Module: UDAPSecurityTestKit::MockUDAPServer::UDAPIntrospectionResponseCreation

Included in:
IntrospectionEndpoint
Defined in:
lib/udap_security_test_kit/endpoints/mock_udap_server/udap_introspection_response_creation.rb

Instance Method Summary collapse

Instance Method Details

#make_udap_introspection_responseObject

rubocop:disable Metrics/CyclomaticComplexity



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/udap_security_test_kit/endpoints/mock_udap_server/udap_introspection_response_creation.rb', line 7

def make_udap_introspection_response # rubocop:disable Metrics/CyclomaticComplexity
  target_token = request.params[:token]
  introspection_inactive_response_body = { active: false }

  return introspection_inactive_response_body if MockUDAPServer.token_expired?(target_token)

  token_requests = Inferno::Repositories::Requests.new.tagged_requests(test_run.test_session_id, [TOKEN_TAG])
  original_response_body = nil
  original_token_request = token_requests.find do |request|
    next unless request.status == 200

    original_response_body = JSON.parse(request.response_body)
    original_response_body['access_token'] == target_token
  end
  return introspection_inactive_response_body unless original_token_request.present?

  decoded_token = MockUDAPServer.decode_token(target_token)
  introspection_active_response_body = {
    active: true,
    client_id: decoded_token['client_id'],
    exp: decoded_token['expiration']
  }
  original_response_body.each do |element, value|
    next if ['access_token', 'refresh_token', 'token_type', 'expires_in'].include?(element)
    next if introspection_active_response_body.key?(element)

    introspection_active_response_body[element] = value
  end
  unless introspection_active_response_body.key?('scope')
    introspection_active_response_body['scope'] = requested_scope(original_token_request)
  end
  if original_response_body.key?('id_token')
    user_claims, _header = JWT.decode(original_response_body['id_token'], nil, false)
    introspection_active_response_body['iss'] = user_claims['iss']
    introspection_active_response_body['sub'] = user_claims['sub']
    introspection_active_response_body['fhirUser'] = user_claims['fhirUser'] if user_claims['fhirUser'].present?
  end

  introspection_active_response_body
end

#requested_scope(token_request) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/udap_security_test_kit/endpoints/mock_udap_server/udap_introspection_response_creation.rb', line 48

def requested_scope(token_request)
  # token request
  original_request_body = Rack::Utils.parse_query(token_request.request_body)
  return original_request_body['scope'] if original_request_body['scope'].present?

  # authorization request
  authorization_request = MockUDAPServer.authorization_request_for_code(original_request_body['code'],
                                                                        test_run.test_session_id)
  auth_code_request_inputs = MockUDAPServer.authorization_code_request_details(authorization_request)
  return auth_code_request_inputs['scope'] if auth_code_request_inputs&.dig('scope').present?

  # registration request
  # not looking in registration response since the simulation currently echoes the requested scopes
  registered_software_statement = MockUDAPServer.udap_registration_software_statement(test_run.test_session_id)
  if registered_software_statement.present?
    registration_body, _registration_header = JWT.decode(registered_software_statement, nil, false)
    return registration_body['scope'] if registration_body['scope'].present?
  end

  nil
end