Skip to content
Permalink
Browse files
Some minor resorting, plus started the refresh token happy case test.
  • Loading branch information
mifosio-04-04-2018 committed Apr 17, 2017
1 parent ca5512b commit 9bc4a5c371f29313bc843e04bb3f2e69571dfe97
Show file tree
Hide file tree
Showing 6 changed files with 229 additions and 94 deletions.
@@ -146,22 +146,6 @@ Signature getApplicationSignature(@PathVariable("applicationidentifier") String
produces = {MediaType.ALL_VALUE})
void deleteApplication(@PathVariable("applicationidentifier") String applicationIdentifier);

@RequestMapping(value = "/applications/{applicationidentifier}/permissions", method = RequestMethod.POST,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
void createApplicationPermission(@PathVariable("applicationidentifier") String applicationIdentifier, Permission permission);

@RequestMapping(value = "/applications/{applicationidentifier}/permissions", method = RequestMethod.GET,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
List<Permission> getApplicationPermissions(@PathVariable("applicationidentifier") String applicationIdentifier);

@RequestMapping(value = "/applications/{applicationidentifier}/permissions/{permissionidentifier}", method = RequestMethod.DELETE,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
void deleteApplicationPermission(@PathVariable("applicationidentifier") String applicationIdentifier,
@PathVariable("permissionidentifier") String permittableEndpointGroupIdentifier);

@RequestMapping(value = "/applications/{applicationidentifier}/permissions/{permissionidentifier}/users/{useridentifier}/enabled", method = RequestMethod.PUT,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
@@ -0,0 +1,58 @@
/*
* Copyright 2017 The Mifos Initiative.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.mifos.identity.api.v1.client;

import io.mifos.anubis.api.v1.TokenConstants;
import io.mifos.core.api.util.CustomFeignClientsConfiguration;
import io.mifos.identity.api.v1.domain.Authentication;
import io.mifos.identity.api.v1.domain.Permission;
import org.springframework.cloud.netflix.feign.FeignClient;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import java.util.List;

/**
* @author Myrle Krantz
*/
@SuppressWarnings("unused")
@FeignClient(name="identity-v1", path="/identity/v1", configuration=CustomFeignClientsConfiguration.class)
public interface IdentityManagerForApplications {

@RequestMapping(value = "/token?grant_type=refresh_token", method = RequestMethod.POST,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
Authentication refresh(@CookieValue(TokenConstants.REFRESH_TOKEN_COOKIE_NAME) String refreshToken);

@RequestMapping(value = "/applications/{applicationidentifier}/permissions", method = RequestMethod.POST,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
void createApplicationPermission(@PathVariable("applicationidentifier") String applicationIdentifier, Permission permission);

@RequestMapping(value = "/applications/{applicationidentifier}/permissions", method = RequestMethod.GET,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
List<Permission> getApplicationPermissions(@PathVariable("applicationidentifier") String applicationIdentifier);

@RequestMapping(value = "/applications/{applicationidentifier}/permissions/{permissionidentifier}", method = RequestMethod.DELETE,
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
void deleteApplicationPermission(@PathVariable("applicationidentifier") String applicationIdentifier,
@PathVariable("permissionidentifier") String permittableEndpointGroupIdentifier);
}
@@ -25,9 +25,9 @@
import io.mifos.core.test.listener.EnableEventRecording;
import io.mifos.core.test.listener.EventRecorder;
import io.mifos.identity.api.v1.PermittableGroupIds;
import io.mifos.identity.api.v1.client.IdentityManager;
import io.mifos.identity.api.v1.domain.*;
import io.mifos.identity.api.v1.events.EventConstants;
import io.mifos.identity.api.v1.client.IdentityManager;
import io.mifos.identity.config.IdentityServiceConfig;
import org.junit.After;
import org.junit.Assert;
@@ -44,7 +44,7 @@
import org.springframework.test.context.junit4.SpringRunner;

import javax.annotation.PostConstruct;
import java.util.Collections;
import java.util.Arrays;

/**
* @author Myrle Krantz
@@ -74,7 +74,7 @@ public TestConfiguration() {
static final String AHMES_PASSWORD = "fractions";
static final String AHMES_FRIENDS_PASSWORD = "sekhem";

private final static TestEnvironment testEnvironment = new TestEnvironment(APP_NAME);
final static TestEnvironment testEnvironment = new TestEnvironment(APP_NAME);
final static CassandraInitializer cassandraInitializer = new CassandraInitializer();
private final static TenantDataStoreContextTestRule tenantDataStoreContext = TenantDataStoreContextTestRule.forRandomTenantName(cassandraInitializer);
private static boolean alreadyInitialized = false;
@@ -89,7 +89,7 @@ public TestConfiguration() {
static final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment = new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);

