Skip to content

Commit

Permalink
add negative test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
shashimalcse committed Aug 21, 2024
1 parent bc51505 commit 99d8ac7
Showing 1 changed file with 72 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ public class OIDCAccessTokenAttributesTestCase extends OIDCAbstractIntegrationTe
private static final String OAUTH2_TOKEN_ENDPOINT_URI = "/oauth2/token";
private static final String SERVICES = "/services";
private OIDCApplication application;
private OpenIDConnectConfiguration oidcInboundConfig;
protected String refreshToken;
protected String sessionDataKey;

Expand Down Expand Up @@ -128,6 +129,76 @@ public void testValidateAccessTokenAttributesWithRefreshGrant() throws Exception
Assert.assertNotNull(jwtClaimsSet.getClaim("username"), "Username is null.");
}

@Test(groups = "wso2.is", description = "Update access token attributes of the application",
dependsOnMethods = "testValidateAccessTokenAttributesWithRefreshGrant")
public void testUpdateAccessTokenAttributes() throws Exception {

AccessTokenConfiguration accessTokenConfig = new AccessTokenConfiguration().type("JWT");
accessTokenConfig.setUserAccessTokenExpiryInSeconds(3600L);
accessTokenConfig.setApplicationAccessTokenExpiryInSeconds(3600L);
// Add access token attributes
accessTokenConfig.setAccessTokenAttributes(new ArrayList<>());
oidcInboundConfig.setAccessToken(accessTokenConfig);
updateApplicationInboundConfig(application.getApplicationId(), oidcInboundConfig, OIDC);

OpenIDConnectConfiguration updatedOidcInboundConfig =
getOIDCInboundDetailsOfApplication(application.getApplicationId());
Assert.assertTrue(updatedOidcInboundConfig.getAccessToken().getAccessTokenAttributes().isEmpty(),
"Access token attribute should be empty.");
}

@Test(groups = "wso2.is", description = "Validate access token attributes for empty allowed attributes",
dependsOnMethods = "testUpdateAccessTokenAttributes")
public void testValidateAccessTokenAttributesForEmptyAllowedAttributes() throws Exception {

Map<String, String> params = new HashMap<>();
params.put("grant_type", OAuth2Constant.OAUTH2_GRANT_TYPE_RESOURCE_OWNER);
params.put("scope", "");
params.put("username", OIDCUtilTest.user.getUserName());
params.put("password", OIDCUtilTest.user.getPassword());

Response response = getResponseOfFormPostWithAuth(OAUTH2_TOKEN_ENDPOINT_URI, params, new HashMap<>(),
application.getClientId(), application.getClientSecret());

response.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_OK)
.body("access_token", notNullValue())
.body("refresh_token", notNullValue());

String accessToken = response.then().extract().path("access_token");
refreshToken = response.then().extract().path("refresh_token");
Assert.assertNotNull(accessToken, "Access token is null");
JWTClaimsSet jwtClaimsSet = SignedJWT.parse(accessToken).getJWTClaimsSet();
Assert.assertNull(jwtClaimsSet.getClaim("username"), "Username is not null.");
}

@Test(groups = "wso2.is", description = "Validate access token attributes for empty allowed attributes with " +
"refresh grant", dependsOnMethods = "testValidateAccessTokenAttributesForEmptyAllowedAttributes")
public void testValidateAccessTokenAttributesForEmptyAllowedAttributesWithRefreshGrant() throws Exception {

Map<String, String> params = new HashMap<>();
params.put("grant_type", OAuth2Constant.OAUTH2_GRANT_TYPE_REFRESH_TOKEN);
params.put(OAuth2Constant.OAUTH2_GRANT_TYPE_REFRESH_TOKEN, refreshToken);

Response response = getResponseOfFormPostWithAuth(OAUTH2_TOKEN_ENDPOINT_URI, params, new HashMap<>(),
application.getClientId(), application.getClientSecret());

response.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_OK)
.body("access_token", notNullValue())
.body("refresh_token", notNullValue());

String accessToken = response.then().extract().path("access_token");
refreshToken = response.then().extract().path("refresh_token");
Assert.assertNotNull(accessToken, "Access token is null");
JWTClaimsSet jwtClaimsSet = SignedJWT.parse(accessToken).getJWTClaimsSet();
Assert.assertNull(jwtClaimsSet.getClaim("username"), "Username is not null.");
}

/**
* Invoke given endpointUri for Form POST request with given body, headers and Basic authentication credentials.
*
Expand Down Expand Up @@ -186,6 +257,7 @@ private void createAccessTokenAttributesEnabledApplication(ApplicationModel appl

String applicationId = addApplication(applicationModel);
oidcConfig = getOIDCInboundDetailsOfApplication(applicationId);
oidcInboundConfig = oidcConfig;

application.setApplicationId(applicationId);
application.setClientId(oidcConfig.getClientId());
Expand Down

0 comments on commit 99d8ac7

Please sign in to comment.