diff --git a/src/it/java/it/pagopa/swclient/mil/auth/resource/TokenResourceIT.java b/src/it/java/it/pagopa/swclient/mil/auth/resource/TokenResourceIT.java
index f7750f85..845099b5 100644
--- a/src/it/java/it/pagopa/swclient/mil/auth/resource/TokenResourceIT.java
+++ b/src/it/java/it/pagopa/swclient/mil/auth/resource/TokenResourceIT.java
@@ -6,8 +6,8 @@
package it.pagopa.swclient.mil.auth.resource;
import static io.restassured.RestAssured.given;
-import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.Matchers.notNullValue;
+import static org.hamcrest.Matchers.nullValue;
import java.io.File;
@@ -21,8 +21,6 @@
import com.nimbusds.jose.util.StandardCharset;
import io.restassured.RestAssured;
-import io.restassured.filter.log.RequestLoggingFilter;
-import io.restassured.filter.log.ResponseLoggingFilter;
import it.pagopa.swclient.mil.auth.bean.AuthFormParamName;
import it.pagopa.swclient.mil.auth.bean.AuthJsonPropertyName;
import it.pagopa.swclient.mil.auth.bean.GetAccessTokenResponse;
@@ -60,7 +58,7 @@ class TokenResourceIT {
*/
private static String adminClientId;
private static String adminClientSecret;
-
+
/*
*
*/
@@ -81,15 +79,15 @@ static void loadOpenApiDescriptor() {
new OpenApiValidationFilter(
Files.contentOf(
new File("src/main/resources/META-INF/openapi.yaml"),
- StandardCharset.UTF_8))/*,
- new RequestLoggingFilter(),
- new ResponseLoggingFilter()*/);
+ StandardCharset.UTF_8))/*
+ * , new RequestLoggingFilter(), new ResponseLoggingFilter()
+ */);
baseUri = System.getProperty("base_uri");
adminClientId = System.getProperty("admin_client_id");
adminClientSecret = System.getProperty("admin_client_secret");
-
+
secretlessClientId = System.getProperty("secretless_client_id");
testUsername = System.getProperty("test_username");
@@ -297,7 +295,7 @@ void given_rightRefreshToken_when_theEndPointIsInvoked_then_getAccessAndRefreshT
.response()
.as(GetAccessTokenResponse.class);
- String refreshToken = getAccessTokenResponse.getRefreshToken();
+ String refreshToken = getAccessTokenResponse.getRefreshToken().serialize();
/*
* Test
@@ -357,7 +355,7 @@ void given_rightRefreshTokenAndOfflineAccessIsRequired_when_theEndPointIsInvoked
.response()
.as(GetAccessTokenResponse.class);
- String refreshToken = getAccessTokenResponse.getRefreshToken();
+ String refreshToken = getAccessTokenResponse.getRefreshToken().serialize();
/*
* Test
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/AuthErrorCode.java b/src/main/java/it/pagopa/swclient/mil/auth/AuthErrorCode.java
index 81fc3f02..9e60a28a 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/AuthErrorCode.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/AuthErrorCode.java
@@ -56,6 +56,7 @@ public final class AuthErrorCode {
public static final String ERROR_DECRYPTING_CLAIM = MODULE_ID + "000028";
public static final String ERROR_SIGNING_TOKEN = MODULE_ID + "000029";
public static final String USER_NOT_FOUND = MODULE_ID + "00002A";
+ public static final String WRONG_CLIENT_ID = MODULE_ID + "00002B";
// @formatter:on
public static final String MUST_NOT_BE_NULL_MSG = " must not be null";
@@ -78,6 +79,7 @@ public final class AuthErrorCode {
public static final String TOKEN_MUST_NOT_BE_NULL_MSG = "[" + TOKEN_MUST_NOT_BE_NULL + "] Token" + MUST_NOT_BE_NULL_MSG;
public static final String TOKEN_MUST_MATCH_REGEXP_MSG = "[" + TOKEN_MUST_MATCH_REGEXP + "] Token" + MUST_MATCH_REGEXP_MSG;
public static final String USER_NOT_FOUND_MSG = "[" + USER_NOT_FOUND + "] User not found";
+ public static final String WRONG_CLIENT_ID_MSG = "[" + WRONG_CLIENT_ID + "] Wrong client ID";
// @formatter:on
/**
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/AdminJsonPropertyName.java b/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/AdminJsonPropertyName.java
index 93de6db3..6837c3a5 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/AdminJsonPropertyName.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/AdminJsonPropertyName.java
@@ -159,7 +159,7 @@ public class AdminJsonPropertyName {
*
*/
public static final String PASSWORD = "password";
-
+
/**
*
* Secretless flag.
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateClientRequest.java b/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateClientRequest.java
index bab1df4c..6c472ed4 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateClientRequest.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateClientRequest.java
@@ -58,7 +58,7 @@ public class CreateClientRequest {
@JsonProperty(value = AdminJsonPropertyName.SUBJECT)
@Pattern(regexp = AdminValidationPattern.SUBJECT, message = AdminErrorCode.SUBJECT_MUST_MATCH_REGEXP_MSG)
private String subject;
-
+
/**
*
* If true the secret will not be generated.
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateUserRequest.java b/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateUserRequest.java
index 95593e9e..7d617236 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateUserRequest.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/admin/bean/CreateUserRequest.java
@@ -71,7 +71,7 @@ public class CreateUserRequest {
@JsonProperty(value = AdminJsonPropertyName.MERCHANT_ID)
@Pattern(regexp = ValidationPattern.MERCHANT_ID, message = ErrorCode.MERCHANT_ID_MUST_MATCH_REGEXP_MSG)
private String merchantId;
-
+
/**
*
* Client ID.
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResource.java b/src/main/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResource.java
index ae562fe8..e24bf96a 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResource.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResource.java
@@ -20,8 +20,8 @@
import it.pagopa.swclient.mil.auth.admin.AdminErrorCode;
import it.pagopa.swclient.mil.auth.admin.bean.AdminPathParamName;
import it.pagopa.swclient.mil.auth.admin.bean.Client;
-import it.pagopa.swclient.mil.auth.admin.bean.CreateClientResponse;
import it.pagopa.swclient.mil.auth.admin.bean.CreateClientRequest;
+import it.pagopa.swclient.mil.auth.admin.bean.CreateClientResponse;
import it.pagopa.swclient.mil.auth.admin.bean.PageMetadata;
import it.pagopa.swclient.mil.auth.admin.bean.PageOfClients;
import it.pagopa.swclient.mil.auth.admin.bean.ReadClientsRequest;
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/bean/AuthCookieParamName.java b/src/main/java/it/pagopa/swclient/mil/auth/bean/AuthCookieParamName.java
new file mode 100644
index 00000000..2f76422a
--- /dev/null
+++ b/src/main/java/it/pagopa/swclient/mil/auth/bean/AuthCookieParamName.java
@@ -0,0 +1,17 @@
+/*
+ * AuthCookieParamName.java
+ *
+ * 3 jan 2025
+ */
+package it.pagopa.swclient.mil.auth.bean;
+
+/**
+ *
+ * @author Antonio Tarricone
+ */
+public class AuthCookieParamName {
+ public static final String REFRESH_COOKIE = "refresh_cookie";
+
+ private AuthCookieParamName() {
+ }
+}
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/bean/AuthValidationPattern.java b/src/main/java/it/pagopa/swclient/mil/auth/bean/AuthValidationPattern.java
index 7fec11aa..13714385 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/bean/AuthValidationPattern.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/bean/AuthValidationPattern.java
@@ -10,7 +10,7 @@
* @author Antonio Tarricone
*/
public class AuthValidationPattern {
- public static final String GRANT_TYPE = "^" + GrantType.PASSWORD + "|" + GrantType.REFRESH_TOKEN + "|" + GrantType.POYNT_TOKEN + "|" + GrantType.CLIENT_CREDENTIALS + "$";
+ public static final String GRANT_TYPE = "^" + GrantType.PASSWORD + "|" + GrantType.REFRESH_TOKEN + "|" + GrantType.CLIENT_CREDENTIALS + "$";
public static final String USERNAME = "^[ -~]{1,64}$";
public static final String PASSWORD = "^[ -~]{1,64}$"; // NOSONAR This isn't a password!!!
public static final String REFRESH_TOKEN = "^[a-zA-Z0-9_-]{1,1024}\\.[a-zA-Z0-9_-]{1,1024}\\.[a-zA-Z0-9_-]{1,1024}$";
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenRequest.java b/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenRequest.java
index 6293d5ca..76990c6e 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenRequest.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenRequest.java
@@ -5,6 +5,9 @@
*/
package it.pagopa.swclient.mil.auth.bean;
+import com.nimbusds.jwt.SignedJWT;
+
+import io.quarkus.logging.Log;
import io.quarkus.runtime.annotations.RegisterForReflection;
import it.pagopa.swclient.mil.ErrorCode;
import it.pagopa.swclient.mil.auth.AuthErrorCode;
@@ -13,6 +16,7 @@
import it.pagopa.swclient.mil.bean.ValidationPattern;
import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Pattern;
+import jakarta.ws.rs.CookieParam;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.HeaderParam;
import lombok.AllArgsConstructor;
@@ -88,24 +92,8 @@ public class GetAccessTokenRequest {
* refresh_token
*/
@FormParam(AuthFormParamName.REFRESH_TOKEN)
- @Pattern(regexp = AuthValidationPattern.REFRESH_TOKEN, message = AuthErrorCode.REFRESH_TOKEN_MUST_MATCH_REGEXP_MSG)
@ToString.Exclude
- private String refreshToken;
-
- /*
- * poynt_token
- */
- @FormParam(AuthFormParamName.EXT_TOKEN)
- @Pattern(regexp = AuthValidationPattern.EXT_TOKEN, message = AuthErrorCode.EXT_TOKEN_MUST_MATCH_REGEXP_MSG)
- @ToString.Exclude
- private String extToken;
-
- /*
- * add_data
- */
- @FormParam(AuthFormParamName.ADD_DATA)
- @Pattern(regexp = AuthValidationPattern.ADD_DATA, message = AuthErrorCode.ADD_DATA_MUST_MATCH_REGEXP_MSG)
- private String addData;
+ private SignedJWT refreshToken;
/*
* client_id
@@ -137,4 +125,21 @@ public class GetAccessTokenRequest {
@Pattern(regexp = AuthValidationPattern.FISCAL_CODE, message = AuthErrorCode.FISCAL_CODE_MUST_MATCH_REGEXP_MSG)
@ToString.Exclude
private String fiscalCode;
+
+ /*
+ * refresh_cookie
+ */
+ @CookieParam(AuthCookieParamName.REFRESH_COOKIE)
+ private SignedJWT refreshCookie;
+
+ /**
+ *
+ */
+ public GetAccessTokenRequest normalize() {
+ if (refreshToken == null && refreshCookie != null) {
+ Log.debug("The request to refresh tokens contains a refresh cookie");
+ refreshToken = refreshCookie;
+ }
+ return this;
+ }
}
\ No newline at end of file
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenResponse.java b/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenResponse.java
index 7d2170aa..858ad031 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenResponse.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/bean/GetAccessTokenResponse.java
@@ -8,8 +8,11 @@
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonInclude.Include;
import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.nimbusds.jwt.SignedJWT;
import io.quarkus.runtime.annotations.RegisterForReflection;
+import it.pagopa.swclient.mil.auth.util.SignedJWTSerializer;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@@ -31,14 +34,16 @@ public class GetAccessTokenResponse {
*/
@JsonProperty(AuthJsonPropertyName.ACCESS_TOKEN)
@ToString.Exclude
- private String accessToken;
+ @JsonSerialize(using = SignedJWTSerializer.class)
+ private SignedJWT accessToken;
/*
* refresh_token
*/
@JsonProperty(AuthJsonPropertyName.REFRESH_TOKEN)
@ToString.Exclude
- private String refreshToken;
+ @JsonSerialize(using = SignedJWTSerializer.class)
+ private SignedJWT refreshToken;
/*
* token_type
@@ -57,7 +62,7 @@ public class GetAccessTokenResponse {
* @param refreshToken
* @param expiresIn
*/
- public GetAccessTokenResponse(String accessToken, String refreshToken, long expiresIn) {
+ public GetAccessTokenResponse(SignedJWT accessToken, SignedJWT refreshToken, long expiresIn) {
this.accessToken = accessToken;
this.refreshToken = refreshToken;
this.expiresIn = expiresIn;
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/bean/GrantType.java b/src/main/java/it/pagopa/swclient/mil/auth/bean/GrantType.java
index 8c3e2538..b7aebbc4 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/bean/GrantType.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/bean/GrantType.java
@@ -11,7 +11,6 @@
public class GrantType {
public static final String PASSWORD = "password";
public static final String REFRESH_TOKEN = "refresh_token";
- public static final String POYNT_TOKEN = "poynt_token";
public static final String CLIENT_CREDENTIALS = "client_credentials";
private GrantType() {
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/client/PoyntClient.java b/src/main/java/it/pagopa/swclient/mil/auth/client/PoyntClient.java
deleted file mode 100644
index 0ef1334e..00000000
--- a/src/main/java/it/pagopa/swclient/mil/auth/client/PoyntClient.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * PoyntClient.java
- *
- * 6 apr 2023
- */
-package it.pagopa.swclient.mil.auth.client;
-
-import java.util.UUID;
-
-import org.eclipse.microprofile.rest.client.annotation.ClientHeaderParam;
-import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
-
-import io.smallrye.mutiny.Uni;
-import jakarta.ws.rs.GET;
-import jakarta.ws.rs.HeaderParam;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.PathParam;
-import jakarta.ws.rs.core.Response;
-
-/**
- * @author Antonio Tarricone
- */
-@RegisterRestClient(configKey = "poynt-api")
-public interface PoyntClient {
- /**
- * @param poyntToken
- * @param businessId
- * @return
- */
- @Path("/businesses/{businessId}")
- @GET
- @ClientHeaderParam(name = "Api-Version", value = "${poynt-api.version}")
- @ClientHeaderParam(name = "POYNT-REQUEST-ID", value = "{withParam}")
- Uni getBusinessObject(
- @HeaderParam("Authorization") String poyntToken,
- @PathParam("businessId") String businessId);
-
- /**
- * @param name
- * @return
- */
- default String withParam(String name) {
- if ("POYNT-REQUEST-ID".equals(name)) {
- return UUID.randomUUID().toString();
- }
- throw new IllegalArgumentException();
- }
-}
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/dao/UserEntity.java b/src/main/java/it/pagopa/swclient/mil/auth/dao/UserEntity.java
index cd366099..c7e57aca 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/dao/UserEntity.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/dao/UserEntity.java
@@ -84,7 +84,7 @@ public class UserEntity {
*/
@BsonProperty(value = MERCHANT_ID_PRP)
public String merchantId;
-
+
/*
*
*/
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/dao/UserRepository.java b/src/main/java/it/pagopa/swclient/mil/auth/dao/UserRepository.java
index e98aba04..858479eb 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/dao/UserRepository.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/dao/UserRepository.java
@@ -26,7 +26,7 @@ public class UserRepository implements ReactivePanacheMongoRepository() {
});
- qualifiers.put(GrantType.POYNT_TOKEN, new AnnotationLiteral() {
- });
qualifiers.put(GrantType.REFRESH_TOKEN, new AnnotationLiteral() {
});
}
@@ -67,6 +76,12 @@ public class TokenResource {
*/
private Instance tokenService;
+ /*
+ * mil-auth base URL.
+ */
+ @ConfigProperty(name = "base-url", defaultValue = "")
+ String baseUrl;
+
/**
*
* @param tokenService
@@ -85,13 +100,42 @@ public class TokenResource {
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON)
- public Uni createOrRefreshToken(@Valid @BeanParam GetAccessTokenRequest getAccessToken) {
+ public Uni createOrRefreshToken(@Valid @BeanParam GetAccessTokenRequest getAccessToken) {
/*
* If the flow reaches this point, the input is validated!