@Autowired
private ApiFactory apiFactory;
ApiFactory apiFactory;

@SuppressWarnings("SpringJavaAutowiringInspection")
@Autowired
@@ -190,11 +190,10 @@ String generateRoleIdentifier() {
return Helpers.generateRandomIdentifier("scribe");
}

Role buildRole(final String identifier, final Permission rolePermission) {
Role buildRole(final String identifier, final Permission... permission) {
final Role scribe = new Role();
scribe.setIdentifier(identifier);
scribe.setPermissions(Collections.emptyList());
scribe.setPermissions(Collections.singletonList(rolePermission));
scribe.setPermissions(Arrays.asList(permission));
return scribe;
}

@@ -220,25 +219,20 @@ private Permission buildSelfPermission() {
}

String createRoleManagementRole() throws InterruptedException {
final String roleIdentifier = generateRoleIdentifier();
final Permission rolePermission = buildRolePermission();
final Role scribe = buildRole(roleIdentifier, rolePermission);

getTestSubject().createRole(scribe);

eventRecorder.wait(EventConstants.OPERATION_POST_ROLE, scribe.getIdentifier());

return roleIdentifier;
return createRole(buildRolePermission());
}

String createSelfManagementRole() throws InterruptedException {
return createRole(buildSelfPermission());
}

String createRole(final Permission... permission) throws InterruptedException {
final String roleIdentifier = generateRoleIdentifier();
final Permission rolePermission = buildSelfPermission();
final Role scribe = buildRole(roleIdentifier, rolePermission);
final Role role = buildRole(roleIdentifier, permission);

getTestSubject().createRole(scribe);
getTestSubject().createRole(role);

eventRecorder.wait(EventConstants.OPERATION_POST_ROLE, scribe.getIdentifier());
eventRecorder.wait(EventConstants.OPERATION_POST_ROLE, roleIdentifier);

return roleIdentifier;
}
@@ -20,6 +20,7 @@
import io.mifos.core.api.util.NotFoundException;
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.identity.api.v1.PermittableGroupIds;
import io.mifos.identity.api.v1.client.IdentityManagerForApplications;
import io.mifos.identity.api.v1.domain.Permission;
import io.mifos.identity.api.v1.events.ApplicationPermissionEvent;
import io.mifos.identity.api.v1.events.ApplicationPermissionUserEvent;
@@ -29,16 +30,24 @@
import org.junit.Assert;
import org.junit.Test;

import javax.annotation.PostConstruct;
import java.util.Collections;
import java.util.List;

/**
* @author Myrle Krantz
*/
public class TestApplications extends AbstractComponentTest {
private String createTestApplicationName()
{
return "test" + RandomStringUtils.randomNumeric(3) + "-v1";
private IdentityManagerForApplications identityManagerForApplications;

@PostConstruct
public void provision() throws Exception {
identityManagerForApplications = apiFactory.create(IdentityManagerForApplications.class, testEnvironment.serverURI());
super.provision();
}

private IdentityManagerForApplications getIMForApplications() {
return identityManagerForApplications;
}

@Test
@@ -66,34 +75,34 @@ public void testCreateAndDeleteApplicationPermission() throws InterruptedExcepti
identityManagementPermission.setPermittableEndpointGroupIdentifier(PermittableGroupIds.IDENTITY_MANAGEMENT);
identityManagementPermission.setAllowedOperations(Collections.singleton(AllowedOperation.READ));

getTestSubject().createApplicationPermission(appPlusSig.getApplicationIdentifier(), identityManagementPermission);
getIMForApplications().createApplicationPermission(appPlusSig.getApplicationIdentifier(), identityManagementPermission);
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_POST_APPLICATION_PERMISSION,
new ApplicationPermissionEvent(appPlusSig.getApplicationIdentifier(), PermittableGroupIds.IDENTITY_MANAGEMENT)));

{
final List<Permission> applicationPermissions = getTestSubject().getApplicationPermissions(appPlusSig.getApplicationIdentifier());
final List<Permission> applicationPermissions = getIMForApplications().getApplicationPermissions(appPlusSig.getApplicationIdentifier());
Assert.assertTrue(applicationPermissions.contains(identityManagementPermission));
}

final Permission roleManagementPermission = new Permission();
roleManagementPermission.setPermittableEndpointGroupIdentifier(PermittableGroupIds.ROLE_MANAGEMENT);
roleManagementPermission.setAllowedOperations(Collections.singleton(AllowedOperation.READ));

