeIntegrationTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@ public class AuthorizationCodeIntegrationTests {

public static final String RESPONSE_TYPE_CODE = "code";

public static final String SCOPE = "openid profile scim:read scim:write offline_access";
public static final String SCOPE =
"openid profile scim:read scim:write offline_access iam:admin.read iam:admin.write";

public static final String TEST_USER_ID = "test";
public static final String TEST_USER_PASSWORD = "password";
Expand Down Expand Up @@ -254,6 +255,8 @@ public void testRefreshTokenAfterAuthzCodeWorks()
.formParam("scope_offline_access", "offline_access")
.formParam("scope_scim_read", "scim:read")
.formParam("scope_scim_write", "scim:write")
.formParam("scope_iam_admin_read", "iam:admin.read")
.formParam("scope_iam_admin_write", "iam:admin.write")
.formParam("remember", "none")
.redirects().follow(false)
.when()
Expand Down Expand Up @@ -310,8 +313,162 @@ public void testRefreshTokenAfterAuthzCodeWorks()
.get("/scim/Users")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/scim/Groups")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/scim/Users/80e5fb8d-b7c8-451a-89ba-346ae278a66f")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/scim/Groups/c617d586-54e6-411d-8e38-649677980001")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.delete("/scim/Users/80e5fb8d-b7c8-451a-89ba-346ae278a66f")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.delete("/scim/Groups/c617d586-54e6-411d-8e38-649677980001")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/group/c617d586-54e6-411d-8e38-649677980001/attributes")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/account/me/authorities")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/api/clients")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/scope_policies")
.then()
.statusCode(HttpStatus.FORBIDDEN.value());

ValidatableResponse resp7= RestAssured.given()
.formParam("grant_type", "refresh_token")
.formParam("refresh_token", refreshToken)
.formParam("scope", "openid scim:read scim:write")
.auth()
.preemptive()
.basic(TEST_CLIENT_ID, TEST_CLIENT_SECRET)
.when()
.post(tokenUrl)
.then()
.statusCode(HttpStatus.OK.value());
// @formatter:on

refreshedToken =
mapper.readTree(resp7.extract().body().asString()).get("access_token").asText();

// @formatter:off
RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/scim/Users")
.then()
.statusCode(HttpStatus.OK.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/scim/Groups")
.then()
.statusCode(HttpStatus.OK.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/scim/Users/80e5fb8d-b7c8-451a-89ba-346ae278a66f")
.then()
.statusCode(HttpStatus.OK.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/scim/Groups/c617d586-54e6-411d-8e38-649677980001")
.then()
.statusCode(HttpStatus.OK.value());

ValidatableResponse resp8= RestAssured.given()
.formParam("grant_type", "refresh_token")
.formParam("refresh_token", refreshToken)
.formParam("scope", "openid iam:admin.read iam:admin.write")
.auth()
.preemptive()
.basic(TEST_CLIENT_ID, TEST_CLIENT_SECRET)
.when()
.post(tokenUrl)
.then()
.statusCode(HttpStatus.OK.value());
// @formatter:on

refreshedToken =
mapper.readTree(resp8.extract().body().asString()).get("access_token").asText();

// @formatter:off
RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/group/c617d586-54e6-411d-8e38-649677980001/attributes")
.then()
.statusCode(HttpStatus.OK.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/me/authorities")
.then()
.statusCode(HttpStatus.OK.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/api/clients")
.then()
.statusCode(HttpStatus.OK.value());

RestAssured.given()
.header("Authorization", "Bearer " + refreshedToken)
.when()
.get("/iam/scope_policies")
.then()
.statusCode(HttpStatus.OK.value());
// @formatter:on


}

}
2 changes: 2 additions & 0 deletions iam-persistence/src/main/resources/db/migration/test/V100000___test_data.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ INSERT INTO client_scope (owner_id, scope) VALUES
(1, 'attr'),
(1, 'scim:read'),
(1, 'scim:write'),
(1, 'iam:admin.read'),
(1, 'iam:admin.write'),
(2, 'openid'),
(2, 'profile'),
(2, 'read-tasks'),
Expand Down

0 comments on commit 81ebe8f

Please sign in to comment.