*/
return tokenService.select(qualifiers.get(getAccessToken.getGrantType()))
.get()
.process(getAccessToken)
+ .map(Unchecked.function(resp -> {
+ SignedJWT refreshToken = resp.getRefreshToken();
+ ResponseBuilder respBuilder = Response.ok(resp);
+ if (refreshToken != null) {
+ Log.debug("Refresh token is returned with cookie also");
+
+ /*
+ * Build cookie.
+ */
+ URI tokenUri = new URI(baseUrl.replaceAll("\\/$", "") + "/token");
+
+ JWTClaimsSet claimsSet = refreshToken.getJWTClaimsSet();
+ Date expiry = claimsSet.getExpirationTime();
+
+ NewCookie cookie = new NewCookie.Builder(AuthCookieParamName.REFRESH_COOKIE)
+ .domain(tokenUri.getHost())
+ .path(tokenUri.getPath())
+ .expiry(expiry)
+ .maxAge((int) TimeUnit.SECONDS.convert(new Date().getTime() - expiry.getTime(), TimeUnit.MILLISECONDS))
+ .httpOnly(true)
+ .secure(true)
+ .sameSite(SameSite.STRICT)
+ .value(refreshToken.serialize())
+ .build();
+
+ respBuilder.cookie(cookie);
+ }
+ return respBuilder.build();
+ }))
.onFailure(t -> !(t instanceof AuthError || t instanceof AuthException))
.transform(t -> {
Log.errorf(t, "Unexpected error.");
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/RefreshTokensService.java b/src/main/java/it/pagopa/swclient/mil/auth/service/RefreshTokensService.java
index c3a2f7b9..03755293 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/service/RefreshTokensService.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/service/RefreshTokensService.java
@@ -155,22 +155,48 @@ private Void verifyScope(JWTClaimsSet claimsSet, String expectedScope) {
}
/**
+ * This method verifies that the client ID of the request with the corresponding value reported in
+ * the claim of the refresh token.
+ *
+ * If the verification succeeds, the method returns void, otherwise it returns a failure with
+ * specific error code.
+ *
+ * @param claimsSet
+ * @param expectedClientId
+ * @return
+ */
+ private Void verifyClientId(JWTClaimsSet claimsSet, String expectedClientId) {
+ Log.trace("Client id verification");
+ Object foundClientId = claimsSet.getClaim(ClaimName.CLIENT_ID);
+ if (Objects.equals(foundClientId, expectedClientId)) {
+ Log.debug("Client id has been successfully verified");
+ return null;
+ } else {
+ String message = String.format("[%s] Wrong client ID: expected %s, found %s", AuthErrorCode.WRONG_CLIENT_ID, expectedClientId, foundClientId);
+ Log.warn(message);
+ throw new AuthException(AuthErrorCode.WRONG_CLIENT_ID, AuthErrorCode.WRONG_CLIENT_ID_MSG);
+ }
+ }
+
+ /**
+ *
* @param refreshTokenStr
* @return
*/
- private Uni verify(String tokenStr) {
+ private Uni verify(GetAccessTokenRequest getAccessToken) {
+ SignedJWT token = getAccessToken.getRefreshToken();
try {
- SignedJWT token = SignedJWT.parse(tokenStr);
JWTClaimsSet claimsSet = token.getJWTClaimsSet();
return verifyAlgorithm(token)
.map(x -> verifyIssueTime(claimsSet))
.map(x -> verifyExpirationTime(claimsSet))
.map(x -> verifyScope(claimsSet, Scope.OFFLINE_ACCESS))
+ .map(x -> verifyClientId(claimsSet, getAccessToken.getClientId()))
.chain(() -> tokenSigner.verify(token));
} catch (ParseException e) {
String message = String.format("[%s] Error parsing token", AuthErrorCode.ERROR_PARSING_TOKEN);
Log.errorf(e, message);
- Log.errorf("Offending token: %s", tokenStr);
+ Log.errorf("Offending token: %s", token.serialize());
return UniGenerator.error(AuthErrorCode.ERROR_PARSING_TOKEN, message);
}
}
@@ -182,7 +208,7 @@ private Uni verify(String tokenStr) {
@Override
public Uni process(GetAccessTokenRequest getAccessToken) {
Log.trace("Tokens refreshing");
- return verify(getAccessToken.getRefreshToken())
+ return verify(getAccessToken.normalize())
.chain(() -> super.process(getAccessToken));
}
}
\ No newline at end of file
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java b/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java
index efcbb0de..7ec82a8e 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java
@@ -85,8 +85,6 @@ public Uni findUser(GetAccessTokenRequest getAccessToken) {
* If the verification succeeds, the method returns ResourceOwnerCredentialsEntity, otherwise it
* returns a failure with specific error code.
*
- * TODO: AGGIUNGERE IL CONTROLLO DEL CLIENT_ID
- *
* @param userEntity
* @param getAccessToken
* @return
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPoyntTokenService.java b/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPoyntTokenService.java
deleted file mode 100644
index 485ffc0a..00000000
--- a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPoyntTokenService.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * TokenByPoyntTokenService.java
- *
- * 17 mag 2023
- */
-package it.pagopa.swclient.mil.auth.service;
-
-import org.eclipse.microprofile.rest.client.inject.RestClient;
-
-import io.quarkus.logging.Log;
-import io.smallrye.mutiny.Uni;
-import it.pagopa.swclient.mil.auth.AuthErrorCode;
-import it.pagopa.swclient.mil.auth.bean.GetAccessTokenRequest;
-import it.pagopa.swclient.mil.auth.bean.GetAccessTokenResponse;
-import it.pagopa.swclient.mil.auth.bean.TokenType;
-import it.pagopa.swclient.mil.auth.client.PoyntClient;
-import it.pagopa.swclient.mil.auth.qualifier.PoyntToken;
-import it.pagopa.swclient.mil.auth.util.AuthError;
-import it.pagopa.swclient.mil.auth.util.AuthException;
-import it.pagopa.swclient.mil.auth.util.UniGenerator;
-import jakarta.enterprise.context.ApplicationScoped;
-import jakarta.inject.Inject;
-import jakarta.ws.rs.WebApplicationException;
-import jakarta.ws.rs.core.Response;
-
-/**
- * @author Antonio Tarricone
- */
-@ApplicationScoped
-@PoyntToken
-public class TokenByPoyntTokenService extends TokenService {
- /*
- *
- */
- @RestClient
- PoyntClient poyntClient;
-
- /**
- *
- */
- TokenByPoyntTokenService() {
- super();
- }
-
- /**
- *
- * @param clientVerifier
- * @param roleFinder
- * @param tokenSigner
- * @param claimEncryptor
- */
- @Inject
- TokenByPoyntTokenService(ClientVerifier clientVerifier, RolesFinder roleFinder, TokenSigner tokenSigner, ClaimEncryptor claimEncryptor) {
- super(clientVerifier, roleFinder, tokenSigner, claimEncryptor);
- }
-
- /**
- * This method verifies Poynt token.
- *
- * @param getAccessToken
- * @return
- */
- public Uni verifyPoyntToken(GetAccessTokenRequest getAccessToken) {
- Log.trace("Poynt token verification");
- return poyntClient.getBusinessObject(TokenType.BEARER + " " + getAccessToken.getExtToken(), getAccessToken.getAddData())
- .onFailure().transform(t -> {
- if (t instanceof WebApplicationException e) {
- Response r = e.getResponse();
- // r cannot be null
- String message = String.format("[%s] Poynt Token not valid: %s", AuthErrorCode.EXT_TOKEN_NOT_VALID, r.getStatus());
- Log.warnf(e, message);
- return new AuthException(AuthErrorCode.EXT_TOKEN_NOT_VALID, message);
- } else {
- String message = String.format("[%s] Error validating Poynt token", AuthErrorCode.ERROR_VALIDATING_EXT_TOKEN);
- Log.errorf(t, message);
- return new AuthError(AuthErrorCode.ERROR_VALIDATING_EXT_TOKEN, message);
- }
- })
- .chain(r -> {
- if (r.getStatus() != 200) {
- String message = String.format("[%s] Poynt Token not valid: %s", AuthErrorCode.EXT_TOKEN_NOT_VALID, r.getStatus());
- Log.warn(message);
- return UniGenerator.exception(AuthErrorCode.EXT_TOKEN_NOT_VALID, message);
- } else {
- Log.debug("Poynt token has been successfully verified");
- return UniGenerator.voidItem();
- }
- });
- }
-
- /**
- * @param getAccessToken
- * @return
- */
- @Override
- public Uni process(GetAccessTokenRequest getAccessToken) {
- Log.trace("Generation of the token/s by Poynt token");
- return verifyPoyntToken(getAccessToken)
- .chain(() -> super.process(getAccessToken));
- }
-}
\ No newline at end of file
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenService.java b/src/main/java/it/pagopa/swclient/mil/auth/service/TokenService.java
index 9313f714..060829ea 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenService.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/service/TokenService.java
@@ -121,7 +121,7 @@ private String concat(List strings) {
* @param scopes
* @return
*/
- private Uni generate(GetAccessTokenRequest request, long duration, ClientEntity client, List roles, List scopes) {
+ private Uni generate(GetAccessTokenRequest request, long duration, ClientEntity client, List roles, List scopes) {
String fiscalCode = request.getFiscalCode();
if (fiscalCode == null) {
Log.trace("Fiscal code not present");
@@ -168,7 +168,7 @@ private String subject(GetAccessTokenRequest request, ClientEntity client) {
* @param encFiscalCode
* @return
*/
- private Uni generate(GetAccessTokenRequest request, long duration, ClientEntity client, List roles, List scopes, EncryptedClaim encFiscalCode) {
+ private Uni generate(GetAccessTokenRequest request, long duration, ClientEntity client, List roles, List scopes, EncryptedClaim encFiscalCode) {
Log.tracef("Encrypted fiscal code: %s", encFiscalCode);
Date now = new Date();
JWTClaimsSet payload = new JWTClaimsSet.Builder()
@@ -187,7 +187,7 @@ private Uni generate(GetAccessTokenRequest request, long duration, Clien
.audience(audience)
.build();
Log.trace("Token signing");
- return tokenSigner.sign(payload).map(SignedJWT::serialize);
+ return tokenSigner.sign(payload);
}
/**
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTParamConverter.java b/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTParamConverter.java
new file mode 100644
index 00000000..e2f74173
--- /dev/null
+++ b/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTParamConverter.java
@@ -0,0 +1,55 @@
+/*
+ * SignedJWTParamConverter.java
+ *
+ * 3 jan 2025
+ */
+package it.pagopa.swclient.mil.auth.util;
+
+import java.text.ParseException;
+
+import com.nimbusds.jwt.SignedJWT;
+
+import io.quarkus.logging.Log;
+import it.pagopa.swclient.mil.auth.AuthErrorCode;
+import it.pagopa.swclient.mil.bean.Errors;
+import jakarta.ws.rs.BadRequestException;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
+import jakarta.ws.rs.ext.ParamConverter;
+
+/**
+ *
+ * @author Antonio Tarricone
+ */
+public class SignedJWTParamConverter implements ParamConverter {
+ /**
+ * @see jakarta.ws.rs.ext.ParamConverter#fromString(String)
+ */
+ @Override
+ public SignedJWT fromString(String value) {
+ Log.trace("fromString");
+ try {
+ return SignedJWT.parse(value);
+ } catch (ParseException e) {
+ String message = String.format("[%s] Error parsing token", AuthErrorCode.ERROR_PARSING_TOKEN);
+ Log.errorf(e, message);
+ Response error = Response.status(Status.BAD_REQUEST)
+ .entity(new Errors(AuthErrorCode.ERROR_PARSING_TOKEN, message))
+ .build();
+ throw new BadRequestException(error);
+ }
+ }
+
+ /**
+ * @see jakarta.ws.rs.ext.ParamConverter#toString(Object)
+ */
+ @Override
+ public String toString(SignedJWT value) {
+ // For now this method is not useful, so to avoid coverage checking,
+ // I prefer to return an exception!
+ // The real implementation should be:
+ // Log.trace("toString"); // NOSONAR
+ // return value.serialize(); // NOSONAR
+ throw new UnsupportedOperationException();
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTParamConverterProvider.java b/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTParamConverterProvider.java
new file mode 100644
index 00000000..24d1861d
--- /dev/null
+++ b/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTParamConverterProvider.java
@@ -0,0 +1,36 @@
+/*
+ * SignedJWTParamConverterProvider.java
+ *
+ * 3 jan 2025
+ */
+package it.pagopa.swclient.mil.auth.util;
+
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Type;
+
+import com.nimbusds.jwt.SignedJWT;
+
+import io.quarkus.logging.Log;
+import jakarta.ws.rs.ext.ParamConverter;
+import jakarta.ws.rs.ext.ParamConverterProvider;
+import jakarta.ws.rs.ext.Provider;
+
+/**
+ *
+ * @author Antonio Tarricone
+ */
+@Provider
+public class SignedJWTParamConverterProvider implements ParamConverterProvider {
+ /**
+ * @see jakarta.ws.rs.ext.ParamConverterProvider#getConverter(Class, Type, Annotation[])
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public ParamConverter getConverter(Class rawType, Type genericType, Annotation[] annotations) {
+ Log.tracef("getConverter: %s", rawType);
+ if (rawType.isAssignableFrom(SignedJWT.class)) {
+ return (ParamConverter) new SignedJWTParamConverter();
+ }
+ return null;
+ }
+}
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTSerializer.java b/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTSerializer.java
new file mode 100644
index 00000000..93454813
--- /dev/null
+++ b/src/main/java/it/pagopa/swclient/mil/auth/util/SignedJWTSerializer.java
@@ -0,0 +1,43 @@
+/*
+ * SignedJWTSerializer.java
+ *
+ * 3 jan 2025
+ */
+package it.pagopa.swclient.mil.auth.util;
+
+import java.io.IOException;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.nimbusds.jwt.SignedJWT;
+
+import io.quarkus.logging.Log;
+
+/**
+ *
+ * Serialize signed JWT in a string.
+ *
+ *
+ * @author Antonio Tarricone
+ */
+public class SignedJWTSerializer extends JsonSerializer {
+ /**
+ *
+ * Default constructor.
