package io.swagger.client.api; import com.google.common.collect.Lists; import com.google.gson.JsonElement; import com.google.gson.JsonParser; import com.squareup.okhttp.MediaType; import com.squareup.okhttp.Request; import com.squareup.okhttp.RequestBody; import com.squareup.okhttp.Response; import io.swagger.client.model.*; import org.gluu.oxd.common.SeleniumTestUtils; import org.testng.annotations.Parameters; import org.testng.annotations.Test; import org.gluu.oxd.common.CoreUtils; import static io.swagger.client.api.Tester.notEmpty; import static org.testng.Assert.*; /** * Test class to test refresh token and related end points * * @author Yuriy Z * @author Shoeb * @version 5, Oct, 2018 */ public class GetTokensByCodeTest { private static final String AUTH_CODE_ENDPOINT = "/get-authorization-code"; @Parameters({"opHost", "redirectUrls", "userId", "userSecret"}) @Test public void test(String opHost, String redirectUrls, String userId, String userSecret) throws Exception { DevelopersApi client = Tester.api(); final RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrls); GetTokensByCodeResponse tokensResponse = tokenByCode(client, site, opHost, userId, userSecret, site.getClientId(), redirectUrls, CoreUtils.secureRandomString()); refreshToken(tokensResponse, client, site); } private static void refreshToken(GetTokensByCodeResponse resp, DevelopersApi client, RegisterSiteResponse site) throws Exception { notEmpty(resp.getRefreshToken()); final String authorization = Tester.getAuthorization(site); // refresh token final GetAccessTokenByRefreshTokenParams refreshParams = new GetAccessTokenByRefreshTokenParams(); refreshParams.setOxdId(site.getOxdId()); refreshParams.setScope(Lists.newArrayList("openid")); refreshParams.setRefreshToken(resp.getRefreshToken()); GetAccessTokenByRefreshTokenResponse refreshResponse = client.getAccessTokenByRefreshToken(refreshParams, authorization, null); assertNotNull(refreshResponse); notEmpty(refreshResponse.getAccessToken()); notEmpty(refreshResponse.getRefreshToken()); } private static GetTokensByCodeResponse tokenByCode(DevelopersApi client, RegisterSiteResponse site, String opHost, String userId, String userSecret, String clientId, String redirectUrls, String nonce) throws Exception { final String state = CoreUtils.secureRandomString(); final String authorizationStr = Tester.getAuthorization(site); final String code = codeRequest(client, opHost, site.getOxdId(), userId, userSecret, clientId, redirectUrls, state, nonce, authorizationStr); notEmpty(code); final GetTokensByCodeParams params = new GetTokensByCodeParams(); params.setOxdId(site.getOxdId()); params.setCode(code); params.setState(state); final GetTokensByCodeResponse resp = client.getTokensByCode(params, authorizationStr, null); assertNotNull(resp); notEmpty(resp.getAccessToken()); notEmpty(resp.getIdToken()); notEmpty(resp.getRefreshToken()); return resp; } public static String codeRequest(DevelopersApi client, String opHost, String oxdId, String userId, String userSecret, String clientId, String redirectUrls, String state, String nonce, String authorization) throws Exception { SeleniumTestUtils.authorizeClient(opHost, userId, userSecret, clientId, redirectUrls, state, nonce, null, null); final Request request = buildRequest(authorization, oxdId, userId, userSecret, state, nonce, client); final Response response = client.getApiClient().getHttpClient().newCall(request).execute(); final JsonElement jsonResponse = new JsonParser().parse(response.body().string()); return jsonResponse.getAsJsonObject().get("code").getAsString(); } private static Request buildRequest(String authorization, String oxdId, String userId, String userSecret, String state, String nonce, DevelopersApi client) { final String json = "{\"oxd_id\":\"" + oxdId + "\",\"username\":\"" + userId + "\",\"password\":\"" + userSecret + "\",\"state\":\"" + state + "\",\"nonce\":\"" + nonce + "\"}"; final RequestBody reqBody = RequestBody.create(MediaType.parse("application/json; charset=utf-8"), json); return new Request.Builder() .addHeader("Authorization", authorization) .addHeader("Content-Type", "application/json") .addHeader("Accept", "application/json") .method("POST", reqBody) .url(client.getApiClient().getBasePath() + AUTH_CODE_ENDPOINT).build(); } }