cloudfoundry · adrianhoelzl-sap · Sep 9, 2024 · Sep 4, 2024 · Sep 4, 2024 · Sep 4, 2024
diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegrationTests.java
@@ -22,7 +22,6 @@
 import org.cloudfoundry.identity.uaa.oauth.jwt.Jwt;
 import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants;
-import org.cloudfoundry.identity.uaa.scim.ScimGroup;
 import org.cloudfoundry.identity.uaa.scim.ScimUser;
 import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
@@ -57,8 +56,7 @@ public class LdapIntegrationTests {
     public void setup() {
         String token = IntegrationTestUtils.getClientCredentialsToken(serverRunning.getBaseUrl(), "admin", "adminsecret");
 
-        ScimGroup group = new ScimGroup(null, "zones.testzone1.admin", null);
-        IntegrationTestUtils.createGroup(token, "", serverRunning.getBaseUrl(), group);
+        IntegrationTestUtils.ensureGroupExists(token, "", serverRunning.getBaseUrl(), "zones.testzone1.admin");
     }
 
     @After

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java
@@ -158,20 +158,11 @@ public static void checkZoneDNSSupport() {
     public void setup() {
         String token = IntegrationTestUtils.getClientCredentialsToken(baseUrl, "admin", "adminsecret");
 
-        ScimGroup group = new ScimGroup(null, "zones.uaa.admin", null);
-        IntegrationTestUtils.createGroup(token, "", baseUrl, group);
-
-        group = new ScimGroup(null, "zones.testzone1.admin", null);
-        IntegrationTestUtils.createGroup(token, "", baseUrl, group);
-
-        group = new ScimGroup(null, "zones.testzone2.admin", null);
-        IntegrationTestUtils.createGroup(token, "", baseUrl, group);
-
-        group = new ScimGroup(null, "zones.testzone3.admin", null);
-        IntegrationTestUtils.createGroup(token, "", baseUrl, group);
-
-        group = new ScimGroup(null, "zones.testzone4.admin", null);
-        IntegrationTestUtils.createGroup(token, "", baseUrl, group);
+        IntegrationTestUtils.ensureGroupExists(token, null, baseUrl, "zones.uaa.admin");
+        IntegrationTestUtils.ensureGroupExists(token, null, baseUrl, "zones.testzone1.admin");
+        IntegrationTestUtils.ensureGroupExists(token, null, baseUrl, "zones.testzone2.admin");
+        IntegrationTestUtils.ensureGroupExists(token, null, baseUrl, "zones.testzone3.admin");
+        IntegrationTestUtils.ensureGroupExists(token, null, baseUrl, "zones.testzone4.admin");
     }
 
     @After

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java
@@ -91,7 +91,9 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
+import static java.util.stream.Collectors.joining;
 import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE;
 import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.USER_NAME_ATTRIBUTE_NAME;
 import static org.cloudfoundry.identity.uaa.security.web.CookieBasedCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME;
@@ -161,7 +163,8 @@ public static void updateUserToForcePasswordChange(RestTemplate restTemplate, St
         }
         UserAccountStatus userAccountStatus = new UserAccountStatus();
         userAccountStatus.setPasswordChangeRequired(true);
-        restTemplate.exchange(baseUrl + "/Users/{user-id}/status", HttpMethod.PATCH, new HttpEntity<>(userAccountStatus, headers), UserAccountStatus.class, userId);
+        final ResponseEntity<UserAccountStatus> response = restTemplate.exchange(baseUrl + "/Users/{user-id}/status", HttpMethod.PATCH, new HttpEntity<>(userAccountStatus, headers), UserAccountStatus.class, userId);
+        assertStatusCode(response, HttpStatus.OK);
     }
 