+ *
+ */
+ public SignedJWTSerializer() {
+ super();
+ }
+
+ /**
+ * @see com.fasterxml.jackson.databind.JsonSerializer#serialize(Object, JsonGenerator,
+ * SerializerProvider) JsonSerializer#serialize(Object, JsonGenerator, SerializerProvider)
+ */
+ @Override
+ public void serialize(SignedJWT value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
+ Log.trace("serialize");
+ gen.writeString(value.serialize());
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Validator.java b/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Validator.java
index 7a27e7f9..8ee42382 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Validator.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Validator.java
@@ -32,8 +32,6 @@ public boolean test(GetAccessTokenRequest getAccessToken) {
&& merchantIdMustNotBeNull(getAccessToken)
&& terminalIdMustNotBeNull(getAccessToken)
&& clientSecretMustBeNull(getAccessToken)
- && extTokenMustBeNull(getAccessToken)
- && addDataMustBeNull(getAccessToken)
&& refreshTokenMustBeNull(getAccessToken)
&& usernameMustNotBeNull(getAccessToken)
&& passwordMustNotBeNull(getAccessToken);
@@ -47,8 +45,6 @@ public boolean test(GetAccessTokenRequest getAccessToken) {
&& merchantIdMustBeNull(getAccessToken)
&& terminalIdMustBeNull(getAccessToken)
&& clientSecretMustBeNull(getAccessToken)
- && extTokenMustBeNull(getAccessToken)
- && addDataMustBeNull(getAccessToken)
&& refreshTokenMustBeNull(getAccessToken)
&& usernameMustNotBeNull(getAccessToken)
&& passwordMustNotBeNull(getAccessToken);
@@ -62,8 +58,6 @@ public boolean test(GetAccessTokenRequest getAccessToken) {
&& merchantIdMustNotBeNull(getAccessToken)
&& terminalIdMustNotBeNull(getAccessToken)
&& clientSecretMustBeNull(getAccessToken)
- && extTokenMustBeNull(getAccessToken)
- && addDataMustBeNull(getAccessToken)
&& refreshTokenMustNotBeNull(getAccessToken)
&& usernameMustBeNull(getAccessToken)
&& passwordMustBeNull(getAccessToken)
@@ -78,8 +72,6 @@ public boolean test(GetAccessTokenRequest getAccessToken) {
&& merchantIdMustBeNull(getAccessToken)
&& terminalIdMustBeNull(getAccessToken)
&& clientSecretMustBeNull(getAccessToken)
- && extTokenMustBeNull(getAccessToken)
- && addDataMustBeNull(getAccessToken)
&& refreshTokenMustNotBeNull(getAccessToken)
&& usernameMustBeNull(getAccessToken)
&& passwordMustBeNull(getAccessToken)
@@ -87,21 +79,6 @@ && passwordMustBeNull(getAccessToken)
}
});
- VALIDATORS.put(GrantType.POYNT_TOKEN + "/" + Channel.POS, new Verifier() {
- @Override
- public boolean test(GetAccessTokenRequest getAccessToken) {
- return acquirerIdMustNotBeNull(getAccessToken)
- && merchantIdMustNotBeNull(getAccessToken)
- && terminalIdMustNotBeNull(getAccessToken)
- && clientSecretMustBeNull(getAccessToken)
- && extTokenMustNotBeNull(getAccessToken)
- && addDataMustNotBeNull(getAccessToken)
- && refreshTokenMustBeNull(getAccessToken)
- && usernameMustBeNull(getAccessToken)
- && passwordMustBeNull(getAccessToken);
- }
- });
-
VALIDATORS.put(GrantType.CLIENT_CREDENTIALS + "/" + Channel.ATM, new Verifier() {
@Override
public boolean test(GetAccessTokenRequest getAccessToken) {
@@ -109,8 +86,6 @@ public boolean test(GetAccessTokenRequest getAccessToken) {
&& merchantIdMustBeNull(getAccessToken)
&& terminalIdMustNotBeNull(getAccessToken)
&& clientSecretMustNotBeNull(getAccessToken)
- && extTokenMustBeNull(getAccessToken)
- && addDataMustBeNull(getAccessToken)
&& refreshTokenMustBeNull(getAccessToken)
&& usernameMustBeNull(getAccessToken)
&& passwordMustBeNull(getAccessToken)
@@ -125,8 +100,6 @@ public boolean test(GetAccessTokenRequest getAccessToken) {
&& merchantIdMustNotBeNull(getAccessToken)
&& terminalIdMustNotBeNull(getAccessToken)
&& clientSecretMustNotBeNull(getAccessToken)
- && extTokenMustBeNull(getAccessToken)
- && addDataMustBeNull(getAccessToken)
&& refreshTokenMustBeNull(getAccessToken)
&& usernameMustBeNull(getAccessToken)
&& passwordMustBeNull(getAccessToken)
@@ -141,8 +114,6 @@ public boolean test(GetAccessTokenRequest getAccessToken) {
&& merchantIdMustBeNull(getAccessToken)
&& terminalIdMustBeNull(getAccessToken)
&& clientSecretMustNotBeNull(getAccessToken)
- && extTokenMustBeNull(getAccessToken)
- && addDataMustBeNull(getAccessToken)
&& refreshTokenMustBeNull(getAccessToken)
&& usernameMustBeNull(getAccessToken)
&& passwordMustBeNull(getAccessToken)
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Verifier.java b/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Verifier.java
index 6e25d729..0888737d 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Verifier.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/validation/constraints/Verifier.java
@@ -110,54 +110,6 @@ protected boolean clientSecretMustNotBeNull(GetAccessTokenRequest getAccessToken
return check;
}
- /**
- * @param getAccessToken
- * @return
- */
- protected boolean extTokenMustBeNull(GetAccessTokenRequest getAccessToken) {
- boolean check = getAccessToken.getExtToken() == null;
- if (!check) {
- Log.warn("ext_token must be null.");
- }
- return check;
- }
-
- /**
- * @param getAccessToken
- * @return
- */
- protected boolean extTokenMustNotBeNull(GetAccessTokenRequest getAccessToken) {
- boolean check = getAccessToken.getExtToken() != null;
- if (!check) {
- Log.warn("ext_token must not be null.");
- }
- return check;
- }
-
- /**
- * @param getAccessToken
- * @return
- */
- protected boolean addDataMustBeNull(GetAccessTokenRequest getAccessToken) {
- boolean check = getAccessToken.getAddData() == null;
- if (!check) {
- Log.warn("add_data must be null.");
- }
- return check;
- }
-
- /**
- * @param getAccessToken
- * @return
- */
- protected boolean addDataMustNotBeNull(GetAccessTokenRequest getAccessToken) {
- boolean check = getAccessToken.getAddData() != null;
- if (!check) {
- Log.warn("add_data must not be null.");
- }
- return check;
- }
-
/**
* @param getAccessToken
* @return
@@ -175,9 +127,9 @@ protected boolean refreshTokenMustBeNull(GetAccessTokenRequest getAccessToken) {
* @return
*/
protected boolean refreshTokenMustNotBeNull(GetAccessTokenRequest getAccessToken) {
- boolean check = getAccessToken.getRefreshToken() != null;
+ boolean check = getAccessToken.getRefreshToken() != null || getAccessToken.getRefreshCookie() != null;
if (!check) {
- Log.warn("refresh_token must not be null.");
+ Log.warn("refresh_token or refresh_cookie must not be null.");
}
return check;
}
diff --git a/src/main/resources/META-INF/openapi.yaml b/src/main/resources/META-INF/openapi.yaml
index 19fe4dba..140985d7 100644
--- a/src/main/resources/META-INF/openapi.yaml
+++ b/src/main/resources/META-INF/openapi.yaml
@@ -22,7 +22,7 @@ tags:
- name: introspect
description: Token introspection operation
- name: token
- description: Operation to get or refresh access token
+ description: Operation to get or refresh tokens
- name: client
description: Administrative operation for client
- name: roles
@@ -34,8 +34,10 @@ tags:
paths:
/token:
post:
- operationId: getAccessToken
- description: Returns access token or refresh it
+ operationId: getAccessTokens
+ description: |
+ Returns access token and refresh token (if `scope=offline_access`) or
+ refreshes them
tags: [token]
security: []
parameters:
@@ -46,6 +48,7 @@ paths:
- $ref: '#/components/parameters/MerchantId'
- $ref: '#/components/parameters/TerminalId'
- $ref: '#/components/parameters/FiscalCode'
+ - $ref: '#/components/parameters/RefreshCookie'
requestBody:
$ref: '#/components/requestBodies/GetAccessToken'
responses:
@@ -79,7 +82,9 @@ paths:
/token_info:
post:
operationId: introspect
- description: Introspects a given access token returning the clear value of user tax (fiscal) code (if any)
+ description: |
+ Introspects a given access token returning the clear value of user tax
+ code if any
tags: [introspect]
security:
- oAuth2: [token_info]
@@ -122,7 +127,7 @@ paths:
/.well-known/jwks.json:
get:
operationId: getJwks
- description: Returns public keys
+ description: Returns public keys used to sign the tokens
tags: [wellknown]
security: []
parameters:
@@ -190,7 +195,8 @@ paths:
/admin/cleanexpkeys:
post:
operationId: cleanExpKeys
- description: Cleans expired keys
+ description: |
+ Cleans expired keys used to sign tokens and to protect sensitive data
tags: [maintenance]
security:
- oAuth2: [admin]
@@ -725,13 +731,6 @@ components:
minLength: 1
maxLength: 11
example: "NA"
- AdditionalData:
- description: Additional data for external token authentication
- type: string
- pattern: "^[ -~]{1,4096}$"
- minLength: 1
- maxLength: 4096
- example: "4b7eb94b-10c9-4f11-a10e-7292b29ab115"
BearerTokenType:
description: Token type for bearer token
type: string
@@ -801,19 +800,6 @@ components:
minLength: 0
maxLength: 256
example: "Duplicate key"
- ExternalToken:
- description: External token
- type: string
- pattern: "^[ -~]{1,4096}$"
- minLength: 1
- maxLength: 4096
- example: "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJOZXhpIiwicG95bnQuZGlkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC5kc3QiOiJEIiwicG95bnQub3JnIjoiMGU2Zjc4ODYtMDk1Ni00NDA1LWJjNDgtYzE5ODY4ZDdlZTIyIiwicG95bnQuc2N0IjoiVSIsImlzcyI6Imh0dHBzOlwvXC9zZXJ2aWNlcy1ldS5wb3ludC5uZXQiLCJwb3ludC51cmUiOiJPIiwicG95bnQua2lkIjozOTMyNDI1MjY4MDY5NDA5MjM0LCJwb3ludC5zY3YiOiJOZXhpIiwicG95bnQuc3RyIjoiZDNmZDNmZDMtMTg5ZC00N2M4LThjMzYtYjY4NWRkNjBkOTY0IiwiYXVkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC51aWQiOjM3MzY1NzQsInBveW50LmJpeiI6IjRiN2ViOTRiLTEwYzktNGYxMS1hMTBlLTcyOTJiMjlhYjExNSIsImV4cCI6MTY4MDc4MzUzNiwiaWF0IjoxNjgwNjk3MTM2LCJqdGkiOiI3MjBmMDFlZS1iZDk4LTRjYjItOTU2Mi0xZjI4YWY2NGJhZGYifQ.dTuvtzqy9oPWIN4NIBdhIR09Xpm70dgRCP-ybuVLo24DwqaysPKNmEHDXcq2gGE1w2L6e783_PXRK3RI0j1TQRFeLRbiPzN5imBdrJ2LlV8QNdkElOl2x32j652YeFcoAitBzFss_Do0_rquU_008eeIXWa-B-AiMsdAqgLUiMigsTT42rQYr7Mb8Am_NWwvZ9-DWiox6HbuUNUo3TStBmLervqlQ5j2_3AzcOILp8cJX0699fw7Y6gcu_pNHgjswqD0UVPSAmHf_bqFAH6b98qHVKe3isMSoktYi4FfWdpG1ykviEp9Ii0QKfeLnqyIR6g2o2XzGlDv7Usv5ouiXg"
- ExternalTokenGrantType:
- description: Grant type to get an access token by means of external token
- enum:
- - poynt_token
- type: string
- example: "poynt_token"
FiscalCode:
description: User fiscal (tax) code
type: string
@@ -943,6 +929,13 @@ components:
format: int32
minimum: 1
maximum: 60
+ RefreshCookie:
+ description: Cookie which contains refresh token if required by the client
+ type: string
+ pattern: "^[ -~]{512,4096}$"
+ minLength: 512
+ maxLength: 4096
+ example: refresh_cookie=eyJraWQiOiIzOGE1ZDA4ZGM4NzU0MGVhYjc3ZGViNGQ5ZWFiMjM4MC8zNzExY2U3NWFiYmI0MWM5YmZhOTEwMzM0Y2FiMDMzZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0NTg1NjI1LzI4NDA1ZkhmazczeDg4RC8wMTIzNDU2NyIsImF1ZCI6Im1pbC5wYWdvcGEuaXQiLCJjbGllbnRJZCI6IjUyNTRmMDg3LTEyMTQtNDVjZC05NGFlLWZkYTUzYzgzNTE5NyIsIm1lcmNoYW50SWQiOiIyODQwNWZIZms3M3g4OEQiLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwiY2hhbm5lbCI6IlBPUyIsImlzcyI6Imh0dHBzOi8vbWlsLWQtYXBpbS5henVyZS1hcGkubmV0L21pbC1hdXRoIiwidGVybWluYWxJZCI6IjAxMjM0NTY3IiwiZXhwIjoxNzM1OTEwMTcxLCJhY3F1aXJlcklkIjoiNDU4NTYyNSIsImlhdCI6MTczNTkwNjU3MX0.Ztu8SlQCjXErum9xRsqUMOd0ucGvfeKhDHAjR3lzo9KV0KiRdy8RckcR-Zg6Yt1Pu4jIl59xlMIE0KZFoHBTFqIzJp0h6HiSvvus8fArJ6Fu5YfMmtOoq9yEkw1GfBWHiYXt-y4LMw9gfus5DA2fEttY6kQVK7mznDUL3eGzTM2OSQlS3rrrnJUuxVR_8RsS1bYVpsUmu36W0Uf0Jd49GvnuqCKakJpr4rzcyvt358NVWrNH4Qqtjg4dCAyXPkM_MHez4XtaMXRh6O8UkOym9DI9n7zkmkkmx-ZccHDkAMmsGJKwviaIMVyrQJ2S3RXzAbcXZS13nb3djskN-3XC5Q;Version=1;Domain=dummy;Path=/token;Max-Age=9586;Expires=Fri, 03-Jan-2025 13:16:11 GMT;Secure;HttpOnly;SameSite=Strict
RetryAfter:
description: The number of seconds to wait before allowing a follow-up request
type: integer
@@ -1267,34 +1260,10 @@ components:
grant_type: "client_credentials"
client_id: "d0d654e6-97da-4848-b568-99fedccb642b"
client_secret: "265a5ac0-c651-428e-bed6-763f6cd244b5"
- GetAccessTokenByExternalToken:
- description: Request to get an access token by means of external token
- type: object
- additionalProperties: false
- properties:
- grant_type:
- $ref: '#/components/schemas/ExternalTokenGrantType'
- ext_token:
- $ref: '#/components/schemas/ExternalToken'
- add_data:
- $ref: '#/components/schemas/AdditionalData'
- scope:
- $ref: '#/components/schemas/OfflineAccessScope'
- client_id:
- $ref: '#/components/schemas/UUID'
- required:
- - grant_type
- - ext_token
- - add_data
- - client_id
- example:
- grant_type: "poynt_token"
- ext_token: "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJOZXhpIiwicG95bnQuZGlkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC5kc3QiOiJEIiwicG95bnQub3JnIjoiMGU2Zjc4ODYtMDk1Ni00NDA1LWJjNDgtYzE5ODY4ZDdlZTIyIiwicG95bnQuc2N0IjoiVSIsImlzcyI6Imh0dHBzOlwvXC9zZXJ2aWNlcy1ldS5wb3ludC5uZXQiLCJwb3ludC51cmUiOiJPIiwicG95bnQua2lkIjozOTMyNDI1MjY4MDY5NDA5MjM0LCJwb3ludC5zY3YiOiJOZXhpIiwicG95bnQuc3RyIjoiZDNmZDNmZDMtMTg5ZC00N2M4LThjMzYtYjY4NWRkNjBkOTY0IiwiYXVkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC51aWQiOjM3MzY1NzQsInBveW50LmJpeiI6IjRiN2ViOTRiLTEwYzktNGYxMS1hMTBlLTcyOTJiMjlhYjExNSIsImV4cCI6MTY4MDc4MzUzNiwiaWF0IjoxNjgwNjk3MTM2LCJqdGkiOiI3MjBmMDFlZS1iZDk4LTRjYjItOTU2Mi0xZjI4YWY2NGJhZGYifQ.dTuvtzqy9oPWIN4NIBdhIR09Xpm70dgRCP-ybuVLo24DwqaysPKNmEHDXcq2gGE1w2L6e783_PXRK3RI0j1TQRFeLRbiPzN5imBdrJ2LlV8QNdkElOl2x32j652YeFcoAitBzFss_Do0_rquU_008eeIXWa-B-AiMsdAqgLUiMigsTT42rQYr7Mb8Am_NWwvZ9-DWiox6HbuUNUo3TStBmLervqlQ5j2_3AzcOILp8cJX0699fw7Y6gcu_pNHgjswqD0UVPSAmHf_bqFAH6b98qHVKe3isMSoktYi4FfWdpG1ykviEp9Ii0QKfeLnqyIR6g2o2XzGlDv7Usv5ouiXg"
- add_data: "4b7eb94b-10c9-4f11-a10e-7292b29ab115"
- scope: "offline_access"
- client_id: "d0d654e6-97da-4848-b568-99fedccb642b"
GetAccessTokenByPassword:
- description: Request to get an access token by means of resource owner password
+ description: |
+ Request to get an access token and refresh token
+ (is scope = offline_access) by means of username and password
type: object
additionalProperties: false
properties:
@@ -1462,7 +1431,9 @@ components:
iat: 1678888689
n: "qjcVEWJTTySeKxHsJSsmVGk2cEvXJ4tBC4uyU5MxYwBAiIWuZb_yDOIjLz7JN8QsJs3QrZtS3vqv18ljW2db6ED90OUo9CVJveSF4eNRozDHOvnHGT0HR-8Wf5GxcNy63zfQLrnfdp5F9TrhMFRMkEA0TCT7PhT3yF6YvwLtQyMciER1_KKnpGomfAkW-UpaF2nHfXiFPrOIHMuNb5BoRR1f0349tqloLgLd7vyMy1jg-BldmEgRV1bcFqjH0Cg3leROjDy9HzdFauRIlSb4VZrqNni2hgaTUHI5Xp7aCwpS9Y_mf19KpxN0_8d-f3UVRlwtI1dryelpdC5jowxia2Pf8UgSZyMs2ZxDf6eU0SH8wHEvMpeFpwmiBD1XcsISoTan0Yv7w_CLo6JOqX6EfogDQZUBzKKlVCZSoSinAz0_7Bj2orgWKQ9sbfgJWgJweKkJLH-bNSRaVcu02boxPnlJeay3wROhSAgtiKWZnsU1_FpPNG0JBFCh_x-VjkuBoREpNEyJM5NvhRCmyObtzocS4eCtAgvmo3EFv_Xa-rp0p5ez4A-_QUb5OsYOswqYbIV1GbtiAfCTOrNbv6K86LaTllZ9WqYrKgDv7KA-604K37k33LHROqcO9Q-bCN8hKzQDWs7M3DFNP6P5iBUUVs-gtWncHvIuUWTth-fBXa8"
RefreshAccessToken:
- description: Request to get an access token by means of a refresh token
+ description: |
+ Request to get a new couple access/refresh token by means of a refresh
+ token
type: object
#additionalProperties: true
properties:
@@ -1475,7 +1446,6 @@ components:
required:
- grant_type
- client_id
- - refresh_token
example:
grant_type: "refresh_token"
client_id: "d0d654e6-97da-4848-b568-99fedccb642b"
@@ -1603,14 +1573,16 @@ components:
schema:
$ref: '#/components/schemas/CreateUserReq'
GetAccessToken:
- description: Request to get an access token by means of username and password or by refresh token or by external token
+ description: |
+ Request to get an access token and refresh token
+ (if `scope=offline_access`) by means of username and password or by
+ refresh token or by client secret
content:
application/x-www-form-urlencoded:
schema:
oneOf:
- $ref: '#/components/schemas/GetAccessTokenByPassword'
- $ref: '#/components/schemas/RefreshAccessToken'
- - $ref: '#/components/schemas/GetAccessTokenByExternalToken'
- $ref: '#/components/schemas/GetAccessTokenByClientCredentials'
TokenInfo:
description: Request to introspect an access token
@@ -1705,6 +1677,13 @@ components:
required: true
schema:
$ref: '#/components/schemas/PageSize'
+ RefreshCookie:
+ name: refresh_cookie
+ in: cookie
+ description: Cookie with refresh token.
