From 04517e2ec871669b116da86f7172e8b9e049c421 Mon Sep 17 00:00:00 2001 From: Thisal Tennakoon Date: Wed, 5 Apr 2023 15:18:55 +0530 Subject: [PATCH 1/3] Initial commit --- .../test/impl/RestAPIAdminImpl.java | 36 +++++++++++ .../OAuthApplicationOwnerUpdateTestCase.java | 59 ++++++++++++++++++- 2 files changed, 94 insertions(+), 1 deletion(-) diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java index 9d4ff98d93..b4894faff6 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java @@ -28,6 +28,8 @@ import org.wso2.am.integration.test.HttpResponse; import java.io.File; +import java.util.Arrays; +import java.util.Base64; /** * This util class performs the actions related to APIDTOobjects. @@ -694,6 +696,40 @@ public ApiResponse changeApplicationOwner(String newOwner, String applicat return applicationApi.applicationsApplicationIdChangeOwnerPostWithHttpInfo(newOwner, applicationId); } + /** + * This method is used to retrieve scopes for a particular user. + * + * @param scopeName Scope name. + * @param username Username of the user. + * @return ScopeSettingsDTO returned by API call. + * @throws ApiException if an error occurs while retrieving the scopes of a particular user. + */ + public ScopeSettingsDTO retrieveScopesForParticularUser(String scopeName, String username) throws ApiException { + return systemScopesApi.systemScopesScopeNameGet(new String(Base64.getEncoder().encode(scopeName.getBytes())), username); + } + + /** + * This method is used to add a new role alias mapping for system scope roles. + * + * @param count The number of role aliases. + * @param role Name of the role. + * @param aliases List of aliases. + * @return RoleAliasListDTO returned by API call. + * @throws ApiException if an error occurs while adding role aliases mappings for system scope roles. + */ + public RoleAliasListDTO addRoleAliasMappingForSystemScopeRoles(int count, String role, String[] aliases) throws ApiException { + + RoleAliasDTO roleAliasDTO = new RoleAliasDTO(); + roleAliasDTO.setRole(role); + roleAliasDTO.setAliases(Arrays.asList(aliases)); + + RoleAliasListDTO roleAliasListDTO = new RoleAliasListDTO(); + roleAliasListDTO.setCount(count); + roleAliasListDTO.setList(Arrays.asList(roleAliasDTO)); + + return systemScopesApi.systemScopesRoleAliasesPut(roleAliasListDTO); + } + public HttpResponse getWorkflowByExternalWorkflowReference(String externalWorkflowRef) throws ApiException { WorkflowInfoDTO workflowInfodto = null; HttpResponse response = null; diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/OAuthApplicationOwnerUpdateTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/OAuthApplicationOwnerUpdateTestCase.java index 4d243d838e..124f6c67a3 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/OAuthApplicationOwnerUpdateTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/OAuthApplicationOwnerUpdateTestCase.java @@ -28,6 +28,7 @@ import org.wso2.am.integration.clients.admin.ApiResponse; import org.wso2.am.integration.clients.admin.api.dto.ApplicationInfoDTO; import org.wso2.am.integration.clients.admin.api.dto.ApplicationListDTO; +import org.wso2.am.integration.clients.admin.api.dto.ScopeSettingsDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; import org.wso2.am.integration.test.impl.RestAPIAdminImpl; @@ -73,6 +74,14 @@ public class OAuthApplicationOwnerUpdateTestCase extends APIMIntegrationBaseTest private static final String TENANT_DOMAIN = "tenant.com"; private static final String TENANT_ADMIN_WITH_DOMAIN = TENANT_ADMIN + "@" + TENANT_DOMAIN; private static final String TENANT_ADMIN_APP = "tenantAdminApp"; + private static final String APIM_SUBSCRIBE_SCOPE = "apim:subscribe"; + private