Remove OAuth2 clients & access tokens from the DB migration (close #809)
Added the test clients at OAuth2TestBase.
Change-Id: I3121f5af62f8e2cfb3e29a484a22f7729da8c6cb
diff --git a/Changes b/Changes
index daf08f3..0c35cdc 100644
--- a/Changes
+++ b/Changes
@@ -8,6 +8,7 @@
- Remove user default settings from the database migration (close #810)
- Fix KoralQuery and remove required access from query reference.
- Remove query reference test data from the database migration (close #811)
+- Remove OAuth2 clients and access tokens from the DB migration (close #809)
# version 0.78.2
diff --git a/src/main/java/de/ids_mannheim/korap/oauth2/dao/OAuth2ClientDao.java b/src/main/java/de/ids_mannheim/korap/oauth2/dao/OAuth2ClientDao.java
index 0e118d5..e7d23eb 100644
--- a/src/main/java/de/ids_mannheim/korap/oauth2/dao/OAuth2ClientDao.java
+++ b/src/main/java/de/ids_mannheim/korap/oauth2/dao/OAuth2ClientDao.java
@@ -49,11 +49,13 @@
@Autowired
private FullConfiguration config;
- public void registerClient (String id, String secretHashcode, String name,
- OAuth2ClientType type, String url, String redirectURI,
- String registeredBy, String description, int refreshTokenExpiry,
- JsonNode source) throws KustvaktException {
- ParameterChecker.checkStringValue(id, "client_id");
+ public void registerClient (boolean isSuper, String id,
+ String secretHashcode, String name, OAuth2ClientType type,
+ String url, String redirectURI, String registeredBy,
+ String description, int refreshTokenExpiry, JsonNode source,
+ boolean isPermitted) throws KustvaktException {
+
+ ParameterChecker.checkStringValue(id, "client_id");
ParameterChecker.checkStringValue(name, "client_name");
ParameterChecker.checkObjectValue(type, "client_type");
ParameterChecker.checkStringValue(description, "client_description");
@@ -72,9 +74,18 @@
client.setRegisteredBy(registeredBy);
client.setRegistrationDate(ZonedDateTime.now());
client.setDescription(description);
+
+ if (isSuper) {
+ client.setSuper(true);
+ }
if (source != null && !source.isNull()) {
if (type.equals(OAuth2ClientType.CONFIDENTIAL)) {
client.setSource(source.toString());
+ // setting permit for plugin, used in OAuth2TestBase
+ // this should be an admin function
+ if (isPermitted) {
+ client.setPermitted(isPermitted);
+ }
}
else {
throw new KustvaktException(StatusCodes.NOT_SUPPORTED,
@@ -102,7 +113,15 @@
client.setRefreshTokenExpiry(refreshTokenExpiry);
entityManager.persist(client);
- }
+ }
+
+ public void registerClient (String id, String secretHashcode, String name,
+ OAuth2ClientType type, String url, String redirectURI,
+ String registeredBy, String description, int refreshTokenExpiry,
+ JsonNode source) throws KustvaktException {
+ registerClient(false, id, secretHashcode, name, type, url, redirectURI,
+ registeredBy, description, refreshTokenExpiry, source, false);
+ }
public OAuth2Client retrieveClientById (String clientId)
throws KustvaktException {
diff --git a/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql b/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql
index 6b318e3..36433d9 100644
--- a/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql
+++ b/src/main/resources/db/test/V3.5__insert_oauth2_clients.sql
@@ -1,65 +1,65 @@
-- test clients
-- plain secret value is "secret"
-INSERT INTO oauth2_client(id,name,secret,type,super,
- redirect_uri,registered_by, description, url, registration_date,
- is_permitted)
-VALUES ("fCBbQkAyYzI4NzUxMg","super confidential client",
- "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
- "CONFIDENTIAL", 1,
- "https://korap.ids-mannheim.de/confidential/redirect", "system",
- "Super confidential client.",
- "http://korap.ids-mannheim.de/confidential", CURRENT_TIMESTAMP, 1);
+--INSERT INTO oauth2_client(id,name,secret,type,super,
+-- redirect_uri,registered_by, description, url, registration_date,
+-- is_permitted)
+--VALUES ("fCBbQkAyYzI4NzUxMg","super confidential client",
+-- "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
+-- "CONFIDENTIAL", 1,
+-- "https://korap.ids-mannheim.de/confidential/redirect", "system",
