From 98c32babd5c4bbef0f7a788ab22ecb95f006963d Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Fri, 11 Oct 2024 15:30:46 +0530 Subject: [PATCH 1/8] Replace usages of auth config with app version. --- .../identity/oauth/common/OAuthConstants.java | 2 - .../src/main/resources/OAuthAdminService.wsdl | 1 - .../identity/oauth/OAuthAdminServiceImpl.java | 43 ++++++++++++------- .../wso2/carbon/identity/oauth/OAuthUtil.java | 1 - .../PreIssueAccessTokenRequestBuilder.java | 1 + .../identity/oauth/dao/OAuthAppDAO.java | 21 --------- .../carbon/identity/oauth/dao/OAuthAppDO.java | 11 ----- .../oauth/dto/OAuthConsumerAppDTO.java | 11 ----- .../identity/oauth2/util/OAuth2Util.java | 26 +++++++++-- .../openidconnect/util/ClaimHandlerUtil.java | 28 +++++++++++- 10 files changed, 77 insertions(+), 68 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java index 2984f0bd82..7ee3e18fa1 100644 --- a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java +++ b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java @@ -643,8 +643,6 @@ public static class OIDCConfigProperties { public static final String IS_SUBJECT_TOKEN_ENABLED = "isSubjectTokenEnabled"; public static final String SUBJECT_TOKEN_EXPIRY_TIME = "subjectTokenExpiryTime"; public static final int SUBJECT_TOKEN_EXPIRY_TIME_VALUE = 180; - public static final String IS_ACCESS_TOKEN_CLAIMS_SEPARATION_ENABLED = - "isAccessTokenClaimsSeparationEnabled"; public static final String PREVENT_TOKEN_REUSE = "PreventTokenReuse"; public static final boolean DEFAULT_VALUE_FOR_PREVENT_TOKEN_REUSE = true; // Name of the {@code JWTClientAuthenticatorConfig} resource type in the Configuration Management API. diff --git a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl index 60767786e0..89f6009d95 100755 --- a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl +++ b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl @@ -395,7 +395,6 @@ - diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 878c0450c9..1dbf1fa01b 100755 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -232,7 +232,7 @@ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey, String te OAuthAppDO app = getOAuthApp(consumerKey, tenantDomain); if (app != null) { if (isAccessTokenClaimsSeparationFeatureEnabled() && - !app.isAccessTokenClaimsSeparationEnabled()) { + !isAccessTokenClaimsSeparationEnabledForApp(consumerKey, tenantDomain)) { // Add requested claims as access token claims if the app is not in the new access token // claims feature. addAccessTokenClaims(app, tenantDomain); @@ -536,7 +536,6 @@ OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumerAppDTO if (isAccessTokenClaimsSeparationFeatureEnabled()) { validateAccessTokenClaims(application, tenantDomain); app.setAccessTokenClaims(application.getAccessTokenClaims()); - app.setAccessTokenClaimsSeparationEnabled(true); } } dao.addOAuthApplication(app); @@ -977,27 +976,32 @@ void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO, boolean enabl if (isAccessTokenClaimsSeparationFeatureEnabled()) { // We check if the AT claims separation enabled at server level and // the app level. If both are enabled, we validate the claims and update the app. - if (oAuthAppDO.isAccessTokenClaimsSeparationEnabled()) { - validateAccessTokenClaims(consumerAppDTO, tenantDomain); - oAuthAppDO.setAccessTokenClaims(consumerAppDTO.getAccessTokenClaims()); + try { + if (isAccessTokenClaimsSeparationEnabledForApp(oAuthAppDO.getOauthConsumerKey(), tenantDomain)) { + validateAccessTokenClaims(consumerAppDTO, tenantDomain); + oAuthAppDO.setAccessTokenClaims(consumerAppDTO.getAccessTokenClaims()); + } + } catch (IdentityOAuth2Exception e) { + throw new IdentityOAuthAdminException("Error while updating existing OAuth application to " + + "the new JWT access token OIDC claims separation model. Application : " + + oAuthAppDO.getApplicationName() + " Tenant : " + tenantDomain, e); } // We only trigger the access token claims migration if the following conditions are met. // 1. The AT claims separation is enabled at server level. // 2. The AT claims separation is not enabled at app level. - // 3. User tries to enable AT claims separation at app level with update app. - if (!oAuthAppDO.isAccessTokenClaimsSeparationEnabled() && - consumerAppDTO.isAccessTokenClaimsSeparationEnabled()) { - // Add requested claims as access token claims. - try { + // 3. The access token claims are empty. + try { + if (!isAccessTokenClaimsSeparationEnabledForApp(oAuthAppDO.getOauthConsumerKey(), + tenantDomain) && oAuthAppDO.getAccessTokenClaims().length == 0) { + // Add requested claims as access token claims. addAccessTokenClaims(oAuthAppDO, tenantDomain); - } catch (IdentityOAuth2Exception e) { - throw new IdentityOAuthAdminException("Error while updating existing OAuth application to " + - "the new JWT access token OIDC claims separation model. Application : " + - oAuthAppDO.getApplicationName() + " Tenant : " + tenantDomain, e); } + + } catch (IdentityOAuth2Exception e) { + throw new IdentityOAuthAdminException("Error while updating existing OAuth application to " + + "the new JWT access token OIDC claims separation model. Application : " + + oAuthAppDO.getApplicationName() + " Tenant : " + tenantDomain, e); } - oAuthAppDO.setAccessTokenClaimsSeparationEnabled(consumerAppDTO - .isAccessTokenClaimsSeparationEnabled()); } } dao.updateConsumerApplication(oAuthAppDO); @@ -2867,4 +2871,11 @@ private boolean isAccessTokenClaimsSeparationFeatureEnabled() { return Boolean.parseBoolean(IdentityUtil.getProperty(ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN)); } + + private boolean isAccessTokenClaimsSeparationEnabledForApp(String consumerKey, String tenantDomain) + throws IdentityOAuth2Exception { + + ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(consumerKey, tenantDomain); + return OAuth2Util.isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), "v2.0.0"); + } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 521d1300c4..f69ee36d17 100755 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -562,7 +562,6 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setSubjectTokenEnabled(appDO.isSubjectTokenEnabled()); dto.setSubjectTokenExpiryTime(appDO.getSubjectTokenExpiryTime()); dto.setAccessTokenClaims(appDO.getAccessTokenClaims()); - dto.setAccessTokenClaimsSeparationEnabled(appDO.isAccessTokenClaimsSeparationEnabled()); return dto; } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java