Skip to content

Commit

Permalink
Force code to expire in invitations flow
Browse files Browse the repository at this point in the history 
[#136125817] https://www.pivotaltracker.com/story/show/136125817

Signed-off-by: Jennifer Hamon <jhamon@pivotal.io>
Signed-off-by: Priyata Agrawal <pagrawal@pivotal.io>
  • Loading branch information
@Priyata25
Bharath Sekar authored and Priyata25 committed Jan 18, 2017
1 parent 1d78da9 commit 2deadbf
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 33 deletions.
11 changes: 2 additions & 9 deletions server/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java
View file
Expand Up @@ -125,23 +125,16 @@ public void return404(HttpServletResponse response) {
@RequestMapping(value = "/accept", method = GET, params = {"code"})
public String acceptInvitePage(@RequestParam String code, Model model, HttpServletRequest request, HttpServletResponse response) throws IOException {

ExpiringCode expiringCode = expiringCodeStore.checkCode(code);
ExpiringCode expiringCode = expiringCodeStore.retrieveCode(code);
if ((null == expiringCode) || (null != expiringCode.getIntent() && !INVITATION.name().equals(expiringCode.getIntent()))) {
expiringCodeStore.retrieveCode(code);
return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite");
}

Map<String, String> codeData = JsonUtils.readValue(expiringCode.getData(), new TypeReference<Map<String, String>>() {});
String origin = codeData.get(ORIGIN);
try {
IdentityProvider provider = providerProvisioning.retrieveByOrigin(origin, IdentityZoneHolder.get().getId());
final String newCode;
if(!OriginKeys.UAA.equals(provider.getType())) {
expiringCodeStore.retrieveCode(code);
newCode = expiringCodeStore.generateCode(expiringCode.getData(), new Timestamp(System.currentTimeMillis() + (10 * 60 * 1000)), expiringCode.getIntent()).getCode();
} else {
newCode = code;
}
final String newCode = expiringCodeStore.generateCode(expiringCode.getData(), new Timestamp(System.currentTimeMillis() + (10 * 60 * 1000)), expiringCode.getIntent()).getCode();

UaaUser user = userDatabase.retrieveUserById(codeData.get("user_id"));
if (user.isVerified()) {
Expand Down
47 changes: 23 additions & 24 deletions ...er/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java
View file
Expand Up @@ -141,33 +141,28 @@ public void testAcceptInvitationsPage() throws Exception {
codeData.put("email", "user@example.com");
codeData.put("client_id", "client-id");
codeData.put("redirect_uri", "blah.test.com");
ExpiringCode code = new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name());
List<ExpiringCode> codeStore = new ArrayList<>();
codeStore.add(code);
when(expiringCodeStore.checkCode("code")).thenReturn(codeStore.get(0));
when(expiringCodeStore.retrieveCode("code")).thenReturn(codeStore.remove(0));
when(expiringCodeStore.retrieveCode("code")).thenReturn(createCode(codeData), null);
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(createCode(codeData));
IdentityProvider provider = new IdentityProvider();
provider.setType(OriginKeys.UAA);
when(providerProvisioning.retrieveByOrigin(anyString(), anyString())).thenReturn(provider);
MockHttpServletRequestBuilder get = get("/invitations/accept")
.param("code", "code");

mockMvc.perform(get)
mockMvc.perform(get("/invitations/accept").param("code", "code"))
.andExpect(status().isOk())
.andExpect(model().attribute("email", "user@example.com"))
.andExpect(model().attribute("code", "code"))
.andExpect(view().name("invitations/accept_invite"));

UaaPrincipal principal = ((UaaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal());
assertTrue(SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken);
assertEquals("user-id-001", principal.getId());
assertEquals("user@example.com", principal.getName());
assertEquals("user@example.com", principal.getEmail());

mockMvc.perform(get)
.andExpect(status().isOk())
.andExpect(model().attribute("email", "user@example.com"))
.andExpect(model().attribute("code", "code"))
.andExpect(view().name("invitations/accept_invite"));
mockMvc.perform(get("/invitations/accept").param("code", "code"))
.andExpect(status().isUnprocessableEntity())
.andExpect(view().name("invitations/accept_invite"))
.andExpect(model().attribute("error_message_code", "code_expired"));
}

@Test
Expand All @@ -189,9 +184,9 @@ public void incorrectCodeIntent() throws Exception {
@Test
public void acceptInvitePage_for_unverifiedSamlUser() throws Exception {
Map<String,String> codeData = getInvitationsCode("test-saml");
when(expiringCodeStore.checkCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.checkCode("the_secret_code")).thenReturn(createCode(codeData));
when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(createCode(codeData));
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(createCode(codeData));
IdentityProvider provider = new IdentityProvider();
SamlIdentityProviderDefinition definition = new SamlIdentityProviderDefinition()
.setMetaDataLocation("http://test.saml.com")
Expand All @@ -217,9 +212,9 @@ public void acceptInvitePage_for_unverifiedSamlUser() throws Exception {
@Test
public void acceptInvitePage_for_unverifiedOIDCUser() throws Exception {
Map<String,String> codeData = getInvitationsCode("test-oidc");
when(expiringCodeStore.checkCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.checkCode("the_secret_code")).thenReturn(createCode(codeData));
when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(createCode(codeData));
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(createCode(codeData));

OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition();
definition.setAuthUrl(new URL("https://oidc10.auth.url"));
Expand All @@ -243,9 +238,9 @@ public void acceptInvitePage_for_unverifiedOIDCUser() throws Exception {
@Test
public void acceptInvitePage_for_unverifiedLdapUser() throws Exception {
Map<String, String> codeData = getInvitationsCode(LDAP);
when(expiringCodeStore.checkCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.checkCode("the_secret_code")).thenReturn(createCode(codeData));
when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(createCode(codeData));
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(createCode(codeData));

IdentityProvider provider = new IdentityProvider();
provider.setType(LDAP);
Expand Down Expand Up @@ -393,8 +388,8 @@ public void acceptInvitePage_for_verifiedUser() throws Exception {
codeData.put("user_id", "verified-user");
codeData.put("email", "user@example.com");

when(expiringCodeStore.checkCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(createCode(codeData), null);
when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(createCode(codeData));
when(invitationsService.acceptInvitation(anyString(), eq(""))).thenReturn(new InvitationsService.AcceptedInvitation("blah.test.com", new ScimUser()));
IdentityProvider provider = new IdentityProvider();
provider.setType(OriginKeys.UAA);
Expand All @@ -406,6 +401,10 @@ public void acceptInvitePage_for_verifiedUser() throws Exception {
.andExpect(redirectedUrl("blah.test.com"));
}

private ExpiringCode createCode(Map<String, String> codeData) {
return new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name());
}

@Test
public void incorrectGeneratedCodeIntent_for_verifiedUser() throws Exception {
UaaUser user = new UaaUser("user@example.com", "", "user@example.com", "Given", "family");
Expand Down

0 comments on commit 2deadbf

Please sign in to comment.