     public static ScimUser createUnapprovedUser(ServerRunning serverRunning) {
@@ -199,7 +202,11 @@ public static UserInfoResponse getUserInfo(String url, String token) throws URIS
         headers.add(AUTHORIZATION, "Bearer " + token);
         headers.add(ACCEPT, APPLICATION_JSON_VALUE);
         RequestEntity<Void> request = new RequestEntity<>(headers, HttpMethod.GET, new URI(url + "/userinfo"));
-        return rest.exchange(request, UserInfoResponse.class).getBody();
+        final ResponseEntity<UserInfoResponse> response = rest.exchange(request, UserInfoResponse.class);
+        assertStatusCode(response, HttpStatus.OK);
+        final UserInfoResponse responseBody = response.getBody();
+        assertNotNull(responseBody);
+        return responseBody;
     }
 
     public static void deleteZone(String baseUrl, String id, String adminToken) throws URISyntaxException {
@@ -208,7 +215,8 @@ public static void deleteZone(String baseUrl, String id, String adminToken) thro
         headers.add(AUTHORIZATION, "Bearer " + adminToken);
         headers.add(ACCEPT, APPLICATION_JSON_VALUE);
         RequestEntity<Void> request = new RequestEntity<>(headers, HttpMethod.DELETE, new URI(baseUrl + "/identity-zones/" + id));
-        rest.exchange(request, Void.class);
+        final ResponseEntity<Void> response = rest.exchange(request, Void.class);
+        assertStatusCode(response, HttpStatus.OK);
     }
 
     public static boolean zoneExists(final String baseUrl, final String id, final String adminToken) throws URISyntaxException {
@@ -337,7 +345,11 @@ public static ScimUser createUserWithPhone(RestTemplate client,
         user.setActive(true);
         user.setPassword("secr3T");
         user.setPhoneNumbers(Collections.singletonList(new PhoneNumber(phoneNumber)));
-        return client.postForEntity(url + "/Users", user, ScimUser.class).getBody();
+        final ResponseEntity<ScimUser> response = client.postForEntity(url + "/Users", user, ScimUser.class);
+        assertStatusCode(response, HttpStatus.CREATED);
+        final ScimUser responseBody = response.getBody();
+        assertNotNull(responseBody);
+        return responseBody;
     }
 
     public static ScimUser createUser(String token, String url, ScimUser user, String zoneSwitchId) {
@@ -519,6 +531,23 @@ public static String findGroupId(RestTemplate client,
         return null;
     }
 
+    public static ScimGroup ensureGroupExists(
+            final String token,
+            final String zoneId,
+            final String url,
+            final String displayName
+    ) {
+        final ScimGroup existingGroup = getGroup(token, zoneId, url, displayName);
+        if (existingGroup != null) {
+            return existingGroup;
+        }
+        final ScimGroup group = new ScimGroup(null, displayName, zoneId);
+        return createGroup(token, zoneId, url, group);
+    }
+
+    /**
+     * @return the group or {@code null} if it does not exist
+     */
     public static ScimGroup getGroup(String token,
                                      String zoneId,
                                      String url,
@@ -539,33 +568,39 @@ public static ScimGroup getGroup(String token,
                 },
                 displayName
         );
+        assertStatusCode(findGroup, HttpStatus.OK);
         if (findGroup.getBody().getTotalResults() == 0) {
             return null;
         } else {
             return findGroup.getBody().getResources().iterator().next();
         }
     }
 
-    public static ScimGroup createGroup(String token,
-                                        String zoneId,
-                                        String url,
-                                        ScimGroup group) {
-        RestTemplate template = new RestTemplate();
+    public static ScimGroup createGroup(
+            final String token,
+            final String zoneId,
+            final String url,
+            final ScimGroup group
+    ) {
+        final RestTemplate template = new RestTemplate();
         template.setErrorHandler(fiveHundredErrorHandler);
-        MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
+        final MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
         headers.add("Accept", APPLICATION_JSON_VALUE);
         headers.add("Authorization", "bearer " + token);
         headers.add("Content-Type", APPLICATION_JSON_VALUE);
         if (hasText(zoneId)) {
             headers.add(IdentityZoneSwitchingFilter.HEADER, zoneId);
         }
-        ResponseEntity<ScimGroup> createGroup = template.exchange(
+        final ResponseEntity<ScimGroup> response = template.exchange(
                 url + "/Groups",
                 HttpMethod.POST,
                 new HttpEntity<>(JsonUtils.writeValueAsBytes(group), headers),
                 ScimGroup.class
         );
-        return createGroup.getBody();
+        assertStatusCode(response, HttpStatus.CREATED);
+        final ScimGroup responseBody = response.getBody();
+        assertNotNull(responseBody);
+        return responseBody;
     }
 