index 9f88024419..a164e3a76f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java @@ -282,6 +282,7 @@ private Map getAdditionalClaimsToAddToToken(OAuthTokenReqMessage } try { + String tenantDomain = tokenMessageContext.getOauth2AccessTokenReqDTO().getTenantDomain(); CustomClaimsCallbackHandler claimsCallBackHandler = ClaimHandlerUtil.getClaimsCallbackHandler(getAppInformation(tokenMessageContext)); JWTClaimsSet claimsSet = diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index f11815a74a..bfd3b2b64a 100755 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -85,7 +85,6 @@ import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_ALGORITHM; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_METHOD; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_SIGNATURE_ALGORITHM; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_ACCESS_TOKEN_CLAIMS_SEPARATION_ENABLED; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_CERTIFICATE_BOUND_ACCESS_TOKEN; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_FAPI_CONFORMANT_APP; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_PUSH_AUTH; @@ -1044,13 +1043,6 @@ private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, SUBJECT_TOKEN_EXPIRY_TIME, String.valueOf(oauthAppDO.getSubjectTokenExpiryTime()), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); - if (isAccessTokenClaimsSeparationFeatureEnabled()) { - addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - IS_ACCESS_TOKEN_CLAIMS_SEPARATION_ENABLED, - String.valueOf(oauthAppDO.isAccessTokenClaimsSeparationEnabled()), - prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); - } - addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, HYBRID_FLOW_ENABLED, String.valueOf(oauthAppDO.isHybridFlowEnabled()), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); @@ -1779,12 +1771,6 @@ private void addServiceProviderOIDCProperties(Connection connection, addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, SUBJECT_TOKEN_EXPIRY_TIME, String.valueOf(consumerAppDO.getSubjectTokenExpiryTime())); - if (isAccessTokenClaimsSeparationFeatureEnabled()) { - addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - IS_ACCESS_TOKEN_CLAIMS_SEPARATION_ENABLED, - String.valueOf(consumerAppDO.isAccessTokenClaimsSeparationEnabled())); - } - addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, HYBRID_FLOW_ENABLED, String.valueOf(consumerAppDO.isHybridFlowEnabled())); @@ -1965,13 +1951,6 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu oauthApp.setSubjectTokenExpiryTime(Integer.parseInt(subjectTokenExpiryTime)); } - String isAccessTokenClaimsSeparationEnabled = getFirstPropertyValue(spOIDCProperties, - IS_ACCESS_TOKEN_CLAIMS_SEPARATION_ENABLED); - if (isAccessTokenClaimsSeparationEnabled != null) { - oauthApp.setAccessTokenClaimsSeparationEnabled( - Boolean.parseBoolean(isAccessTokenClaimsSeparationEnabled)); - } - boolean hybridFlowEnabled = Boolean.parseBoolean(getFirstPropertyValue(spOIDCProperties, HYBRID_FLOW_ENABLED)); oauthApp.setHybridFlowEnabled(hybridFlowEnabled); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java index 773c8b484f..1d676bee02 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java @@ -96,7 +96,6 @@ public class OAuthAppDO extends InboundConfigurationProtocol implements Serializ private boolean subjectTokenEnabled; private int subjectTokenExpiryTime; private String[] accessTokenClaims; - private boolean accessTokenClaimsSeparationEnabled; public AuthenticatedUser getAppOwner() { @@ -535,14 +534,4 @@ public void setAccessTokenClaims(String[] accessTokenClaims) { this.accessTokenClaims = accessTokenClaims; } - - public boolean isAccessTokenClaimsSeparationEnabled() { - - return accessTokenClaimsSeparationEnabled; - } - - public void setAccessTokenClaimsSeparationEnabled(boolean accessTokenClaimsSeparationEnabled) { - - this.accessTokenClaimsSeparationEnabled = accessTokenClaimsSeparationEnabled; - } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index fb4e4f2d79..4784b822ad 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -81,7 +81,6 @@ public class OAuthConsumerAppDTO implements InboundProtocolConfigurationDTO { private boolean subjectTokenEnabled; private int subjectTokenExpiryTime; private String[] accessTokenClaims; - private boolean accessTokenClaimsSeparationEnabled; // CORS origin related properties. This will be used by the CORS management service @IgnoreNullElement @@ -540,15 +539,5 @@ public void setAccessTokenClaims(String[] accessTokenClaims) { this.accessTokenClaims = accessTokenClaims; } - - public boolean isAccessTokenClaimsSeparationEnabled() { - - return accessTokenClaimsSeparationEnabled; - } - - public void setAccessTokenClaimsSeparationEnabled(boolean accessTokenClaimsSeparationEnabled) { - - this.accessTokenClaimsSeparationEnabled = accessTokenClaimsSeparationEnabled; - } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java index 52e1855fdb..73a0529e81 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java @@ -393,8 +393,6 @@ public class OAuth2Util { ApplicationConstants.MY_ACCOUNT_APPLICATION_CLIENT_ID, ApplicationConstants.CONSOLE_APPLICATION_CLIENT_ID); - public static final String ALLOWED_VERSION_TO_STOP_USING_APP_OWNER_FOR_TOKEN_IDENTIFICATION = "v1.0.0"; - private OAuth2Util() { } @@ -5634,10 +5632,11 @@ public static boolean isPairwiseSubEnabledForAccessTokens() { * @param appVersion App version. * @return True if the app version is greater than or equal to the allowed minimum version. */ + @Deprecated public static boolean isAllowedToStopUsingAppOwnerForTokenIdentification(String appVersion) { String[] appVersionDigits = appVersion.substring(1).split("\\."); - String[] allowedVersionDigits = ALLOWED_VERSION_TO_STOP_USING_APP_OWNER_FOR_TOKEN_IDENTIFICATION.substring(1) + String[] allowedVersionDigits = ApplicationConstants.ApplicationVersion.APP_VERSION_V1.substring(1) .split("\\."); for (int i = 0; i < appVersionDigits.length; i++) { @@ -5649,4 +5648,25 @@ public static boolean isAllowedToStopUsingAppOwnerForTokenIdentification(String } return true; } + + /** + * Compare the app version with allowed minimum app version. + * + * @param appVersion App version. + * @return True if the app version is greater than or equal to the allowed minimum app version. + */ + public static boolean isGivenAppVersionAllowed(String appVersion, String allowedAppVersion) { + + String[] appVersionDigits = appVersion.substring(1).split("\\."); + String[] allowedVersionDigits = allowedAppVersion.substring(1).split("\\."); + + for (int i = 0; i < appVersionDigits.length; i++) { + if (appVersionDigits[i].equals(allowedVersionDigits[i])) { + continue; + } else { + return Integer.parseInt(appVersionDigits[i]) >= Integer.parseInt(allowedVersionDigits[i]); + } + } + return true; + } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java index 0428536266..910c06a1ee 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java @@ -18,9 +18,13 @@ package org.wso2.carbon.identity.openidconnect.util; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; import org.wso2.carbon.identity.oauth.dao.OAuthAppDO; +import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.util.OAuth2Util; import org.wso2.carbon.identity.openidconnect.CustomClaimsCallbackHandler; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN; @@ -30,11 +34,21 @@ */ public class ClaimHandlerUtil { - public static CustomClaimsCallbackHandler getClaimsCallbackHandler(OAuthAppDO oAuthAppDO) { + /** + * Get the claims callback handler based on the application configuration. + * + * @param oAuthAppDO OAuth application data object. + * @return CustomClaimsCallbackHandler. + */ + public static CustomClaimsCallbackHandler getClaimsCallbackHandler(OAuthAppDO oAuthAppDO) + throws IdentityOAuth2Exception { // If JWT access token OIDC claims separation is enabled and the application is configured to separate OIDC // claims, use the JWTAccessTokenOIDCClaimsHandler to handle custom claims. - if (isAccessTokenClaimsSeparationFeatureEnabled() && oAuthAppDO.isAccessTokenClaimsSeparationEnabled()) { + int appTenantId = IdentityTenantUtil.getLoginTenantId(); + String tenantDomain = IdentityTenantUtil.getTenantDomain(appTenantId); + if (isAccessTokenClaimsSeparationFeatureEnabled() && + isAccessTokenClaimsSeparationEnabledForApp(oAuthAppDO, tenantDomain)) { return OAuthServerConfiguration.getInstance().getJWTAccessTokenOIDCClaimsHandler(); } return OAuthServerConfiguration.getInstance().getOpenIDConnectCustomClaimsCallbackHandler(); @@ -44,4 +58,14 @@ private static boolean isAccessTokenClaimsSeparationFeatureEnabled() { return Boolean.parseBoolean(IdentityUtil.getProperty(ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN)); } + + private static boolean isAccessTokenClaimsSeparationEnabledForApp(OAuthAppDO oAuthAppDO, String tenantDomain) + throws IdentityOAuth2Exception { + + ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(oAuthAppDO.getOauthConsumerKey(), tenantDomain); + String appVersion = serviceProvider.getApplicationVersion(); + + // Todo change to constant. + return OAuth2Util.isGivenAppVersionAllowed(appVersion, "v2.0.0"); + } } From cb298cb4caf1def3ca2c9f2f7d1de28b719db759 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Wed, 16 Oct 2024 15:10:32 +0530 Subject: [PATCH 2/8] Change the method and usages. --- .../oauth2/token/AccessTokenIssuer.java | 6 +++-- .../identity/oauth2/util/OAuth2Util.java | 23 ------------------- .../validators/TokenValidationHandler.java | 4 +++- 3 files changed, 7 insertions(+), 26 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java index c77aa70598..5d069421d3 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java @@ -34,6 +34,7 @@ import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty; import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; +import org.wso2.carbon.identity.application.mgt.ApplicationConstants; import org.wso2.carbon.identity.base.IdentityConstants; import org.wso2.carbon.identity.base.IdentityException; import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; @@ -459,8 +460,9 @@ private OAuth2AccessTokenRespDTO validateGrantAndIssueToken(OAuth2AccessTokenReq ServiceProvider serviceProvider = getServiceProvider(tokReqMsgCtx.getOauth2AccessTokenReqDTO()); boolean useClientIdAsSubClaimForAppTokensEnabledServerConfig = OAuthServerConfiguration.getInstance() .isUseClientIdAsSubClaimForAppTokensEnabled(); - boolean useClientIdAsSubClaimForAppTokensEnabled = OAuth2Util - .isAllowedToStopUsingAppOwnerForTokenIdentification(serviceProvider.getApplicationVersion()); + boolean useClientIdAsSubClaimForAppTokensEnabled = + OAuth2Util.isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), + ApplicationConstants.ApplicationVersion.APP_VERSION_V1); if (authorizedUser.getAuthenticatedSubjectIdentifier() == null) { if ((!isOfTypeApplicationUser && (useClientIdAsSubClaimForAppTokensEnabled || useClientIdAsSubClaimForAppTokensEnabledServerConfig))) { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java index 73a0529e81..d31b52f1c8 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java @@ -5626,29 +5626,6 @@ public static boolean isPairwiseSubEnabledForAccessTokens() { return Boolean.parseBoolean(IdentityUtil.getProperty(ENABLE_PPID_FOR_ACCESS_TOKENS)); } - /** - * Compare the app version with allowed minimum version. - * - * @param appVersion App version. - * @return True if the app version is greater than or equal to the allowed minimum version. - */ - @Deprecated - public static boolean isAllowedToStopUsingAppOwnerForTokenIdentification(String appVersion) { - - String[] appVersionDigits = appVersion.substring(1).split("\\."); - String[] allowedVersionDigits = ApplicationConstants.ApplicationVersion.APP_VERSION_V1.substring(1) - .split("\\."); - - for (int i = 0; i < appVersionDigits.length; i++) { - if (appVersionDigits[i].equals(allowedVersionDigits[i])) { - continue; - } else { - return Integer.parseInt(appVersionDigits[i]) >= Integer.parseInt(allowedVersionDigits[i]); - } - } - return true; - } - /** * Compare the app version with allowed minimum app version. * diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java index 1915185e21..9496ae148d 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java @@ -27,6 +27,7 @@ import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.application.mgt.ApplicationConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; @@ -578,7 +579,8 @@ private OAuth2IntrospectionResponseDTO validateAccessToken(OAuth2TokenValidation String consumerKey = accessTokenDO.getConsumerKey(); ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(consumerKey, appResidentTenantDomain); boolean removeUsernameFromAppTokenEnabled = OAuth2Util - .isAllowedToStopUsingAppOwnerForTokenIdentification(serviceProvider.getApplicationVersion()); + .isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), + ApplicationConstants.ApplicationVersion.APP_VERSION_V1); boolean