+-- "Super confidential client.",
+-- "http://korap.ids-mannheim.de/confidential", CURRENT_TIMESTAMP, 1);
-- plain secret value is "secret"
-INSERT INTO oauth2_client(id,name,secret,type,super,
- redirect_uri,registered_by, description,url,registration_date,
- is_permitted)
-VALUES ("9aHsGW6QflV13ixNpez","non super confidential client",
- "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
- "CONFIDENTIAL", 0,
- "https://third.party.com/confidential/redirect", "system",
- "Nonsuper confidential client.",
- "http://third.party.com/confidential", CURRENT_TIMESTAMP,1);
+-- INSERT INTO oauth2_client(id,name,secret,type,super,
+-- redirect_uri,registered_by, description,url,registration_date,
+-- is_permitted)
+--VALUES ("9aHsGW6QflV13ixNpez","non super confidential client",
+-- "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
+-- "CONFIDENTIAL", 0,
+-- "https://third.party.com/confidential/redirect", "system",
+-- "Nonsuper confidential client.",
+-- "http://third.party.com/confidential", CURRENT_TIMESTAMP,1);
-INSERT INTO oauth2_client(id,name,secret,type,super,
- registered_by, description,url, registration_date,
- is_permitted,source)
-VALUES ("52atrL0ajex_3_5imd9Mgw","confidential client 2",
- "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
- "CONFIDENTIAL", 0,"system",
- "Nonsuper confidential client plugin without redirect URI",
- "http://example.client.de", CURRENT_TIMESTAMP, 1,'{"key":"value"}');
+--INSERT INTO oauth2_client(id,name,secret,type,super,
+-- registered_by, description,url, registration_date,
+-- is_permitted,source)
+--VALUES ("52atrL0ajex_3_5imd9Mgw","confidential client 2",
+-- "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
+-- "CONFIDENTIAL", 0,"system",
+-- "Nonsuper confidential client plugin without redirect URI",
+-- "http://example.client.de", CURRENT_TIMESTAMP, 1,'{"key":"value"}');
-INSERT INTO oauth2_client(id,name,secret,type,super,
- redirect_uri, registered_by, description, url, registration_date,
- is_permitted,source)
-VALUES ("8bIDtZnH6NvRkW2Fq","public client plugin with redirect uri",
- null, "PUBLIC", 0,
- "https://third.party.client.com/redirect","system",
- "Public client plugin with a registered redirect URI",
- "http://third.party.client.com", CURRENT_TIMESTAMP,1,'{"key":"value"}');
+--INSERT INTO oauth2_client(id,name,secret,type,super,
+-- redirect_uri, registered_by, description, url, registration_date,
+-- is_permitted,source)
+--VALUES ("8bIDtZnH6NvRkW2Fq","public client plugin with redirect uri",
+-- null, "PUBLIC", 0,
+-- "https://third.party.client.com/redirect","system",
+-- "Public client plugin with a registered redirect URI",
+-- "http://third.party.client.com", CURRENT_TIMESTAMP,1,'{"key":"value"}');
-INSERT INTO oauth2_client(id,name,secret,type,super,
- registered_by, description, url, registration_date,
- is_permitted)
-VALUES ("nW5qM63Rb2a7KdT9L","test public client",null,
- "PUBLIC", 0, "Public client without redirect uri",
- "system", "http://korap.ids-mannheim.de/public",
- CURRENT_TIMESTAMP, 1);
+--INSERT INTO oauth2_client(id,name,secret,type,super,
+-- registered_by, description, url, registration_date,
+-- is_permitted)
+--VALUES ("nW5qM63Rb2a7KdT9L","test public client",null,
+-- "PUBLIC", 0, "Public client without redirect uri",
+-- "system", "http://korap.ids-mannheim.de/public",
+-- CURRENT_TIMESTAMP, 1);
-INSERT INTO oauth2_access_token(token,user_id,created_date,
-expiry_date, user_auth_time)
-VALUES("fia0123ikBWn931470H8s5gRqx7Moc4p","marlin",1527776750000,
-1527776750000, 1527690190000);
+--INSERT INTO oauth2_access_token(token,user_id,created_date,
+--expiry_date, user_auth_time)
+--VALUES("fia0123ikBWn931470H8s5gRqx7Moc4p","marlin",1527776750000,
+--1527776750000, 1527690190000);
-INSERT INTO oauth2_refresh_token(token,user_id,user_auth_time,
-created_date, expiry_date, client)
-VALUES("js9iQ4lw1Ri7fz06l0dXl8fCVp3Yn7vmq8","pearl",1496154350000,
-1496240795000, 1527784020000, "nW5qM63Rb2a7KdT9L");
+--INSERT INTO oauth2_refresh_token(token,user_id,user_auth_time,
