2013-01-31 16:03:19 +01:00
|
|
|
/**
|
|
|
|
|
* Copyright (c) 2010, Sebastian Sdorra All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer. 2. Redistributions in
|
|
|
|
|
* binary form must reproduce the above copyright notice, this list of
|
|
|
|
|
* conditions and the following disclaimer in the documentation and/or other
|
|
|
|
|
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
|
|
|
|
|
* nor the names of its contributors may be used to endorse or promote products
|
|
|
|
|
* derived from this software without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
|
|
|
|
|
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
|
|
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
|
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*
|
|
|
|
|
* http://bitbucket.org/sdorra/scm-manager
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
package sonia.scm.security;
|
|
|
|
|
|
|
|
|
|
//~--- non-JDK imports --------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
import com.google.common.collect.ImmutableSet;
|
|
|
|
|
import com.google.inject.Provider;
|
|
|
|
|
|
|
|
|
|
import org.apache.shiro.authc.AccountException;
|
|
|
|
|
import org.apache.shiro.authc.AuthenticationInfo;
|
|
|
|
|
import org.apache.shiro.authc.AuthenticationToken;
|
|
|
|
|
import org.apache.shiro.authc.UnknownAccountException;
|
|
|
|
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
2013-01-31 16:20:47 +01:00
|
|
|
import org.apache.shiro.authz.AuthorizationInfo;
|
2013-01-31 16:37:49 +01:00
|
|
|
import org.apache.shiro.authz.Permission;
|
2013-01-31 16:03:19 +01:00
|
|
|
import org.apache.shiro.subject.PrincipalCollection;
|
|
|
|
|
|
|
|
|
|
import org.junit.Test;
|
|
|
|
|
|
|
|
|
|
import sonia.scm.cache.MapCacheManager;
|
|
|
|
|
import sonia.scm.config.ScmConfiguration;
|
2013-01-31 16:37:49 +01:00
|
|
|
import sonia.scm.group.Group;
|
2013-01-31 16:03:19 +01:00
|
|
|
import sonia.scm.group.GroupManager;
|
|
|
|
|
import sonia.scm.group.GroupNames;
|
2013-01-31 16:37:49 +01:00
|
|
|
import sonia.scm.repository.PermissionType;
|
|
|
|
|
import sonia.scm.repository.Repository;
|
2013-01-31 16:03:19 +01:00
|
|
|
import sonia.scm.repository.RepositoryDAO;
|
|
|
|
|
import sonia.scm.user.User;
|
|
|
|
|
import sonia.scm.user.UserDAO;
|
|
|
|
|
import sonia.scm.user.UserManager;
|
|
|
|
|
import sonia.scm.user.UserTestData;
|
|
|
|
|
import sonia.scm.web.security.AuthenticationManager;
|
|
|
|
|
import sonia.scm.web.security.AuthenticationResult;
|
|
|
|
|
import sonia.scm.web.security.AuthenticationState;
|
|
|
|
|
|
|
|
|
|
import static org.hamcrest.Matchers.*;
|
|
|
|
|
|
|
|
|
|
import static org.junit.Assert.*;
|
|
|
|
|
|
|
|
|
|
import static org.mockito.Mockito.*;
|
|
|
|
|
|
|
|
|
|
//~--- JDK imports ------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
import java.util.Collection;
|
|
|
|
|
|
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
import javax.servlet.http.HttpSession;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
*
|
|
|
|
|
* @author Sebastian Sdorra
|
|
|
|
|
*/
|
|
|
|
|
public class ScmRealmTest
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test(expected = UnknownAccountException.class)
|
|
|
|
|
public void testAuthenticationWithUknownUser()
|
|
|
|
|
{
|
|
|
|
|
User trillian = createSampleUser();
|
|
|
|
|
ScmRealm realm = createRealm(trillian);
|
|
|
|
|
|
|
|
|
|
realm.getAuthenticationInfo(token("marvin", trillian.getPassword()));
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:37:49 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthorizationAdminPermissions()
|
|
|
|
|
{
|
|
|
|
|
User trillian = createSampleUser();
|
|
|
|
|
|
|
|
|
|
trillian.setAdmin(true);
|
|
|
|
|
|
|
|
|
|
AuthorizationInfo ai = authorizationInfo(trillian);
|
|
|
|
|
Collection<Permission> permissions = ai.getObjectPermissions();
|
|
|
|
|
|
|
|
|
|
assertNotNull(permissions);
|
|
|
|
|
assertFalse(permissions.isEmpty());
|
|
|
|
|
assertEquals(1, permissions.size());
|
|
|
|
|
//J-
|
|
|
|
|
assertTrue(
|
|
|
|
|
permissions.contains(new RepositoryPermission("*", PermissionType.OWNER))
|
|
|
|
|
);
|
|
|
|
|
//J+
