Merge branch 'wso2:master' into custom-text-api

.github/workflows/dependency-updater-7.yml

@@ -1,5 +1,5 @@
 # This workflow will update dependencies for product-is 7.x.x.
-name: Dependency Updater 7.x.x
+name: "[Deprecated] Dependency Updater 7.x.x"
 on:
   workflow_dispatch:
   # schedule:

.github/workflows/pr-builder-test-JDK11-7.yml

@@ -1,4 +1,4 @@
-name: pr-builder-test 7.x.x
+name: "[Deprecated] pr-builder-test 7.x.x"
 
 on:
   workflow_dispatch:

modules/distribution/src/repository/resources/conf/templates/repository/conf/tomcat/catalina-server.xml.j2

@@ -109,6 +109,11 @@
                 <Valve className="org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve" threshold="600"/>
                 <Valve className="org.wso2.carbon.tomcat.ext.valves.CompositeValve"/>
 
+                <!-- OAuthAppTenantResolverValve is required to be invoked when tenant qualified urls are disabled. This should be invoked before the AuthenticationValve -->
+                {% if tenant_context.enable_tenant_qualified_urls is sameas false %}
+                <Valve className="org.wso2.carbon.identity.auth.valve.OAuthAppTenantResolverValve"/>
+                {% endif %}
+
                 <!-- Authentication and Authorization valve for the rest apis and we can configure context for this in identity.xml.j2  -->
                 <Valve className="org.wso2.carbon.identity.auth.valve.AuthenticationValve"/>
                 <Valve className="org.wso2.carbon.identity.authz.valve.AuthorizationValve"/>

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceAbstractIntegrationTest.java

@@ -489,6 +489,31 @@ public HttpResponse sendLoginPostForCustomUsers(HttpClient client, String sessio
 		return sendPostRequestWithParameters(client, urlParameters, OAuth2Constant.COMMON_AUTH_URL);
 	}
 
+	/**
+	 * Send login post request for a tenant with given username and password credentials.
+	 *
+	 * @param client         Http client.
+	 * @param sessionDataKey Session data key.
+	 * @param username       Username.
+	 * @param password       Password.
+	 * @param tenantDomain	 Tenant domain.
+	 * @return Http response.
+	 * @throws ClientProtocolException 	ClientProtocolException
+	 * @throws IOException				IOException
+	 */
+	public HttpResponse sendLoginPostForCustomUsers(HttpClient client, String sessionDataKey, String username,
+													String password, String tenantDomain)
+			throws ClientProtocolException, IOException {
+
+		List<NameValuePair> urlParameters = new ArrayList<>();
+		urlParameters.add(new BasicNameValuePair("username", username));
+		urlParameters.add(new BasicNameValuePair("password", password));
+		urlParameters.add(new BasicNameValuePair("sessionDataKey", sessionDataKey));
+		log.info(">>> sendLoginPost:sessionDataKey: " + sessionDataKey);
+		String url = OAuth2Constant.TENANT_COMMON_AUTH_URL.replace(OAuth2Constant.TENANT_PLACEHOLDER, tenantDomain);
+		return sendPostRequestWithParameters(client, urlParameters, url);
+	}
+
 	/**
 	 * Send approval post request
 	 *
@@ -531,6 +556,33 @@ public HttpResponse sendApprovalPostWithConsent(HttpClient client, String sessio
 		return sendPostRequestWithParameters(client, urlParameters, OAuth2Constant.APPROVAL_URL);
 	}
 
+	/**
+	 * Send approval post request for tenant with consent.
+	 *
+	 * @param client 				http client.
+	 * @param sessionDataKeyConsent session consent data.
+	 * @param consentClaims 		claims requiring user consent.
+	 * @param tenantDomain 			tenant domain.
+	 * @return http response.
+	 * @throws java.io.IOException IOException.
+	 */
+	public HttpResponse sendApprovalPostWithConsent(HttpClient client, String sessionDataKeyConsent,
+													List<NameValuePair> consentClaims, String tenantDomain)
+			throws IOException {
+
+		List<NameValuePair> urlParameters = new ArrayList<>();
+		urlParameters.add(new BasicNameValuePair("consent", "approve"));
+		urlParameters.add(new BasicNameValuePair("scope-approval", "approve"));
+		urlParameters.add(new BasicNameValuePair("sessionDataKeyConsent", sessionDataKeyConsent));
+
+		if (consentClaims != null) {
+			urlParameters.addAll(consentClaims);
+		}
+		String url = OAuth2Constant.TENANT_APPROVAL_URL.replace(OAuth2Constant.TENANT_PLACEHOLDER, tenantDomain);
+
+		return sendPostRequestWithParameters(client, urlParameters, url);
+	}
+
 	/**
 	 * Send approval post request
 	 *

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/rest/api/server/application/management/v1/model/ApplicationListItem.java

@@ -30,6 +30,7 @@ public class ApplicationListItem  {
     private String description;
     private String image;
     private String accessUrl;
+    private String clientId;
 
