Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@
import io.serverlessworkflow.api.types.AuthenticationPolicyUnion;
import io.serverlessworkflow.api.types.EndpointConfiguration;
import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy;
import io.serverlessworkflow.api.types.Use;
import io.serverlessworkflow.api.types.UseAuthentications;
import io.serverlessworkflow.api.types.Workflow;
import io.serverlessworkflow.impl.WorkflowApplication;
import io.serverlessworkflow.impl.WorkflowDefinition;
Expand All @@ -46,35 +44,10 @@ public Optional<AuthProvider> getAuth(
@Override
public Optional<AuthProvider> getAuth(
WorkflowDefinition definition, ReferenceableAuthenticationPolicy auth, String method) {
if (auth == null) {
return Optional.empty();
}
if (auth.getAuthenticationPolicyReference() != null) {
return buildFromReference(
definition.application(),
definition.workflow(),
auth.getAuthenticationPolicyReference().getUse(),
method);
} else if (auth.getAuthenticationPolicy() != null) {
return buildFromPolicy(
definition.application(), definition.workflow(), auth.getAuthenticationPolicy(), method);
}
return Optional.empty();
}

private Optional<AuthProvider> buildFromReference(
WorkflowApplication app, Workflow workflow, String use, String method) {
Use useInfo = workflow.getUse();
if (useInfo == null) {
return Optional.empty();
}
UseAuthentications authInfo = useInfo.getAuthentications();
return authInfo == null
? Optional.empty()
: authInfo.getAdditionalProperties().entrySet().stream()
.filter(s -> s.getKey().equals(use))
.findAny()
.flatMap(e -> buildFromPolicy(app, workflow, e.getValue(), method));
return OAuthUtils.resolvePolicy(definition.workflow(), auth)
.flatMap(
policy ->
buildFromPolicy(definition.application(), definition.workflow(), policy, method));
Comment thread
fjtirado marked this conversation as resolved.
}

private Optional<AuthProvider> buildFromPolicy(
Expand All @@ -94,16 +67,12 @@ private Optional<AuthProvider> buildFromPolicy(
return Optional.of(
new DigestAuthProvider(
app, workflow, authenticationPolicy.getDigestAuthenticationPolicy(), method));
} else if (authenticationPolicy.getOAuth2AuthenticationPolicy() != null) {
return Optional.of(
new OAuth2AuthProvider(
app, workflow, authenticationPolicy.getOAuth2AuthenticationPolicy()));
} else if (authenticationPolicy.getOpenIdConnectAuthenticationPolicy() != null) {
return Optional.of(
new OpenIdAuthProvider(
app, workflow, authenticationPolicy.getOpenIdConnectAuthenticationPolicy()));
}

return Optional.empty();
return OAuthUtils.from(authenticationPolicy)
.map(
policyData ->
policyData.scheme() == OAuthScheme.OPENID_CONNECT
? new OpenIdAuthProvider(app, workflow, policyData)
: new OAuth2AuthProvider(app, workflow, policyData));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,18 @@
*/
package io.serverlessworkflow.impl.auth;

import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicy;
import io.serverlessworkflow.api.types.Workflow;
import io.serverlessworkflow.impl.WorkflowApplication;

class OAuth2AuthProvider extends CommonOAuthProvider {

public OAuth2AuthProvider(
WorkflowApplication application, Workflow workflow, OAuth2AuthenticationPolicy authPolicy) {
WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) {
super(
accessToken(
workflow,
authPolicy.getOauth2().getOAuth2ConnectAuthenticationProperties(),
authPolicy.getOauth2().getOAuth2AuthenticationPolicySecret(),
policyData.data(),
policyData.secret(),
new OAuthRequestBuilder(application)));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
/*
* Copyright 2020-Present The Serverless Workflow Specification Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.serverlessworkflow.impl.auth;

import io.serverlessworkflow.api.types.AuthenticationPolicyUnion;
import io.serverlessworkflow.api.types.OAuth2AuthenticationData;
import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy;
import java.util.Optional;

public record OAuthPolicyData(
OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) {

public static Optional<OAuthPolicyData> from(AuthenticationPolicyUnion policy) {
return OAuthUtils.from(policy);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/*
* Copyright 2020-Present The Serverless Workflow Specification Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.serverlessworkflow.impl.auth;

public enum OAuthScheme {
OAUTH2,
OPENID_CONNECT
}
Comment thread
fjtirado marked this conversation as resolved.
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
/*
* Copyright 2020-Present The Serverless Workflow Specification Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.serverlessworkflow.impl.auth;

import io.serverlessworkflow.api.types.AuthenticationPolicyUnion;
import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicy;
import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicyConfiguration;
import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy;
import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration;
import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy;
import io.serverlessworkflow.api.types.Use;
import io.serverlessworkflow.api.types.Workflow;
import java.util.Optional;

public class OAuthUtils {

private OAuthUtils() {}

public static Optional<OAuthPolicyData> from(AuthenticationPolicyUnion policy) {
if (policy == null) {
return Optional.empty();
}
OAuth2AuthenticationPolicy oauth2 = policy.getOAuth2AuthenticationPolicy();
if (oauth2 != null) {
OAuth2AuthenticationPolicyConfiguration config = oauth2.getOauth2();
if (config != null) {
return Optional.of(
new OAuthPolicyData(
config.getOAuth2ConnectAuthenticationProperties(),
config.getOAuth2AuthenticationPolicySecret(),
OAuthScheme.OAUTH2));
}
}
OpenIdConnectAuthenticationPolicy oidc = policy.getOpenIdConnectAuthenticationPolicy();
if (oidc != null) {
OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc();
if (config != null) {
return Optional.of(
new OAuthPolicyData(
config.getOpenIdConnectAuthenticationProperties(),
config.getOpenIdConnectAuthenticationPolicySecret(),
OAuthScheme.OPENID_CONNECT));
}
}
return Optional.empty();
}

