add unit tests

Thumimku · Thumimku · commit 05de7d6af05f · 2025-10-06T17:06:09.000+05:30
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/tokenprocessor/DefaultRefreshTokenGrantProcessor.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/tokenprocessor/DefaultRefreshTokenGrantProcessor.java
@@ -120,6 +120,10 @@ public AccessTokenDO createAccessTokenBean(OAuthTokenReqMessageContext tokReqMsg
                 tokReqMsgCtx.setConsentedToken(true);
             }
         }
+        if (log.isDebugEnabled()) {
+            log.debug("Setting access token extended attributes for token request in refresh token flow for client: "
+                    + tokenReq.getClientId() + " with token id: " + tokenId);
+        }
         accessTokenDO.setAccessTokenExtendedAttributes(
                 new AccessTokenExtendedAttributes(
                         new HashMap<>(tokenReq.getAccessTokenExtendedAttributes().getParameters())));
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java
@@ -696,6 +696,9 @@ protected JWTClaimsSet createJWTClaimSet(OAuthAuthzReqMessageContext authAuthzRe
                             .getParameters();
             if (customClaims != null && !customClaims.isEmpty()) {
                 customClaims.remove(OAuthConstants.IMPERSONATING_ACTOR);
+                if (log.isDebugEnabled()) {
+                    log.debug("Processing custom claims for JWT token. Total claims count: " + customClaims.size());
+                }
                 for (Map.Entry<String, String> entry : customClaims.entrySet()) {
                     jwtClaimsSetBuilder.claim(entry.getKey(), entry.getValue());
                 }
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java
@@ -929,15 +929,22 @@ private OAuth2AccessTokenRespDTO createResponseWithTokenBean(OAuthTokenReqMessag
         if (issueRefreshToken(existingAccessTokenDO.getTokenType()) &&
                 OAuthServerConfiguration.getInstance().getSupportedGrantTypes().containsKey(
                         GrantType.REFRESH_TOKEN.toString())) {
+            log.info("mathu first call");
             String grantTypes = oAuthAppDO.getGrantTypes();
             List<String> supportedGrantTypes = new ArrayList<>();
             if (StringUtils.isNotEmpty(grantTypes)) {
                 supportedGrantTypes = Arrays.asList(grantTypes.split(" "));
             }
+            log.info("mathu second call : " + supportedGrantTypes);
             if (supportedGrantTypes.contains(OAuthConstants.GrantTypes.REFRESH_TOKEN)) {
                 if (!tokenReqMessageContext.isImpersonationRequest()
                         || OAuth2Util.isImpersonatedRefreshTokenEnabled()) {
                     tokenRespDTO.setRefreshToken(existingAccessTokenDO.getRefreshToken());
+                } else {
+                    if (log.isDebugEnabled()) {
+                        log.debug("Impersonation request is not allowed to have a refresh token for client_id : " +
+                                consumerKey + ", therefore not issuing a refresh token.");
+                    }
                 }
             } else {
                 if (log.isDebugEnabled()) {
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java
@@ -309,6 +309,7 @@ private void setPropertiesForTokenGeneration(OAuthTokenReqMessageContext tokReqM
 
     private void propagateImpersonationInfo(OAuthTokenReqMessageContext tokenReqMessageContext) {
 
+        log.debug("Checking for impersonation information in token request");
         if (tokenReqMessageContext != null && tokenReqMessageContext.getOauth2AccessTokenReqDTO() != null &&
                 tokenReqMessageContext.getOauth2AccessTokenReqDTO().getAccessTokenExtendedAttributes() != null) {
             String impersonator = tokenReqMessageContext.getOauth2AccessTokenReqDTO()
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java
@@ -5892,6 +5892,10 @@ public static boolean isImpersonatedRefreshTokenEnabled() {
         if (IdentityUtil.getProperty(OAuth2Constants.IMPERSONATED_REFRESH_TOKEN_ENABLE) != null) {
             return Boolean.parseBoolean(IdentityUtil.getProperty(OAuth2Constants.IMPERSONATED_REFRESH_TOKEN_ENABLE));
         }
+        if (log.isDebugEnabled()) {
+            log.debug("Impersonated refresh token configuration not found, " +
+                    "using default: " + OAuth2Constants.DEFAULT_IMPERSONATED_REFRESH_TOKEN_ENABLED);
+        }
         return OAuth2Constants.DEFAULT_IMPERSONATED_REFRESH_TOKEN_ENABLED;
     }
 
diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuerTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuerTest.java
@@ -58,6 +58,7 @@
 import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
 import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO;
 import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
+import org.wso2.carbon.identity.oauth2.model.AccessTokenExtendedAttributes;
 import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinding;
 import org.wso2.carbon.identity.oauth2.token.handlers.claims.JWTAccessTokenClaimProvider;
 import org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler;
@@ -335,6 +336,13 @@ public Object[][] provideClaimSetData() {
         OAuth2AccessTokenReqDTO tokenReqDTO = new OAuth2AccessTokenReqDTO();
         tokenReqDTO.setGrantType(APPLICATION_ACCESS_TOKEN_GRANT_TYPE);
         tokenReqDTO.setTenantDomain("super.wso2");
+        AccessTokenExtendedAttributes accessTokenExtendedAttributes = new AccessTokenExtendedAttributes();
+        accessTokenExtendedAttributes.setExtendedToken(true);
+        HashMap<String, String> params = new HashMap<>();
+        params.put("testExtendingKey", "testExtendingValue");
+        params.put(OAuthConstants.IMPERSONATING_ACTOR, "DUMMY_ACTOR");
+        accessTokenExtendedAttributes.setParameters(params);
+        tokenReqDTO.setAccessTokenExtendedAttributes(accessTokenExtendedAttributes);
         OAuthTokenReqMessageContext tokenReqMessageContext = new OAuthTokenReqMessageContext(tokenReqDTO);
         AuthenticatedUser authenticatedUserForTokenReq = new AuthenticatedUser(authenticatedUserForAuthz);
         tokenReqMessageContext.setAuthorizedUser(authenticatedUserForTokenReq);
@@ -438,6 +446,12 @@ public void testCreateJWTClaimSet(Object authzReqMessageContext,
             assertNotNull(jwtClaimSet.getIssueTime());
             assertNotNull(jwtClaimSet.getExpirationTime());
 
+            if (tokenReqMessageContext != null) {
+                assertNotNull(jwtClaimSet.getClaim("testExtendingKey"));
+                assertEquals(jwtClaimSet.getClaim("testExtendingKey"), "testExtendingValue");
+                assertNull(jwtClaimSet.getClaim(OAuthConstants.IMPERSONATING_ACTOR));
+            }
+
             if (tokenReqMessageContext != null
                     && ((OAuthTokenReqMessageContext) tokenReqMessageContext).getProperty(EXPIRY_TIME_JWT)
                     != null) {
diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java
@@ -3177,6 +3177,26 @@ public void testGetAppResidentTenantDomain(String appResidentOrgId, String expec
         assertEquals(OAuth2Util.getAppResidentTenantDomain(), expected);
     }
 
+    @DataProvider(name = "impersonatedRefreshTokenEnabledProvider")
+    public Object[][] impersonatedRefreshTokenEnabledProvider() {
+        return new Object[][]{
+                {"true", true},
+                {"false", false},
+                {null, true}
+        };
+    }
+
+    @Test(dataProvider = "impersonatedRefreshTokenEnabledProvider")
+    public void testIsImpersonatedRefreshTokenEnabled(String configValue, boolean expected) {
+
+        try (MockedStatic<IdentityUtil> identityUtil = mockStatic(IdentityUtil.class)) {
+
+            identityUtil.when(() -> IdentityUtil.getProperty(OAuth2Constants.IMPERSONATED_REFRESH_TOKEN_ENABLE))
+                    .thenReturn(configValue);
+            assertEquals(OAuth2Util.isImpersonatedRefreshTokenEnabled(), expected);
+        }
+    }
+
     @Test(expectedExceptions = IdentityOAuth2Exception.class,
             expectedExceptionsMessageRegExp = "Error occurred while resolving the tenant domain for the " +
                     "organization id.")

Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,10 @@ public AccessTokenDO createAccessTokenBean(OAuthTokenReqMessageContext tokReqMsg`
`120`	`120`	`tokReqMsgCtx.setConsentedToken(true);`
`121`	`121`	`}`
`122`	`122`	`}`
	`123`	`+ if (log.isDebugEnabled()) {`
	`124`	`+ log.debug("Setting access token extended attributes for token request in refresh token flow for client: "`
	`125`	`+ + tokenReq.getClientId() + " with token id: " + tokenId);`
	`126`	`+ }`
`123`	`127`	`accessTokenDO.setAccessTokenExtendedAttributes(`
`124`	`128`	`new AccessTokenExtendedAttributes(`
`125`	`129`	`new HashMap<>(tokenReq.getAccessTokenExtendedAttributes().getParameters())));`
Original file line number	Diff line number	Diff line change
`@@ -5892,6 +5892,10 @@ public static boolean isImpersonatedRefreshTokenEnabled() {`
`5892`	`5892`	`if (IdentityUtil.getProperty(OAuth2Constants.IMPERSONATED_REFRESH_TOKEN_ENABLE) != null) {`
`5893`	`5893`	`return Boolean.parseBoolean(IdentityUtil.getProperty(OAuth2Constants.IMPERSONATED_REFRESH_TOKEN_ENABLE));`
`5894`	`5894`	`}`
	`5895`	`+ if (log.isDebugEnabled()) {`
	`5896`	`+ log.debug("Impersonated refresh token configuration not found, " +`
	`5897`	`+ "using default: " + OAuth2Constants.DEFAULT_IMPERSONATED_REFRESH_TOKEN_ENABLED);`
	`5898`	`+ }`
`5895`	`5899`	`return OAuth2Constants.DEFAULT_IMPERSONATED_REFRESH_TOKEN_ENABLED;`
`5896`	`5900`	`}`
`5897`	`5901`