From edc8793c275c4e05e9504526c808ed8f5e384c45 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Mon, 23 Oct 2023 09:05:01 +0200 Subject: [PATCH 1/3] fix(httpRequest): set body --- .../mock/oauth2/http/OAuth2HttpRequest.kt | 3 +- .../e2e/TokenExchangeGrantIntegrationTest.kt | 67 ++++++++++--------- 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt b/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt index aeb62941..81522294 100644 --- a/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt +++ b/src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt @@ -52,10 +52,11 @@ data class OAuth2HttpRequest( @Suppress("MemberVisibilityCanBePrivate") fun asNimbusHTTPRequest(): HTTPRequest { + val inputBody = body return HTTPRequest(HTTPRequest.Method.valueOf(method), url.toUrl()) .apply { headers.forEach { header -> this.setHeader(header.first, header.second) } - query = body + body = inputBody } } diff --git a/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt b/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt index 7016ddc5..3e897028 100644 --- a/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt +++ b/src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt @@ -91,33 +91,38 @@ class TokenExchangeGrantIntegrationTest { fun `token request with token exchange grant and client basic auth should exchange subject_token with a new token containing many of the same claims`() { withMockOAuth2Server { val initialSubject = "yolo" - val initialToken = this.issueToken( - issuerId = "idprovider", - clientId = "initialClient", - tokenCallback = DefaultOAuth2TokenCallback( + val initialToken = + this.issueToken( issuerId = "idprovider", - subject = initialSubject, - claims = mapOf( - "claim1" to "value1", - "claim2" to "value2", - ), - ), - ) + clientId = "initialClient", + tokenCallback = + DefaultOAuth2TokenCallback( + issuerId = "idprovider", + subject = initialSubject, + claims = + mapOf( + "claim1" to "value1", + "claim2" to "value2", + ), + ), + ) val issuerId = "tokenx" val tokenEndpointUrl = this.tokenEndpointUrl(issuerId) val targetAudienceForToken = "targetAudience" - val response: ParsedTokenResponse = client.tokenRequest( - url = tokenEndpointUrl, - basicAuth = Pair("client", "secret"), - parameters = mapOf( - "grant_type" to TOKEN_EXCHANGE.value, - "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, - "subject_token" to initialToken.serialize(), - "audience" to targetAudienceForToken, - ), - ).toTokenResponse() + val response: ParsedTokenResponse = + client.tokenRequest( + url = tokenEndpointUrl, + basicAuth = Pair("client", "secret"), + parameters = + mapOf( + "grant_type" to TOKEN_EXCHANGE.value, + "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, + "subject_token" to initialToken.serialize(), + "audience" to targetAudienceForToken, + ), + ).toTokenResponse() response shouldBeValidFor TOKEN_EXCHANGE response.scope shouldBe null @@ -136,17 +141,17 @@ class TokenExchangeGrantIntegrationTest { @Test fun `token request without client_assertion should fail`() { withMockOAuth2Server { - val response: Response = + val response: Response = client.tokenRequest( - url = this.tokenEndpointUrl("tokenx"), - parameters = - mapOf( - "grant_type" to TOKEN_EXCHANGE.value, - "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, - "subject_token" to "yolo", - "audience" to "targetAudienceForToken", - ), - ) + url = this.tokenEndpointUrl("tokenx"), + parameters = + mapOf( + "grant_type" to TOKEN_EXCHANGE.value, + "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT, + "subject_token" to "yolo", + "audience" to "targetAudienceForToken", + ), + ) response.code shouldBe 400 } } From ddb1f41b6574950d82f53f9dee22768245620ca3 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Mon, 23 Oct 2023 15:00:42 +0200 Subject: [PATCH 2/3] fix(workflow): use separate workflows --- .github/workflows/test-dp-pr.yaml | 49 +++++++++++++++++++++++++++++++ .github/workflows/test-pr.yaml | 28 +----------------- 2 files changed, 50 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/test-dp-pr.yaml diff --git a/.github/workflows/test-dp-pr.yaml b/.github/workflows/test-dp-pr.yaml new file mode 100644 index 00000000..d2ad6c2f --- /dev/null +++ b/.github/workflows/test-dp-pr.yaml @@ -0,0 +1,49 @@ +name: Test PR +on: + pull_request_target: + paths-ignore: + - '*.md' + +permissions: + pull-requests: write + contents: write + +jobs: + test_pr: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Checkout latest code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'zulu' + cache: 'gradle' + + - name: Build with Gradle + run: ./gradlew build + + dependabot_pr: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + needs: test_pr + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.6.0 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Enable auto-merge for Dependabot PRs + if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test-pr.yaml b/.github/workflows/test-pr.yaml index 0d33d30c..cea13ccd 100644 --- a/.github/workflows/test-pr.yaml +++ b/.github/workflows/test-pr.yaml @@ -1,13 +1,9 @@ name: Test PR on: - pull_request_target: + pull_request: paths-ignore: - '*.md' -permissions: - pull-requests: write - contents: write - jobs: test_pr: runs-on: ubuntu-latest @@ -24,25 +20,3 @@ jobs: - name: Build with Gradle run: ./gradlew build - - dependabot_pr: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - needs: test_pr - steps: - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v1.6.0 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve a PR - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Enable auto-merge for Dependabot PRs - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 75747c93eebdaa829aa0865e76da27758cdcfd2e Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Mon, 23 Oct 2023 15:01:31 +0200 Subject: [PATCH 3/3] fix(workflow): rename job --- .github/workflows/test-dp-pr.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-dp-pr.yaml b/.github/workflows/test-dp-pr.yaml index d2ad6c2f..bc3e17d6 100644 --- a/.github/workflows/test-dp-pr.yaml +++ b/.github/workflows/test-dp-pr.yaml @@ -9,7 +9,7 @@ permissions: contents: write jobs: - test_pr: + test_dp_pr: runs-on: ubuntu-latest if: ${{ github.actor == 'dependabot[bot]' }} steps: @@ -29,7 +29,7 @@ jobs: dependabot_pr: runs-on: ubuntu-latest if: ${{ github.actor == 'dependabot[bot]' }} - needs: test_pr + needs: test_dp_pr steps: - name: Dependabot metadata id: dependabot-metadata