+ required: false
+ schema:
+ $ref: '#/components/schemas/Token'
RequestId:
name: RequestId
in: header
@@ -1756,7 +1735,7 @@ components:
# ========================================================
responses:
AccessToken:
- description: Response returned when an access token is requested
+ description: Response returned when an access token and refresh token is requested
headers:
Access-Control-Allow-Origin:
description: Indicates whether the response can be shared with requesting code from the given origin
@@ -1773,6 +1752,13 @@ components:
required: false
schema:
$ref: '#/components/schemas/RateLimitReset'
+ Set-Cookie:
+ description: |
+ If a refresh token is required (`scope=offline_access`), it is
+ returned also by means of a cookie.
+ required: false
+ schema:
+ $ref: '#/components/schemas/RefreshCookie'
content:
application/json:
schema:
diff --git a/src/main/resources/META-INF/openapi_not_admin.yaml b/src/main/resources/META-INF/openapi_not_admin.yaml
index c9e9dc52..69ab3e83 100644
--- a/src/main/resources/META-INF/openapi_not_admin.yaml
+++ b/src/main/resources/META-INF/openapi_not_admin.yaml
@@ -1,7 +1,7 @@
openapi: 3.0.3
info:
title: Authorization Microservice
- version: 2.13.0
+ version: 2.15.3
description: Authorization Microservice for Multi-channel Integration Layer of SW Client Project
contact:
name: CSTAR
@@ -22,12 +22,14 @@ tags:
- name: introspect
description: Token introspection operation
- name: token
- description: Operation to get or refresh access token
+ description: Operation to get or refresh tokens
paths:
/token:
post:
- operationId: getAccessToken
- description: Returns access token or refresh it
+ operationId: getAccessTokens
+ description: |
+ Returns access token and refresh token (if `scope=offline_access`) or
+ refreshes them
tags: [token]
security: []
parameters:
@@ -38,6 +40,7 @@ paths:
- $ref: '#/components/parameters/MerchantId'
- $ref: '#/components/parameters/TerminalId'
- $ref: '#/components/parameters/FiscalCode'
+ - $ref: '#/components/parameters/RefreshCookie'
requestBody:
$ref: '#/components/requestBodies/GetAccessToken'
responses:
@@ -71,7 +74,9 @@ paths:
/token_info:
post:
operationId: introspect
- description: Introspects a given access token returning the clear value of user tax (fiscal) code (if any)
+ description: |
+ Introspects a given access token returning the clear value of user tax
+ code if any
tags: [introspect]
security:
- oAuth2: [token_info]
@@ -114,7 +119,7 @@ paths:
/.well-known/jwks.json:
get:
operationId: getJwks
- description: Returns public keys
+ description: Returns public keys used to sign the tokens
tags: [wellknown]
security: []
parameters:
@@ -200,13 +205,6 @@ components:
minLength: 1
maxLength: 11
example: "4585625"
- AdditionalData:
- description: Additional data for external token authentication
- type: string
- pattern: "^[ -~]{1,4096}$"
- minLength: 1
- maxLength: 4096
- example: "4b7eb94b-10c9-4f11-a10e-7292b29ab115"
BearerTokenType:
description: Token type for bearer token
type: string
@@ -250,19 +248,6 @@ components:
minLength: 0
maxLength: 256
example: "Duplicate key"
- ExternalToken:
- description: External token
- type: string
- pattern: "^[ -~]{1,4096}$"
- minLength: 1
- maxLength: 4096
- example: "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJOZXhpIiwicG95bnQuZGlkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC5kc3QiOiJEIiwicG95bnQub3JnIjoiMGU2Zjc4ODYtMDk1Ni00NDA1LWJjNDgtYzE5ODY4ZDdlZTIyIiwicG95bnQuc2N0IjoiVSIsImlzcyI6Imh0dHBzOlwvXC9zZXJ2aWNlcy1ldS5wb3ludC5uZXQiLCJwb3ludC51cmUiOiJPIiwicG95bnQua2lkIjozOTMyNDI1MjY4MDY5NDA5MjM0LCJwb3ludC5zY3YiOiJOZXhpIiwicG95bnQuc3RyIjoiZDNmZDNmZDMtMTg5ZC00N2M4LThjMzYtYjY4NWRkNjBkOTY0IiwiYXVkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC51aWQiOjM3MzY1NzQsInBveW50LmJpeiI6IjRiN2ViOTRiLTEwYzktNGYxMS1hMTBlLTcyOTJiMjlhYjExNSIsImV4cCI6MTY4MDc4MzUzNiwiaWF0IjoxNjgwNjk3MTM2LCJqdGkiOiI3MjBmMDFlZS1iZDk4LTRjYjItOTU2Mi0xZjI4YWY2NGJhZGYifQ.dTuvtzqy9oPWIN4NIBdhIR09Xpm70dgRCP-ybuVLo24DwqaysPKNmEHDXcq2gGE1w2L6e783_PXRK3RI0j1TQRFeLRbiPzN5imBdrJ2LlV8QNdkElOl2x32j652YeFcoAitBzFss_Do0_rquU_008eeIXWa-B-AiMsdAqgLUiMigsTT42rQYr7Mb8Am_NWwvZ9-DWiox6HbuUNUo3TStBmLervqlQ5j2_3AzcOILp8cJX0699fw7Y6gcu_pNHgjswqD0UVPSAmHf_bqFAH6b98qHVKe3isMSoktYi4FfWdpG1ykviEp9Ii0QKfeLnqyIR6g2o2XzGlDv7Usv5ouiXg"
- ExternalTokenGrantType:
- description: Grant type to get an access token by means of external token
- enum:
- - poynt_token
- type: string
- example: "poynt_token"
FiscalCode:
description: User fiscal (tax) code
type: string
@@ -371,6 +356,13 @@ components:
format: int32
minimum: 1
maximum: 60
+ RefreshCookie:
+ description: Cookie which contains refresh token if required by the client
+ type: string
+ pattern: "^[ -~]{512,4096}$"
+ minLength: 512
+ maxLength: 4096
+ example: refresh_cookie=eyJraWQiOiIzOGE1ZDA4ZGM4NzU0MGVhYjc3ZGViNGQ5ZWFiMjM4MC8zNzExY2U3NWFiYmI0MWM5YmZhOTEwMzM0Y2FiMDMzZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0NTg1NjI1LzI4NDA1ZkhmazczeDg4RC8wMTIzNDU2NyIsImF1ZCI6Im1pbC5wYWdvcGEuaXQiLCJjbGllbnRJZCI6IjUyNTRmMDg3LTEyMTQtNDVjZC05NGFlLWZkYTUzYzgzNTE5NyIsIm1lcmNoYW50SWQiOiIyODQwNWZIZms3M3g4OEQiLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwiY2hhbm5lbCI6IlBPUyIsImlzcyI6Imh0dHBzOi8vbWlsLWQtYXBpbS5henVyZS1hcGkubmV0L21pbC1hdXRoIiwidGVybWluYWxJZCI6IjAxMjM0NTY3IiwiZXhwIjoxNzM1OTEwMTcxLCJhY3F1aXJlcklkIjoiNDU4NTYyNSIsImlhdCI6MTczNTkwNjU3MX0.Ztu8SlQCjXErum9xRsqUMOd0ucGvfeKhDHAjR3lzo9KV0KiRdy8RckcR-Zg6Yt1Pu4jIl59xlMIE0KZFoHBTFqIzJp0h6HiSvvus8fArJ6Fu5YfMmtOoq9yEkw1GfBWHiYXt-y4LMw9gfus5DA2fEttY6kQVK7mznDUL3eGzTM2OSQlS3rrrnJUuxVR_8RsS1bYVpsUmu36W0Uf0Jd49GvnuqCKakJpr4rzcyvt358NVWrNH4Qqtjg4dCAyXPkM_MHez4XtaMXRh6O8UkOym9DI9n7zkmkkmx-ZccHDkAMmsGJKwviaIMVyrQJ2S3RXzAbcXZS13nb3djskN-3XC5Q;Version=1;Domain=dummy;Path=/token;Max-Age=9586;Expires=Fri, 03-Jan-2025 13:16:11 GMT;Secure;HttpOnly;SameSite=Strict
RetryAfter:
description: The number of seconds to wait before allowing a follow-up request
type: integer
@@ -482,34 +474,10 @@ components:
grant_type: "client_credentials"
client_id: "d0d654e6-97da-4848-b568-99fedccb642b"
client_secret: "265a5ac0-c651-428e-bed6-763f6cd244b5"
- GetAccessTokenByExternalToken:
- description: Request to get an access token by means of external token
- type: object
- additionalProperties: false
- properties:
- grant_type:
- $ref: '#/components/schemas/ExternalTokenGrantType'
- ext_token:
- $ref: '#/components/schemas/ExternalToken'
- add_data:
- $ref: '#/components/schemas/AdditionalData'
- scope:
- $ref: '#/components/schemas/OfflineAccessScope'
- client_id:
- $ref: '#/components/schemas/UUID'
- required:
- - grant_type
- - ext_token
- - add_data
- - client_id
- example:
- grant_type: "poynt_token"
- ext_token: "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJOZXhpIiwicG95bnQuZGlkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC5kc3QiOiJEIiwicG95bnQub3JnIjoiMGU2Zjc4ODYtMDk1Ni00NDA1LWJjNDgtYzE5ODY4ZDdlZTIyIiwicG95bnQuc2N0IjoiVSIsImlzcyI6Imh0dHBzOlwvXC9zZXJ2aWNlcy1ldS5wb3ludC5uZXQiLCJwb3ludC51cmUiOiJPIiwicG95bnQua2lkIjozOTMyNDI1MjY4MDY5NDA5MjM0LCJwb3ludC5zY3YiOiJOZXhpIiwicG95bnQuc3RyIjoiZDNmZDNmZDMtMTg5ZC00N2M4LThjMzYtYjY4NWRkNjBkOTY0IiwiYXVkIjoidXJuOnRpZDo1NTYyYjhlZC1lODljLTMzMmEtYThkYy1jYTA4MTcxMzUxMTAiLCJwb3ludC51aWQiOjM3MzY1NzQsInBveW50LmJpeiI6IjRiN2ViOTRiLTEwYzktNGYxMS1hMTBlLTcyOTJiMjlhYjExNSIsImV4cCI6MTY4MDc4MzUzNiwiaWF0IjoxNjgwNjk3MTM2LCJqdGkiOiI3MjBmMDFlZS1iZDk4LTRjYjItOTU2Mi0xZjI4YWY2NGJhZGYifQ.dTuvtzqy9oPWIN4NIBdhIR09Xpm70dgRCP-ybuVLo24DwqaysPKNmEHDXcq2gGE1w2L6e783_PXRK3RI0j1TQRFeLRbiPzN5imBdrJ2LlV8QNdkElOl2x32j652YeFcoAitBzFss_Do0_rquU_008eeIXWa-B-AiMsdAqgLUiMigsTT42rQYr7Mb8Am_NWwvZ9-DWiox6HbuUNUo3TStBmLervqlQ5j2_3AzcOILp8cJX0699fw7Y6gcu_pNHgjswqD0UVPSAmHf_bqFAH6b98qHVKe3isMSoktYi4FfWdpG1ykviEp9Ii0QKfeLnqyIR6g2o2XzGlDv7Usv5ouiXg"
- add_data: "4b7eb94b-10c9-4f11-a10e-7292b29ab115"
- scope: "offline_access"
- client_id: "d0d654e6-97da-4848-b568-99fedccb642b"
GetAccessTokenByPassword:
- description: Request to get an access token by means of resource owner password
+ description: |
+ Request to get an access token and refresh token
+ (is scope = offline_access) by means of username and password
type: object
additionalProperties: false
properties:
@@ -602,7 +570,9 @@ components:
iat: 1678888689
n: "qjcVEWJTTySeKxHsJSsmVGk2cEvXJ4tBC4uyU5MxYwBAiIWuZb_yDOIjLz7JN8QsJs3QrZtS3vqv18ljW2db6ED90OUo9CVJveSF4eNRozDHOvnHGT0HR-8Wf5GxcNy63zfQLrnfdp5F9TrhMFRMkEA0TCT7PhT3yF6YvwLtQyMciER1_KKnpGomfAkW-UpaF2nHfXiFPrOIHMuNb5BoRR1f0349tqloLgLd7vyMy1jg-BldmEgRV1bcFqjH0Cg3leROjDy9HzdFauRIlSb4VZrqNni2hgaTUHI5Xp7aCwpS9Y_mf19KpxN0_8d-f3UVRlwtI1dryelpdC5jowxia2Pf8UgSZyMs2ZxDf6eU0SH8wHEvMpeFpwmiBD1XcsISoTan0Yv7w_CLo6JOqX6EfogDQZUBzKKlVCZSoSinAz0_7Bj2orgWKQ9sbfgJWgJweKkJLH-bNSRaVcu02boxPnlJeay3wROhSAgtiKWZnsU1_FpPNG0JBFCh_x-VjkuBoREpNEyJM5NvhRCmyObtzocS4eCtAgvmo3EFv_Xa-rp0p5ez4A-_QUb5OsYOswqYbIV1GbtiAfCTOrNbv6K86LaTllZ9WqYrKgDv7KA-604K37k33LHROqcO9Q-bCN8hKzQDWs7M3DFNP6P5iBUUVs-gtWncHvIuUWTth-fBXa8"
RefreshAccessToken:
- description: Request to get an access token by means of a refresh token
+ description: |
+ Request to get a new couple access/refresh token by means of a refresh
+ token
type: object
#additionalProperties: true
properties:
@@ -615,7 +585,6 @@ components:
required:
- grant_type
- client_id
- - refresh_token
example:
grant_type: "refresh_token"
client_id: "d0d654e6-97da-4848-b568-99fedccb642b"
@@ -647,15 +616,17 @@ components:
# ========================================================
requestBodies:
GetAccessToken:
- description: Request to get an access token by means of username and password or by refresh token or by external token
+ description: |
+ Request to get an access token and refresh token
+ (if `scope=offline_access`) by means of username and password or by
+ refresh token or by client secret
content:
application/x-www-form-urlencoded:
schema:
oneOf:
- - $ref: '#/components/schemas/GetAccessTokenByClientCredentials'
- $ref: '#/components/schemas/GetAccessTokenByPassword'
- $ref: '#/components/schemas/RefreshAccessToken'
- - $ref: '#/components/schemas/GetAccessTokenByExternalToken'
+ - $ref: '#/components/schemas/GetAccessTokenByClientCredentials'
TokenInfo:
description: Request to introspect an access token
content:
@@ -694,6 +665,13 @@ components:
required: false
schema:
$ref: '#/components/schemas/MerchantId'
+ RefreshCookie:
+ name: refresh_cookie
+ in: cookie
+ description: Cookie with refresh token.