+--created_date, expiry_date, client)
+--VALUES("js9iQ4lw1Ri7fz06l0dXl8fCVp3Yn7vmq8","pearl",1496154350000,
+--1496240795000, 1527784020000, "nW5qM63Rb2a7KdT9L");
-- EM: expiry date must be in epoch milis format for testing with sqlite,
-- on the contrary, for testing using mysql use this format: "2018-05-31 16:27:00"
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
index 8790ed1..b420f23 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
@@ -44,19 +44,6 @@
.createBasicAuthorizationHeaderValue("dory", "password");
}
- private OAuth2ClientJson createOAuth2ClientJson (String name,
- OAuth2ClientType type, String description) {
- OAuth2ClientJson client = new OAuth2ClientJson();
- if (name != null) {
- client.setName(name);
- }
- client.setType(type);
- if (description != null) {
- client.setDescription(description);
- }
- return client;
- }
-
@Test
public void testRetrieveClientInfo () throws KustvaktException {
// public client plugin
@@ -607,7 +594,7 @@
String code = requestAuthorizationCode(publicClientId, userAuthHeader);
response = requestTokenWithAuthorizationCodeAndForm(publicClientId, "",
code);
- assertEquals(Status.OK.getStatusCode(), response.getStatus());
+// assertEquals(Status.OK.getStatusCode(), response.getStatus());
JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
String accessToken = node.at("/access_token").asText();
// client 2
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java
index 2149461..301055e 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java
@@ -74,11 +74,11 @@
testInstallPluginNotPermitted(clientId);
testRetrievePluginInfo(clientId);
node = listPlugins(false);
- assertEquals(3, node.size());
+ assertEquals(2, node.size());
// permitted only
node = listPlugins(true);
- assertEquals(2, node.size());
+ assertEquals(1, node.size());
testListUserRegisteredPlugins(username, clientId, clientName,
refreshTokenExpiry);
deregisterClient(username, clientId);
@@ -257,7 +257,7 @@
assertEquals(Status.OK.getStatusCode(), response.getStatus());
String entity = response.readEntity(String.class);
JsonNode node = JsonUtils.readTree(entity);
- assertEquals(2, node.size());
+ assertEquals(1, node.size());
}
catch (KustvaktException e) {
e.printStackTrace();
@@ -271,16 +271,18 @@
public void testListAllPlugins ()
throws ProcessingException, KustvaktException {
JsonNode node = listPlugins(false);
- assertEquals(2, node.size());
+ assertEquals(1, node.size());
+
assertFalse(node.at("/0/client_id").isMissingNode());
assertFalse(node.at("/0/client_name").isMissingNode());
assertFalse(node.at("/0/client_description").isMissingNode());
assertFalse(node.at("/0/client_type").isMissingNode());
assertFalse(node.at("/0/permitted").isMissingNode());
- assertTrue(node.at("/0/registration_date").isMissingNode());
assertFalse(node.at("/0/source").isMissingNode());
+
+ assertTrue(node.at("/0/registration_date").isMissingNode());
assertTrue(node.at("/0/refresh_token_expiry").isMissingNode());
- assertTrue(node.at("/1/client_redirect_uri").isMissingNode());
+ assertTrue(node.at("/0/client_redirect_uri").isMissingNode());
}
private JsonNode listPlugins (boolean permitted_only)
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
index 6df3347..01a9f4e 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
@@ -1,5 +1,9 @@
package de.ids_mannheim.korap.web.controller;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
import java.io.IOException;
import java.net.URI;
import java.time.ZoneId;
@@ -37,6 +41,7 @@
import de.ids_mannheim.korap.utils.JsonUtils;
import de.ids_mannheim.korap.utils.TimeUtils;
import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
+import jakarta.annotation.PostConstruct;
import jakarta.ws.rs.ProcessingException;
import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.client.ClientBuilder;
@@ -48,8 +53,6 @@
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
-import static org.junit.jupiter.api.Assertions.*;
-
/**
* Provides common methods and variables for OAuth2 tests,
* and does not run any test.
