Merge with 2.0.0-m3

2025-11-15 17:56:17 +01:00 · 2018-10-02 09:55:08 +02:00
parent 49ea7aeb17 371fd351c3
commit 348dd5eefe
33 changed files with 758 additions and 57 deletions
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexResourceTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexResourceTest.java
@@ -0,0 +1,115 @@
+package sonia.scm.api.v2.resources;
+
+import com.github.sdorra.shiro.ShiroRule;
+import com.github.sdorra.shiro.SubjectAware;
+import org.assertj.core.api.Assertions;
+import org.junit.Rule;
+import org.junit.Test;
+import sonia.scm.SCMContextProvider;
+
+import java.net.URI;
+import java.util.Optional;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+@SubjectAware(configuration = "classpath:sonia/scm/shiro-001.ini")
+public class IndexResourceTest {
+
+  @Rule
+  public final ShiroRule shiroRule = new ShiroRule();
+
+  private final SCMContextProvider scmContextProvider = mock(SCMContextProvider.class);
+  private final IndexDtoGenerator indexDtoGenerator = new IndexDtoGenerator(ResourceLinksMock.createMock(URI.create("/")), scmContextProvider);
+  private final IndexResource indexResource = new IndexResource(indexDtoGenerator);
+
+  @Test
+  public void shouldRenderLoginUrlsForUnauthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("login")).matches(Optional::isPresent);
+  }
+
+  @Test
+  public void shouldRenderSelfLinkForUnauthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("self")).matches(Optional::isPresent);
+  }
+
+  @Test
+  public void shouldRenderUiPluginsLinkForUnauthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("uiPlugins")).matches(Optional::isPresent);
+  }
+
+  @Test
+  @SubjectAware(username = "trillian", password = "secret")
+  public void shouldRenderSelfLinkForAuthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("self")).matches(Optional::isPresent);
+  }
+
+  @Test
+  @SubjectAware(username = "trillian", password = "secret")
+  public void shouldRenderUiPluginsLinkForAuthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("uiPlugins")).matches(Optional::isPresent);
+  }
+
+  @Test
+  @SubjectAware(username = "trillian", password = "secret")
+  public void shouldRenderMeUrlForAuthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("me")).matches(Optional::isPresent);
+  }
+
+  @Test
+  @SubjectAware(username = "trillian", password = "secret")
+  public void shouldRenderLogoutUrlForAuthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("logout")).matches(Optional::isPresent);
+  }
+
+  @Test
+  @SubjectAware(username = "trillian", password = "secret")
+  public void shouldRenderRepositoriesForAuthenticatedRequest() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("repositories")).matches(Optional::isPresent);
+  }
+
+  @Test
+  @SubjectAware(username = "trillian", password = "secret")
+  public void shouldNotRenderAdminLinksIfNotAuthorized() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("users")).matches(o -> !o.isPresent());
+    Assertions.assertThat(index.getLinks().getLinkBy("groups")).matches(o -> !o.isPresent());
+    Assertions.assertThat(index.getLinks().getLinkBy("config")).matches(o -> !o.isPresent());
+  }
+
+  @Test
+  @SubjectAware(username = "dent", password = "secret")
+  public void shouldRenderAdminLinksIfAuthorized() {
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getLinks().getLinkBy("users")).matches(Optional::isPresent);
+    Assertions.assertThat(index.getLinks().getLinkBy("groups")).matches(Optional::isPresent);
+    Assertions.assertThat(index.getLinks().getLinkBy("config")).matches(Optional::isPresent);
+  }
+
+  @Test
+  public void shouldGenerateVersion() {
+    when(scmContextProvider.getVersion()).thenReturn("v1");
+
+    IndexDto index = indexResource.getIndex();
+
+    Assertions.assertThat(index.getVersion()).isEqualTo("v1");
+  }
+}
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/ResourceLinksMock.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/ResourceLinksMock.java
@@ -34,6 +34,8 @@ public class ResourceLinksMock {
    when(resourceLinks.repositoryTypeCollection()).thenReturn(new ResourceLinks.RepositoryTypeCollectionLinks(uriInfo));
    when(resourceLinks.uiPluginCollection()).thenReturn(new ResourceLinks.UIPluginCollectionLinks(uriInfo));
    when(resourceLinks.uiPlugin()).thenReturn(new ResourceLinks.UIPluginLinks(uriInfo));
+    when(resourceLinks.authentication()).thenReturn(new ResourceLinks.AuthenticationLinks(uriInfo));
+    when(resourceLinks.index()).thenReturn(new ResourceLinks.IndexLinks(uriInfo));

    return resourceLinks;
  }
--- a/scm-webapp/src/test/java/sonia/scm/it/UserPermissionITCase.java
+++ b/scm-webapp/src/test/java/sonia/scm/it/UserPermissionITCase.java
@@ -37,6 +37,7 @@ package sonia.scm.it;

 import com.sun.jersey.api.client.ClientResponse;
 import de.otto.edison.hal.HalRepresentation;
+import org.junit.Assume;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import sonia.scm.api.rest.ObjectMapperProvider;
@@ -158,6 +159,7 @@ public class UserPermissionITCase extends AbstractPermissionITCaseBase<User>
  @Override
  protected void checkGetAllResponse(ClientResponse response)
  {
+    Assume.assumeTrue(credentials.getUsername() == null);
    if (!credentials.isAnonymous())
    {
      assertNotNull(response);
--- a/scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java
@@ -57,6 +57,7 @@ import sonia.scm.repository.RepositoryTestData;
 import sonia.scm.user.User;
 import sonia.scm.user.UserTestData;

+import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.nullValue;
@@ -160,7 +161,8 @@ public class DefaultAuthorizationCollectorTest {
    
    AuthorizationInfo authInfo = collector.collect();
    assertThat(authInfo.getRoles(), Matchers.contains(Role.USER));
-    assertThat(authInfo.getStringPermissions(), hasSize(0));
+    assertThat(authInfo.getStringPermissions(), hasSize(1));
+    assertThat(authInfo.getStringPermissions(), contains("user:read:trillian"));
    assertThat(authInfo.getObjectPermissions(), nullValue());
  }
  
@@ -207,7 +209,7 @@ public class DefaultAuthorizationCollectorTest {
    AuthorizationInfo authInfo = collector.collect();
    assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER));
    assertThat(authInfo.getObjectPermissions(), nullValue());
-    assertThat(authInfo.getStringPermissions(), containsInAnyOrder("repository:read,pull:one", "repository:read,pull,push:two"));
+    assertThat(authInfo.getStringPermissions(), containsInAnyOrder("repository:read,pull:one", "repository:read,pull,push:two", "user:read:trillian"));
  }
  
  /**
@@ -228,7 +230,7 @@ public class DefaultAuthorizationCollectorTest {
    AuthorizationInfo authInfo = collector.collect();
    assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER));
    assertThat(authInfo.getObjectPermissions(), nullValue());
-    assertThat(authInfo.getStringPermissions(), containsInAnyOrder("one:one", "two:two"));
+    assertThat(authInfo.getStringPermissions(), containsInAnyOrder("one:one", "two:two", "user:read:trillian"));
  }
  
  private void authenticate(User user, String group, String... groups) {