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:20:47 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthorizationAdminRoles()
|
|
|
|
|
{
|
|
|
|
|
User trillian = createSampleUser();
|
|
|
|
|
|
|
|
|
|
trillian.setAdmin(true);
|
|
|
|
|
|
|
|
|
|
AuthorizationInfo aci = authorizationInfo(trillian);
|
|
|
|
|
Collection<String> roles = aci.getRoles();
|
|
|
|
|
|
|
|
|
|
assertNotNull(roles);
|
|
|
|
|
assertEquals(2, roles.size());
|
|
|
|
|
assertTrue(roles.contains(Role.ADMIN));
|
|
|
|
|
assertTrue(roles.contains(Role.USER));
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:37:49 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthorizationDefaultUserPermissions()
|
|
|
|
|
{
|
|
|
|
|
User trillian = createSampleUser();
|
|
|
|
|
|
|
|
|
|
AuthorizationInfo ai = authorizationInfo(trillian);
|
|
|
|
|
Collection<Permission> permissions = ai.getObjectPermissions();
|
|
|
|
|
|
|
|
|
|
assertNotNull(permissions);
|
|
|
|
|
assertTrue(permissions.isEmpty());
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:20:47 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthorizationUserRoles()
|
|
|
|
|
{
|
|
|
|
|
AuthorizationInfo aci = authorizationInfo(createSampleUser());
|
|
|
|
|
Collection<String> roles = aci.getRoles();
|
|
|
|
|
|
|
|
|
|
assertNotNull(roles);
|
|
|
|
|
assertEquals(1, roles.size());
|
|
|
|
|
assertEquals(Role.USER, roles.iterator().next());
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:03:19 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test(expected = AccountException.class)
|
|
|
|
|
public void testFailedAuthentication()
|
|
|
|
|
{
|
|
|
|
|
User trillian = createSampleUser();
|
|
|
|
|
ScmRealm realm = createRealm(trillian);
|
|
|
|
|
|
|
|
|
|
realm.getAuthenticationInfo(token(trillian.getId(), "hobbo"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testSimpleAuthentication()
|
|
|
|
|
{
|
|
|
|
|
User trillian = createSampleUser();
|
|
|
|
|
|
2013-01-31 16:37:49 +01:00
|
|
|
//J-
|
|
|
|
|
ScmRealm realm = createRealm(
|
|
|
|
|
trillian,
|
|
|
|
|
ImmutableSet.of("g1", "g2"),
|
|
|
|
|
ImmutableSet.of(new Group("xml", "g3"), new Group("xml", "g4")),
|
|
|
|
|
null
|
|
|
|
|
);
|
|
|
|
|
//J+
|
2013-01-31 16:03:19 +01:00
|
|
|
AuthenticationInfo ai = realm.getAuthenticationInfo(token(trillian));
|
|
|
|
|
|
|
|
|
|
assertNotNull(ai);
|
|
|
|
|
|
|
|
|
|
PrincipalCollection collection = ai.getPrincipals();
|
|
|
|
|
|
|
|
|
|
assertNotNull(collection);
|
|
|
|
|
assertFalse(collection.isEmpty());
|
|
|
|
|
|
|
|
|
|
assertEquals(trillian.getId(), collection.getPrimaryPrincipal());
|
|
|
|
|
assertEquals(trillian, collection.oneByType(User.class));
|
|
|
|
|
|
|
|
|
|
GroupNames groups = collection.oneByType(GroupNames.class);
|
|
|
|
|
|
|
|
|
|
assertNotNull(groups);
|
|
|
|
|
assertFalse(groups.getCollection().isEmpty());
|
2013-01-31 16:37:49 +01:00
|
|
|
assertEquals(4, groups.getCollection().size());
|
|
|
|
|
assertThat(groups, containsInAnyOrder("g1", "g2", "g3", "g4"));
|
2013-01-31 16:03:19 +01:00
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:20:47 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param user
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private AuthorizationInfo authorizationInfo(User user)
|
|
|
|
|
{
|
|
|
|
|
ScmRealm realm = createRealm(user);
|
|
|
|
|
AuthenticationInfo aui = realm.getAuthenticationInfo(token(user));
|
|
|
|
|
AuthorizationInfo aci = realm.doGetAuthorizationInfo(aui.getPrincipals());
|
|
|
|
|
|
|
|
|
|
assertNotNull(aci);
|
|
|
|
|
|
|
|
|
|
return aci;
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:03:19 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param user
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private ScmRealm createRealm(User user)
|
|
|
|
|
{
|
2013-01-31 16:37:49 +01:00
|
|
|
return createRealm(user, null, null, null);
|
2013-01-31 16:03:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param user
|
2013-01-31 16:37:49 +01:00
|
|
|
* @param authenticationGroups
|
|
|
|
|
* @param dbGroups
|
|
|
|
|
* @param repositories
|
2013-01-31 16:03:19 +01:00
|
|
|
* @return
|
|
|
|
|
*/
|
