fix OAuth2ServiceResourceOwnerTestCase

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceResourceOwnerLockedTestCase.java

@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.identity.integration.test.oauth2;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
+import org.json.simple.JSONObject;
+import org.json.simple.JSONValue;
+import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Factory;
+import org.testng.annotations.Test;
+import org.wso2.carbon.automation.engine.context.AutomationContext;
+import org.wso2.carbon.automation.engine.context.TestUserMode;
+import org.wso2.carbon.automation.engine.context.beans.Tenant;
+import org.wso2.carbon.integration.common.utils.exceptions.AutomationUtilException;
+import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;
+import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationResponseModel;
+import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.OpenIDConnectConfiguration;
+import org.wso2.identity.integration.test.rest.api.user.common.model.ScimSchemaExtensionSystem;
+import org.wso2.identity.integration.test.rest.api.user.common.model.UserObject;
+import org.wso2.identity.integration.test.restclients.OAuth2RestClient;
+import org.wso2.identity.integration.test.restclients.SCIM2RestClient;
+import org.wso2.identity.integration.test.util.Utils;
+import org.wso2.identity.integration.test.utils.DataExtractUtil;
+import org.wso2.identity.integration.test.utils.OAuth2Constant;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.xpath.XPathExpressionException;
+
+import static org.wso2.identity.integration.test.utils.CommonConstants.USER_IS_LOCKED;
+import static org.wso2.identity.integration.test.utils.DataExtractUtil.KeyValue;
+
+public class OAuth2ServiceResourceOwnerLockedTestCase extends OAuth2ServiceAbstractIntegrationTest {
+
+	public static final String OAUTH_2_SERVICE_RESOURCE_OWNER_TOML = "oauth2_service_resource_owner.toml";
+
+	private ServerConfigurationManager serverConfigurationManager;
+	private String consumerKey;
+	private String consumerSecret;
+
+	private CloseableHttpClient client;
+	private AutomationContext context;
+	private Tenant tenantInfo;
+	private SCIM2RestClient scim2RestClient;
+
+	private static final String lockedUser = "test_locked_user";
+	private static final String lockedUserPassword = "Test_locked_user_pass@123";
+    private String activeTenant;
+	private static final String TENANT_DOMAIN = "wso2.com";
+	private String applicationId;
+	private String userId;
+	@BeforeClass(alwaysRun = true)
+	public void testInit() throws Exception {
+
+		super.init();
+		changeISConfiguration();
+		super.init();
+		context = new AutomationContext("IDENTITY", TestUserMode.SUPER_TENANT_ADMIN);
+		this.activeTenant = context.getContextTenant().getDomain();
+
+		tenantInfo = context.getContextTenant();
+
+		restClient = new OAuth2RestClient(serverURL, tenantInfo);
+		scim2RestClient = new SCIM2RestClient(serverURL, tenantInfo);
+
+		setSystemproperties();
+		client = HttpClientBuilder.create().build();
+
+        createLockedUser();
+		createOIDCApplication();
+	}
+
+	@AfterClass(alwaysRun = true)
+	public void atEnd() throws Exception {
+
+		scim2RestClient.deleteUser(userId);
+		restClient.deleteApplication(applicationId);
+
+		client.close();
+		restClient.closeHttpClient();
+		scim2RestClient.closeHttpClient();
+		consumerKey = null;
+		serverConfigurationManager.restoreToLastConfiguration(false);
+	}
+
+	private void changeISConfiguration() throws IOException,
+			XPathExpressionException, AutomationUtilException {
+
+		log.info("Replacing the deployment.toml file to enabling showing auth failure reason for password grant");
+		String carbonHome = Utils.getResidentCarbonHome();
+		File defaultTomlFile = getDeploymentTomlFile(carbonHome);
+		File configuredTomlFile = new File
+					(getISResourceLocation() + File.separator + "oauth" +
+							File.separator + OAUTH_2_SERVICE_RESOURCE_OWNER_TOML);
+		serverConfigurationManager = new ServerConfigurationManager(isServer);
+		serverConfigurationManager.applyConfigurationWithoutRestart(configuredTomlFile, defaultTomlFile, true);
+		serverConfigurationManager.restartForcefully();
+	}
+
+	@Test(description = "Send authorize request for locked user")
+	public void testSendLockedAuthenticationPost() throws Exception {
+
+		if (!TENANT_DOMAIN.equals(activeTenant)) {
+			HttpPost request = new HttpPost(
+                    getTenantQualifiedURL(OAuth2Constant.ACCESS_TOKEN_ENDPOINT, tenantInfo.getDomain()));
+			List<NameValuePair> urlParameters = new ArrayList<>();
+			urlParameters.add(new BasicNameValuePair("grant_type",
+					OAuth2Constant.OAUTH2_GRANT_TYPE_RESOURCE_OWNER));
+			urlParameters.add(new BasicNameValuePair("username", lockedUser));
+			urlParameters.add(new BasicNameValuePair("password", lockedUserPassword));
+
+			request.setHeader("User-Agent", OAuth2Constant.USER_AGENT);
+			request.setHeader("Authorization", "Basic " + Base64.encodeBase64String((consumerKey + ":" + consumerSecret)
+					.getBytes()).trim());
+			request.setHeader("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");
+			request.setEntity(new UrlEncodedFormEntity(urlParameters));
+
+			HttpResponse response = client.execute(request);
+
+			BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
+
+			Object obj = JSONValue.parse(rd);
+			String errormsg = ((JSONObject) obj).get("error_description").toString();
+
+			EntityUtils.consume(response.getEntity());
+			// Validate the error code of the scenario.
+			Assert.assertTrue(errormsg.contains(USER_IS_LOCKED));
+		}
+	}
+
+	private void createLockedUser() {
+
+		try {
+			UserObject userInfo = new UserObject();
+			userInfo.setUserName(lockedUser);
+			userInfo.setPassword(lockedUserPassword);
+			userInfo.setScimSchemaExtensionSystem(new ScimSchemaExtensionSystem().accountLocked(true));
+			userId = scim2RestClient.createUser(userInfo);
+		} catch (Exception e) {
+			Assert.fail("Error while creating the user", e);
+		}
+	}
+
+	private void createOIDCApplication() throws Exception {
+
+		ApplicationResponseModel application = addApplication();
+		applicationId = application.getId();
+
+		OpenIDConnectConfiguration oidcConfig = getOIDCInboundDetailsOfApplication(applicationId);
+		consumerKey = oidcConfig.getClientId();
+		consumerSecret = oidcConfig.getClientSecret();
+	}
+}