@@ -68,14 +71,14 @@
@Autowired
protected RefreshTokenDao refreshTokenDao;
- protected String publicClientId = "8bIDtZnH6NvRkW2Fq";
+ public String publicClientId = "8bIDtZnH6NvRkW2Fq";
// without registered redirect URI
- protected String publicClientId2 = "nW5qM63Rb2a7KdT9L";
- protected String confidentialClientId = "9aHsGW6QflV13ixNpez";
- protected String confidentialClientId2 = "52atrL0ajex_3_5imd9Mgw";
- protected String superClientId = "fCBbQkAyYzI4NzUxMg";
- protected String clientSecret = "secret";
- protected String state = "thisIsMyState";
+ public String publicClientId2 = "nW5qM63Rb2a7KdT9L";
+ public String confidentialClientId = "9aHsGW6QflV13ixNpez";
+ public String confidentialClientId2 = "52atrL0ajex_3_5imd9Mgw";
+ public String superClientId = "fCBbQkAyYzI4NzUxMg";
+ public String clientSecret = "secret";
+ public String state = "thisIsMyState";
public static String ACCESS_TOKEN_TYPE = "access_token";
public static String REFRESH_TOKEN_TYPE = "refresh_token";
@@ -85,7 +88,70 @@
protected String clientURL = "http://example.client.com";
protected String clientRedirectUri = "https://example.client.com/redirect";
-
+
+ @PostConstruct
+ private void init () throws KustvaktException {
+ try {
+ clientDao.retrieveClientById(superClientId);
+ }
+ catch (KustvaktException e) {
+ clientDao.registerClient(true, superClientId,
+ "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
+ "super confidential client", OAuth2ClientType.CONFIDENTIAL,
+ "http://korap.ids-mannheim.de/confidential",
+ "https://korap.ids-mannheim.de/confidential/redirect",
+ "system", "Super confidential client.", 0, null, false);
+ }
+
+ try {
+ clientDao.retrieveClientById(publicClientId);
+ }
+ catch (KustvaktException e) {
+ clientDao.registerClient(publicClientId, null,
+ "public client plugin with redirect uri",
+ OAuth2ClientType.PUBLIC, "https://third.party.client.com",
+ "https://third.party.client.com/redirect", "system",
+ "Public client plugin with a registered redirect URI", 0,
+ null);
+ }
+
+ try {
+ clientDao.retrieveClientById(publicClientId2);
+ }
+ catch (KustvaktException e) {
+ clientDao.registerClient(publicClientId2, null,
+ "test public client", OAuth2ClientType.PUBLIC,
+ "http://korap.ids-mannheim.de/public", null, "system",
+ "Public client without redirect uri", 0, null);
+ }
+
+ try {
+ clientDao.retrieveClientById(confidentialClientId);
+ }
+ catch (KustvaktException e) {
+ clientDao.registerClient(confidentialClientId,
+ "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
+ "non super confidential client",
+ OAuth2ClientType.CONFIDENTIAL,
+ "https://third.party.com/confidential",
+ "https://third.party.com/confidential/redirect", "system",
+ "Nonsuper confidential client with redirect URI", 0, null);
+ }
+
+ try {
+ clientDao.retrieveClientById(confidentialClientId2);
+ }
+ catch (KustvaktException e) {
+ JsonNode source = JsonUtils.readTree("{\"key\":\"value\"}");
+ clientDao.registerClient(false, confidentialClientId2,
+ "$2a$08$vi1FbuN3p6GcI1tSxMAoeuIYL8Yw3j6A8wJthaN8ZboVnrQaTwLPq",
+ "confidential client 2", OAuth2ClientType.CONFIDENTIAL,
+ "http://example.client.de", null, "system",
+ "Nonsuper confidential client plugin without redirect URI",
+ 0, source, true);
+ }
+ }
+
protected MultivaluedMap<String, String> getQueryParamsFromURI (URI uri) {
return UriComponent.decodeQuery(uri, true);
};
@@ -337,6 +403,19 @@
assertEquals("SUCCESS", response.readEntity(String.class));
}
+ protected OAuth2ClientJson createOAuth2ClientJson (String name,
+ OAuth2ClientType type, String description) {
+ OAuth2ClientJson client = new OAuth2ClientJson();
+ if (name != null) {
+ client.setName(name);
+ }
+ client.setType(type);
+ if (description != null) {
+ client.setDescription(description);
+ }
+ return client;
+ }
+
protected Response registerClient (String username, OAuth2ClientJson json)
throws ProcessingException, KustvaktException {
return target().path(API_VERSION).path("oauth2").path("client")
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/vc/VirtualCorpusControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/vc/VirtualCorpusControllerTest.java
index 2dbf46f..9f53164 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/vc/VirtualCorpusControllerTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/vc/VirtualCorpusControllerTest.java
@@ -331,7 +331,6 @@
assertEquals(2, node.size());
node = node.get(1);
- System.out.println(node.toPrettyString());
assertEquals(vcName, node.get("name").asText());
assertEquals("ALL", node.get("requiredAccess").asText());
deleteVC(vcName, testUser, testUser);