     @XmlType(name="AccessEnum")
     @XmlEnum(String.class)
@@ -192,7 +193,24 @@ public void setSelf(String self) {
         this.self = self;
     }
 
+    public ApplicationListItem clientId(String clientId) {
 
+        this.clientId = clientId;
+        return this;
+    }
+
+    @ApiModelProperty(example = "clientId", value = "")
+    @JsonProperty("clientId")
+    @Valid
+    public String getClientId() {
+
+        return clientId;
+    }
+
+    public void setClientId(String clientId) {
+
+        this.clientId = clientId;
+    }
 
     @Override
     public boolean equals(java.lang.Object o) {

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/restclients/OAuth2RestClient.java

@@ -22,6 +22,7 @@
 import io.restassured.http.ContentType;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.http.Header;
+import org.apache.http.StatusLine;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.util.EntityUtils;
@@ -30,6 +31,7 @@
 import org.wso2.carbon.automation.engine.context.beans.Tenant;
 import org.wso2.carbon.utils.StringUtils;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationListItem;
 import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationListResponse;
 import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationModel;
 import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationPatchModel;
@@ -40,6 +42,7 @@
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.List;
 
 public class OAuth2RestClient extends RestBaseClient {
 
@@ -74,6 +77,21 @@ public String createApplication(ApplicationModel application) throws IOException
         }
     }
 
+    /**
+     * Create an Application.
+     *
+     * @param application Application Model with application creation details.
+     * @return Application creation response.
+     */
+    public StatusLine createApplicationWithResponse(ApplicationModel application) throws IOException, JSONException {
+
+        String jsonRequest = toJSONString(application);
+        try (CloseableHttpResponse response = getResponseOfHttpPost(applicationManagementApiBasePath, jsonRequest,
+                getHeaders())) {
+            return response.getStatusLine();
+        }
+    }
+
     /**
      * Get Application details
      *
@@ -91,6 +109,27 @@ public ApplicationResponseModel getApplication(String appId) throws IOException
         }
     }
 
+    /**
+     * Get Application details by client id.
+     *
+     * @param clientId Client id of the application.
+     * @return Application list.
+     * @throws IOException Error when getting the response.
+     */
+    public List<ApplicationListItem> getApplicationsByClientId(String clientId) throws IOException {
+
+        String endPointUrl = applicationManagementApiBasePath + "?filter=clientId eq " + clientId;
+        endPointUrl = endPointUrl.replace(" ", "%20");
+
+        try (CloseableHttpResponse response = getResponseOfHttpGet(endPointUrl, getHeaders())) {
+            String responseBody = EntityUtils.toString(response.getEntity());
+
+            ObjectMapper jsonWriter = new ObjectMapper(new JsonFactory());
+            ApplicationListResponse applications = jsonWriter.readValue(responseBody, ApplicationListResponse.class);
+            return applications.getApplications();
+        }
+    }
+
     /**
      * Update an existing application
      *

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/user/export/UserInfoExportTestCase.java

@@ -51,11 +51,10 @@ public class UserInfoExportTestCase extends ISIntegrationTest {
     private static final String PI_INFO = "pi-info/";
     private static final String ME = "me";
     private static final String RESOURCE_PATH = "/api/identity/user/v1.0/";
-    private static final String USERNAME_CLAIM_URI = "http://wso2.org/claims/username";
+    private static final String GROUPS_ATTRIBUTE = "groups";
     private HttpClient client;
 
     private String username;
-    private String tenantAwareUsername;
     private String password;
     private String tenant;
 
@@ -64,7 +63,6 @@ public UserInfoExportTestCase(TestUserMode userMode) throws Exception {
 
         AutomationContext context = new AutomationContext("IDENTITY", userMode);
         this.username = context.getContextTenant().getTenantAdmin().getUserName();
-        this.tenantAwareUsername = context.getContextTenant().getTenantAdmin().getUserNameWithoutDomain();
         this.password = context.getContextTenant().getTenantAdmin().getPassword();
         this.tenant = context.getContextTenant().getDomain();
     }
@@ -97,14 +95,13 @@ public void testExportUserInfo() throws IOException {
 
         Object responseObj = JSONValue.parse(rd);
         EntityUtils.consume(response.getEntity());
-        Object basicObj = ((JSONObject) responseObj).get("basic");
-        if (basicObj == null) {
+        Object userProfileObj = ((JSONObject) responseObj).get("user_profile");
+        if (userProfileObj == null) {
             Assert.fail();
         } else {
-            JSONObject basic = (JSONObject) basicObj;
-            String username = basic.get(USERNAME_CLAIM_URI).toString();
-            //TODO tenant aware username is coming. is this okay?
-            Assert.assertEquals(username, this.tenantAwareUsername);
+            JSONObject userProfile = (JSONObject) userProfileObj;
+            String groups = userProfile.get(GROUPS_ATTRIBUTE).toString();
+            Assert.assertNotNull(groups);
         }
     }
 