isAppTokenType = StringUtils.equals(OAuthConstants.UserType.APPLICATION, tokenType); // should be in seconds From 207e8c6cfd454218e911a9fcdcb2a0bbe7a99a45 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Wed, 16 Oct 2024 15:10:49 +0530 Subject: [PATCH 3/8] Replace jwt claim usages with app version. --- .../org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java | 3 ++- .../carbon/identity/openidconnect/util/ClaimHandlerUtil.java | 4 ++-- pom.xml | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 1dbf1fa01b..1e841971b2 100755 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -2876,6 +2876,7 @@ private boolean isAccessTokenClaimsSeparationEnabledForApp(String consumerKey, S throws IdentityOAuth2Exception { ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(consumerKey, tenantDomain); - return OAuth2Util.isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), "v2.0.0"); + return OAuth2Util.isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), + ApplicationConstants.ApplicationVersion.APP_VERSION_V2); } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java index 910c06a1ee..3ba8192cc8 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java @@ -19,6 +19,7 @@ package org.wso2.carbon.identity.openidconnect.util; import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.application.mgt.ApplicationConstants; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; @@ -65,7 +66,6 @@ private static boolean isAccessTokenClaimsSeparationEnabledForApp(OAuthAppDO oAu ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(oAuthAppDO.getOauthConsumerKey(), tenantDomain); String appVersion = serviceProvider.getApplicationVersion(); - // Todo change to constant. - return OAuth2Util.isGivenAppVersionAllowed(appVersion, "v2.0.0"); + return OAuth2Util.isGivenAppVersionAllowed(appVersion, ApplicationConstants.ApplicationVersion.APP_VERSION_V2); } } diff --git a/pom.xml b/pom.xml index 59a86c6f6c..ee0dff678f 100644 --- a/pom.xml +++ b/pom.xml @@ -932,7 +932,7 @@ [1.0.1, 2.0.0) - 7.5.64 + 7.5.66 [5.25.234, 8.0.0) From 49ed7df33aadc715204bb04ff558177e3a777a72 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Tue, 22 Oct 2024 09:53:22 +0530 Subject: [PATCH 4/8] Refactor method name. --- .../org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java | 2 +- .../wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java | 2 +- .../java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java | 2 +- .../identity/oauth2/validators/TokenValidationHandler.java | 2 +- .../carbon/identity/openidconnect/util/ClaimHandlerUtil.java | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 1e841971b2..1d75ab5aa3 100755 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -2876,7 +2876,7 @@ private boolean isAccessTokenClaimsSeparationEnabledForApp(String consumerKey, S throws IdentityOAuth2Exception { ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(consumerKey, tenantDomain); - return OAuth2Util.isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), + return OAuth2Util.isAppVersionAllowed(serviceProvider.getApplicationVersion(), ApplicationConstants.ApplicationVersion.APP_VERSION_V2); } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java index 5d069421d3..16f539f4ec 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java @@ -461,7 +461,7 @@ private OAuth2AccessTokenRespDTO validateGrantAndIssueToken(OAuth2AccessTokenReq boolean useClientIdAsSubClaimForAppTokensEnabledServerConfig = OAuthServerConfiguration.getInstance() .isUseClientIdAsSubClaimForAppTokensEnabled(); boolean useClientIdAsSubClaimForAppTokensEnabled = - OAuth2Util.isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), + OAuth2Util.isAppVersionAllowed(serviceProvider.getApplicationVersion(), ApplicationConstants.ApplicationVersion.APP_VERSION_V1); if (authorizedUser.getAuthenticatedSubjectIdentifier() == null) { if ((!isOfTypeApplicationUser && (useClientIdAsSubClaimForAppTokensEnabled diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java index d31b52f1c8..f2a46773f6 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java @@ -5632,7 +5632,7 @@ public static boolean isPairwiseSubEnabledForAccessTokens() { * @param appVersion App version. * @return True if the app version is greater than or equal to the allowed minimum app version. */ - public static boolean isGivenAppVersionAllowed(String appVersion, String allowedAppVersion) { + public static boolean isAppVersionAllowed(String appVersion, String allowedAppVersion) { String[] appVersionDigits = appVersion.substring(1).split("\\."); String[] allowedVersionDigits = allowedAppVersion.substring(1).split("\\."); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java index 9496ae148d..fabb785dbb 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java @@ -579,7 +579,7 @@ private OAuth2IntrospectionResponseDTO validateAccessToken(OAuth2TokenValidation String consumerKey = accessTokenDO.getConsumerKey(); ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(consumerKey, appResidentTenantDomain); boolean removeUsernameFromAppTokenEnabled = OAuth2Util - .isGivenAppVersionAllowed(serviceProvider.getApplicationVersion(), + .isAppVersionAllowed(serviceProvider.getApplicationVersion(), ApplicationConstants.ApplicationVersion.APP_VERSION_V1); boolean isAppTokenType = StringUtils.equals(OAuthConstants.UserType.APPLICATION, tokenType); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java index 3ba8192cc8..2f2eab51d0 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtil.java @@ -66,6 +66,6 @@ private static boolean isAccessTokenClaimsSeparationEnabledForApp(OAuthAppDO oAu ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(oAuthAppDO.getOauthConsumerKey(), tenantDomain); String appVersion = serviceProvider.getApplicationVersion(); - return OAuth2Util.isGivenAppVersionAllowed(appVersion, ApplicationConstants.ApplicationVersion.APP_VERSION_V2); + return OAuth2Util.isAppVersionAllowed(appVersion, ApplicationConstants.ApplicationVersion.APP_VERSION_V2); } } From 6e74ff89d11d6cb0d7350d1699f1dfe8135bfdd5 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri <47152272+mpmadhavig@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:44:39 +0530 Subject: [PATCH 5/8] Bump framework version. