From 51aef47284b5ad7cf07f78d46915af5d23444396 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri <47152272+mpmadhavig@users.noreply.github.com> Date: Wed, 28 Aug 2024 11:19:05 +0530 Subject: [PATCH] Revert "Use application tenant domain to retrieve client app" --- .../validators/TokenValidationHandler.java | 16 ++-- .../TokenValidationHandlerTest.java | 73 +++++++++++-------- 2 files changed, 52 insertions(+), 37 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java index 83077bfa35..ae0c6d9d0f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java @@ -31,10 +31,13 @@ import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; +import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl; import org.wso2.carbon.identity.oauth.common.OAuthConstants; import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException; import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; import org.wso2.carbon.identity.oauth.dao.OAuthAppDO; +import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; +import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder; import org.wso2.carbon.identity.oauth.tokenprocessor.TokenProvider; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.OAuth2Constants; @@ -679,20 +682,17 @@ private static boolean isOmitUsernameInIntrospectionRespForAppTokens(AccessToken String tenantDomain) throws IdentityOAuth2Exception { + OAuthAdminServiceImpl oAuthAdminService = OAuthComponentServiceHolder.getInstance().getoAuthAdminService(); + boolean omitUsernameInIntrospectionRespForAppTokens; try { - int appResidentTenantId = accessTokenDO.getAppResidentTenantId(); - if (appResidentTenantId != MultitenantConstants.INVALID_TENANT_ID) { - tenantDomain = IdentityTenantUtil.getTenantDomain(appResidentTenantId); - } - OAuthAppDO oAuthAppDO = OAuth2Util.getAppInformationByClientId(accessTokenDO.getConsumerKey(), + OAuthConsumerAppDTO oAuthApp = oAuthAdminService.getOAuthApplicationData(accessTokenDO.getConsumerKey(), tenantDomain); - - return Boolean.TRUE.equals(oAuthAppDO.isOmitUsernameInIntrospectionRespForAppTokens()); - + omitUsernameInIntrospectionRespForAppTokens = oAuthApp.isOmitUsernameInIntrospectionRespForAppTokens(); } catch (Exception e) { throw new IdentityOAuth2Exception("Error occurred while retrieving OAuth2 application data for client id:" + accessTokenDO.getConsumerKey(), e); } + return omitUsernameInIntrospectionRespForAppTokens; } private String getAuthzUser(AccessTokenDO accessTokenDO) throws IdentityOAuth2Exception { diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandlerTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandlerTest.java index 97c74b7020..fb5b69cf90 100644 --- a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandlerTest.java +++ b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandlerTest.java @@ -44,9 +44,11 @@ import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; +import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl; import org.wso2.carbon.identity.oauth.cache.AppInfoCache; import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; import org.wso2.carbon.identity.oauth.dao.OAuthAppDO; +import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder; import org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor; import org.wso2.carbon.identity.oauth.tokenprocessor.TokenProvider; @@ -140,6 +142,12 @@ public class TokenValidationHandlerTest { private IdentityProvider identityProvider; @Mock private FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig(); + @Mock + OAuthComponentServiceHolder mockOAuthComponentServiceHolder; + @Mock + OAuthConsumerAppDTO mockedOAuthConsumerAppDTO; + @Mock + OAuthAdminServiceImpl mockedOAuthAdminService; private MockedStatic loggerUtils; @BeforeMethod @@ -300,7 +308,6 @@ public void testBuildIntrospectionResponse(boolean isIDPIdColumnEnabled, String tokenBinding.setBindingReference("test_binding_reference"); tokenBinding.setBindingValue("R4Hj_0nNdIzVvPdCdsWlxNKm6a74cszp4Za4M1iE8P9"); accessTokenDO.setTokenBinding(tokenBinding); - accessTokenDO.setAppResidentTenantId(-1234); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain("carbon.super"); TokenProvider tokenProvider = Mockito.mock(TokenProvider.class); @@ -320,38 +327,46 @@ public void testBuildIntrospectionResponse(boolean isIDPIdColumnEnabled, String OAuthAppDO oAuthAppDO = new OAuthAppDO(); oAuthAppDO.setTokenType("Default"); oAuthAppDO.setApplicationName("testApp"); - oAuthAppDO.setOmitUsernameInIntrospectionRespForAppTokens(omitUsernameInIntrospectionRespAppConfig); AppInfoCache appInfoCache = AppInfoCache.getInstance(); appInfoCache.addToCache("testConsumerKey", oAuthAppDO); oAuth2TokenValidationRequestDTO.setAccessToken(accessToken); - oAuth2Util.when(() -> OAuth2Util.getAppInformationByClientId(anyString(), anyString())) - .thenReturn(oAuthAppDO); - // Mock server level config value. - when(OAuthServerConfiguration.getInstance()).thenReturn(mockOAuthServerConfiguration); - lenient().when(mockOAuthServerConfiguration - .isRemoveUsernameFromIntrospectionResponseForAppTokensEnabled()) - .thenReturn(omitUsernameInIntrospectionRespServerConfig); - - oAuth2Util.when(OAuth2Util::getPersistenceProcessor) - .thenReturn(new PlainTextPersistenceProcessor()); - oAuth2Util.when(() -> OAuth2Util.getAppInformationByAccessTokenDO(any())).thenReturn(oAuthAppDO); - oAuth2Util.when(() -> OAuth2Util.getAccessTokenExpireMillis(any(), Mockito.anyBoolean())) - .thenReturn(1000L); - - OAuth2IntrospectionResponseDTO oAuth2IntrospectionResponseDTO = tokenValidationHandler - .buildIntrospectionResponse(oAuth2TokenValidationRequestDTO); - assertNotNull(oAuth2IntrospectionResponseDTO); - assertEquals(oAuth2IntrospectionResponseDTO.getBindingType(), - OAuth2Constants.TokenBinderType.CERTIFICATE_BASED_TOKEN_BINDER); - assertEquals(oAuth2IntrospectionResponseDTO.getBindingReference(), "test_binding_reference"); - assertEquals(oAuth2IntrospectionResponseDTO.getCnfBindingValue(), - "R4Hj_0nNdIzVvPdCdsWlxNKm6a74cszp4Za4M1iE8P9"); - if (omitUsernameInIntrospectionRespAppConfig && omitUsernameInIntrospectionRespServerConfig && - Objects.equals(tokenTypeData, "APPLICATION")) { - assertNull(oAuth2IntrospectionResponseDTO.getUsername()); - } else { - assertEquals(oAuth2IntrospectionResponseDTO.getUsername(), authzUser.getUserName()); + try (MockedStatic oAuthComponentServiceHolder = + mockStatic(OAuthComponentServiceHolder.class)) { + when(OAuthComponentServiceHolder.getInstance()).thenReturn(mockOAuthComponentServiceHolder); + lenient().when(mockOAuthComponentServiceHolder.getoAuthAdminService()) + .thenReturn(mockedOAuthAdminService); + lenient().when(mockedOAuthAdminService.getOAuthApplicationData(anyString(), anyString())) + .thenReturn(mockedOAuthConsumerAppDTO); + lenient().when(mockedOAuthConsumerAppDTO.isOmitUsernameInIntrospectionRespForAppTokens()) + .thenReturn(omitUsernameInIntrospectionRespAppConfig); + + // Mock server level config value. + when(OAuthServerConfiguration.getInstance()).thenReturn(mockOAuthServerConfiguration); + lenient().when(mockOAuthServerConfiguration + .isRemoveUsernameFromIntrospectionResponseForAppTokensEnabled()) + .thenReturn(omitUsernameInIntrospectionRespServerConfig); + + oAuth2Util.when(OAuth2Util::getPersistenceProcessor) + .thenReturn(new PlainTextPersistenceProcessor()); + oAuth2Util.when(() -> OAuth2Util.getAppInformationByAccessTokenDO(any())).thenReturn(oAuthAppDO); + oAuth2Util.when(() -> OAuth2Util.getAccessTokenExpireMillis(any(), Mockito.anyBoolean())) + .thenReturn(1000L); + + OAuth2IntrospectionResponseDTO oAuth2IntrospectionResponseDTO = tokenValidationHandler + .buildIntrospectionResponse(oAuth2TokenValidationRequestDTO); + assertNotNull(oAuth2IntrospectionResponseDTO); + assertEquals(oAuth2IntrospectionResponseDTO.getBindingType(), + OAuth2Constants.TokenBinderType.CERTIFICATE_BASED_TOKEN_BINDER); + assertEquals(oAuth2IntrospectionResponseDTO.getBindingReference(), "test_binding_reference"); + assertEquals(oAuth2IntrospectionResponseDTO.getCnfBindingValue(), + "R4Hj_0nNdIzVvPdCdsWlxNKm6a74cszp4Za4M1iE8P9"); + if (omitUsernameInIntrospectionRespAppConfig && omitUsernameInIntrospectionRespServerConfig && + Objects.equals(tokenTypeData, "APPLICATION")) { + assertNull(oAuth2IntrospectionResponseDTO.getUsername()); + } else { + assertEquals(oAuth2IntrospectionResponseDTO.getUsername(), authzUser.getUserName()); + } } } }