diff --git a/engines/dfc_provider/app/services/dfc_request.rb b/engines/dfc_provider/app/services/dfc_request.rb index b9eb2083e1..f8635ac999 100644 --- a/engines/dfc_provider/app/services/dfc_request.rb +++ b/engines/dfc_provider/app/services/dfc_request.rb @@ -72,7 +72,7 @@ class DfcRequest # It results in an empty config hash and we lose our config. ) client = strategy.client - client.token_endpoint = strategy.config.token_endpoint + client.token_endpoint = strategy.config.token_endpoint # tried to mock this but doesn't work. client.refresh_token = @user.oidc_account.refresh_token token = client.access_token! diff --git a/engines/dfc_provider/spec/services/dfc_request_spec.rb b/engines/dfc_provider/spec/services/dfc_request_spec.rb index 9a26a307d0..8d341b8d4b 100644 --- a/engines/dfc_provider/spec/services/dfc_request_spec.rb +++ b/engines/dfc_provider/spec/services/dfc_request_spec.rb @@ -91,14 +91,15 @@ RSpec.describe DfcRequest do context "with account tokens" do before do + stub_request(:get, "http://example.net/api"). + to_return(status: 401) + allow_any_instance_of(OpenIDConnect::Client).to receive(:config).and_return(double(token_endpoint: "")) + account.refresh_token = ENV.fetch("OPENID_REFRESH_TOKEN") - api.call( - "https://env-0105831.jcloud-ver-jpe.ik-server.com/api/dfc/Enterprises/test-hodmedod/SuppliedProducts" - ) - expect(account.token).not_to be_nil + account.token = "anything" end - it "clears the token if authentication fails", vcr: true do + it "clears the token if authentication fails" do allow_any_instance_of(OpenIDConnect::Client).to receive(:access_token!).and_raise( Rack::OAuth2::Client::Error.new( 1, { error: "invalid_grant", error_description: "session not active" } @@ -107,9 +108,9 @@ RSpec.describe DfcRequest do expect { api.call( - "https://env-0105831.jcloud-ver-jpe.ik-server.com/api/dfc/Enterprises/test-hodmedod/SuppliedProducts" + "http://example.net/api" ) - }.to raise_error(Rack::OAuth2::Client::Error).and change { + }.to change { account.token }.to(nil).and change { account.refresh_token diff --git a/spec/fixtures/vcr_cassettes/DfcRequest/refreshing_token_when_stale/with_account_tokens/clears_the_token_if_authentication_fails.yml b/spec/fixtures/vcr_cassettes/DfcRequest/refreshing_token_when_stale/with_account_tokens/clears_the_token_if_authentication_fails.yml deleted file mode 100644 index a6670158b6..0000000000 --- a/spec/fixtures/vcr_cassettes/DfcRequest/refreshing_token_when_stale/with_account_tokens/clears_the_token_if_authentication_fails.yml +++ /dev/null @@ -1,146 +0,0 @@ ---- -http_interactions: -- request: - method: get - uri: https://env-0105831.jcloud-ver-jpe.ik-server.com/api/dfc/Enterprises/test-hodmedod/SuppliedProducts - body: - encoding: US-ASCII - string: '' - headers: - Content-Type: - - application/json - Authorization: - - "" - User-Agent: - - Faraday v2.9.0 - Accept-Encoding: - - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 - Accept: - - "*/*" - response: - status: - code: 403 - message: Forbidden - headers: - Server: - - openresty - Date: - - Wed, 22 Jan 2025 03:57:15 GMT - Content-Type: - - application/json; charset=utf-8 - Content-Length: - - '78' - Connection: - - keep-alive - X-Powered-By: - - Express - Access-Control-Allow-Origin: - - "*" - Etag: - - W/"4e-vJeBLxgahmv23yP9gdPJW/woako" - Strict-Transport-Security: - - max-age=15811200 - body: - encoding: UTF-8 - string: '{"message":"User access denied - token missing","error":"User not authorized"}' - recorded_at: Wed, 22 Jan 2025 03:57:16 GMT -- request: - method: get - uri: https://login.lescommuns.org/auth/realms/data-food-consortium/.well-known/openid-configuration - body: - encoding: US-ASCII - string: '' - headers: - User-Agent: - - SWD 2.0.3 - Accept-Encoding: - - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 - Accept: - - "*/*" - response: - status: - code: 200 - message: OK - headers: - Date: - - Wed, 22 Jan 2025 03:57:17 GMT - Content-Type: - - application/json;charset=UTF-8 - Transfer-Encoding: - - chunked - Connection: - - keep-alive - Vary: - - Accept-Encoding - Set-Cookie: - - AUTH_SESSION_ID=1737518238.039.98160.783043|78230f584c0d7db97d376e98de5321dc; - Path=/; Secure; HttpOnly - Cache-Control: - - no-cache, must-revalidate, no-transform, no-store - Referrer-Policy: - - no-referrer - Strict-Transport-Security: - - max-age=31536000; includeSubDomains - X-Content-Type-Options: - - nosniff - X-Frame-Options: - - SAMEORIGIN - X-Xss-Protection: - - 1; mode=block - body: - encoding: ASCII-8BIT - string: '{"issuer":"https://login.lescommuns.org/auth/realms/data-food-consortium","authorization_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/auth","token_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/token","introspection_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/userinfo","end_session_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/certs","check_session_iframe":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:device_code"],"acr_values_supported":["0","1"],"response_types_supported":["code","none","id_token","token","id_token - token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","microprofile-jwt","phone","roles","profile","email","address","web-origins","acr","offline_access"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_supported":["plain","S256"],"tls_client_certificate_bound_access_tokens":true,"revocation_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/revoke","revocation_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"revocation_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"device_authorization_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/auth/device","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_authentication_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/ext/ciba/auth","backchannel_authentication_request_signing_alg_values_supported":["PS384","ES384","RS384","ES256","RS256","ES512","PS256","PS512","RS512"],"require_pushed_authorization_requests":false,"pushed_authorization_request_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/ext/par/request","mtls_endpoint_aliases":{"token_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/token","revocation_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/revoke","introspection_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/token/introspect","device_authorization_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/auth/device","registration_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/clients-registrations/openid-connect","userinfo_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/userinfo","pushed_authorization_request_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/ext/par/request","backchannel_authentication_endpoint":"https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/ext/ciba/auth"},"authorization_response_iss_parameter_supported":true}' - recorded_at: Wed, 22 Jan 2025 03:57:17 GMT -- request: - method: post - uri: https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/token - body: - encoding: UTF-8 - string: grant_type=refresh_token&refresh_token= - headers: - User-Agent: - - Rack::OAuth2 (2.2.1) - Authorization: - - "" - Content-Type: - - application/x-www-form-urlencoded - Accept-Encoding: - - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 - Accept: - - "*/*" - response: - status: - code: 400 - message: Bad Request - headers: - Date: - - Wed, 22 Jan 2025 03:57:17 GMT - Content-Type: - - application/json - Content-Length: - - '66' - Connection: - - keep-alive - Set-Cookie: - - AUTH_SESSION_ID=1737518238.861.48906.164618|78230f584c0d7db97d376e98de5321dc; - Path=/; Secure; HttpOnly - Cache-Control: - - no-store - Pragma: - - no-cache - Referrer-Policy: - - no-referrer - Strict-Transport-Security: - - max-age=31536000; includeSubDomains - X-Content-Type-Options: - - nosniff - X-Frame-Options: - - SAMEORIGIN - X-Xss-Protection: - - 1; mode=block - body: - encoding: UTF-8 - string: '{"error":"invalid_grant","error_description":"Session not active"}' - recorded_at: Wed, 22 Jan 2025 03:57:17 GMT -recorded_with: VCR 6.2.0