mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-09 23:15:43 +01:00
Merge with 2.0.0-m3
This commit is contained in:
René Pfeuffer
@@ -0,0 +1,186 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.apache.shiro.util.ThreadContext;
|
||||
import org.assertj.core.util.Lists;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.mockito.junit.jupiter.MockitoSettings;
|
||||
import org.mockito.quality.Strictness;
|
||||
import sonia.scm.group.GroupNames;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.user.UserPermissions;
|
||||
import sonia.scm.user.UserTestData;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
class MeDtoFactoryTest {
|
||||
|
||||
private final URI baseUri = URI.create("https://scm.hitchhiker.com/scm/");
|
||||
|
||||
@Mock
|
||||
private UserManager userManager;
|
||||
|
||||
@Mock
|
||||
private Subject subject;
|
||||
|
||||
private MeDtoFactory meDtoFactory;
|
||||
|
||||
@BeforeEach
|
||||
void setUpContext() {
|
||||
ThreadContext.bind(subject);
|
||||
ResourceLinks resourceLinks = ResourceLinksMock.createMock(baseUri);
|
||||
meDtoFactory = new MeDtoFactory(resourceLinks, userManager);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void unbindSubject() {
|
||||
ThreadContext.unbindSubject();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldCreateMeDtoFromUser() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getName()).isEqualTo("trillian");
|
||||
assertThat(dto.getDisplayName()).isEqualTo("Tricia McMillan");
|
||||
assertThat(dto.getMail()).isEqualTo("tricia.mcmillan@hitchhiker.com");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldCreateMeDtoWithEmptyGroups() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getGroups()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldCreateMeDtoWithGroups() {
|
||||
prepareSubject(UserTestData.createTrillian(), "HeartOfGold", "Puzzle42");
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getGroups()).containsOnly("HeartOfGold", "Puzzle42");
|
||||
}
|
||||
|
||||
private void prepareSubject(User user, String... groups) {
|
||||
PrincipalCollection collection = mock(PrincipalCollection.class);
|
||||
when(subject.getPrincipals()).thenReturn(collection);
|
||||
when(collection.oneByType(any(Class.class))).then(ic -> {
|
||||
Class<?> type = ic.getArgument(0);
|
||||
if (type.isAssignableFrom(User.class)) {
|
||||
return user;
|
||||
} else if (type.isAssignableFrom(GroupNames.class)) {
|
||||
return new GroupNames(Lists.newArrayList(groups));
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldAppendSelfLink() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("self").get().getHref()).isEqualTo("https://scm.hitchhiker.com/scm/v2/me/");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldAppendDeleteLink() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
when(subject.isPermitted("user:delete:trillian")).thenReturn(true);
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("delete").get().getHref()).isEqualTo("https://scm.hitchhiker.com/scm/v2/users/trillian");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotAppendDeleteLink() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("delete")).isNotPresent();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldAppendUpdateLink() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
when(subject.isPermitted("user:modify:trillian")).thenReturn(true);
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("update").get().getHref()).isEqualTo("https://scm.hitchhiker.com/scm/v2/users/trillian");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotAppendUpdateLink() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("update")).isNotPresent();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldGetPasswordLinkOnlyForDefaultUserType() {
|
||||
User user = UserTestData.createTrillian();
|
||||
prepareSubject(user);
|
||||
|
||||
when(subject.isPermitted("user:changePassword:trillian")).thenReturn(true);
|
||||
when(userManager.isTypeDefault(user)).thenReturn(true);
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("password").get().getHref()).isEqualTo("https://scm.hitchhiker.com/scm/v2/me/password");
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotGetPasswordLinkWithoutPermision() {
|
||||
User user = UserTestData.createTrillian();
|
||||
prepareSubject(user);
|
||||
|
||||
when(userManager.isTypeDefault(user)).thenReturn(true);
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotGetPasswordLinkForNonDefaultUsers() {
|
||||
User user = UserTestData.createTrillian();
|
||||
prepareSubject(user);
|
||||
|
||||