@@ -121,10 +118,9 @@ public void testExportUserInfoMe() throws IOException {
 
         Object responseObj = JSONValue.parse(rd);
         EntityUtils.consume(response.getEntity());
-        JSONObject basic = (JSONObject)((JSONObject) responseObj).get("basic");
-        String username = basic.get(USERNAME_CLAIM_URI).toString();
-        //TODO tenant aware username is coming. is this okay?
-        Assert.assertEquals(username, this.tenantAwareUsername);
+        JSONObject userProfile = (JSONObject)((JSONObject) responseObj).get("user_profile");
+        String groups = userProfile.get(GROUPS_ATTRIBUTE).toString();
+        Assert.assertNotNull(groups);
     }
 
     private String getPiInfoPath() {

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/utils/OAuth2Constant.java

@@ -120,6 +120,14 @@ public final class OAuth2Constant {
 
     public static final String RESPONSE_TYPE_CODE_ID_TOKEN = "code id_token";
 
+    // Tenanted urls.
+    public final static String TENANT_PLACEHOLDER = "<TENANT_PLACEHOLDER>";
+    public final static String TENANT_COMMON_AUTH_URL = "https://localhost:9853/t/<TENANT_PLACEHOLDER>/commonauth";
+    public final static String TENANT_APPROVAL_URL = "https://localhost:9853/t/<TENANT_PLACEHOLDER>/oauth2/authorize";
+    public final static String TENANT_TOKEN_ENDPOINT = "https://localhost:9853/t/<TENANT_PLACEHOLDER>/oauth2/token";
+    public static final String TENANT_INTROSPECT_ENDPOINT =
+            "https://localhost:9853/t/<TENANT_PLACEHOLDER>/oauth2/introspect";
+
     public static final class PlaygroundAppPaths {
 
         public static final String callBackPath = "/oauth2client";

modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/tenant.qualified/tenant_qualified_url_tenanted_sessions_default.toml

@@ -0,0 +1,39 @@
+[server]
+hostname = "localhost"
+node_ip = "127.0.0.1"
+base_path = "https://$ref{server.hostname}:${carbon.management.port}"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.identity_db]
+driver = "$env{IDENTITY_DATABASE_DRIVER}"
+url = "$env{IDENTITY_DATABASE_URL}"
+username = "$env{IDENTITY_DATABASE_USERNAME}"
+password = "$env{IDENTITY_DATABASE_PASSWORD}"
+
+[database.shared_db]
+driver = "$env{SHARED_DATABASE_DRIVER}"
+url = "$env{SHARED_DATABASE_URL}"
+username = "$env{SHARED_DATABASE_USERNAME}"
+password = "$env{SHARED_DATABASE_PASSWORD}"
+
+[keystore.primary]
+file_name = "wso2carbon.jks"
+password = "wso2carbon"
+
+[truststore]
+file_name = "client-truststore.jks"
+password = "wso2carbon"
+type = "JKS"
+
+[account_recovery.endpoint.auth]
+hash = "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"
+
+[identity.auth_framework.endpoint]
+app_password = "dashboard"

modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/tenant.qualified/tenant_qualified_url_tenanted_sessions_enabled.toml

@@ -0,0 +1,43 @@
+[server]
+hostname = "localhost"
+node_ip = "127.0.0.1"
+base_path = "https://$ref{server.hostname}:${carbon.management.port}"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.identity_db]
+driver = "$env{IDENTITY_DATABASE_DRIVER}"
+url = "$env{IDENTITY_DATABASE_URL}"
+username = "$env{IDENTITY_DATABASE_USERNAME}"
+password = "$env{IDENTITY_DATABASE_PASSWORD}"
+
+[database.shared_db]
+driver = "$env{SHARED_DATABASE_DRIVER}"
+url = "$env{SHARED_DATABASE_URL}"
+username = "$env{SHARED_DATABASE_USERNAME}"
+password = "$env{SHARED_DATABASE_PASSWORD}"
+
+[keystore.primary]
+file_name = "wso2carbon.jks"
+password = "wso2carbon"
+
+[truststore]
+file_name = "client-truststore.jks"
+password = "wso2carbon"
+type = "JKS"
+
+[account_recovery.endpoint.auth]
+hash = "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"
+
+[identity.auth_framework.endpoint]
+app_password = "dashboard"
+
+[tenant_context]
+enable_tenant_qualified_urls = true
+enable_tenanted_sessions = true

modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml

@@ -346,6 +346,7 @@
             <class name="org.wso2.identity.integration.test.rest.api.user.liteUserRegister.LiteUserRegisterTestCase"/>
             <class name="org.wso2.identity.integration.test.oauth2.OAuth2TokenScopeValidatorTestCase" />
             <class name="org.wso2.identity.integration.test.saml.SAMLSSOForAdminLoginTestCase"/>
+            <class name="org.wso2.identity.integration.test.oauth2.OAuthAppsWithSameClientIdTestCase"/>
         </classes>
     </test>