     private static ScimGroup updateGroup(String token,
@@ -647,8 +682,9 @@ public static void deleteGroup(String token,
             headers.add(IdentityZoneSwitchingFilter.HEADER, zoneId);
         }
 
-
-        template.exchange(url + "/Groups/{groupId}", HttpMethod.DELETE, new HttpEntity<>(headers), ScimGroup.class, groupId);
+        final ResponseEntity<ScimGroup> response = template.exchange(url + "/Groups/{groupId}", HttpMethod.DELETE,
+                new HttpEntity<>(headers), ScimGroup.class, groupId);
+        assertStatusCode(response, HttpStatus.OK);
     }
 
     private static IdentityZone createZoneOrUpdateSubdomain(RestTemplate client,
@@ -679,13 +715,16 @@ private static IdentityZone createZoneOrUpdateSubdomain(RestTemplate client,
         identityZone.setConfig(config);
         identityZone.setActive(active);
         ResponseEntity<IdentityZone> zone = client.postForEntity(url + "/identity-zones", identityZone, IdentityZone.class);
-        return zone.getBody();
+        assertStatusCode(zone, HttpStatus.CREATED);
+        final IdentityZone responseBody = zone.getBody();
+        assertNotNull(responseBody);
+        return responseBody;
     }
 
     public static IdentityZone createInactiveIdentityZone(RestTemplate client, String url) {
         createZoneOrUpdateSubdomain(client, url, "testzoneinactive", "testzoneinactive", new IdentityZoneConfiguration(), false);
         ResponseEntity<IdentityZone> zoneGet = client.getForEntity(url + "/identity-zones/{id}", IdentityZone.class, "testzoneinactive");
-        if (!(zoneGet.getStatusCode() == HttpStatus.OK)) {
+        if (zoneGet.getStatusCode() != HttpStatus.OK) {
             throw new RuntimeException("Could not create inactive zone.");
         }
         return zoneGet.getBody();
@@ -726,10 +765,26 @@ public static UaaClientDetails getClient(String token,
                 getHeaders,
                 UaaClientDetails.class
         );
+        assertStatusCode(response, HttpStatus.OK);
 
         return response.getBody();
     }
 
+    private static void assertStatusCode(final ResponseEntity<?> response, final HttpStatus... expectedStatusCodes) {
+        final boolean matchesAnyExpectedStatusCode = Stream.of(expectedStatusCodes)
+                .anyMatch(it -> it.equals(response.getStatusCode()));
+        if (!matchesAnyExpectedStatusCode) {
+            final String expectedStatusCodesString = Arrays.stream(expectedStatusCodes)
+                    .map(HttpStatus::value)
+                    .map(Object::toString)
+                    .collect(joining(" or "));
+            throw new RuntimeException(
+                    "Invalid return code: expected %s, got %d".formatted(expectedStatusCodesString,
+                            response.getStatusCode().value())
+            );
+        }
+    }
+
     public static UaaClientDetails createClientAsZoneAdmin(String zoneAdminToken,
                                                             String url,
                                                             String zoneId,
@@ -823,8 +878,8 @@ public static void updateClient(String url,
                 getHeaders,
                 UaaClientDetails.class
         );
-
-        response.getBody();
+        assertStatusCode(response, HttpStatus.OK);
+        assertNotNull(response.getBody());
     }
 
     public static IdentityProvider getProvider(String zoneAdminToken,
@@ -842,6 +897,9 @@ public static IdentityProvider getProvider(String zoneAdminToken,
         return null;
     }
 