when(subject.isPermitted("user:changePassword:trillian")).thenReturn(true);
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldAppendLinks() {
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
|
||||
LinkEnricherRegistry registry = new LinkEnricherRegistry();
|
||||
meDtoFactory.setRegistry(registry);
|
||||
|
||||
registry.register(Me.class, (ctx, appender) -> {
|
||||
User user = ctx.oneRequireByType(User.class);
|
||||
appender.appendOne("profile", "http://hitchhiker.com/users/" + user.getName());
|
||||
});
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("profile").get().getHref()).isEqualTo("http://hitchhiker.com/users/trillian");
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -2,12 +2,14 @@ package sonia.scm.api.v2.resources;
|
||||
|
||||
import com.github.sdorra.shiro.ShiroRule;
|
||||
import com.github.sdorra.shiro.SubjectAware;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.authc.credential.PasswordService;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.jboss.resteasy.core.Dispatcher;
|
||||
import org.jboss.resteasy.mock.MockHttpRequest;
|
||||
import org.jboss.resteasy.mock.MockHttpResponse;
|
||||
import org.junit.Before;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
@@ -19,7 +21,6 @@ import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
|
||||
import javax.lang.model.util.Types;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
@@ -27,11 +28,7 @@ import java.net.URISyntaxException;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.doNothing;
|
||||
import static org.mockito.Mockito.doThrow;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.mockito.MockitoAnnotations.initMocks;
|
||||
import static sonia.scm.api.v2.resources.DispatcherMock.createDispatcher;
|
||||
|
||||
@@ -57,7 +54,7 @@ public class MeResourceTest {
|
||||
private UserManager userManager;
|
||||
|
||||
@InjectMocks
|
||||
private MeToUserDtoMapperImpl userToDtoMapper;
|
||||
private MeDtoFactory meDtoFactory;
|
||||
|
||||
private ArgumentCaptor<User> userCaptor = ArgumentCaptor.forClass(User.class);
|
||||
|
||||
@@ -66,7 +63,7 @@ public class MeResourceTest {
|
||||
private User originalUser;
|
||||
|
||||
@Before
|
||||
public void prepareEnvironment() throws Exception {
|
||||
public void prepareEnvironment() {
|
||||
initMocks(this);
|
||||
originalUser = createDummyUser("trillian");
|
||||
when(userManager.create(userCaptor.capture())).thenAnswer(invocation -> invocation.getArguments()[0]);
|
||||
@@ -74,17 +71,18 @@ public class MeResourceTest {
|
||||
doNothing().when(userManager).delete(userCaptor.capture());
|
||||
when(userManager.isTypeDefault(userCaptor.capture())).thenCallRealMethod();
|
||||
when(userManager.getDefaultType()).thenReturn("xml");
|
||||
MeResource meResource = new MeResource(userToDtoMapper, userManager, passwordService);
|
||||
MeResource meResource = new MeResource(meDtoFactory, userManager, passwordService);
|
||||
when(uriInfo.getApiRestUri()).thenReturn(URI.create("/"));
|
||||
when(scmPathInfoStore.get()).thenReturn(uriInfo);
|
||||
dispatcher = createDispatcher(meResource);
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldReturnCurrentlyAuthenticatedUser() throws URISyntaxException {
|
||||
applyUserToSubject(originalUser);
|
||||
|
||||
MockHttpRequest request = MockHttpRequest.get("/" + MeResource.ME_PATH_V2);
|
||||
request.accept(VndMediaType.USER);
|
||||
request.accept(VndMediaType.ME);
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
@@ -95,8 +93,17 @@ public class MeResourceTest {
|
||||
assertTrue(response.getContentAsString().contains("\"delete\":{\"href\":\"/v2/users/trillian\"}"));
|
||||
}
|
||||
|
||||
private void applyUserToSubject(User user) {
|
||||
// use spy here to keep applied permissions from ShiroRule
|
||||
Subject subject = spy(SecurityUtils.getSubject());
|
||||
PrincipalCollection collection = mock(PrincipalCollection.class);
|
||||
when(collection.getPrimaryPrincipal()).thenReturn(user.getName());
|
||||
when(subject.getPrincipals()).thenReturn(collection);
|
||||
when(collection.oneByType(User.class)).thenReturn(user);
|
||||
shiro.setSubject(subject);
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldEncryptPasswordBeforeChanging() throws Exception {
|
||||
String newPassword = "pwd123";
|
||||
String encryptedNewPassword = "encrypted123";
|
||||
@@ -124,7 +131,6 @@ public class MeResourceTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldGet400OnMissingOldPassword() throws Exception {
|
||||
originalUser.setType("not an xml type");
|
||||
String newPassword = "pwd123";
|
||||