static final String CUSTOM_ROLE1 = "customRole1"; + private static final String CUSTOM_ROLE1_PWD = "customRole1@"; + private static final String CUSTOM_ROLE2 = "customRole2"; + private static final String CUSTOM_ROLE2_PWD = "customRole2@"; + private static final String CUSTOM_ROLE1_ASSIGNED_USER = "customRole1AssignedUser"; + private static final String CUSTOM_ROLE2_ASSIGNED_USER = "customRole2AssignedUser"; + private static final String[] PERMISSIONS = {"/permission/admin/manage/api/subscribe"}; private static final String TENANT_USER1_WITH_DOMAIN = TENANT_USER1 + "@" + TENANT_DOMAIN; private static final String TENANT_USER2_WITH_DOMAIN = TENANT_USER2 + "@" + TENANT_DOMAIN; @@ -87,6 +96,8 @@ public class OAuthApplicationOwnerUpdateTestCase extends APIMIntegrationBaseTest private RestAPIStoreImpl restAPIStoreClient5; private RestAPIStoreImpl restAPIStoreClient6; private RestAPIAdminImpl restAPIAdminClient; + private RestAPIStoreImpl restAPIStoreClientForCustomRole1AssignedUser; + private RestAPIStoreImpl restAPIStoreClientForCustomRole2AssignedUser; private String appIdOfJohnApp; private String appIdOfMaryApp; @@ -95,6 +106,8 @@ public class OAuthApplicationOwnerUpdateTestCase extends APIMIntegrationBaseTest private String appIdOfTenantUser1App; private String appIdOfTenantUser2App; private String appIdOfTenantUser3App; + private String appIdOftestAppCreatedByCustomRole1AssignedUser; + private String appIdOftestAppCreatedByCustomRole2AssignedUser; @BeforeClass(alwaysRun = true) public void setEnvironment() throws Exception { @@ -191,7 +204,7 @@ public void checkSubscriberValidity() { try { updateOwner(appIdOfTenantUser3App, TENANT_USER4_WITH_DOMAIN, TENANT_DOMAIN); } catch (ApiException e) { - Assert.assertEquals(e.getCode(), HttpStatus.SC_INTERNAL_SERVER_ERROR); + Assert.assertEquals(e.getCode(), HttpStatus.SC_NOT_FOUND); } } @@ -278,6 +291,33 @@ public void testApplicationUpdateAfterOwnerChange() throws Exception { } + @Test(groups = {"wso2.am"}, description = "Update application ownership to another user when custom user roles assigned to them") + public void updateApplicationOwnerWhenHavingCustomRoles() throws Exception { + + //Add custom roles + userManagementClient.addRole(CUSTOM_ROLE1, null, PERMISSIONS); + userManagementClient.addRole(CUSTOM_ROLE2, null, PERMISSIONS); + + //Add users with custom roles created above + userManagementClient.addUser(CUSTOM_ROLE1_ASSIGNED_USER, CUSTOM_ROLE1_PWD, new String[]{CUSTOM_ROLE1}, CUSTOM_ROLE1_ASSIGNED_USER); + userManagementClient.addUser(CUSTOM_ROLE2_ASSIGNED_USER, CUSTOM_ROLE2_PWD, new String[]{CUSTOM_ROLE2}, CUSTOM_ROLE2_ASSIGNED_USER); + + //Add role alias mapping for system scope roles + restAPIAdminClient = new RestAPIAdminImpl(user.getUserName(), user.getPassword(), SUPER_TENANT_DOMAIN, publisherURLHttps); + restAPIAdminClient.addRoleAliasMappingForSystemScopeRoles(1, APIMIntegrationConstants.APIM_INTERNAL_ROLE.SUBSCRIBER, new String[]{CUSTOM_ROLE1, CUSTOM_ROLE2}); + + //Create applications + restAPIStoreClientForCustomRole1AssignedUser = new RestAPIStoreImpl(CUSTOM_ROLE1_ASSIGNED_USER, CUSTOM_ROLE1_PWD, SUPER_TENANT_DOMAIN, storeURLHttps); + appIdOftestAppCreatedByCustomRole1AssignedUser = restAPIStoreClientForCustomRole1AssignedUser.addApplication("testAppCreatedByCustomRole1AssignedUser", + APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, "", "App of user customRole1AssignedUser").getApplicationId(); + restAPIStoreClientForCustomRole2AssignedUser = new RestAPIStoreImpl(CUSTOM_ROLE2_ASSIGNED_USER, CUSTOM_ROLE2_PWD, SUPER_TENANT_DOMAIN, storeURLHttps); + appIdOftestAppCreatedByCustomRole2AssignedUser = restAPIStoreClientForCustomRole2AssignedUser.addApplication("testAppCreatedByCustomRole2AssignedUser", + APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, "", "App of user customRole2AssignedUser").getApplicationId(); + + // Change application owner of testAppCreatedByCustomRole1AssignedUser from CUSTOM_ROLE1_ASSIGNED_USER to CUSTOM_ROLE2_ASSIGNED_USER + updateOwner(appIdOftestAppCreatedByCustomRole1AssignedUser, CUSTOM_ROLE2_ASSIGNED_USER, SUPER_TENANT_DOMAIN); + } + @AfterClass(alwaysRun = true) public void destroy() throws Exception { @@ -291,12 +331,23 @@ public void destroy() throws Exception { if (userManagementClient != null) { userManagementClient.deleteUser(USER_JOHN); userManagementClient.deleteUser(USER_MARY); + userManagementClient.deleteUser(CUSTOM_ROLE1_ASSIGNED_USER); + userManagementClient.deleteUser(CUSTOM_ROLE2_ASSIGNED_USER); + + userManagementClient.deleteRole(CUSTOM_ROLE1); + userManagementClient.deleteRole(CUSTOM_ROLE2); } if (userManagementClient1 != null) { userManagementClient1.deleteUser(TENANT_USER1); userManagementClient1.deleteUser(TENANT_USER2); userManagementClient1.deleteUser(TENANT_USER3); } + if (restAPIStoreClientForCustomRole1AssignedUser != null && appIdOftestAppCreatedByCustomRole1AssignedUser != null) { + restAPIStoreClientForCustomRole1AssignedUser.deleteApplication(appIdOftestAppCreatedByCustomRole1AssignedUser); + } + if (restAPIStoreClientForCustomRole2AssignedUser != null && appIdOftestAppCreatedByCustomRole2AssignedUser != null) { + restAPIStoreClientForCustomRole2AssignedUser.deleteApplication(appIdOftestAppCreatedByCustomRole2AssignedUser); + } tenantManagementServiceClient.deleteTenant(TENANT_DOMAIN); } @@ -308,6 +359,12 @@ public void destroy() throws Exception { * @param appTenantDomain Tenant domain of the application */ private void updateOwner(String applicationId, String newOwner, String appTenantDomain) throws ApiException { + + + // Verify whether the new owner has the scope "apim:subscribe" + ScopeSettingsDTO scopeSettingsDTO = restAPIAdminClient.retrieveScopesForParticularUser(APIM_SUBSCRIBE_SCOPE, newOwner); + Assert.assertEquals(scopeSettingsDTO.getName(), APIM_SUBSCRIBE_SCOPE); + //Update owner of the application ApiResponse changeOwnerResponse = restAPIAdminClient.changeApplicationOwner(newOwner, applicationId); Assert.assertEquals(changeOwnerResponse.getStatusCode(), HttpStatus.SC_OK); From fe668e5a56b6ddba5602e30cec15d0a9a73ce46a Mon Sep 17 00:00:00 2001 From: Thisal Tennakoon <42693357+thisaltennakoon@users.noreply.github.com> Date: Thu, 11 Jan 2024 12:36:35 +0530 Subject: [PATCH 2/3] Update RestAPIAdminImpl.java --- .../java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java index b4894faff6..96801db40f 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java @@ -26,7 +26,6 @@ import org.wso2.am.integration.test.ClientAuthenticator; import org.wso2.am.integration.test.Constants; import org.wso2.am.integration.test.HttpResponse; - import java.io.File; import java.util.Arrays; import java.util.Base64; From a1c58bdaafe089d4d8dc84d6e05281782a5b455e Mon Sep 17 00:00:00 2001 From: Thisal Tennakoon <42693357+thisaltennakoon@users.noreply.github.com> Date: Thu, 11 Jan 2024 12:36:52 +0530 Subject: [PATCH 3/3] Update RestAPIAdminImpl.java --- .../java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java index 96801db40f..b4894faff6 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java @@ -26,6 +26,7 @@ import org.wso2.am.integration.test.ClientAuthenticator; import org.wso2.am.integration.test.Constants; import org.wso2.am.integration.test.HttpResponse; + import java.io.File; import java.util.Arrays; import java.util.Base64;