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceResourceOwnerTestCase.java

@@ -359,7 +359,7 @@ public void testSendLockedAuthenticationPost() throws Exception {
 
 			EntityUtils.consume(response.getEntity());
 			// Validate the error code of the scenario.
-			Assert.assertTrue(errormsg.contains(USER_IS_LOCKED));
+//			Assert.assertFalse(errormsg.contains(USER_IS_LOCKED));
 		}
 	}
 

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/user/profile/mgt/UserProfileAdminTestCase.java

@@ -41,6 +41,7 @@
 
 public class UserProfileAdminTestCase extends ISIntegrationTest {
 
+    public static final String IDP_NAME = "idp1";
     private UserProfileMgtServiceClient userProfileMgtClient;
     private UserManagementClient userMgtClient;
     private AuthenticatorClient logManger;
@@ -78,6 +79,7 @@ public void testInit() throws Exception {
     @AfterClass(alwaysRun = true)
     public void atEnd() throws Exception {
         userMgtClient.deleteUser(userId1);
+        idpMgtClient.deleteIdP(IDP_NAME);
         logManger = null;
         log.info("Replacing identity.xml with default configurations");
 
@@ -180,7 +182,6 @@ public void testUserAccountAssociationAdd() throws Exception {
 
         String username = "testUser2";
         String password = "passWord1@";
-        String idpName = "idp1";
 
         // create a user
         userMgtClient.addUser(username, password, new String[]{"admin"}, "default");
@@ -190,13 +191,14 @@ public void testUserAccountAssociationAdd() throws Exception {
         userProfileMgtClient = new UserProfileMgtServiceClient(backendURL, username, password);
 
         IdentityProvider idp = new IdentityProvider();
-        idp.setIdentityProviderName(idpName);
+
+        idp.setIdentityProviderName(IDP_NAME);
         idpMgtClient.addIdP(idp);
-        Assert.assertNotNull(idpMgtClient.getIdPByName(idpName));
+        Assert.assertNotNull(idpMgtClient.getIdPByName(IDP_NAME));
 
         // create a federated user account association
-        userProfileMgtClient.addFedIdpAccountAssociation(idpName, "dummy_idp_account_1");
-        userProfileMgtClient.addFedIdpAccountAssociation(idpName, "dummy_idp_account_2");
+        userProfileMgtClient.addFedIdpAccountAssociation(IDP_NAME, "dummy_idp_account_1");
+        userProfileMgtClient.addFedIdpAccountAssociation(IDP_NAME, "dummy_idp_account_2");
 
         AssociatedAccountDTO[] associatedFedUserAccountIds = userProfileMgtClient.getAssociatedFedUserAccountIds();
         Assert.assertNotNull(associatedFedUserAccountIds);

modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/oauth2_service_resource_owner.toml

@@ -0,0 +1,39 @@
+[server]
+hostname = "localhost"
+node_ip = "127.0.0.1"
+base_path = "https://$ref{server.hostname}:${carbon.management.port}"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.identity_db]
+driver = "$env{IDENTITY_DATABASE_DRIVER}"
+url = "$env{IDENTITY_DATABASE_URL}"
+username = "$env{IDENTITY_DATABASE_USERNAME}"
+password = "$env{IDENTITY_DATABASE_PASSWORD}"
+
+[database.shared_db]
+driver = "$env{SHARED_DATABASE_DRIVER}"
+url = "$env{SHARED_DATABASE_URL}"
+username = "$env{SHARED_DATABASE_USERNAME}"
+password = "$env{SHARED_DATABASE_PASSWORD}"
+
+[keystore.primary]
+file_name = "wso2carbon.p12"
+password = "wso2carbon"
+
+[truststore]
+file_name = "client-truststore.p12"
+password = "wso2carbon"
+type = "PKCS12"
+
+[authentication.authenticator.basic.parameters]
+showAuthFailureReason = true
+
+[oauth.grant_type.password]
+show_auth_failure_reason = true

modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/identity/governance/v1/disable-password-expiry.json

@@ -0,0 +1,9 @@
+{
+  "operation": "UPDATE",
+  "properties": [
+    {
+      "name":"passwordExpiry.enablePasswordExpiry",
+      "value":"false"
+    }
+  ]
+}

modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml

@@ -432,6 +432,7 @@
     </test>
     <test name="is-tests-with-individual-configuration-changes" preserve-order="true" parallel="false" group-by-instances="true">
         <classes>
+            <class name="org.wso2.identity.integration.test.oauth2.OAuth2ServiceResourceOwnerLockedTestCase"/>
             <class name="org.wso2.identity.integration.test.application.mgt.ServiceProviderUserRoleValidationTestCase"/>
             <class name="org.wso2.identity.integration.test.provisioning.DBSeperationTestCase"/>
             <class name="org.wso2.identity.integration.test.oidc.OIDCFileBasedSkipLoginConsentTestCase"/>