@@ -141,7 +147,6 @@ public class MeResourceTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldGet400OnMissingEmptyPassword() throws Exception {
|
||||
String newPassword = "pwd123";
|
||||
String oldPassword = "";
|
||||
@@ -158,7 +163,6 @@ public class MeResourceTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldMapExceptionFromManager() throws Exception {
|
||||
String newPassword = "pwd123";
|
||||
String oldPassword = "secret";
|
||||
|
||||
@@ -1,151 +0,0 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.apache.shiro.subject.support.SubjectThreadState;
|
||||
import org.apache.shiro.util.ThreadContext;
|
||||
import org.apache.shiro.util.ThreadState;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.user.UserTestData;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.mockito.MockitoAnnotations.initMocks;
|
||||
|
||||
public class MeToUserDtoMapperTest {
|
||||
|
||||
private final URI baseUri = URI.create("http://example.com/base/");
|
||||
@SuppressWarnings("unused") // Is injected
|
||||
private final ResourceLinks resourceLinks = ResourceLinksMock.createMock(baseUri);
|
||||
|
||||
@Mock
|
||||
private UserManager userManager;
|
||||
|
||||
@InjectMocks
|
||||
private MeToUserDtoMapperImpl mapper;
|
||||
|
||||
private final Subject subject = mock(Subject.class);
|
||||
private final ThreadState subjectThreadState = new SubjectThreadState(subject);
|
||||
|
||||
private URI expectedBaseUri;
|
||||
private URI expectedUserBaseUri;
|
||||
|
||||
@Before
|
||||
public void init() {
|
||||
initMocks(this);
|
||||
when(userManager.getDefaultType()).thenReturn("xml");
|
||||
expectedBaseUri = baseUri.resolve(MeResource.ME_PATH_V2 + "/");
|
||||
expectedUserBaseUri = baseUri.resolve(UserRootResource.USERS_PATH_V2 + "/");
|
||||
subjectThreadState.bind();
|
||||
ThreadContext.bind(subject);
|
||||
}
|
||||
|
||||
@After
|
||||
public void unbindSubject() {
|
||||
ThreadContext.unbindSubject();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldMapTheUpdateLink() {
|
||||
User user = createDefaultUser();
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
|
||||
|
||||
UserDto userDto = mapper.map(user);
|
||||
assertEquals("expected update link", expectedUserBaseUri.resolve("abc").toString(), userDto.getLinks().getLinkBy("update").get().getHref());
|
||||
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(false);
|
||||
userDto = mapper.map(user);
|
||||
assertFalse("expected no update link", userDto.getLinks().getLinkBy("update").isPresent());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldMapTheSelfLink() {
|
||||
User user = createDefaultUser();
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
|
||||
|
||||
UserDto userDto = mapper.map(user);
|
||||
assertEquals("expected self link", expectedBaseUri.toString(), userDto.getLinks().getLinkBy("self").get().getHref());
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldMapTheDeleteLink() {
|
||||
User user = createDefaultUser();
|
||||
when(subject.isPermitted("user:delete:abc")).thenReturn(true);
|
||||
|
||||
UserDto userDto = mapper.map(user);
|
||||
assertEquals("expected update link", expectedUserBaseUri.resolve("abc").toString(), userDto.getLinks().getLinkBy("delete").get().getHref());
|
||||
|
||||
when(subject.isPermitted("user:delete:abc")).thenReturn(false);
|
||||
userDto = mapper.map(user);
|
||||
assertFalse("expected no delete link", userDto.getLinks().getLinkBy("delete").isPresent());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGetPasswordLinkOnlyForDefaultUserType() {
|
||||
User user = createDefaultUser();
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
|
||||
when(userManager.isTypeDefault(eq(user))).thenReturn(true);
|
||||
|
||||
UserDto userDto = mapper.map(user);
|
||||
|
||||
assertEquals("expected password link with modify permission", expectedBaseUri.resolve("password").toString(), userDto.getLinks().getLinkBy("password").get().getHref());
|
||||
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(false);
|
||||
userDto = mapper.map(user);
|
||||
assertEquals("expected password link on mission modify permission", expectedBaseUri.resolve("password").toString(), userDto.getLinks().getLinkBy("password").get().getHref());
|
||||
|
||||
when(userManager.isTypeDefault(eq(user))).thenReturn(false);
|
||||
|
||||
userDto = mapper.map(user);
|
||||
|
||||
assertFalse("expected no password link", userDto.getLinks().getLinkBy("password").isPresent());
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void shouldGetEmptyPasswordProperty() {
|
||||
User user = createDefaultUser();
|
||||
user.setPassword("myHighSecurePassword");