public static Optional<AuthenticationPolicyUnion> resolvePolicy(
Workflow workflow, ReferenceableAuthenticationPolicy auth) {
if (auth == null) {
return Optional.empty();
}
if (auth.getAuthenticationPolicyReference() != null) {
String use = auth.getAuthenticationPolicyReference().getUse();
return Optional.ofNullable(workflow.getUse())
.map(Use::getAuthentications)
.map(a -> a.getAdditionalProperties().get(use));
}
return Optional.ofNullable(auth.getAuthenticationPolicy());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,18 @@
*/
package io.serverlessworkflow.impl.auth;

import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy;
import io.serverlessworkflow.api.types.Workflow;
import io.serverlessworkflow.impl.WorkflowApplication;

class OpenIdAuthProvider extends CommonOAuthProvider {

public OpenIdAuthProvider(
WorkflowApplication application,
Workflow workflow,
OpenIdConnectAuthenticationPolicy authPolicy) {
WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) {
super(
accessToken(
workflow,
authPolicy.getOidc().getOpenIdConnectAuthenticationProperties(),
authPolicy.getOidc().getOpenIdConnectAuthenticationPolicySecret(),
policyData.data(),
policyData.secret(),
new OpenIdRequestBuilder(application)));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
/*
* Copyright 2020-Present The Serverless Workflow Specification Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.serverlessworkflow.impl.test;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;

import io.serverlessworkflow.api.types.AuthenticationPolicyUnion;
import io.serverlessworkflow.api.types.BasicAuthenticationPolicy;
import io.serverlessworkflow.api.types.OAuth2AuthenticationData;
import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicy;
import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicyConfiguration;
import io.serverlessworkflow.api.types.OAuth2ConnectAuthenticationProperties;
import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy;
import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration;
import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy;
import io.serverlessworkflow.impl.auth.OAuthPolicyData;
import io.serverlessworkflow.impl.auth.OAuthScheme;
import io.serverlessworkflow.impl.auth.OAuthUtils;
import java.util.Optional;
import org.junit.jupiter.api.Test;

public class OAuthUtilsTest {

@Test
void fromNullReturnsEmpty() {
assertEquals(Optional.empty(), OAuthUtils.from(null));
}

@Test
void fromNonOAuthPolicyReturnsEmpty() {
AuthenticationPolicyUnion union =
new AuthenticationPolicyUnion()
.withBasicAuthenticationPolicy(new BasicAuthenticationPolicy());
assertTrue(OAuthUtils.from(union).isEmpty());
}

@Test
void fromOAuth2InlineData() {
OAuth2ConnectAuthenticationProperties props = new OAuth2ConnectAuthenticationProperties();
AuthenticationPolicyUnion union =
new AuthenticationPolicyUnion()
.withOAuth2AuthenticationPolicy(
new OAuth2AuthenticationPolicy()
.withOauth2(
new OAuth2AuthenticationPolicyConfiguration()
.withOAuth2ConnectAuthenticationProperties(props)));
Optional<OAuthPolicyData> result = OAuthUtils.from(union);
assertTrue(result.isPresent());
OAuthPolicyData data = result.get();
assertEquals(OAuthScheme.OAUTH2, data.scheme());
assertEquals(props, data.data());
assertNull(data.secret());
}

@Test
void fromOAuth2Secret() {
SecretBasedAuthenticationPolicy secret = new SecretBasedAuthenticationPolicy("mySecret");
AuthenticationPolicyUnion union =
new AuthenticationPolicyUnion()
.withOAuth2AuthenticationPolicy(
new OAuth2AuthenticationPolicy()
.withOauth2(
new OAuth2AuthenticationPolicyConfiguration()
.withOAuth2AuthenticationPolicySecret(secret)));
Optional<OAuthPolicyData> result = OAuthUtils.from(union);
assertTrue(result.isPresent());
OAuthPolicyData data = result.get();
assertEquals(OAuthScheme.OAUTH2, data.scheme());
assertNull(data.data());
assertEquals(secret, data.secret());
}

@Test
void fromOidcInlineData() {
OAuth2AuthenticationData oidcData = new OAuth2AuthenticationData();
AuthenticationPolicyUnion union =
new AuthenticationPolicyUnion()
.withOpenIdConnectAuthenticationPolicy(
new OpenIdConnectAuthenticationPolicy()
.withOidc(
new OpenIdConnectAuthenticationPolicyConfiguration()
.withOpenIdConnectAuthenticationProperties(oidcData)));
Optional<OAuthPolicyData> result = OAuthUtils.from(union);
assertTrue(result.isPresent());
OAuthPolicyData data = result.get();
assertEquals(OAuthScheme.OPENID_CONNECT, data.scheme());
assertEquals(oidcData, data.data());
assertNull(data.secret());
}

@Test
void fromOidcSecret() {
SecretBasedAuthenticationPolicy secret = new SecretBasedAuthenticationPolicy("oidcSecret");
AuthenticationPolicyUnion union =
new AuthenticationPolicyUnion()
.withOpenIdConnectAuthenticationPolicy(
new OpenIdConnectAuthenticationPolicy()
.withOidc(
new OpenIdConnectAuthenticationPolicyConfiguration()
.withOpenIdConnectAuthenticationPolicySecret(secret)));
Optional<OAuthPolicyData> result = OAuthUtils.from(union);
assertTrue(result.isPresent());
OAuthPolicyData data = result.get();
assertEquals(OAuthScheme.OPENID_CONNECT, data.scheme());
assertNull(data.data());
assertEquals(secret, data.secret());
}
}
Loading
Loading