add unit test

wso2-extensions · Apr 30, 2024 · f1ff53b · f1ff53b
1 parent 22dc889
commit f1ff53b
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 1 deletion.
diff --git a/...o2/carbon/identity/oauth2/token/handlers/claims/ImpersonatedAccessTokenClaimProvider.java b/...o2/carbon/identity/oauth2/token/handlers/claims/ImpersonatedAccessTokenClaimProvider.java
@@ -31,12 +31,13 @@
 import static org.wso2.carbon.identity.oauth.common.OAuthConstants.IMPERSONATING_ACTOR;
 
 /**
- * Adds new claims into JWT Access Tokens.
+ * A class that provides additional claims for JWT access tokens when impersonation is requested.
  */
 public class ImpersonatedAccessTokenClaimProvider implements JWTAccessTokenClaimProvider {
 
     private static final String ACT = "act";
     private static final String SUB = "SUB";
+
     @Override
     public Map<String, Object> getAdditionalClaims(OAuthAuthzReqMessageContext context) throws IdentityOAuth2Exception {
 
@@ -47,6 +48,7 @@ public Map<String, Object> getAdditionalClaims(OAuthAuthzReqMessageContext conte
     public Map<String, Object> getAdditionalClaims(OAuthTokenReqMessageContext context) throws IdentityOAuth2Exception {
 
         if (context.isImpersonationRequest()
+                && (context.getProperty(IMPERSONATING_ACTOR) != null)
                 && StringUtils.isNotBlank(context.getProperty(IMPERSONATING_ACTOR).toString())) {
 
             Map<String, Object> actorMap = new HashMap<>();

diff --git a/...arbon/identity/oauth2/token/handlers/claims/ImpersonatedAccessTokenClaimProviderTest.java b/...arbon/identity/oauth2/token/handlers/claims/ImpersonatedAccessTokenClaimProviderTest.java
@@ -0,0 +1,87 @@
+/*
+ *  Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ *  WSO2 LLC. licenses this file to you under the Apache License,
+ *  Version 2.0 (the "License"); you may not use this file except
+ *  in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+
+package org.wso2.carbon.identity.oauth2.token.handlers.claims;
+
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
+import org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.powermock.api.mockito.PowerMockito.mock;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNull;
+import static org.testng.Assert.assertTrue;
+
+public class ImpersonatedAccessTokenClaimProviderTest extends PowerMockIdentityBaseTest {
+
+    private OAuthTokenReqMessageContext tokReqMsgCtx;
+    public static final String IMPERSONATING_ACTOR = "IMPERSONATING_ACTOR";
+    private static final String ACT = "act";
+    private static final String SUB = "SUB";
+
+
+    @BeforeMethod
+    public void init() {
+
+        tokReqMsgCtx = mock(OAuthTokenReqMessageContext.class);
+    }
+
+    @DataProvider(name = "GetAdditionalClaimsDataProvider")
+    public Object[][] getAdditionalClaimsDataProvider() {
+
+        Map<String, Object> validActorMap = new HashMap<>();
+        validActorMap.put(ACT, Collections.singletonMap(SUB, IMPERSONATING_ACTOR));
+        return new Object[][]{
+                {true, IMPERSONATING_ACTOR, validActorMap},
+                {true, null, null},
+                {true, "", null},
+                {true, " ", null},
+                {false, IMPERSONATING_ACTOR, null},
+        };
+    }
+
+    @Test(dataProvider = "GetAdditionalClaimsDataProvider")
+    public void testGetAdditionalClaimsData(boolean isImpersonationRequest, String impersonator,
+                                            Map<String, Object> claimMapping)
+            throws Exception {
+
+        JWTAccessTokenClaimProvider claimProvider = new ImpersonatedAccessTokenClaimProvider();
+        when(tokReqMsgCtx.isImpersonationRequest()).thenReturn(isImpersonationRequest);
+        when(tokReqMsgCtx.getProperty(IMPERSONATING_ACTOR)).thenReturn(impersonator);
+
+        Map<String, Object> actorMap;
+        actorMap = claimProvider.getAdditionalClaims(tokReqMsgCtx);
+
+        if (claimMapping != null) {
+
+            assertTrue(actorMap.containsKey(ACT), "Expected 'act' claim in the claim mapping");
+            assertEquals(IMPERSONATING_ACTOR, ((Map<String, Object>) actorMap.get(ACT)).get(SUB),
+                    "Expected 'act' claim in the claim mapping has 'sub' claim.");
+        } else {
+            assertNull(actorMap, " Expected Null mapping but retrieved non null object.");
+        }
+    }
+}
diff --git a/components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml b/components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml
@@ -114,6 +114,7 @@
             <class name="org.wso2.carbon.identity.oauth2.validators.jwt.JWKSBasedJWTValidatorTest"/>
             <class name="org.wso2.carbon.identity.oauth2.device.codegenerator.GenerateKeysTest"/>
             <class name="org.wso2.carbon.identity.oauth2.responsemode.provider.ResponseModeProviderTest"/>
+            <class name="org.wso2.carbon.identity.oauth2.token.handlers.claims.ImpersonatedAccessTokenClaimProviderTest"></class>
         </classes>
     </test>