getTestSubject().createApplicationPermission(appPlusSig.getApplicationIdentifier(), roleManagementPermission);
getIMForApplications().createApplicationPermission(appPlusSig.getApplicationIdentifier(), roleManagementPermission);
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_POST_APPLICATION_PERMISSION,
new ApplicationPermissionEvent(appPlusSig.getApplicationIdentifier(), PermittableGroupIds.ROLE_MANAGEMENT)));
{
final List<Permission> applicationPermissions = getTestSubject().getApplicationPermissions(appPlusSig.getApplicationIdentifier());
final List<Permission> applicationPermissions = getIMForApplications().getApplicationPermissions(appPlusSig.getApplicationIdentifier());
Assert.assertTrue(applicationPermissions.contains(identityManagementPermission));
Assert.assertTrue(applicationPermissions.contains(roleManagementPermission));
}

getTestSubject().deleteApplicationPermission(appPlusSig.getApplicationIdentifier(), identityManagementPermission.getPermittableEndpointGroupIdentifier());
getIMForApplications().deleteApplicationPermission(appPlusSig.getApplicationIdentifier(), identityManagementPermission.getPermittableEndpointGroupIdentifier());
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_DELETE_APPLICATION_PERMISSION,
new ApplicationPermissionEvent(appPlusSig.getApplicationIdentifier(), PermittableGroupIds.IDENTITY_MANAGEMENT)));

{
final List<Permission> applicationPermissions = getTestSubject().getApplicationPermissions(appPlusSig.getApplicationIdentifier());
final List<Permission> applicationPermissions = getIMForApplications().getApplicationPermissions(appPlusSig.getApplicationIdentifier());
Assert.assertFalse(applicationPermissions.contains(identityManagementPermission));
Assert.assertTrue(applicationPermissions.contains(roleManagementPermission));
}
@@ -126,7 +135,7 @@ public void testDeleteApplication() throws InterruptedException {
}

@Test
public void testApplicationApprovals() throws InterruptedException {
public void testApplicationPermissionUserApprovalProvisioning() throws InterruptedException {
final ApplicationSignatureEvent appPlusSig;
final Permission identityManagementPermission;
try (final AutoUserContext ignored
@@ -137,7 +146,7 @@ public void testApplicationApprovals() throws InterruptedException {
PermittableGroupIds.ROLE_MANAGEMENT,
Collections.singleton(AllowedOperation.READ));

getTestSubject().createApplicationPermission(appPlusSig.getApplicationIdentifier(), identityManagementPermission);
getIMForApplications().createApplicationPermission(appPlusSig.getApplicationIdentifier(), identityManagementPermission);
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_POST_APPLICATION_PERMISSION,
new ApplicationPermissionEvent(appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier())));
@@ -204,9 +213,51 @@ public void testApplicationApprovals() throws InterruptedException {
}

//Note that at this point, our imaginary application still cannot do anything in the name of any user,
//because neither of the users has the permission it enabled for the application.
//because neither of the users has the permission the user enabled for the application.
}

//TODO: check that the permissions actually work when accessing endpoints as an application.
@Test
public void applicationIssuedRefreshTokenHappyCase() throws InterruptedException {
final ApplicationSignatureEvent appPlusSig;
final Permission rolePermission = buildRolePermission();
final Permission userPermission = buildUserPermission();
try (final AutoUserContext ignored
= tenantApplicationSecurityEnvironment.createAutoSeshatContext()) {
appPlusSig = setApplicationSignature();

getIMForApplications().createApplicationPermission(appPlusSig.getApplicationIdentifier(), rolePermission);
getIMForApplications().createApplicationPermission(appPlusSig.getApplicationIdentifier(), userPermission);
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_POST_APPLICATION_PERMISSION,
new ApplicationPermissionEvent(appPlusSig.getApplicationIdentifier(),
rolePermission.getPermittableEndpointGroupIdentifier())));
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_POST_APPLICATION_PERMISSION,
new ApplicationPermissionEvent(appPlusSig.getApplicationIdentifier(),
userPermission.getPermittableEndpointGroupIdentifier())));
}

final String userid;
final String userPassword;
try (final AutoUserContext ignored = enableAndLoginAdmin()) {
final String selfManagementRoleId = createRole(rolePermission, userPermission);

userPassword = RandomStringUtils.randomAlphanumeric(5);
userid = createUserWithNonexpiredPassword(userPassword, selfManagementRoleId);
}


try (final AutoUserContext ignored = loginUser(userid, userPassword)) {
getTestSubject().setApplicationPermissionEnabledForUser(
appPlusSig.getApplicationIdentifier(),
userPermission.getPermittableEndpointGroupIdentifier(),
userid,
true);
}
//TODO: get me a refresh token here. use it to get an access token. Then access like mad.
}

private String createTestApplicationName()
{
return "test" + RandomStringUtils.randomNumeric(3) + "-v1";
}

private ApplicationSignatureEvent setApplicationSignature() throws InterruptedException {

0 comments on commit 9bc4a5c

Please sign in to comment.