+ required: false
+ schema:
+ $ref: '#/components/schemas/Token'
RequestId:
name: RequestId
in: header
@@ -724,7 +702,7 @@ components:
# ========================================================
responses:
AccessToken:
- description: Response returned when an access token is requested
+ description: Response returned when an access token and refresh token is requested
headers:
Access-Control-Allow-Origin:
description: Indicates whether the response can be shared with requesting code from the given origin
@@ -741,6 +719,13 @@ components:
required: false
schema:
$ref: '#/components/schemas/RateLimitReset'
+ Set-Cookie:
+ description: |
+ If a refresh token is required (`scope=offline_access`), it is
+ returned also by means of a cookie.
+ required: false
+ schema:
+ $ref: '#/components/schemas/RefreshCookie'
content:
application/json:
schema:
@@ -874,3 +859,4 @@ components:
refreshUrl: /token
scopes:
token_info: introspect access token
+ admin: admin operations
diff --git a/src/main/terraform/container_app.tf b/src/main/terraform/container_app.tf
index 7d6f3378..39db25ec 100644
--- a/src/main/terraform/container_app.tf
+++ b/src/main/terraform/container_app.tf
@@ -126,6 +126,7 @@ resource "azurerm_container_app" "auth" {
initial_delay = 0
interval_seconds = 10
failure_count_threshold = 3
+ success_count_threshold = 1
timeout = 1
}
@@ -136,7 +137,7 @@ resource "azurerm_container_app" "auth" {
initial_delay = 0
interval_seconds = 10
failure_count_threshold = 3
- success_count_threshold = 3
+ success_count_threshold = 1
timeout = 1
}
@@ -147,6 +148,7 @@ resource "azurerm_container_app" "auth" {
initial_delay = 0
interval_seconds = 10
failure_count_threshold = 3
+ success_count_threshold = 1
timeout = 1
}
}
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResourceTest.java
index 411b7ec3..cba8b272 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResourceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/admin/resource/ClientResourceTest.java
@@ -113,7 +113,7 @@ void given_requestToCreateNewClient_when_allGoesOk_then_getClientIdAndSecret() {
.body(AdminJsonPropertyName.CLIENT_ID, notNullValue())
.body(AdminJsonPropertyName.CLIENT_SECRET, notNullValue());
}
-
+
/**
*
*/
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/client/PoyntClientTest.java b/src/test/java/it/pagopa/swclient/mil/auth/client/PoyntClientTest.java
deleted file mode 100644
index ec1e294d..00000000
--- a/src/test/java/it/pagopa/swclient/mil/auth/client/PoyntClientTest.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- *
- */
-package it.pagopa.swclient.mil.auth.client;
-
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.TestInfo;
-
-import io.quarkus.test.junit.QuarkusTest;
-import io.smallrye.mutiny.Uni;
-import jakarta.ws.rs.core.Response;
-
-/**
- *
- */
-@QuarkusTest
-class PoyntClientTest {
- /*
- *
- */
- private PoyntClient client;
-
- /**
- *
- * @param testInfo
- */
- @BeforeEach
- void init(TestInfo testInfo) {
- String frame = "*".repeat(testInfo.getDisplayName().length() + 11);
- System.out.println(frame);
- System.out.printf("* %s: START *%n", testInfo.getDisplayName());
- System.out.println(frame);
- client = new PoyntClient() {
- @Override
- public Uni getBusinessObject(String poyntToken, String businessId) {
- return null;
- }
- };
- }
-
- /**
- *
- */
- @Test
- void testWithParamOk() {
- assertNotNull(client.withParam("POYNT-REQUEST-ID"));
- }
-
- /**
- *
- */
- @Test
- void testWithParamKo() {
- assertThrows(IllegalArgumentException.class, () -> {
- client.withParam("POYNT-REQUEST-ID2");
- });
- }
-}
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenResourceTest.java
index 18dee77e..67e44c65 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenResourceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenResourceTest.java
@@ -9,24 +9,44 @@
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
+import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
+import java.text.ParseException;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Date;
+
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
+import org.mockito.Mockito;
+
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.util.Base64URL;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
import io.quarkus.test.InjectMock;
import io.quarkus.test.common.http.TestHTTPEndpoint;
import io.quarkus.test.junit.QuarkusTest;
import io.smallrye.mutiny.Uni;
+import it.pagopa.swclient.mil.auth.bean.AuthCookieParamName;
import it.pagopa.swclient.mil.auth.bean.AuthFormParamName;
import it.pagopa.swclient.mil.auth.bean.AuthJsonPropertyName;
+import it.pagopa.swclient.mil.auth.bean.ClaimName;
import it.pagopa.swclient.mil.auth.bean.GetAccessTokenRequest;
import it.pagopa.swclient.mil.auth.bean.GetAccessTokenResponse;
import it.pagopa.swclient.mil.auth.bean.GrantType;
+import it.pagopa.swclient.mil.auth.bean.Scope;
import it.pagopa.swclient.mil.auth.bean.TokenType;
import it.pagopa.swclient.mil.auth.qualifier.ClientCredentials;
+import it.pagopa.swclient.mil.auth.qualifier.Password;
+import it.pagopa.swclient.mil.auth.qualifier.RefreshToken;
+import it.pagopa.swclient.mil.auth.service.RefreshTokensService;
import it.pagopa.swclient.mil.auth.service.TokenByClientSecretService;
+import it.pagopa.swclient.mil.auth.service.TokenByPasswordService;
import it.pagopa.swclient.mil.auth.util.UniGenerator;
import it.pagopa.swclient.mil.bean.Channel;
import it.pagopa.swclient.mil.bean.HeaderParamName;
@@ -49,6 +69,10 @@ class TokenResourceTest {
private static final String CHANNEL = Channel.POS;
private static final String CLIENT_ID = "3965df56-ca9a-49e5-97e8-061433d4a25b";
private static final String CLIENT_SECRET = "5ceef788-4115-43a7-a704-b1bcc9a47c86";
+ private static final String USERNAME = "username";
+ private static final String PASSWORD = "password";
+ private static final String ACCESS_TOKEN = "eyJraWQiOiIzOGE1ZDA4ZGM4NzU0MGVhYjc3ZGViNGQ5ZWFiMjM4MC8zNzExY2U3NWFiYmI0MWM5YmZhOTEwMzM0Y2FiMDMzZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJOb2RvIiwiYXVkIjoibWlsLnBhZ29wYS5pdCIsImNsaWVudElkIjoiOTJmYWYzMTktNDIxOS00NTVmLTg0MWItYmI2OTI2ODQ2NzJhIiwiaXNzIjoiaHR0cHM6Ly9taWwtZC1hcGltLmF6dXJlLWFwaS5uZXQvbWlsLWF1dGgiLCJncm91cHMiOlsiTm9kbyJdLCJleHAiOjE3MzU5MDQ3MTIsImlhdCI6MTczNTkwMzgxMn0.m0bA-s-BQbjNtd3eXbux7tXyn0ITz-wPPPbThLlNQMVxr-erzLIGT0t3jTDoxRPuXe49tlio6ivMWugIKH74CQxQKe9fgmoJuiZ8h9cIQVyg1sFfdS0_EHOp3ubI40IEsvHa7zvoYU3QWB9ByZxupyNPRgfJXKmJwaHU-9sM4Wm381P54gu_CH2QEG7iyHZbCe1t9B3ILcfRozudw3v8_iE8hYZQsUU66gcXrW2Fqh3F_8y4F8FGkXR1bmlY18REpjqZlywTaY4nAts-nA9XQIK4dFriq9c6dVzDiX3RHjQLvCyW8ZeVY0pE5E8WgaEX7z4b-kgefAPasil9YkNoTw";
+ private static final String REFRESH_TOKEN = "eyJraWQiOiIzOGE1ZDA4ZGM4NzU0MGVhYjc3ZGViNGQ5ZWFiMjM4MC8zNzExY2U3NWFiYmI0MWM5YmZhOTEwMzM0Y2FiMDMzZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0NTg1NjI1LzI4NDA1ZkhmazczeDg4RC8wMTIzNDU2NyIsImF1ZCI6Im1pbC5wYWdvcGEuaXQiLCJjbGllbnRJZCI6IjUyNTRmMDg3LTEyMTQtNDVjZC05NGFlLWZkYTUzYzgzNTE5NyIsIm1lcmNoYW50SWQiOiIyODQwNWZIZms3M3g4OEQiLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwiY2hhbm5lbCI6IlBPUyIsImlzcyI6Imh0dHBzOi8vbWlsLWQtYXBpbS5henVyZS1hcGkubmV0L21pbC1hdXRoIiwidGVybWluYWxJZCI6IjAxMjM0NTY3IiwiZXhwIjoxNzM1OTEwMTcxLCJhY3F1aXJlcklkIjoiNDU4NTYyNSIsImlhdCI6MTczNTkwNjU3MX0.Ztu8SlQCjXErum9xRsqUMOd0ucGvfeKhDHAjR3lzo9KV0KiRdy8RckcR-Zg6Yt1Pu4jIl59xlMIE0KZFoHBTFqIzJp0h6HiSvvus8fArJ6Fu5YfMmtOoq9yEkw1GfBWHiYXt-y4LMw9gfus5DA2fEttY6kQVK7mznDUL3eGzTM2OSQlS3rrrnJUuxVR_8RsS1bYVpsUmu36W0Uf0Jd49GvnuqCKakJpr4rzcyvt358NVWrNH4Qqtjg4dCAyXPkM_MHez4XtaMXRh6O8UkOym9DI9n7zkmkkmx-ZccHDkAMmsGJKwviaIMVyrQJ2S3RXzAbcXZS13nb3djskN-3XC5Q";
/*
*
@@ -57,6 +81,20 @@ class TokenResourceTest {
@ClientCredentials
private TokenByClientSecretService tokenByClientSecretService;
+ /*
+ *
+ */
+ @InjectMock
+ @Password
+ private TokenByPasswordService tokenByPasswordService;
+
+ /*
+ *
+ */
+ @InjectMock
+ @RefreshToken
+ private RefreshTokensService refreshTokensService;
+
/**
*
* @param testInfo
@@ -67,13 +105,15 @@ void init(TestInfo testInfo) {
System.out.println(frame);
System.out.printf("* %s: START *%n", testInfo.getDisplayName());
System.out.println(frame);
+ Mockito.reset(tokenByClientSecretService, tokenByPasswordService, refreshTokensService);
}
/**
*
+ * @throws ParseException
*/
@Test
- void given_requestToGetAccessToken_when_theEndPointIsInvoked_then_getAccessToken() {
+ void given_requestToGetAccessToken_when_theEndPointIsInvoked_then_getAccessToken() throws ParseException {
/*
* Setup
*/
@@ -88,7 +128,7 @@ void given_requestToGetAccessToken_when_theEndPointIsInvoked_then_getAccessToken
when(tokenByClientSecretService.process(request))
.thenReturn(UniGenerator.item(new GetAccessTokenResponse()
- .setAccessToken("access_token")
+ .setAccessToken(SignedJWT.parse(ACCESS_TOKEN))
.setExpiresIn(900)
.setTokenType(TokenType.BEARER)));
@@ -118,6 +158,189 @@ void given_requestToGetAccessToken_when_theEndPointIsInvoked_then_getAccessToken
.body(AuthJsonPropertyName.REFRESH_TOKEN, nullValue());
}
+ /**
+ *
+ * @throws ParseException
+ */
+ @Test
+ void given_requestToGetAccessAndRefreshToken_when_theEndPointIsInvoked_then_getTokens() throws ParseException {
+ /*
+ * Setup
+ */
+ GetAccessTokenRequest request = new GetAccessTokenRequest()
+ .setClientId(CLIENT_ID)
+ .setGrantType(GrantType.PASSWORD)
+ .setUsername(USERNAME)
+ .setPassword(PASSWORD)
+ .setScope(Scope.OFFLINE_ACCESS);
+
+ when(tokenByPasswordService.process(request))
+ .thenReturn(
+ UniGenerator.item(
+ new GetAccessTokenResponse()
+ .setAccessToken(SignedJWT.parse(ACCESS_TOKEN))
+ .setRefreshToken(SignedJWT.parse(REFRESH_TOKEN))
+ .setExpiresIn(900)
+ .setTokenType(TokenType.BEARER)));
+
+ /*
+ * Test
+ */
+ given()
+ .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+ .header(HeaderParamName.REQUEST_ID, REQUEST_ID)
+ .formParam(AuthFormParamName.CLIENT_ID, CLIENT_ID)
+ .formParam(AuthFormParamName.GRANT_TYPE, GrantType.PASSWORD)
+ .formParam(AuthFormParamName.USERNAME, USERNAME)
+ .formParam(AuthFormParamName.PASSWORD, PASSWORD)
+ .formParam(AuthFormParamName.SCOPE, Scope.OFFLINE_ACCESS)
+ .when()
+ .post()
+ .then()
+ .log()
+ .everything()
+ .statusCode(200)
+ .contentType(MediaType.APPLICATION_JSON)
+ .cookie(AuthCookieParamName.REFRESH_COOKIE, REFRESH_TOKEN)
+ .body(AuthJsonPropertyName.ACCESS_TOKEN, equalTo(ACCESS_TOKEN))
+ .body(AuthJsonPropertyName.TOKEN_TYPE, equalTo(TokenType.BEARER))
+ .body(AuthJsonPropertyName.EXPIRES_IN, notNullValue(Long.class))
+ .body(AuthJsonPropertyName.REFRESH_TOKEN, equalTo(REFRESH_TOKEN));
+ }
+
+ /**
+ *
+ * @throws ParseException
+ */
+ @Test
+ void given_requestToRefreshTokensWithCookie_when_theEndPointIsInvoked_then_getTokens() throws ParseException {
+ /*
+ * Setup
+ */
+ Instant now = Instant.now();
+
+ JWSHeader header = new JWSHeader(JWSAlgorithm.RS256, null, null, null, null, null, null, null, null, null, "key_id", true, null, null);
+
+ JWTClaimsSet payload = new JWTClaimsSet.Builder()
+ .subject("subject")
+ .issueTime(new Date(now.toEpochMilli()))
+ .expirationTime(new Date(now.plus(15, ChronoUnit.MINUTES).toEpochMilli()))
+ .claim(ClaimName.CLIENT_ID, CLIENT_ID)
+ .claim(ClaimName.SCOPE, Scope.OFFLINE_ACCESS)
+ .build();
+
+ SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
+
+ when(refreshTokensService.process(any(GetAccessTokenRequest.class))) // equals method of GetAccessTokenRequest doesn't work properly due to SignedJWT fields
+ .thenReturn(
+ UniGenerator.item(
+ new GetAccessTokenResponse()
+ .setAccessToken(SignedJWT.parse(ACCESS_TOKEN))
+ .setRefreshToken(SignedJWT.parse(REFRESH_TOKEN))
+ .setExpiresIn(900)
+ .setTokenType(TokenType.BEARER)));
+
+ /*
+ * Test
+ */
+ given()
+ .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+ .header(HeaderParamName.REQUEST_ID, REQUEST_ID)
+ .formParam(AuthFormParamName.CLIENT_ID, CLIENT_ID)
+ .formParam(AuthFormParamName.GRANT_TYPE, GrantType.REFRESH_TOKEN)
+ .cookie(AuthCookieParamName.REFRESH_COOKIE, refreshToken.serialize())
+ .when()
+ .post()
+ .then()
+ .log()
+ .everything()
+ .statusCode(200)
+ .contentType(MediaType.APPLICATION_JSON)
+ .cookie(AuthCookieParamName.REFRESH_COOKIE, REFRESH_TOKEN)
+ .body(AuthJsonPropertyName.ACCESS_TOKEN, equalTo(ACCESS_TOKEN))
+ .body(AuthJsonPropertyName.TOKEN_TYPE, equalTo(TokenType.BEARER))
+ .body(AuthJsonPropertyName.EXPIRES_IN, notNullValue(Long.class))
+ .body(AuthJsonPropertyName.REFRESH_TOKEN, equalTo(REFRESH_TOKEN));
+ }
+
+ /**
+ *
+ * @throws ParseException
+ */
+ @Test
+ void given_requestToRefreshTokens_when_theEndPointIsInvoked_then_getTokens() throws ParseException {
+ /*
+ * Setup
+ */
+ Instant now = Instant.now();
+
+ JWSHeader header = new JWSHeader(JWSAlgorithm.RS256, null, null, null, null, null, null, null, null, null, "key_id", true, null, null);
+
+ JWTClaimsSet payload = new JWTClaimsSet.Builder()
+ .subject("subject")
+ .issueTime(new Date(now.toEpochMilli()))
+ .expirationTime(new Date(now.plus(15, ChronoUnit.MINUTES).toEpochMilli()))
+ .claim(ClaimName.CLIENT_ID, CLIENT_ID)
+ .claim(ClaimName.SCOPE, Scope.OFFLINE_ACCESS)
+ .build();
+
+ SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
+
+ when(refreshTokensService.process(any(GetAccessTokenRequest.class))) // equals method of GetAccessTokenRequest doesn't work properly due to SignedJWT fields
+ .thenReturn(
+ UniGenerator.item(
+ new GetAccessTokenResponse()
+ .setAccessToken(SignedJWT.parse(ACCESS_TOKEN))
+ .setRefreshToken(SignedJWT.parse(REFRESH_TOKEN))
+ .setExpiresIn(900)
+ .setTokenType(TokenType.BEARER)));
+
+ /*
+ * Test
+ */
+ given()
+ .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+ .header(HeaderParamName.REQUEST_ID, REQUEST_ID)
+ .formParam(AuthFormParamName.CLIENT_ID, CLIENT_ID)
+ .formParam(AuthFormParamName.GRANT_TYPE, GrantType.REFRESH_TOKEN)
+ .formParam(AuthFormParamName.REFRESH_TOKEN, refreshToken.serialize())