+    /**
+     * @return the list of identity providers or {@code null} if the request was not successful
+     */
     private static List<IdentityProvider> getProviders(String zoneAdminToken,
                                                        String url,
                                                        String zoneId) {
@@ -875,12 +933,13 @@ public static void deleteProvider(String zoneAdminToken,
         headers.add("Authorization", "bearer " + zoneAdminToken);
         headers.add(IdentityZoneSwitchingFilter.HEADER, zoneId);
         HttpEntity getHeaders = new HttpEntity<>(headers);
-        client.exchange(
+        final ResponseEntity<String> response = client.exchange(
                 url + "/identity-providers/" + provider.getId(),
                 HttpMethod.DELETE,
                 getHeaders,
                 String.class
         );
+        assertStatusCode(response, HttpStatus.OK);
     }
 
     /**
@@ -951,8 +1010,7 @@ public static String getZoneAdminToken(String baseUrl, ServerRunning serverRunni
         ScimUser user = IntegrationTestUtils.createUser(adminClient, baseUrl, email, "firstname", "lastname", email, true);
 
         String groupName = "zones." + zoneId + ".admin";
-        ScimGroup group = new ScimGroup(null, groupName, null);
-        createGroup(getClientCredentialsToken(baseUrl, "admin", "adminsecret"), "", baseUrl, group);
+        ensureGroupExists(getClientCredentialsToken(baseUrl, "admin", "adminsecret"), "", baseUrl, groupName);
         String groupId = IntegrationTestUtils.findGroupId(adminClient, baseUrl, groupName);
         assertThat("Couldn't find group : " + groupId, groupId, is(CoreMatchers.notNullValue()));
         IntegrationTestUtils.addMemberToGroup(adminClient, baseUrl, user.getId(), groupId);
@@ -1081,8 +1139,9 @@ public static String getClientCredentialsToken(String baseUrl,
 
         Assert.assertEquals(HttpStatus.OK, response.getStatusCode());
 
-        @SuppressWarnings("unchecked")
-        OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody());
+        final Map responseBody = response.getBody();
+        assertNotNull(responseBody);
+        OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(responseBody);
         return accessToken.getValue();
     }
 
@@ -1135,8 +1194,9 @@ public static String getClientCredentialsToken(ServerRunning serverRunning,
         ResponseEntity<Map> response = serverRunning.postForMap("/oauth/token", formData, headers);
         Assert.assertEquals(HttpStatus.OK, response.getStatusCode());
 
-        @SuppressWarnings("unchecked")
-        OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody());
+        final Map responseBody = response.getBody();
+        assertNotNull(responseBody);
+        OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(responseBody);
         return accessToken.getValue();
     }
 
@@ -1296,7 +1356,7 @@ public static ResponseEntity<Map> getTokens(ServerRunning serverRunning,
     	}
     	HttpHeaders tokenHeaders = new HttpHeaders();
     	tokenHeaders.set("Authorization", testAccounts.getAuthorizationHeader(clientId, clientSecret));
-    	return serverRunning.postForMap("/oauth/token", formData, tokenHeaders);
+        return serverRunning.postForMap("/oauth/token", formData, tokenHeaders);
 	}
 
     public static void callCheckToken(ServerRunning serverRunning,
@@ -1310,7 +1370,9 @@ public static void callCheckToken(ServerRunning serverRunning,
         formData.add("token", accessToken);
         ResponseEntity<Map> tokenResponse = serverRunning.postForMap("/check_token", formData, headers);
         assertEquals(HttpStatus.OK, tokenResponse.getStatusCode());
-        assertNotNull(tokenResponse.getBody().get("iss"));
+        final Map tokenResponseBody = tokenResponse.getBody();
+        assertNotNull(tokenResponseBody);
+        assertNotNull(tokenResponseBody.get("iss"));
     }
 
     public static String getAuthorizationCodeToken(