2013-01-31 16:37:49 +01:00
|
|
|
private ScmRealm createRealm(User user,
|
|
|
|
|
Collection<String> authenticationGroups, Collection<Group> dbGroups,
|
|
|
|
|
Collection<Repository> repositories)
|
2013-01-31 16:03:19 +01:00
|
|
|
{
|
|
|
|
|
UserManager userManager = mock(UserManager.class);
|
|
|
|
|
GroupManager groupManager = mock(GroupManager.class);
|
2013-01-31 16:37:49 +01:00
|
|
|
|
|
|
|
|
if (dbGroups != null)
|
|
|
|
|
{
|
|
|
|
|
when(groupManager.getGroupsForMember(user.getId())).thenReturn(dbGroups);
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:03:19 +01:00
|
|
|
RepositoryDAO repositoryDAO = mock(RepositoryDAO.class);
|
2013-01-31 16:37:49 +01:00
|
|
|
|
|
|
|
|
if (repositories != null)
|
|
|
|
|
{
|
|
|
|
|
when(repositoryDAO.getAll()).thenReturn(repositories);
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 16:03:19 +01:00
|
|
|
UserDAO userDAO = mock(UserDAO.class);
|
|
|
|
|
|
|
|
|
|
when(userDAO.get(user.getId())).thenReturn(user);
|
|
|
|
|
|
|
|
|
|
HttpSession session = mock(HttpSession.class);
|
|
|
|
|
|
|
|
|
|
final HttpServletRequest request = mock(HttpServletRequest.class);
|
|
|
|
|
|
|
|
|
|
when(request.getSession(true)).thenReturn(session);
|
|
|
|
|
|
|
|
|
|
Provider<HttpServletRequest> requestProvider =
|
|
|
|
|
new Provider<HttpServletRequest>()
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public HttpServletRequest get()
|
|
|
|
|
{
|
|
|
|
|
return request;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
final HttpServletResponse response = mock(HttpServletResponse.class);
|
|
|
|
|
Provider<HttpServletResponse> responseProvider =
|
|
|
|
|
new Provider<HttpServletResponse>()
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public HttpServletResponse get()
|
|
|
|
|
{
|
|
|
|
|
return response;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
//J-
|
|
|
|
|
AuthenticationManager authManager = mock(AuthenticationManager.class);
|
|
|
|
|
|
|
|
|
|
when(
|
|
|
|
|
authManager.authenticate(
|
|
|
|
|
eq(requestProvider.get()),
|
|
|
|
|
eq(responseProvider.get()),
|
|
|
|
|
eq(user.getId()),
|
|
|
|
|
eq(user.getPassword())
|
|
|
|
|
)
|
|
|
|
|
).thenReturn(
|
2013-01-31 16:37:49 +01:00
|
|
|
new AuthenticationResult(user, authenticationGroups, AuthenticationState.SUCCESS)
|
2013-01-31 16:03:19 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
when(
|
|
|
|
|
authManager.authenticate(
|
|
|
|
|
eq(requestProvider.get()),
|
|
|
|
|
eq(responseProvider.get()),
|
|
|
|
|
eq(user.getId()),
|
|
|
|
|
argThat(
|
|
|
|
|
not(user.getPassword())
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
).thenReturn(
|
|
|
|
|
AuthenticationResult.FAILED
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
when(
|
|
|
|
|
authManager.authenticate(
|
|
|
|
|
eq(requestProvider.get()),
|
|
|
|
|
eq(responseProvider.get()),
|
|
|
|
|
argThat(
|
|
|
|
|
not(user.getName())
|
|
|
|
|
),
|
|
|
|
|
anyString()
|
|
|
|
|
)
|
|
|
|
|
).thenReturn(
|
|
|
|
|
AuthenticationResult.NOT_FOUND
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return new ScmRealm(
|
|
|
|
|
new ScmConfiguration(),
|
|
|
|
|
new MapCacheManager(),
|
|
|
|
|
userManager,
|
|
|
|
|
groupManager,
|
|
|
|
|
repositoryDAO,
|
|
|
|
|
userDAO,
|
|
|
|
|
authManager,
|
|
|
|
|
requestProvider,
|
|
|
|
|
responseProvider
|
|
|
|
|
);
|
|
|
|
|
//J+
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private User createSampleUser()
|
|
|
|
|
{
|
|
|
|
|
User trillian = UserTestData.createTrillian();
|
|
|
|
|
|
|
|
|
|
trillian.setPassword("moppo123");
|
|
|
|
|
|
|
|
|
|
return trillian;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param user
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private AuthenticationToken token(User user)
|
|
|
|
|
{
|
|
|
|
|
return new UsernamePasswordToken(user.getId(), user.getPassword());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param username
|
|
|
|
|
* @param password
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private AuthenticationToken token(String username, String password)
|
|
|
|
|
{
|
|
|
|
|
return new UsernamePasswordToken(username, password);
|
|
|
|
|
}
|
|
|
|
|
}
|