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4b08c66a4e..3cbd9ca23c 100644 --- a/pom.xml +++ b/pom.xml @@ -939,7 +939,7 @@ [1.0.1, 2.0.0) - 7.5.75 + 7.5.83 [5.25.234, 8.0.0) From 43ec7123c78841c29b64d95323ec85657891e35a Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri <47152272+mpmadhavig@users.noreply.github.com> Date: Thu, 24 Oct 2024 15:24:30 +0530 Subject: [PATCH 6/8] Bump framework version. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3cbd9ca23c..a4dabd75e4 100644 --- a/pom.xml +++ b/pom.xml @@ -939,7 +939,7 @@ [1.0.1, 2.0.0) - 7.5.83 + 7.5.84 [5.25.234, 8.0.0) From e102c331841e5ae93fdec9720272d018aff31819 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Sun, 27 Oct 2024 23:19:33 +0530 Subject: [PATCH 7/8] Add unit tests. --- .../PreIssueAccessTokenRequestBuilder.java | 1 - .../oauth/OAuthAdminServiceImplTest.java | 266 ++++++++++++------ .../util/ClaimHandlerUtilTest.java | 165 +++++++++++ .../src/test/resources/testng.xml | 5 +- 4 files changed, 342 insertions(+), 95 deletions(-) mode change 100644 => 100755 components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java create mode 100755 components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtilTest.java mode change 100644 => 100755 components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java old mode 100644 new mode 100755 index a164e3a76f..9f88024419 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/action/PreIssueAccessTokenRequestBuilder.java @@ -282,7 +282,6 @@ private Map getAdditionalClaimsToAddToToken(OAuthTokenReqMessage } try { - String tenantDomain = tokenMessageContext.getOauth2AccessTokenReqDTO().getTenantDomain(); CustomClaimsCallbackHandler claimsCallBackHandler = ClaimHandlerUtil.getClaimsCallbackHandler(getAppInformation(tokenMessageContext)); JWTClaimsSet claimsSet = diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImplTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImplTest.java index 643bad39f0..b1dedc37d1 100755 --- a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImplTest.java +++ b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImplTest.java @@ -35,6 +35,7 @@ import org.testng.annotations.Test; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.core.internal.IdentityCoreServiceComponent; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; @@ -42,6 +43,7 @@ import org.wso2.carbon.identity.oauth.common.OAuth2ErrorCodes; import org.wso2.carbon.identity.oauth.common.OAuthConstants; import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException; +import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO; import org.wso2.carbon.identity.oauth.dao.OAuthAppDO; import org.wso2.carbon.identity.oauth.dto.OAuthAppRevocationRequestDTO; @@ -56,6 +58,7 @@ import org.wso2.carbon.identity.oauth2.dao.TokenManagementDAOImpl; import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; +import org.wso2.carbon.identity.oauth2.util.OAuth2Util; import org.wso2.carbon.user.api.RealmConfiguration; import org.wso2.carbon.user.api.Tenant; import org.wso2.carbon.user.api.UserRealm; @@ -87,11 +90,13 @@ import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.doNothing; import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mockStatic; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN; public class OAuthAdminServiceImplTest { @@ -120,9 +125,10 @@ public class OAuthAdminServiceImplTest { AbstractUserStoreManager mockAbstractUserStoreManager; @Mock OAuthComponentServiceHolder mockOAuthComponentServiceHolder; - @Mock - ObjectMapper objectMapper; + ServiceProvider mockServiceProvider; + @Mock + OAuthServerConfiguration mockOAuthServerConfiguration; private MockedStatic identityTenantUtil; @@ -335,23 +341,65 @@ public void testGetAllOAuthApplicationDataException() throws Exception { } } - @Test - public void testGetOAuthApplicationData() throws Exception { + @DataProvider(name = "setAccessTokenClaims") + public Object[][] getOAuthApplicationData() { - String consumerKey = "some-consumer-key"; - Mockito.when(tenantManager.getTenantId(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) - .thenReturn(MultitenantConstants.SUPER_TENANT_ID); + return new Object[][] { + { "v0.0.0", true }, + { "v1.0.0", true }, + { "v2.0.0", true }, + { "v0.0.0", false }, + { "v1.0.0", false }, + { "v2.0.0", false } + }; + } - OAuthAppDO app = buildDummyOAuthAppDO("some-user-name"); - try (MockedConstruction mockedConstruction = Mockito.mockConstruction(OAuthAppDAO.class, - (mock, context) -> { - when(mock.getAppInformation(consumerKey, MultitenantConstants.SUPER_TENANT_ID)).thenReturn(app); - })) { + @Test(dataProvider = "setAccessTokenClaims") + public void testGetOAuthApplicationData(String appVersion, boolean claimSeparationFeatureEnabled) throws Exception { - OAuthAdminServiceImpl oAuthAdminServiceImpl = new OAuthAdminServiceImpl(); - OAuthConsumerAppDTO oAuthConsumerApp = oAuthAdminServiceImpl.getOAuthApplicationData(consumerKey, - MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); - assertAllAttributesOfConsumerAppDTO(oAuthConsumerApp, app); + try (MockedStatic oAuthServerConfigurationMockedStatic = mockStatic( + OAuthServerConfiguration.class);) { + // Mock and initialize the OAuthServerConfiguration. + mockOAuthServerConfiguration = mock(OAuthServerConfiguration.class); + oAuthServerConfigurationMockedStatic.when(OAuthServerConfiguration::getInstance) + .thenReturn(mockOAuthServerConfiguration); + lenient().when(mockOAuthServerConfiguration.getTimeStampSkewInSeconds()).thenReturn(300L); + + try (MockedStatic identityUtil = mockStatic(IdentityUtil.class); + MockedStatic oAuth2Util = mockStatic(OAuth2Util.class);) { + + String consumerKey = "some-consumer-key"; + Mockito.when(tenantManager.getTenantId(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) + .thenReturn(MultitenantConstants.SUPER_TENANT_ID); + + identityUtil.when(() -> IdentityUtil.getProperty(ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN)) + .thenReturn(claimSeparationFeatureEnabled ? "true" : "false"); + + mockServiceProvider = mock(ServiceProvider.class); + oAuth2Util.when(() -> OAuth2Util.getServiceProvider(anyString(), anyString())) + .thenReturn(mockServiceProvider); + when(mockServiceProvider.getApplicationVersion()).thenReturn(appVersion); + + OAuthAppDO app = buildDummyOAuthAppDO("some-user-name"); + try (MockedConstruction mockedConstruction = Mockito.mockConstruction(OAuthAppDAO.class, + (mock, context) -> { + when(mock.getAppInformation(consumerKey, MultitenantConstants.SUPER_TENANT_ID)) + .thenReturn(app); + })) { + + ApplicationManagementService