From a104dae835b217563fe9151b22dec0252720feb7 Mon Sep 17 00:00:00 2001 From: Thumimku Date: Tue, 12 Nov 2024 13:06:26 +0530 Subject: [PATCH] negative cases for basic auth ANA --- ...plicationNativeAuthenticationTestCase.java | 72 ++++++++++++++++++- 1 file changed, 70 insertions(+), 2 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/applicationNativeAuthentication/ApplicationNativeAuthenticationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/applicationNativeAuthentication/ApplicationNativeAuthenticationTestCase.java index ef51e4e8418..88247616718 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/applicationNativeAuthentication/ApplicationNativeAuthenticationTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/applicationNativeAuthentication/ApplicationNativeAuthenticationTestCase.java @@ -22,6 +22,7 @@ import io.restassured.response.ExtractableResponse; import io.restassured.response.Response; import org.apache.commons.lang.ArrayUtils; +import org.apache.commons.lang.StringUtils; import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; @@ -50,6 +51,7 @@ import org.wso2.identity.integration.common.clients.UserManagementClient; import org.wso2.identity.integration.test.oauth2.OAuth2ServiceAbstractIntegrationTest; import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.AdvancedApplicationConfiguration; +import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.AdvancedApplicationConfigurationAttestationMetaData; import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationModel; import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationPatchModel; import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationResponseModel; @@ -209,8 +211,30 @@ public void testUpdateApplication() throws Exception { "API Base Authentication expected to true but set as false."); } - @Test(groups = "wso2.is", description = "Send init authorize POST request.", + @Test(groups = "wso2.is", description = "Send init authorize POST request without Client Id.", dependsOnMethods = "testUpdateApplication") + public void testSendInitAuthRequestPostWithoutClientId() throws Exception { + + HttpResponse response = sendPostRequestWithParameters(client, buildOAuth2Parameters(null), + OAuth2Constant.AUTHORIZE_ENDPOINT_URL); + Assert.assertNotNull(response, "Authorization request failed. Authorized response is null."); + int statusCode = response.getStatusLine().getStatusCode(); + Assert.assertEquals(statusCode, 400, "Unexpected response code: " + statusCode); + String responseString = EntityUtils.toString(response.getEntity(), UTF_8); + EntityUtils.consume(response.getEntity()); + JSONParser parser = new JSONParser(); + JSONObject json = (org.json.simple.JSONObject) parser.parse(responseString); + Assert.assertNotNull(json, "Client Native Authentication Init response is null."); + JSONObject jsonObject = (org.json.simple.JSONObject) parser.parse(responseString); + Assert.assertNotNull(jsonObject, "Client Native Authentication Init response is null."); + Assert.assertEquals(jsonObject.get("error_description"), "Client Id not found in the request", + "Error description mismatch"); + Assert.assertEquals(jsonObject.get("error"), "Bad Request", + "Error type mismatch"); + } + + @Test(groups = "wso2.is", description = "Send init authorize POST request.", + dependsOnMethods = "testSendInitAuthRequestPostWithoutClientId") public void testSendInitAuthRequestPost() throws Exception { HttpResponse response = sendPostRequestWithParameters(client, buildOAuth2Parameters(consumerKey), @@ -254,6 +278,48 @@ public void testSendBasicAuthRequestPost() { validateBasicAuthenticationResponseBody(extractableResponse); } + @Test(groups = "wso2.is", description = "Check Oauth2 application registration for client native authentication", + dependsOnMethods = "testSendBasicAuthRequestPost") + public void testUpdateApplicationWithAttestationEnabled() throws Exception { + + ApplicationPatchModel applicationPatch = new ApplicationPatchModel(); + applicationPatch = applicationPatch.advancedConfigurations(new AdvancedApplicationConfiguration()); + applicationPatch.getAdvancedConfigurations().setEnableAPIBasedAuthentication(true); + applicationPatch.getAdvancedConfigurations() + .setAttestationMetaData(new AdvancedApplicationConfigurationAttestationMetaData() + .enableClientAttestation(true)); + + updateApplication(appId, applicationPatch); + ApplicationResponseModel application = getApplication(appId); + Assert.assertTrue(application.getAdvancedConfigurations().getEnableAPIBasedAuthentication(), + "API Base Authentication expected to true but set as false."); + Assert.assertTrue(application.getAdvancedConfigurations().getAttestationMetaData().getEnableClientAttestation(), + "Client Attestation expected to true but set as false."); + } + + @Test(groups = "wso2.is", description = "Send init authorize POST request with Attestation enabled.", + dependsOnMethods = "testUpdateApplicationWithAttestationEnabled") + public void testSendInitAuthRequestPostWithoutAttestation() throws Exception { + + HttpResponse response = sendPostRequestWithParameters(client, buildOAuth2Parameters(consumerKey), + OAuth2Constant.AUTHORIZE_ENDPOINT_URL); + Assert.assertNotNull(response, "Authorization request failed. Authorized response is null."); + int statusCode = response.getStatusLine().getStatusCode(); + Assert.assertEquals(statusCode, 401, "Unexpected response code: " + statusCode); + + String responseString = EntityUtils.toString(response.getEntity(), UTF_8); + EntityUtils.consume(response.getEntity()); + JSONParser parser = new JSONParser(); + JSONObject jsonObject = (org.json.simple.JSONObject) parser.parse(responseString); + Assert.assertNotNull(jsonObject, "Client Native Authentication Init response is null."); + Assert.assertEquals(jsonObject.get("code"), "401", "Code mismatch"); + Assert.assertEquals(jsonObject.get("message"), "Unauthorized", "Message mismatch"); + Assert.assertEquals(jsonObject.get("description"), + "App is configured to validate attestation but attestation object is empty.", + "Description mismatch"); + Assert.assertNotNull(jsonObject.get("traceId"), "Trace ID should not be null"); + } + /** * Create Application with the given app configurations * @@ -297,7 +363,9 @@ private List buildOAuth2Parameters(String consumerKey) { List urlParameters = new ArrayList<>(); urlParameters.add(new BasicNameValuePair(OAuth2Constant.OAUTH2_RESPONSE_TYPE, OAuth2Constant.AUTHORIZATION_CODE_NAME)); urlParameters.add(new BasicNameValuePair(OAuth2Constant.OAUTH2_RESPONSE_MODE, RESPONSE_MODE)); - urlParameters.add(new BasicNameValuePair(OAuth2Constant.OAUTH2_CLIENT_ID, consumerKey)); + if (StringUtils.isNotBlank(consumerKey)) { + urlParameters.add(new BasicNameValuePair(OAuth2Constant.OAUTH2_CLIENT_ID, consumerKey)); + } urlParameters.add(new BasicNameValuePair(OAuth2Constant.OAUTH2_REDIRECT_URI, OAuth2Constant.CALLBACK_URL)); urlParameters.add(new BasicNameValuePair(OAuth2Constant.OAUTH2_SCOPE, OAuth2Constant.OAUTH2_SCOPE_OPENID_WITH_INTERNAL_LOGIN)); urlParameters.add(new BasicNameValuePair(OAuth2Constant.OAUTH2_NONCE, UUID.randomUUID().toString()));