+ .when()
+ .post()
+ .then()
+ .log()
+ .everything()
+ .statusCode(200)
+ .contentType(MediaType.APPLICATION_JSON)
+ .cookie(AuthCookieParamName.REFRESH_COOKIE, REFRESH_TOKEN)
+ .body(AuthJsonPropertyName.ACCESS_TOKEN, equalTo(ACCESS_TOKEN))
+ .body(AuthJsonPropertyName.TOKEN_TYPE, equalTo(TokenType.BEARER))
+ .body(AuthJsonPropertyName.EXPIRES_IN, notNullValue(Long.class))
+ .body(AuthJsonPropertyName.REFRESH_TOKEN, equalTo(REFRESH_TOKEN));
+ }
+
+ /**
+ *
+ */
+ @Test
+ void given_requestToRefreshTokens_when_refreshTokenIsBad_then_getFailure() {
+ /*
+ * Test
+ */
+ given()
+ .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+ .header(HeaderParamName.REQUEST_ID, REQUEST_ID)
+ .formParam(AuthFormParamName.CLIENT_ID, CLIENT_ID)
+ .formParam(AuthFormParamName.GRANT_TYPE, GrantType.REFRESH_TOKEN)
+ .formParam(AuthFormParamName.REFRESH_TOKEN, "@.@.@")
+ .when()
+ .post()
+ .then()
+ .log()
+ .everything()
+ .statusCode(400)
+ .contentType(MediaType.APPLICATION_JSON);
+ }
+
/**
*
*/
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/service/RefreshTokensServiceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/service/RefreshTokensServiceTest.java
index 0355235e..863c3b05 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/service/RefreshTokensServiceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/service/RefreshTokensServiceTest.java
@@ -6,6 +6,7 @@
package it.pagopa.swclient.mil.auth.service;
import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
@@ -111,7 +112,6 @@ void given_refreshToken_when_allGoesOk_then_getTokens() throws ParseException {
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
when(tokenSigner.verify(any(SignedJWT.class)))
.thenReturn(UniGenerator.item(null));
@@ -135,7 +135,7 @@ void given_refreshToken_when_allGoesOk_then_getTokens() throws ParseException {
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
@@ -145,7 +145,7 @@ void given_refreshToken_when_allGoesOk_then_getTokens() throws ParseException {
.with(
response -> {
assertEquals(
- "eyJraWQiOiJrZXlfbmFtZS9rZXlfdmVyc2lvbiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjbGllbnRfaWQiLCJjbGllbnRJZCI6ImNsaWVudF9pZCIsImNoYW5uZWwiOiJjaGFubmVsIiwiaXNzIjoiaHR0cHM6Ly9taWwtYXV0aCIsImdyb3VwcyI6InJvbGUiLCJ0ZXJtaW5hbElkIjoidGVybWluYWxfaWQiLCJhdWQiOiJodHRwczovL21pbCIsIm1lcmNoYW50SWQiOiJtZXJjaGFudF9pZCIsInNjb3BlIjoic2NvcGUiLCJmaXNjYWxDb2RlIjoiZW5jX2Zpc2NhbF9jb2RlIiwiZXhwIjoxNzE3NjUyLCJhY3F1aXJlcklkIjoiYWNxdWlyZXJfaWQiLCJpYXQiOjE3MTc1OTJ9.AA",
+ signedJwt,
response.getAccessToken());
},
f -> fail(f));
@@ -153,17 +153,176 @@ void given_refreshToken_when_allGoesOk_then_getTokens() throws ParseException {
/**
*
+ * @throws ParseException
*/
@Test
- void given_refreshToken_when_tokenParsingExceptionOccurs_then_getFailure() {
+ void given_refreshCookie_when_allGoesOk_then_getTokens() throws ParseException {
+ /*
+ * Setup
+ */
+ Instant now = Instant.now();
+
+ JWSHeader header = new JWSHeader(JWSAlgorithm.RS256, null, null, null, null, null, null, null, null, null, "key_id", true, null, null);
+
+ JWTClaimsSet payload = new JWTClaimsSet.Builder()
+ .subject("subject")
+ .issueTime(new Date(now.toEpochMilli()))
+ .expirationTime(new Date(now.plus(15, ChronoUnit.MINUTES).toEpochMilli()))
+ .claim(ClaimName.ACQUIRER_ID, "acquirer_id")
+ .claim(ClaimName.CHANNEL, "channel")
+ .claim(ClaimName.MERCHANT_ID, "merchant_id")
+ .claim(ClaimName.CLIENT_ID, "client_id")
+ .claim(ClaimName.TERMINAL_ID, "teminal_id")
+ .claim(ClaimName.SCOPE, Scope.OFFLINE_ACCESS)
+ .build();
+
+ SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
+
+ when(tokenSigner.verify(any(SignedJWT.class)))
+ .thenReturn(UniGenerator.item(null));
+
+ when(clientVerifier.verify("client_id", "channel", null))
+ .thenReturn(UniGenerator.item(new ClientEntity()));
+
+ when(roleFinder.findRoles("acquirer_id", "channel", "client_id", "merchant_id", "terminal_id"))
+ .thenReturn(UniGenerator.item(new SetOfRolesEntity()
+ .setRoles(List.of("role"))));
+
+ SignedJWT signedJwt = SignedJWT.parse("eyJraWQiOiJrZXlfbmFtZS9rZXlfdmVyc2lvbiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjbGllbnRfaWQiLCJjbGllbnRJZCI6ImNsaWVudF9pZCIsImNoYW5uZWwiOiJjaGFubmVsIiwiaXNzIjoiaHR0cHM6Ly9taWwtYXV0aCIsImdyb3VwcyI6InJvbGUiLCJ0ZXJtaW5hbElkIjoidGVybWluYWxfaWQiLCJhdWQiOiJodHRwczovL21pbCIsIm1lcmNoYW50SWQiOiJtZXJjaGFudF9pZCIsInNjb3BlIjoic2NvcGUiLCJmaXNjYWxDb2RlIjoiZW5jX2Zpc2NhbF9jb2RlIiwiZXhwIjoxNzE3NjUyLCJhY3F1aXJlcklkIjoiYWNxdWlyZXJfaWQiLCJpYXQiOjE3MTc1OTJ9.AA");
+
+ when(tokenSigner.sign(any(JWTClaimsSet.class)))
+ .thenReturn(UniGenerator.item(signedJwt));
+
+ /*
+ * Test
+ */
GetAccessTokenRequest request = new GetAccessTokenRequest()
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken("@.@.@")
+ // .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
- .setTerminalId("terminal_id");
+ .setTerminalId("terminal_id")
+ .setRefreshCookie(refreshToken);
+
+ refreshTokensService.process(request)
+ .subscribe()
+ .with(
+ response -> {
+ assertEquals(
+ signedJwt,
+ response.getAccessToken());
+ },
+ f -> fail(f));
+ }
+
+ /**
+ *
+ * @throws ParseException
+ */
+ @Test
+ void given_refreshCookieAndRefreshToken_when_allGoesOk_then_getTokens() throws ParseException {
+ /*
+ * Setup
+ */
+ Instant now = Instant.now();
+
+ JWSHeader header = new JWSHeader(JWSAlgorithm.RS256, null, null, null, null, null, null, null, null, null, "key_id", true, null, null);
+
+ JWTClaimsSet payload = new JWTClaimsSet.Builder()
+ .subject("subject")
+ .issueTime(new Date(now.toEpochMilli()))
+ .expirationTime(new Date(now.plus(15, ChronoUnit.MINUTES).toEpochMilli()))
+ .claim(ClaimName.ACQUIRER_ID, "acquirer_id")
+ .claim(ClaimName.CHANNEL, "channel")
+ .claim(ClaimName.MERCHANT_ID, "merchant_id")
+ .claim(ClaimName.CLIENT_ID, "client_id")
+ .claim(ClaimName.TERMINAL_ID, "teminal_id")
+ .claim(ClaimName.SCOPE, Scope.OFFLINE_ACCESS)
+ .build();
+
+ SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
+
+ when(tokenSigner.verify(any(SignedJWT.class)))
+ .thenReturn(UniGenerator.item(null));
+
+ when(clientVerifier.verify("client_id", "channel", null))
+ .thenReturn(UniGenerator.item(new ClientEntity()));
+
+ when(roleFinder.findRoles("acquirer_id", "channel", "client_id", "merchant_id", "terminal_id"))
+ .thenReturn(UniGenerator.item(new SetOfRolesEntity()
+ .setRoles(List.of("role"))));
+
+ SignedJWT signedJwt = SignedJWT.parse("eyJraWQiOiJrZXlfbmFtZS9rZXlfdmVyc2lvbiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjbGllbnRfaWQiLCJjbGllbnRJZCI6ImNsaWVudF9pZCIsImNoYW5uZWwiOiJjaGFubmVsIiwiaXNzIjoiaHR0cHM6Ly9taWwtYXV0aCIsImdyb3VwcyI6InJvbGUiLCJ0ZXJtaW5hbElkIjoidGVybWluYWxfaWQiLCJhdWQiOiJodHRwczovL21pbCIsIm1lcmNoYW50SWQiOiJtZXJjaGFudF9pZCIsInNjb3BlIjoic2NvcGUiLCJmaXNjYWxDb2RlIjoiZW5jX2Zpc2NhbF9jb2RlIiwiZXhwIjoxNzE3NjUyLCJhY3F1aXJlcklkIjoiYWNxdWlyZXJfaWQiLCJpYXQiOjE3MTc1OTJ9.AA");
+
+ when(tokenSigner.sign(any(JWTClaimsSet.class)))
+ .thenReturn(UniGenerator.item(signedJwt));
+
+ /*
+ * Test
+ */
+ GetAccessTokenRequest request = new GetAccessTokenRequest()
+ .setAcquirerId("acquirer_id")
+ .setChannel("channel")
+ .setClientId("client_id")
+ .setRefreshToken(refreshToken)
+ .setGrantType(GrantType.REFRESH_TOKEN)
+ .setMerchantId("merchant_id")
+ .setTerminalId("terminal_id")
+ .setRefreshCookie(refreshToken);
+
+ refreshTokensService.process(request)
+ .subscribe()
+ .with(
+ response -> {
+ assertEquals(
+ signedJwt,
+ response.getAccessToken());
+ },
+ f -> fail(f));
+ }
+
+ /**
+ *
+ * @throws ParseException
+ */
+ @Test
+ void given_badRefreshToken_when_tokensRefreshIsRequestes_then_getFailure() throws ParseException {
+ /*
+ * Setup
+ */
+ JWSHeader header = new JWSHeader(JWSAlgorithm.RS256, null, null, null, null, null, null, null, null, null, "key_id", true, null, null);
+
+ SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), new Base64URL("dGVzdA=="), Base64URL.from("AA"));
+
+ when(tokenSigner.verify(any(SignedJWT.class)))
+ .thenReturn(UniGenerator.item(null));
+
+ when(clientVerifier.verify("client_id", "channel", null))
+ .thenReturn(UniGenerator.item(new ClientEntity()));
+
+ when(roleFinder.findRoles("acquirer_id", "channel", "client_id", "merchant_id", "terminal_id"))
+ .thenReturn(UniGenerator.item(new SetOfRolesEntity()
+ .setRoles(List.of("role"))));
+
+ SignedJWT signedJwt = SignedJWT.parse("eyJraWQiOiJrZXlfbmFtZS9rZXlfdmVyc2lvbiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjbGllbnRfaWQiLCJjbGllbnRJZCI6ImNsaWVudF9pZCIsImNoYW5uZWwiOiJjaGFubmVsIiwiaXNzIjoiaHR0cHM6Ly9taWwtYXV0aCIsImdyb3VwcyI6InJvbGUiLCJ0ZXJtaW5hbElkIjoidGVybWluYWxfaWQiLCJhdWQiOiJodHRwczovL21pbCIsIm1lcmNoYW50SWQiOiJtZXJjaGFudF9pZCIsInNjb3BlIjoic2NvcGUiLCJmaXNjYWxDb2RlIjoiZW5jX2Zpc2NhbF9jb2RlIiwiZXhwIjoxNzE3NjUyLCJhY3F1aXJlcklkIjoiYWNxdWlyZXJfaWQiLCJpYXQiOjE3MTc1OTJ9.AA");
+
+ when(tokenSigner.sign(any(JWTClaimsSet.class)))
+ .thenReturn(UniGenerator.item(signedJwt));
+
+ /*
+ * Test
+ */
+ GetAccessTokenRequest request = new GetAccessTokenRequest()
+ .setAcquirerId("acquirer_id")
+ .setChannel("channel")
+ .setClientId("client_id")
+ .setRefreshToken(refreshToken)
+ .setGrantType(GrantType.REFRESH_TOKEN)
+ .setMerchantId("merchant_id")
+ .setTerminalId("terminal_id")
+ .setRefreshCookie(refreshToken);
refreshTokensService.process(request)
.subscribe()
@@ -171,6 +330,25 @@ void given_refreshToken_when_tokenParsingExceptionOccurs_then_getFailure() {
.assertFailedWith(AuthError.class);
}
+ /**
+ *
+ */
+ @Test
+ void given_refreshCookieAndRefreshTokenBothNull_when_tokesRefreshIsRequested_then_getFailure() {
+ /*
+ * Test
+ */
+ GetAccessTokenRequest request = new GetAccessTokenRequest()
+ .setAcquirerId("acquirer_id")
+ .setChannel("channel")
+ .setClientId("client_id")
+ .setGrantType(GrantType.REFRESH_TOKEN)
+ .setMerchantId("merchant_id")
+ .setTerminalId("terminal_id");
+
+ assertThrows(NullPointerException.class, () -> refreshTokensService.process(request));
+ }
+
/**
*
* @throws ParseException
@@ -196,7 +374,6 @@ void given_refreshToken_when_scopeIsWrong_then_getFailure() throws ParseExceptio
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
/*
* Test
@@ -205,7 +382,52 @@ void given_refreshToken_when_scopeIsWrong_then_getFailure() throws ParseExceptio
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
+ .setGrantType(GrantType.REFRESH_TOKEN)
+ .setMerchantId("merchant_id")
+ .setTerminalId("terminal_id");
+
+ refreshTokensService.process(request)
+ .subscribe()
+ .withSubscriber(UniAssertSubscriber.create())
+ .assertFailedWith(AuthException.class);
+ }
+
+ /**
+ *
+ * @throws ParseException
+ */
+ @Test
+ void given_refreshToken_when_clientIdIsWrong_then_getFailure() throws ParseException {
+ /*
+ * Setup
+ */
+ Instant now = Instant.now();
+
+ JWSHeader header = new JWSHeader(JWSAlgorithm.RS256, null, null, null, null, null, null, null, null, null, "key_id", true, null, null);
+
+ JWTClaimsSet payload = new JWTClaimsSet.Builder()
+ .subject("subject")
+ .issueTime(new Date(now.toEpochMilli()))
+ .expirationTime(new Date(now.plus(15, ChronoUnit.MINUTES).toEpochMilli()))
+ .claim(ClaimName.ACQUIRER_ID, "acquirer_id")
+ .claim(ClaimName.CHANNEL, "channel")
+ .claim(ClaimName.MERCHANT_ID, "merchant_id")
+ .claim(ClaimName.CLIENT_ID, "client_id")
+ .claim(ClaimName.TERMINAL_ID, "teminal_id")
+ .claim(ClaimName.SCOPE, Scope.OFFLINE_ACCESS)
+ .build();
+
+ SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
+
+ /*
+ * Test
+ */
+ GetAccessTokenRequest request = new GetAccessTokenRequest()
+ .setAcquirerId("acquirer_id")
+ .setChannel("channel")
+ .setClientId("wrong_client_id")
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
@@ -242,7 +464,6 @@ void given_refreshToken_when_tokenIsExpired_then_getFailure() throws ParseExcept
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
/*
* Test
@@ -251,7 +472,7 @@ void given_refreshToken_when_tokenIsExpired_then_getFailure() throws ParseExcept
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
@@ -287,7 +508,6 @@ void given_refreshToken_when_expirationIsNull_then_getFailure() throws ParseExce
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
/*
* Test
@@ -296,7 +516,7 @@ void given_refreshToken_when_expirationIsNull_then_getFailure() throws ParseExce
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
@@ -333,7 +553,6 @@ void given_refreshToken_when_issueTimeIsInTheFuture_then_getFailure() throws Par
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
/*
* Test
@@ -342,7 +561,7 @@ void given_refreshToken_when_issueTimeIsInTheFuture_then_getFailure() throws Par
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
@@ -378,7 +597,6 @@ void given_refreshToken_when_issueIsNull_then_getFailure() throws ParseException
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
/*
* Test
@@ -387,7 +605,7 @@ void given_refreshToken_when_issueIsNull_then_getFailure() throws ParseException
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
@@ -424,7 +642,6 @@ void given_refreshToken_when_algIsWrong_then_getFailure() throws ParseException
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
/*
* Test
@@ -433,7 +650,7 @@ void given_refreshToken_when_algIsWrong_then_getFailure() throws ParseException
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
@@ -470,7 +687,6 @@ void given_refreshToken_when_signatureIsWrong_then_getFailure() throws ParseExce
.build();
SignedJWT refreshToken = new SignedJWT(header.toBase64URL(), payload.toPayload().toBase64URL(), Base64URL.from("AA"));
- String refreshTokenStr = refreshToken.serialize();
when(tokenSigner.verify(any(SignedJWT.class)))
.thenReturn(UniGenerator.exception(AuthErrorCode.WRONG_SIGNATURE, ""));
@@ -482,7 +698,7 @@ void given_refreshToken_when_signatureIsWrong_then_getFailure() throws ParseExce
.setAcquirerId("acquirer_id")
.setChannel("channel")
.setClientId("client_id")
- .setRefreshToken(refreshTokenStr)