appMgtService = mock(ApplicationManagementService.class); + OAuth2ServiceComponentHolder.setApplicationMgtService(appMgtService); + when(appMgtService.getServiceProvider(consumerKey, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) + .thenReturn(mockServiceProvider); + + OAuthAdminServiceImpl oAuthAdminServiceImpl = new OAuthAdminServiceImpl(); + OAuthConsumerAppDTO oAuthConsumerApp = oAuthAdminServiceImpl.getOAuthApplicationData(consumerKey, + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); + oAuthConsumerApp.setUsername(app.getUser().toString()); + + assertAllAttributesOfConsumerAppDTO(oAuthConsumerApp, app); + } + } } } @@ -506,10 +554,16 @@ public Object[][] getUpdateConsumerAppTestData() { return new Object[][]{ // Logged In user , App Owner in Request , App Owner in request exists, Excepted App Owner after update - {"admin@carbon.super", "H2/new-app-owner@carbon.super", false, "original-app-owner@wso2.com"}, - {"admin@carbon.super", "H2/new-app-owner@carbon.super", true, "H2/new-app-owner@carbon.super"}, - {"admin@wso2.com", "H2/new-app-owner@wso2.com", false, "original-app-owner@wso2.com"}, - {"admin@wso2.com", "H2/new-app-owner@wso2.com", true, "H2/new-app-owner@wso2.com"} + {"admin@carbon.super", "H2/new-app-owner@carbon.super", false, "original-app-owner@wso2.com", + true, "v2.0.0"}, + {"admin@carbon.super", "H2/new-app-owner@carbon.super", true, "H2/new-app-owner@carbon.super", + true, "v2.0.0"}, + {"admin@wso2.com", "H2/new-app-owner@wso2.com", false, "original-app-owner@wso2.com", + true, "v2.0.0"}, + {"admin@wso2.com", "H2/new-app-owner@wso2.com", true, "H2/new-app-owner@wso2.com", + true, "v2.0.0"}, + {"admin@carbon.super", "H2/new-app-owner@carbon.super", false, "original-app-owner@wso2.com", + false, "v2.0.0"}, }; } @@ -532,80 +586,108 @@ private AuthenticatedUser buildUser(String fullQualifiedUsername) { public void testUpdateConsumerApplication(String loggedInUsername, String appOwnerInRequest, boolean appOwnerInRequestExists, - String expectedAppOwnerAfterUpdate) throws Exception { - - try (MockedStatic identityUtil = mockStatic(IdentityUtil.class); - MockedStatic oAuthComponentServiceHolder = - mockStatic(OAuthComponentServiceHolder.class);) { - - AuthenticatedUser loggedInUser = buildUser(loggedInUsername); - identityUtil.when(() -> IdentityUtil.isUserStoreCaseSensitive(anyString(), anyInt())).thenReturn(true); - identityUtil.when(() -> IdentityUtil.addDomainToName(anyString(), anyString())).thenCallRealMethod(); - - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(loggedInUser.getTenantDomain()); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId( - IdentityTenantUtil.getTenantId(loggedInUser.getTenantDomain())); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(loggedInUser.getUserName()); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserRealm(userRealm); - - AuthenticatedUser appOwner = buildUser(appOwnerInRequest); - String tenantAwareUsernameOfAppOwner = - MultitenantUtils.getTenantAwareUsername(appOwner.toFullQualifiedUsername()); - - when(userStoreManager.isExistingUser(tenantAwareUsernameOfAppOwner)).thenReturn(appOwnerInRequestExists); - - String consumerKey = UUID.randomUUID().toString(); - OAuthAppDO app = buildDummyOAuthAppDO("original-app-owner"); - AuthenticatedUser originalOwner = app.getAppOwner(); - - try (MockedConstruction mockedConstruction = Mockito.mockConstruction(OAuthAppDAO.class, - (mock, context) -> { - when(mock.getAppInformation(consumerKey, - IdentityTenantUtil.getTenantId(loggedInUser.getTenantDomain()))) - .thenReturn(app); - })) { + String expectedAppOwnerAfterUpdate, + boolean claimSeparationFeatureEnabled, String appVersion) + throws Exception { - OAuthAdminServiceImpl oAuthAdminServiceImpl = new OAuthAdminServiceImpl(); - OAuthConsumerAppDTO consumerAppDTO = new OAuthConsumerAppDTO(); - consumerAppDTO.setApplicationName("new-application-name"); - consumerAppDTO.setCallbackUrl("http://new-call-back-url.com"); - consumerAppDTO.setOauthConsumerKey(consumerKey); - consumerAppDTO.setOauthConsumerSecret("some-consumer-secret"); - consumerAppDTO.setOAuthVersion("new-oauth-version"); - consumerAppDTO.setUsername(appOwner.toFullQualifiedUsername()); - - mockOAuthComponentServiceHolder(oAuthComponentServiceHolder); - - String tenantDomain = MultitenantUtils.getTenantDomain(appOwnerInRequest); - String userStoreDomain = UserCoreUtil.extractDomainFromName(appOwnerInRequest); - String domainFreeName = UserCoreUtil.removeDomainFromName(appOwnerInRequest); - String username = MultitenantUtils.getTenantAwareUsername(domainFreeName); - - org.wso2.carbon.user.core.common.User user = new org.wso2.carbon.user.core.common.User(); - user.setUsername(username); - user.setTenantDomain(tenantDomain); - user.setUserStoreDomain(userStoreDomain); - Mockito.when(mockAbstractUserStoreManager.getUser(any(), anyString())).thenReturn(user); - Mockito.when(mockAbstractUserStoreManager.isExistingUser(anyString())) - .thenReturn(appOwnerInRequestExists); - - oAuthAdminServiceImpl.updateConsumerApplication(consumerAppDTO); - OAuthConsumerAppDTO updatedOAuthConsumerApp = oAuthAdminServiceImpl.getOAuthApplicationData(consumerKey, - tenantDomain); - Assert.assertEquals(updatedOAuthConsumerApp.getApplicationName(), consumerAppDTO.getApplicationName(), - "Updated Application name should be same as the application name in consumerAppDTO " + - "data object."); - Assert.assertEquals(updatedOAuthConsumerApp.getCallbackUrl(), consumerAppDTO.getCallbackUrl(), - "Updated Application callbackUrl should be same as the callbackUrl in consumerAppDTO " + - "data object."); - - if (appOwnerInRequestExists) { - // Application update should change the app owner if the app owner sent in the request is a - // valid user. - Assert.assertNotEquals(updatedOAuthConsumerApp.getUsername(), - originalOwner.toFullQualifiedUsername()); + try (MockedStatic oAuthServerConfigurationMockedStatic = mockStatic( + OAuthServerConfiguration.class);) { + // Mock and initialize the OAuthServerConfiguration. + mockOAuthServerConfiguration = mock(OAuthServerConfiguration.class); + oAuthServerConfigurationMockedStatic.when(OAuthServerConfiguration::getInstance) + .thenReturn(mockOAuthServerConfiguration); + lenient().when(mockOAuthServerConfiguration.getTimeStampSkewInSeconds()).thenReturn(300L); + + try (MockedStatic identityUtil = mockStatic(IdentityUtil.class); + MockedStatic oAuthComponentServiceHolder = + mockStatic(OAuthComponentServiceHolder.class); + MockedStatic oAuth2Util = mockStatic(OAuth2Util.class)) { + + identityUtil.when(() -> IdentityUtil.getProperty(ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN)) + .thenReturn(claimSeparationFeatureEnabled ? "true" : "false"); + + oAuth2Util.when(() -> OAuth2Util.getServiceProvider(anyString(), anyString())) + .thenReturn(mockServiceProvider); + when(mockServiceProvider.getApplicationVersion()).thenReturn(appVersion); + + AuthenticatedUser loggedInUser = buildUser(loggedInUsername); + identityUtil.when(() -> IdentityUtil.isUserStoreCaseSensitive(anyString(), anyInt())).thenReturn(true); + identityUtil.when(() -> IdentityUtil.addDomainToName(anyString(), anyString())).thenCallRealMethod(); + + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(loggedInUser.getTenantDomain()); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId( + IdentityTenantUtil.getTenantId(loggedInUser.getTenantDomain())); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(loggedInUser.getUserName()); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserRealm(userRealm); + + AuthenticatedUser appOwner = buildUser(appOwnerInRequest); + String tenantAwareUsernameOfAppOwner = + MultitenantUtils.getTenantAwareUsername(appOwner.toFullQualifiedUsername()); + + when(userStoreManager.isExistingUser(tenantAwareUsernameOfAppOwner)).thenReturn( + appOwnerInRequestExists); + + String consumerKey = UUID.randomUUID().toString(); + OAuthAppDO app = buildDummyOAuthAppDO("original-app-owner"); + AuthenticatedUser originalOwner = app.getAppOwner(); + + try (MockedConstruction mockedConstruction = Mockito.mockConstruction(OAuthAppDAO.class, + (mock, context) -> { + when(mock.getAppInformation(consumerKey, + IdentityTenantUtil.getTenantId(loggedInUser.getTenantDomain()))) + .thenReturn(app); + })) { + + ApplicationManagementService appMgtService = mock(ApplicationManagementService.class); + OAuth2ServiceComponentHolder.setApplicationMgtService(appMgtService); + when(appMgtService.getServiceProvider(consumerKey, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) + .thenReturn(mockServiceProvider); + + OAuthAdminServiceImpl oAuthAdminServiceImpl = new OAuthAdminServiceImpl(); + OAuthConsumerAppDTO consumerAppDTO = new OAuthConsumerAppDTO(); + consumerAppDTO.setApplicationName("new-application-name"); + consumerAppDTO.setCallbackUrl("http://new-call-back-url.com"); + consumerAppDTO.setOauthConsumerKey(consumerKey); + consumerAppDTO.setOauthConsumerSecret("some-consumer-secret"); + consumerAppDTO.setOAuthVersion("new-oauth-version"); + consumerAppDTO.setUsername(appOwner.toFullQualifiedUsername()); + + mockOAuthComponentServiceHolder(oAuthComponentServiceHolder); + + String tenantDomain = MultitenantUtils.getTenantDomain(appOwnerInRequest); + String userStoreDomain = UserCoreUtil.extractDomainFromName(appOwnerInRequest); + String domainFreeName = UserCoreUtil.removeDomainFromName(appOwnerInRequest); + String username = MultitenantUtils.getTenantAwareUsername(domainFreeName); + + org.wso2.carbon.user.core.common.User user = new org.wso2.carbon.user.core.common.User(); + user.setUsername(username); + user.setTenantDomain(tenantDomain); + user.setUserStoreDomain(userStoreDomain); + Mockito.when(mockAbstractUserStoreManager.getUser(any(), anyString())).thenReturn(user); + Mockito.when(mockAbstractUserStoreManager.isExistingUser(anyString())) + .thenReturn(appOwnerInRequestExists); + + oAuthAdminServiceImpl.updateConsumerApplication(consumerAppDTO); + OAuthConsumerAppDTO updatedOAuthConsumerApp = + oAuthAdminServiceImpl.getOAuthApplicationData(consumerKey, + tenantDomain); + Assert.assertEquals(updatedOAuthConsumerApp.getApplicationName(), + consumerAppDTO.getApplicationName(), + "Updated Application name should be same as the application name in consumerAppDTO " + + "data object."); + Assert.assertEquals(updatedOAuthConsumerApp.getCallbackUrl(), consumerAppDTO.getCallbackUrl(), + "Updated Application callbackUrl should be same as the callbackUrl in consumerAppDTO " + + "data object."); + + if (appOwnerInRequestExists) { + // Application update should change the app owner if the app owner sent in the request is a + // valid user. + Assert.assertNotEquals(updatedOAuthConsumerApp.getUsername(), + originalOwner.toFullQualifiedUsername()); + } + Assert.assertEquals(updatedOAuthConsumerApp.getUsername(), expectedAppOwnerAfterUpdate); } - Assert.assertEquals(updatedOAuthConsumerApp.getUsername(), expectedAppOwnerAfterUpdate); } } } diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtilTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtilTest.java new file mode 100755 index 0000000000..0102094ae8 --- /dev/null +++ b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/openidconnect/util/ClaimHandlerUtilTest.java @@ -0,0 +1,165 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.openidconnect.util; + +import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.testng.MockitoTestNGListener; +import org.testng.annotations.AfterMethod; +import org.testng.annotations.BeforeMethod; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Listeners; +import org.testng.annotations.Test; +import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.application.mgt.ApplicationConstants; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.core.util.IdentityUtil; +import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; +import org.wso2.carbon.identity.oauth.dao.OAuthAppDO; +import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; +import org.wso2.carbon.identity.oauth2.util.OAuth2Util; +import org.wso2.carbon.identity.openidconnect.CustomClaimsCallbackHandler; + +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.Mockito.lenient; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.mockStatic; +import static org.testng.AssertJUnit.assertEquals; +import static org.wso2.carbon.base.