From acae8b0467130ec0e8ff189fa020ceb445e8f573 Mon Sep 17 00:00:00 2001 From: Mike Roda Date: Fri, 27 Sep 2024 18:24:14 -0400 Subject: [PATCH] Add test Change-Id: I2c6d3fe0533b626f13239fce6906aaa7962c580e --- .../ExternalOAuthAuthenticationManager.java | 2 +- ...xternalOAuthAuthenticationManagerTest.java | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java index c58a42e05d5..5608ad39c5b 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java @@ -686,7 +686,7 @@ private JsonWebKeySet getTokenKeyFromOAuth(AbstractExternalOAuthIden } } - private String getTokenFromCode(ExternalOAuthCodeToken codeToken, AbstractExternalOAuthIdentityProviderDefinition config) { + protected String getTokenFromCode(ExternalOAuthCodeToken codeToken, AbstractExternalOAuthIdentityProviderDefinition config) { if (StringUtils.hasText(codeToken.getIdToken()) && "id_token".equals(getResponseType(config))) { logger.debug("ExternalOAuthCodeToken contains id_token, not exchanging code."); return codeToken.getIdToken(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java index 117d2f88dba..32e8dbf5118 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java @@ -472,4 +472,38 @@ public void populateAuthenticationAttributes_setsIdpIdToken() { authManager.populateAuthenticationAttributes(authentication, oidcAuthentication, authenticationData); assertEquals(idTokenJwt, authentication.getIdpIdToken()); } + + @Test + public void getClaimsFromToken_setsIdToken() { + Map header = map( + entry(HeaderParameterNames.ALGORITHM, JWSAlgorithm.RS256.getName()), + entry(HeaderParameterNames.KEY_ID, OIDC_PROVIDER_KEY) + ); + JWSSigner signer = new KeyInfo("uaa-key", oidcProviderTokenSigningKey, DEFAULT_UAA_URL).getSigner(); + Map entryMap = map( + entry("external_map_name", Arrays.asList("bar", "baz")) + ); + Map claims = map( + entry("external_family_name", entryMap), + entry(ISS, oidcConfig.getIssuer()), + entry(AUD, "uaa-relying-party"), + entry(EXPIRY_IN_SECONDS, ((int) (System.currentTimeMillis()/1000L)) + 60), + entry(SUB, "abc-def-asdf") + ); + Map externalGroupMapping = map( + entry(FAMILY_NAME_ATTRIBUTE_NAME, "external_family_name") + ); + String idTokenJwt = UaaTokenUtils.constructToken(header, claims, signer); + ExternalOAuthCodeToken codeToken = new ExternalOAuthCodeToken("thecode", origin, "http://google.com", null, "accesstoken", "signedrequest"); + + authManager = new ExternalOAuthAuthenticationManager(identityProviderProvisioning, new RestTemplate(), new RestTemplate(), tokenEndpointBuilder, new KeyInfoService(uaaIssuerBaseUrl), null) { + @Override + protected String getTokenFromCode(ExternalOAuthCodeToken codeToken, AbstractExternalOAuthIdentityProviderDefinition config) { + return idTokenJwt; + } + }; + + authManager.getClaimsFromToken(codeToken, oidcConfig); + assertEquals(idTokenJwt, codeToken.getIdToken()); + } } \ No newline at end of file