+ .setRefreshToken(refreshToken)
.setGrantType(GrantType.REFRESH_TOKEN)
.setMerchantId("merchant_id")
.setTerminalId("terminal_id");
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java
index b89f999e..98e532d6 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java
@@ -140,7 +140,7 @@ void given_userCredentials_when_allGoesOk_then_getAccessToken() throws ParseExce
.with(
response -> {
assertEquals(
- "eyJraWQiOiJrZXlfbmFtZS9rZXlfdmVyc2lvbiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjbGllbnRfaWQiLCJjbGllbnRJZCI6ImNsaWVudF9pZCIsImNoYW5uZWwiOiJjaGFubmVsIiwiaXNzIjoiaHR0cHM6Ly9taWwtYXV0aCIsImdyb3VwcyI6InJvbGUiLCJ0ZXJtaW5hbElkIjoidGVybWluYWxfaWQiLCJhdWQiOiJodHRwczovL21pbCIsIm1lcmNoYW50SWQiOiJtZXJjaGFudF9pZCIsInNjb3BlIjoic2NvcGUiLCJmaXNjYWxDb2RlIjoiZW5jX2Zpc2NhbF9jb2RlIiwiZXhwIjoxNzE3NjUyLCJhY3F1aXJlcklkIjoiYWNxdWlyZXJfaWQiLCJpYXQiOjE3MTc1OTJ9.AA",
+ signedJwt,
response.getAccessToken());
},
f -> fail(f));
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPoyntTokenServiceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPoyntTokenServiceTest.java
deleted file mode 100644
index c7a14179..00000000
--- a/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPoyntTokenServiceTest.java
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- *
- */
-package it.pagopa.swclient.mil.auth.service;
-
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.fail;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
-
-import java.text.ParseException;
-import java.util.List;
-
-import org.eclipse.microprofile.rest.client.inject.RestClient;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.TestInfo;
-
-import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.SignedJWT;
-
-import io.quarkus.test.InjectMock;
-import io.quarkus.test.junit.QuarkusTest;
-import io.smallrye.mutiny.Uni;
-import io.smallrye.mutiny.helpers.test.UniAssertSubscriber;
-import it.pagopa.swclient.mil.auth.bean.GetAccessTokenRequest;
-import it.pagopa.swclient.mil.auth.bean.GrantType;
-import it.pagopa.swclient.mil.auth.client.PoyntClient;
-import it.pagopa.swclient.mil.auth.dao.ClientEntity;
-import it.pagopa.swclient.mil.auth.dao.SetOfRolesEntity;
-import it.pagopa.swclient.mil.auth.dao.UserRepository;
-import it.pagopa.swclient.mil.auth.qualifier.PoyntToken;
-import it.pagopa.swclient.mil.auth.util.AuthError;
-import it.pagopa.swclient.mil.auth.util.AuthException;
-import it.pagopa.swclient.mil.auth.util.UniGenerator;
-import jakarta.inject.Inject;
-import jakarta.ws.rs.WebApplicationException;
-import jakarta.ws.rs.core.Response;
-import jakarta.ws.rs.core.Response.Status;
-
-/**
- *
- * @author Antonio Tarricone
- */
-@QuarkusTest
-class TokenByPoyntTokenServiceTest {
- /*
- *
- */
- @Inject
- @PoyntToken
- TokenByPoyntTokenService tokenByPoyntTokenService;
-
- /*
- *
- */
- @InjectMock
- UserRepository repository;
-
- /*
- *
- */
- @InjectMock
- ClientVerifier clientVerifier;
-
- /*
- *
- */
- @InjectMock
- RolesFinder roleFinder;
-
- /*
- *
- */
- @InjectMock
- TokenSigner tokenSigner;
-
- /*
- *
- */
- @InjectMock
- @RestClient
- PoyntClient poyntClient;
-
- /**
- *
- * @param testInfo
- */
- @BeforeEach
- void init(TestInfo testInfo) {
- String frame = "*".repeat(testInfo.getDisplayName().length() + 11);
- System.out.println(frame);
- System.out.printf("* %s: START *%n", testInfo.getDisplayName());
- System.out.println(frame);
- }
-
- /**
- *
- */
- @Test
- void given_poyntToken_when_getBusinessObjectReturns401_then_getFailure() {
- /*
- * Setup
- */
- when(poyntClient.getBusinessObject("Bearer poynt_token", "business_id"))
- .thenReturn(UniGenerator.item(Response.status(Status.UNAUTHORIZED).build()));
-
- /*
- * Test
- */
- GetAccessTokenRequest request = new GetAccessTokenRequest()
- .setAcquirerId("acquirer_id")
- .setChannel("channel")
- .setClientId("client_id")
- .setGrantType(GrantType.POYNT_TOKEN)
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setExtToken("poynt_token")
- .setAddData("business_id");
-
- tokenByPoyntTokenService.process(request)
- .subscribe()
- .withSubscriber(UniAssertSubscriber.create())
- .assertFailedWith(AuthException.class);
- }
-
- /**
- *
- */
- @Test
- void given_poyntToken_when_getBusinessObjectReturnsWebApplicationException_then_getFailure() {
- /*
- * Setup
- */
- when(poyntClient.getBusinessObject("Bearer poynt_token", "business_id"))
- .thenReturn(Uni.createFrom().failure(new WebApplicationException(401)));
-
- /*
- * Test
- */
- GetAccessTokenRequest request = new GetAccessTokenRequest()
- .setAcquirerId("acquirer_id")
- .setChannel("channel")
- .setClientId("client_id")
- .setGrantType(GrantType.POYNT_TOKEN)
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setExtToken("poynt_token")
- .setAddData("business_id");
-
- tokenByPoyntTokenService.process(request)
- .subscribe()
- .withSubscriber(UniAssertSubscriber.create())
- .assertFailedWith(AuthException.class);
- }
-
- /**
- *
- */
- @Test
- void given_poyntToken_when_getBusinessObjectReturnsUnhandledException_then_getFailure() {
- /*
- * Setup
- */
- when(poyntClient.getBusinessObject("Bearer poynt_token", "business_id"))
- .thenReturn(Uni.createFrom().failure(new Exception("synthetic_exception")));
-
- /*
- * Test
- */
- GetAccessTokenRequest request = new GetAccessTokenRequest()
- .setAcquirerId("acquirer_id")
- .setChannel("channel")
- .setClientId("client_id")
- .setGrantType(GrantType.POYNT_TOKEN)
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setExtToken("poynt_token")
- .setAddData("business_id");
-
- tokenByPoyntTokenService.process(request)
- .subscribe()
- .withSubscriber(UniAssertSubscriber.create())
- .assertFailedWith(AuthError.class);
- }
-
- /**
- *
- * @throws ParseException
- */
- @Test
- void given_poyntToken_when_allGoesOk_then_getAccessToken() throws ParseException {
- /*
- * Setup
- */
- when(poyntClient.getBusinessObject("Bearer poynt_token", "business_id"))
- .thenReturn(UniGenerator.item(Response.ok().build()));
-
- when(clientVerifier.verify("client_id", "channel", null))
- .thenReturn(UniGenerator.item(new ClientEntity()));
-
- when(roleFinder.findRoles("acquirer_id", "channel", "client_id", "merchant_id", "terminal_id"))
- .thenReturn(UniGenerator.item(new SetOfRolesEntity()
- .setRoles(List.of("role"))));
-
- SignedJWT signedJwt = SignedJWT.parse("eyJraWQiOiJrZXlfbmFtZS9rZXlfdmVyc2lvbiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjbGllbnRfaWQiLCJjbGllbnRJZCI6ImNsaWVudF9pZCIsImNoYW5uZWwiOiJjaGFubmVsIiwiaXNzIjoiaHR0cHM6Ly9taWwtYXV0aCIsImdyb3VwcyI6InJvbGUiLCJ0ZXJtaW5hbElkIjoidGVybWluYWxfaWQiLCJhdWQiOiJodHRwczovL21pbCIsIm1lcmNoYW50SWQiOiJtZXJjaGFudF9pZCIsInNjb3BlIjoic2NvcGUiLCJmaXNjYWxDb2RlIjoiZW5jX2Zpc2NhbF9jb2RlIiwiZXhwIjoxNzE3NjUyLCJhY3F1aXJlcklkIjoiYWNxdWlyZXJfaWQiLCJpYXQiOjE3MTc1OTJ9.AA");
-
- when(tokenSigner.sign(any(JWTClaimsSet.class)))
- .thenReturn(UniGenerator.item(signedJwt));
-
- /*
- * Test
- */
- GetAccessTokenRequest request = new GetAccessTokenRequest()
- .setAcquirerId("acquirer_id")
- .setChannel("channel")
- .setClientId("client_id")
- .setGrantType(GrantType.POYNT_TOKEN)
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setExtToken("poynt_token")
- .setAddData("business_id");
-
- tokenByPoyntTokenService.process(request)
- .subscribe()
- .with(
- response -> {
- assertEquals(
- "eyJraWQiOiJrZXlfbmFtZS9rZXlfdmVyc2lvbiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjbGllbnRfaWQiLCJjbGllbnRJZCI6ImNsaWVudF9pZCIsImNoYW5uZWwiOiJjaGFubmVsIiwiaXNzIjoiaHR0cHM6Ly9taWwtYXV0aCIsImdyb3VwcyI6InJvbGUiLCJ0ZXJtaW5hbElkIjoidGVybWluYWxfaWQiLCJhdWQiOiJodHRwczovL21pbCIsIm1lcmNoYW50SWQiOiJtZXJjaGFudF9pZCIsInNjb3BlIjoic2NvcGUiLCJmaXNjYWxDb2RlIjoiZW5jX2Zpc2NhbF9jb2RlIiwiZXhwIjoxNzE3NjUyLCJhY3F1aXJlcklkIjoiYWNxdWlyZXJfaWQiLCJpYXQiOjE3MTc1OTJ9.AA",
- response.getAccessToken());
- },
- f -> fail(f));
- }
-}
\ No newline at end of file
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/validation/constraints/ValidatorTest.java b/src/test/java/it/pagopa/swclient/mil/auth/validation/constraints/ValidatorTest.java
index 7c83d6f4..a0e138bb 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/validation/constraints/ValidatorTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/validation/constraints/ValidatorTest.java
@@ -8,10 +8,15 @@
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
+import java.text.ParseException;
+
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
+import com.nimbusds.jwt.SignedJWT;
+
import io.quarkus.test.junit.QuarkusTest;
import it.pagopa.swclient.mil.auth.bean.GetAccessTokenRequest;
import it.pagopa.swclient.mil.auth.bean.GrantType;
@@ -23,6 +28,20 @@
*/
@QuarkusTest
class ValidatorTest {
+ /*
+ *
+ */
+ private static SignedJWT refreshToken;
+
+ /**
+ *
+ * @throws ParseException
+ */
+ @BeforeAll
+ static void setup() throws ParseException {
+ refreshToken = SignedJWT.parse("eyJraWQiOiIzOGE1ZDA4ZGM4NzU0MGVhYjc3ZGViNGQ5ZWFiMjM4MC8zNzExY2U3NWFiYmI0MWM5YmZhOTEwMzM0Y2FiMDMzZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0NTg1NjI1LzI4NDA1ZkhmazczeDg4RC8wMTIzNDU2NyIsImF1ZCI6Im1pbC5wYWdvcGEuaXQiLCJjbGllbnRJZCI6IjUyNTRmMDg3LTEyMTQtNDVjZC05NGFlLWZkYTUzYzgzNTE5NyIsIm1lcmNoYW50SWQiOiIyODQwNWZIZms3M3g4OEQiLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwiY2hhbm5lbCI6IlBPUyIsImlzcyI6Imh0dHBzOi8vbWlsLWQtYXBpbS5henVyZS1hcGkubmV0L21pbC1hdXRoIiwidGVybWluYWxJZCI6IjAxMjM0NTY3IiwiZXhwIjoxNzM1OTEwMTcxLCJhY3F1aXJlcklkIjoiNDU4NTYyNSIsImlhdCI6MTczNTkwNjU3MX0.Ztu8SlQCjXErum9xRsqUMOd0ucGvfeKhDHAjR3lzo9KV0KiRdy8RckcR-Zg6Yt1Pu4jIl59xlMIE0KZFoHBTFqIzJp0h6HiSvvus8fArJ6Fu5YfMmtOoq9yEkw1GfBWHiYXt-y4LMw9gfus5DA2fEttY6kQVK7mznDUL3eGzTM2OSQlS3rrrnJUuxVR_8RsS1bYVpsUmu36W0Uf0Jd49GvnuqCKakJpr4rzcyvt358NVWrNH4Qqtjg4dCAyXPkM_MHez4XtaMXRh6O8UkOym9DI9n7zkmkkmx-ZccHDkAMmsGJKwviaIMVyrQJ2S3RXzAbcXZS13nb3djskN-3XC5Q");
+ }
+
/**
*
* @param testInfo
@@ -48,8 +67,6 @@ void given_grantTypePasswordAndChannelPos_when_allIsOk_then_getValid() {
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -66,8 +83,6 @@ void given_grantTypePasswordAndChannelPos_when_acquirerIdIsNull_then_getNotValid
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -84,8 +99,6 @@ void given_grantTypePasswordAndChannelPos_when_merchantIdIsNull_then_getNotValid
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -102,8 +115,6 @@ void given_grantTypePasswordAndChannelPos_when_terminalIdIsNull_then_getNotValid
.setMerchantId("merchant_id")
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -120,8 +131,6 @@ void given_grantTypePasswordAndChannelPos_when_clientSecretIsNotNull_then_getNot
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -129,7 +138,7 @@ void given_grantTypePasswordAndChannelPos_when_clientSecretIsNotNull_then_getNot
}
@Test
- void given_grantTypePasswordAndChannelPos_when_extTokenIsNotNull_then_getNotValid() {
+ void given_grantTypePasswordAndChannelPos_when_refreshTokenIsNotNull_then_getNotValid() throws ParseException {
assertFalse(new Validator()
.isValid(new GetAccessTokenRequest()
.setGrantType(GrantType.PASSWORD)
@@ -138,45 +147,7 @@ void given_grantTypePasswordAndChannelPos_when_extTokenIsNotNull_then_getNotVali
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername("username")
- .setPassword("password"),
- null));
- }
-
- @Test
- void given_grantTypePasswordAndChannelPos_when_addDataIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.PASSWORD)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken(null)
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername("username")
- .setPassword("password"),
- null));
- }
-
- @Test
- void given_grantTypePasswordAndChannelPos_when_refreshTokenIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.PASSWORD)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(SignedJWT.parse("eyJraWQiOiIzOGE1ZDA4ZGM4NzU0MGVhYjc3ZGViNGQ5ZWFiMjM4MC8zNzExY2U3NWFiYmI0MWM5YmZhOTEwMzM0Y2FiMDMzZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0NTg1NjI1LzI4NDA1ZkhmazczeDg4RC8wMTIzNDU2NyIsImF1ZCI6Im1pbC5wYWdvcGEuaXQiLCJjbGllbnRJZCI6IjUyNTRmMDg3LTEyMTQtNDVjZC05NGFlLWZkYTUzYzgzNTE5NyIsIm1lcmNoYW50SWQiOiIyODQwNWZIZms3M3g4OEQiLCJzY29wZSI6Im9mZmxpbmVfYWNjZXNzIiwiY2hhbm5lbCI6IlBPUyIsImlzcyI6Imh0dHBzOi8vbWlsLWQtYXBpbS5henVyZS1hcGkubmV0L21pbC1hdXRoIiwidGVybWluYWxJZCI6IjAxMjM0NTY3IiwiZXhwIjoxNzM1OTEwMTcxLCJhY3F1aXJlcklkIjoiNDU4NTYyNSIsImlhdCI6MTczNTkwNjU3MX0.Ztu8SlQCjXErum9xRsqUMOd0ucGvfeKhDHAjR3lzo9KV0KiRdy8RckcR-Zg6Yt1Pu4jIl59xlMIE0KZFoHBTFqIzJp0h6HiSvvus8fArJ6Fu5YfMmtOoq9yEkw1GfBWHiYXt-y4LMw9gfus5DA2fEttY6kQVK7mznDUL3eGzTM2OSQlS3rrrnJUuxVR_8RsS1bYVpsUmu36W0Uf0Jd49GvnuqCKakJpr4rzcyvt358NVWrNH4Qqtjg4dCAyXPkM_MHez4XtaMXRh6O8UkOym9DI9n7zkmkkmx-ZccHDkAMmsGJKwviaIMVyrQJ2S3RXzAbcXZS13nb3djskN-3XC5Q"))
.setUsername("username")
.setPassword("password"),
null));
@@ -192,8 +163,6 @@ void given_grantTypePasswordAndChannelPos_when_usernameIsNotNull_then_getNotVali
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword("password"),
@@ -210,8 +179,6 @@ void given_grantTypePasswordAndChannelPos_when_passwordIsNotNull_then_getNotVali
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword(null),
@@ -231,9 +198,7 @@ void given_grantTypeRefreshTokenAndChannelPos_when_allIsOk_then_getValid() {
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -250,9 +215,7 @@ void given_grantTypeRefreshTokenAndChannelPos_when_acquirerIdIsNull_then_getNotV
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -269,9 +232,7 @@ void given_grantTypeRefreshTokenAndChannelPos_when_merchantIdIsNull_then_getNotV
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -288,9 +249,7 @@ void given_grantTypeRefreshTokenAndChannelPos_when_terminalIdIsNull_then_getNotV
.setMerchantId("merchant_id")
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -307,47 +266,7 @@ void given_grantTypeRefreshTokenAndChannelPos_when_clientSecretIsNotNull_then_ge