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN; + +@Listeners(MockitoTestNGListener.class) +public class ClaimHandlerUtilTest { + + @Mock + private OAuthAppDO mockOAuthAppDO; + @Mock + private CustomClaimsCallbackHandler mockJWTAccessTokenOIDCClaimsHandler; + @Mock + private CustomClaimsCallbackHandler mockOpenIDConnectCustomClaimsCallbackHandler; + @Mock + private OAuthServerConfiguration mockOAuthServerConfiguration; + + MockedStatic oAuthServerConfigurationMockedStatic; + MockedStatic identityTenantUtilMockedStatic; + MockedStatic identityUtilMockedStatic; + MockedStatic oAuth2UtilMockedStatic; + + private final String openIDConnectIDTokenCustomClaimsHandlerClassName = "SAMLAssertionClaimsCallback"; + private final String jwtAccessTokenOIDCClaimsHandlerClassName = "JWTAccessTokenOIDCClaimsHandler"; + + @BeforeMethod + public void setUp() throws Exception { + + // Mock and initialize the OAuthServerConfiguration. + oAuthServerConfigurationMockedStatic = mockStatic(OAuthServerConfiguration.class); + mockOAuthServerConfiguration = mock(OAuthServerConfiguration.class); + oAuthServerConfigurationMockedStatic.when(OAuthServerConfiguration::getInstance) + .thenReturn(mockOAuthServerConfiguration); + lenient().when(mockOAuthServerConfiguration.getTimeStampSkewInSeconds()).thenReturn(300L); + + // Initialize the static mocks. + identityTenantUtilMockedStatic = mockStatic(IdentityTenantUtil.class); + identityUtilMockedStatic = mockStatic(IdentityUtil.class); + oAuth2UtilMockedStatic = mockStatic(OAuth2Util.class); + + // Initialize the mocks. + String openIDConnectIDTokenPackageName = "org.wso2.carbon.identity.openidconnect."; + mockOAuthAppDO = mock(OAuthAppDO.class); + mockJWTAccessTokenOIDCClaimsHandler = mock(openIDConnectIDTokenPackageName + + jwtAccessTokenOIDCClaimsHandlerClassName); + mockOpenIDConnectCustomClaimsCallbackHandler = mock(openIDConnectIDTokenPackageName + + openIDConnectIDTokenCustomClaimsHandlerClassName); + + // Mock login tenant utils. + identityTenantUtilMockedStatic.when(IdentityTenantUtil::getLoginTenantId) + .thenReturn(MultitenantConstants.SUPER_TENANT_ID); + identityTenantUtilMockedStatic.when(() -> IdentityTenantUtil.getTenantDomain(-1234)) + .thenReturn(SUPER_TENANT_DOMAIN_NAME); + + // Mock the JWTAccessTokenOIDCClaimsHandler and OpenIDConnectCustomClaimsCallbackHandler. + lenient().when(mockOAuthServerConfiguration.getJWTAccessTokenOIDCClaimsHandler()) + .thenReturn(mockJWTAccessTokenOIDCClaimsHandler); + lenient().when(mockOAuthServerConfiguration.getOpenIDConnectCustomClaimsCallbackHandler()) + .thenReturn(mockOpenIDConnectCustomClaimsCallbackHandler); + } + + @AfterMethod + public void tearDown() { + + oAuthServerConfigurationMockedStatic.close(); + identityTenantUtilMockedStatic.close(); + identityUtilMockedStatic.close(); + oAuth2UtilMockedStatic.close(); + } + + @DataProvider(name = "getClaimsCallbackHandlerDataProvider") + public Object[][] getClaimsCallbackHandlerDataProvider() { + + return new Object[][] { + {true, "v0.0.0", openIDConnectIDTokenCustomClaimsHandlerClassName, false}, + {true, "v1.0.0", openIDConnectIDTokenCustomClaimsHandlerClassName, false}, + {true, "v2.0.0", jwtAccessTokenOIDCClaimsHandlerClassName, true}, + {false, "v0.0.0", openIDConnectIDTokenCustomClaimsHandlerClassName, false}, + {false, "v1.0.0", openIDConnectIDTokenCustomClaimsHandlerClassName, false}, + {false, "v2.0.0", openIDConnectIDTokenCustomClaimsHandlerClassName, true} + }; + } + + @Test(dataProvider = "getClaimsCallbackHandlerDataProvider") + public void testGetClaimsCallbackHandler(boolean isServerConfigEnabled, String appVersion, String className, + boolean isAllowed) + throws IdentityOAuth2Exception { + + // Mock the configuration for claims separation enabled on demand. + identityUtilMockedStatic.when(() -> IdentityUtil.getProperty(ENABLE_CLAIMS_SEPARATION_FOR_ACCESS_TOKEN)) + .thenReturn(isServerConfigEnabled ? "true" : "false"); + + // Mock the service provider and app version. + lenient().when(mockOAuthAppDO.getOauthConsumerKey()).thenReturn("testConsumerKey"); + ServiceProvider serviceProvider = new ServiceProvider(); + serviceProvider.setApplicationVersion(appVersion); + oAuth2UtilMockedStatic.when(() -> OAuth2Util.getServiceProvider(anyString(), anyString())) + .thenReturn(serviceProvider); + oAuth2UtilMockedStatic.when(() -> OAuth2Util.isAppVersionAllowed( + appVersion, ApplicationConstants.ApplicationVersion.APP_VERSION_V2)) + .thenReturn(isAllowed); + + CustomClaimsCallbackHandler result = ClaimHandlerUtil.getClaimsCallbackHandler(mockOAuthAppDO); + String extractedClassName = extractClassName(result.toString()); + assertEquals(extractedClassName, className); + } + + private String extractClassName(String mockClassName) { + + if (mockClassName == null || mockClassName.isEmpty()) { + return ""; + } + int lastDotIndex = mockClassName.lastIndexOf('.'); + if (lastDotIndex != -1) { + mockClassName = mockClassName.substring(lastDotIndex + 1); + } + int dollarIndex = mockClassName.indexOf('$'); + if (dollarIndex != -1) { + return mockClassName.substring(0, dollarIndex); + } + return mockClassName; + } +} diff --git a/components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml b/components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml old mode 100644 new mode 100755 index a0d2df47c2..91398cee77 --- a/components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml +++ b/components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml @@ -108,7 +108,7 @@ - + @@ -180,7 +180,7 @@ - + @@ -197,6 +197,7 @@ + From e69efc6ebd4cf7f7a93db5b4e8c40a2e86295065 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Mon, 28 Oct 2024 00:14:39 +0530 Subject: [PATCH 8/8] Add new unit tests. --- .../identity/oauth2/util/OAuth2UtilTest.java | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java index e2fb35e256..8ee514e70d 100644 --- a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java +++ b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java @@ -2838,6 +2838,25 @@ public void getSupportedTokenBindingTypes() { Assert.assertEquals(supportedTokenBindingTypes.size(), 3); } + @DataProvider(name = "isAppVersionAllowedDataProvider") + public Object[][] isAppVersionAllowedDataProvider() { + + return new Object[][]{ + {"v0.0.0", "v1.0.0", false}, + {"v1.0.0", "v1.0.0", true}, + {"v2.0.0", "v1.0.0", true}, + {"v0.0.0", "v2.0.0", false}, + {"v1.0.0", "v2.0.0", false}, + {"v2.0.0", "v2.0.0", true}, + }; + } + + @Test(dataProvider = "isAppVersionAllowedDataProvider") + public void testIsAppVersionAllowed(String appVersion, String allowedVersions, boolean expected) { + + assertEquals(OAuth2Util.isAppVersionAllowed(appVersion, allowedVersions), expected); + } + private void setPrivateField(Object object, String fieldName, Object value) throws Exception { Field field = object.getClass().getDeclaredField(fieldName);