diff --git a/.github/workflows/test-dp-pr.yaml b/.github/workflows/test-dp-pr.yaml new file mode 100644 index 00000000..bc3e17d6 --- /dev/null +++ b/.github/workflows/test-dp-pr.yaml @@ -0,0 +1,49 @@ +name: Test PR +on: + pull_request_target: + paths-ignore: + - '*.md' + +permissions: + pull-requests: write + contents: write + +jobs: + test_dp_pr: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Checkout latest code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'zulu' + cache: 'gradle' + + - name: Build with Gradle + run: ./gradlew build + + dependabot_pr: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + needs: test_dp_pr + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.6.0 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Enable auto-merge for Dependabot PRs + if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test-pr.yaml b/.github/workflows/test-pr.yaml index 0d33d30c..cea13ccd 100644 --- a/.github/workflows/test-pr.yaml +++ b/.github/workflows/test-pr.yaml @@ -1,13 +1,9 @@ name: Test PR on: - pull_request_target: + pull_request: paths-ignore: - '*.md' -permissions: - pull-requests: write - contents: write - jobs: test_pr: runs-on: ubuntu-latest @@ -24,25 +20,3 @@ jobs: - name: Build with Gradle run: ./gradlew build - - dependabot_pr: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - needs: test_pr - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.6.0 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve a PR - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Enable auto-merge for Dependabot PRs - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/build.gradle.kts b/build.gradle.kts index c2c8897e..7466b7e6 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -4,16 +4,16 @@ import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask val assertjVersion = "3.24.2" val kotlinLoggingVersion = "3.0.5" val logbackVersion = "1.4.11" -val nimbusSdkVersion = "10.15" val mockWebServerVersion = "5.0.0-alpha.11" -val jacksonVersion = "2.15.2" +val nimbusSdkVersion = "11.4" +val jacksonVersion = "2.15.3" val nettyVersion = "4.1.100.Final" val junitJupiterVersion = "5.10.0" val kotlinVersion = "1.9.10" val freemarkerVersion = "2.3.32" val kotestVersion = "5.7.2" val bouncyCastleVersion = "1.70" -val springBootVersion = "3.1.4" +val springBootVersion = "3.1.5" val reactorTestVersion = "3.5.11" val ktorVersion = "2.3.5" diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt b/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt index aeb62941..81522294 100644 --- a/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt +++ b/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt @@ -52,10 +52,11 @@ data class OAuth2HttpRequest( @Suppress("MemberVisibilityCanBePrivate") fun asNimbusHTTPRequest(): HTTPRequest { + val inputBody = body return HTTPRequest(HTTPRequest.Method.valueOf(method), url.toUrl()) .apply { headers.forEach { header -> this.setHeader(header.first, header.second) } - query = body + body = inputBody } } diff --git a/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt b/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt index 7016ddc5..3e897028 100644 --- a/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt +++ b/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt @@ -91,33 +91,38 @@ class TokenExchangeGrantIntegrationTest { fun `token request with token exchange grant and client basic auth should exchange subject_token with a new token containing many of the same claims`() { withMockOAuth2Server { val initialSubject = "yolo" - val initialToken = this.issueToken( - issuerId = "idprovider", - clientId = "initialClient", - tokenCallback = DefaultOAuth2TokenCallback( + val initialToken = + this.issueToken( issuerId = "idprovider", - subject = initialSubject, - claims = mapOf( - "claim1" to "value1", - "claim2" to "value2", - ), - ), - ) + clientId = "initialClient", + tokenCallback = + DefaultOAuth2TokenCallback( + issuerId = "idprovider", + subject = initialSubject, + claims = + mapOf( + "claim1" to "value1", + "claim2" to "value2", + ), + ), + ) val issuerId = "tokenx" val tokenEndpointUrl = this.tokenEndpointUrl(issuerId) val targetAudienceForToken = "targetAudience" - val response: ParsedTokenResponse = client.tokenRequest( - url = tokenEndpointUrl, - basicAuth = Pair("client", "secret"), - parameters = mapOf( - "grant_type" to TOKEN_EXCHANGE.value, - "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, - "subject_token" to initialToken.serialize(), - "audience" to targetAudienceForToken, - ), - ).toTokenResponse() + val response: ParsedTokenResponse = + client.tokenRequest( + url = tokenEndpointUrl, + basicAuth = Pair("client", "secret"), + parameters = + mapOf( + "grant_type" to TOKEN_EXCHANGE.value, + "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, + "subject_token" to initialToken.serialize(), + "audience" to targetAudienceForToken, + ), + ).toTokenResponse() response shouldBeValidFor TOKEN_EXCHANGE response.scope shouldBe null @@ -136,17 +141,17 @@ class TokenExchangeGrantIntegrationTest { @Test fun `token request without client_assertion should fail`() { withMockOAuth2Server { - val response: Response = + val response: Response = client.tokenRequest( - url = this.tokenEndpointUrl("tokenx"), - parameters = - mapOf( - "grant_type" to TOKEN_EXCHANGE.value, - "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, - "subject_token" to "yolo", - "audience" to "targetAudienceForToken", - ), - ) + url = this.tokenEndpointUrl("tokenx"), + parameters = + mapOf( + "grant_type" to TOKEN_EXCHANGE.value, + "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, + "subject_token" to "yolo", + "audience" to "targetAudienceForToken", + ), + ) response.code shouldBe 400 } }