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeRefreshTokenAndChannelPos_when_extTokenIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.REFRESH_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken("refresh_token")
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeRefreshTokenAndChannelPos_when_addDataIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.REFRESH_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken(null)
- .setAddData("add_data")
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -364,8 +283,6 @@ void given_grantTypeRefreshTokenAndChannelPos_when_refreshTokenIsNull_then_getNo
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -383,9 +300,7 @@ void given_grantTypeRefreshTokenAndChannelPos_when_usernameIsNotNull_then_getNot
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername("username")
.setPassword(null)
.setScope(null),
@@ -402,9 +317,7 @@ void given_grantTypeRefreshTokenAndChannelPos_when_passwordIsNotNull_then_getNot
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword("password")
.setScope(null),
@@ -421,198 +334,13 @@ void given_grantTypeRefreshTokenAndChannelPos_when_scopeIsNotNull_then_getNotVal
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope("scope"),
null));
}
- /*
- * GRANT TYPE = POYNT TOKEN + CHANNEL = POS
- */
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_allIsOk_then_getValid() {
- assertTrue(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_acquirerIdIsNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId(null)
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_merchantIdIsNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId(null)
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_terminalIdIsNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId(null)
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_clientSecretIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret("client_secret")
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_extTokenIsNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken(null)
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_addDataIsNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_refreshTokenIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken("refresh_token")
- .setUsername(null)
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_usernameIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername("username")
- .setPassword(null),
- null));
- }
-
- @Test
- void given_grantTypePoyntTokenAndChannelPos_when_passwordIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.POYNT_TOKEN)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData("add_data")
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword("password"),
- null));
- }
-
/*
* GRANT TYPE = CLIENT CREDENTIALS + CHANNEL = ATM
*/
@@ -626,8 +354,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_allIsOk_then_getValid() {
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -645,8 +371,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_acquirerIdIsNull_then_get
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -664,8 +388,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_merchantIdIsNotNull_then_
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -683,8 +405,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_terminalIdIsNull_then_get
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -702,46 +422,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_clientSecretIsNull_then_g
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeClientCredetialsAndChannelAtm_when_extTokenIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.CLIENT_CREDENTIALS)
- .setChannel(Channel.ATM)
- .setAcquirerId("acquirer_id")
- .setMerchantId(null)
- .setTerminalId("terminal_id")
- .setClientSecret("client_secret")
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeClientCredetialsAndChannelAtm_when_addDataIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.CLIENT_CREDENTIALS)
- .setChannel(Channel.ATM)
- .setAcquirerId("acquirer_id")
- .setMerchantId(null)
- .setTerminalId("terminal_id")
- .setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData("add_data")
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -759,9 +439,7 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_refreshTokenIsNotNull_the
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -778,8 +456,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_usernameIsNotNull_then_ge
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword(null)
@@ -797,8 +473,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_passwordIsNotNull_then_ge
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword("password")
@@ -816,8 +490,6 @@ void given_grantTypeClientCredetialsAndChannelAtm_when_scopeIsNotNull_then_getNo
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -838,8 +510,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_allIsOk_then_getValid() {
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -857,8 +527,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_acquirerIdIsNull_then_get
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -876,8 +544,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_merchantIdIsNull_then_get
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -895,8 +561,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_terminalIdIsNull_then_get
.setMerchantId("merchant_id")
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -914,46 +578,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_clientSecretdIsNull_then_
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeClientCredetialsAndChannelPos_when_extTokenIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.CLIENT_CREDENTIALS)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret("client_secret")
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeClientCredetialsAndChannelPos_when_addDataIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.CLIENT_CREDENTIALS)
- .setChannel(Channel.POS)
- .setAcquirerId("acquirer_id")
- .setMerchantId("merchant_id")
- .setTerminalId("terminal_id")
- .setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData("add_data")
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -971,9 +595,7 @@ void given_grantTypeClientCredetialsAndChannelPos_when_refreshTokenIsNotNull_the
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -990,8 +612,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_usernameIsNotNull_then_ge
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword(null)
@@ -1009,8 +629,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_passwordIsNotNull_then_ge
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword("password")
@@ -1028,8 +646,6 @@ void given_grantTypeClientCredetialsAndChannelPos_when_scopeIsNotNull_then_getNo
.setMerchantId("merchant_id")
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -1050,8 +666,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_allIsOk_then_getValid()
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -1069,8 +683,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_acquirerIdIsNotNull_then
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -1088,8 +700,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_merchantIdIsNotNull_then
.setMerchantId("merchant_id")
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -1107,8 +717,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_terminalIdIsNotNull_then
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -1126,46 +734,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_clientSecretIsNull_then_
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeClientCredetialsAndChannelNull_when_extTokenIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.CLIENT_CREDENTIALS)
- .setChannel(null)
- .setAcquirerId(null)
- .setMerchantId(null)
- .setTerminalId(null)
- .setClientSecret("client_secret")
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeClientCredetialsAndChannelNull_when_addDataIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.CLIENT_CREDENTIALS)
- .setChannel(null)
- .setAcquirerId(null)
- .setMerchantId(null)
- .setTerminalId(null)
- .setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData("add_data")
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -1183,9 +751,7 @@ void given_grantTypeClientCredetialsAndChannelNull_when_refreshTokenIsNotNull_th
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -1202,8 +768,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_usernameIsNotNull_then_g
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword(null)
@@ -1221,8 +785,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_passwordIsNotNull_then_g
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword("password")
@@ -1240,8 +802,6 @@ void given_grantTypeClientCredetialsAndChannelNull_when_scopeIsNotNull_then_getN
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
@@ -1262,8 +822,6 @@ void given_grantTypePasswordAndChannelNull_when_allIsOk_then_getValid() {
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -1280,8 +838,6 @@ void given_grantTypePasswordAndChannelNull_when_acquirerIdIsNotNull_then_getNotV
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -1298,8 +854,6 @@ void given_grantTypePasswordAndChannelNull_when_merchantIdIsNotNull_then_getNotV
.setMerchantId("merchant_id")
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -1316,8 +870,6 @@ void given_grantTypePasswordAndChannelNull_when_terminalIdIsNotNull_then_getNotV
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -1334,44 +886,6 @@ void given_grantTypePasswordAndChannelNull_when_clientSecretIsNotNull_then_getNo
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername("username")
- .setPassword("password"),
- null));
- }
-
- @Test
- void given_grantTypePasswordAndChannelNull_when_extTokentIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.PASSWORD)
- .setChannel(null)
- .setAcquirerId(null)
- .setMerchantId(null)
- .setTerminalId(null)
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken(null)
- .setUsername("username")
- .setPassword("password"),
- null));
- }
-
- @Test
- void given_grantTypePasswordAndChannelNull_when_addDataIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.PASSWORD)
- .setChannel(null)
- .setAcquirerId(null)
- .setMerchantId(null)
- .setTerminalId(null)
- .setClientSecret(null)
- .setExtToken(null)
- .setAddData("add_data")
.setRefreshToken(null)
.setUsername("username")
.setPassword("password"),
@@ -1388,9 +902,7 @@ void given_grantTypePasswordAndChannelNull_when_refreshTokenIsNotNull_then_getNo
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername("username")
.setPassword("password"),
null));
@@ -1406,8 +918,6 @@ void given_grantTypePasswordAndChannelNull_when_usernameIsNull_then_getNotValid(
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword("password"),
@@ -1424,8 +934,6 @@ void given_grantTypePasswordAndChannelNull_when_passwordIsNull_then_getNotValid(
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername("username")
.setPassword(null),
@@ -1445,9 +953,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_allIsOk_then_getValid() {
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -1464,9 +970,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_acquirerIdIsNotNull_then_get
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -1483,9 +987,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_merchsntIdIsNotNull_then_get
.setMerchantId("merchant_id")
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -1502,9 +1004,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_terminalIdIsNotNull_then_get
.setMerchantId(null)
.setTerminalId("terminal_id")
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -1521,47 +1021,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_clientSecretIsNotNull_then_g
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret("client_secret")
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeRefreshTokenAndChannelNull_when_extTokenIsNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.REFRESH_TOKEN)
- .setChannel(null)
- .setAcquirerId(null)
- .setMerchantId(null)
- .setTerminalId(null)
- .setClientSecret(null)
- .setExtToken("ext_token")
- .setAddData(null)
- .setRefreshToken("refresh_token")
- .setUsername(null)
- .setPassword(null)
- .setScope(null),
- null));
- }
-
- @Test
- void given_grantTypeRefreshTokenAndChannelNull_when_addDatasNotNull_then_getNotValid() {
- assertFalse(new Validator()
- .isValid(new GetAccessTokenRequest()
- .setGrantType(GrantType.REFRESH_TOKEN)
- .setChannel(null)
- .setAcquirerId(null)
- .setMerchantId(null)
- .setTerminalId(null)
- .setClientSecret(null)
- .setExtToken(null)
- .setAddData("add_data")
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope(null),
@@ -1578,9 +1038,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_usernamerIsNotNull_then_getN
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername("username")
.setPassword(null)
.setScope(null),
@@ -1597,9 +1055,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_passwordNotNull_then_getNotV
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword("password")
.setScope(null),
@@ -1616,15 +1072,13 @@ void given_grantTypeRefreshTokenAndChannelNull_when_refreshTokenIsNull_then_getN
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
.setRefreshToken(null)
.setUsername(null)
.setPassword(null)
.setScope(null),
null));
}
-
+
@Test
void given_grantTypeRefreshTokenAndChannelNull_when_scopeIsNotNull_then_getNotValid() {
assertFalse(new Validator()
@@ -1635,9 +1089,7 @@ void given_grantTypeRefreshTokenAndChannelNull_when_scopeIsNotNull_then_getNotVa
.setMerchantId(null)
.setTerminalId(null)
.setClientSecret(null)
- .setExtToken(null)
- .setAddData(null)
- .setRefreshToken("refresh_token")
+ .setRefreshToken(refreshToken)
.setUsername(null)
.setPassword(null)
.setScope("scope"),