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
|
||||
|
||||
UserDto userDto = mapper.map(user);
|
||||
|
||||
assertThat(userDto.getPassword()).as("hide password for the me resource").isBlank();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldAppendLinks() {
|
||||
LinkEnricherRegistry registry = new LinkEnricherRegistry();
|
||||
registry.register(Me.class, (ctx, appender) -> {
|
||||
User user = ctx.oneRequireByType(User.class);
|
||||
appender.appendOne("profile", "http://hitchhiker.com/users/" + user.getName());
|
||||
});
|
||||
mapper.setRegistry(registry);
|
||||
|
||||
User trillian = UserTestData.createTrillian();
|
||||
UserDto dto = mapper.map(trillian);
|
||||
|
||||
assertEquals("http://hitchhiker.com/users/trillian", dto.getLinks().getLinkBy("profile").get().getHref());
|
||||
}
|
||||
|
||||
private User createDefaultUser() {
|
||||
User user = new User();
|
||||
user.setName("abc");
|
||||
user.setCreationDate(1L);
|
||||
return user;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -31,11 +31,15 @@
|
||||
|
||||
package sonia.scm.security;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.SimpleAuthenticationInfo;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Answers;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
@@ -43,6 +47,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.mockito.stubbing.Answer;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
@@ -65,6 +70,9 @@ class BearerRealmTest {
|
||||
@Mock
|
||||
private DAORealmHelper realmHelper;
|
||||
|
||||
@Mock
|
||||
private DAORealmHelper.AuthenticationInfoBuilder builder;
|
||||
|
||||
@Mock
|
||||
private AccessTokenResolver accessTokenResolver;
|
||||
|
||||
@@ -84,15 +92,19 @@ class BearerRealmTest {
|
||||
void shouldDoGetAuthentication() {
|
||||
BearerToken bearerToken = BearerToken.valueOf("__bearer__");
|
||||
AccessToken accessToken = mock(AccessToken.class);
|
||||
when(accessToken.getSubject()).thenReturn("trillian");
|
||||
when(accessToken.getClaims()).thenReturn(new HashMap<>());
|
||||
|
||||
Set<String> groups = ImmutableSet.of("HeartOfGold", "Puzzle42");
|
||||
|
||||
when(accessToken.getSubject()).thenReturn("trillian");
|
||||
when(accessToken.getGroups()).thenReturn(groups);
|
||||
when(accessToken.getClaims()).thenReturn(new HashMap<>());
|
||||
when(accessTokenResolver.resolve(bearerToken)).thenReturn(accessToken);
|
||||
|
||||
// we have to use answer, because we could not mock the result of Scopes
|
||||
when(realmHelper.getAuthenticationInfo(
|
||||
anyString(), anyString(), any(Scope.class)
|
||||
)).thenAnswer(createAnswer("trillian", "__bearer__", true));
|
||||
when(realmHelper.authenticationInfoBuilder("trillian")).thenReturn(builder);
|
||||
when(builder.withGroups(groups)).thenReturn(builder);
|
||||
when(builder.withCredentials("__bearer__")).thenReturn(builder);
|
||||
when(builder.withScope(any(Scope.class))).thenReturn(builder);
|
||||
when(builder.build()).thenReturn(authenticationInfo);
|
||||
|
||||
AuthenticationInfo result = realm.doGetAuthenticationInfo(bearerToken);
|
||||
assertThat(result).isSameAs(authenticationInfo);
|
||||
@@ -102,25 +114,4 @@ class BearerRealmTest {
|
||||
void shouldThrowIllegalArgumentExceptionForWrongTypeOfToken() {
|
||||
assertThrows(IllegalArgumentException.class, () -> realm.doGetAuthenticationInfo(new UsernamePasswordToken()));
|
||||
}
|
||||
|
||||
private Answer<AuthenticationInfo> createAnswer(String expectedSubject, String expectedCredentials, boolean scopeEmpty) {
|
||||
return (iom) -> {
|
||||
String subject = iom.getArgument(0);
|
||||
assertThat(subject).isEqualTo(expectedSubject);
|
||||
String credentials = iom.getArgument(1);
|
||||
assertThat(credentials).isEqualTo(expectedCredentials);
|
||||
Scope scope = iom.getArgument(2);
|
||||
assertThat(scope.isEmpty()).isEqualTo(scopeEmpty);
|
||||
|
||||
return authenticationInfo;
|
||||
};
|
||||
}
|
||||
|
||||
private class MyAnswer implements Answer<AuthenticationInfo> {
|
||||
|
||||
@Override
|
||||
public AuthenticationInfo answer(InvocationOnMock invocationOnMock) throws Throwable {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -33,6 +33,7 @@ package sonia.scm.security;
|
||||
|
||||
import com.github.sdorra.shiro.ShiroRule;
|
||||
import com.github.sdorra.shiro.SubjectAware;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.Lists;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
@@ -48,6 +49,7 @@ import org.mockito.Mockito;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import sonia.scm.cache.Cache;
|
||||
import sonia.scm.cache.CacheManager;
|
||||
import sonia.scm.config.ScmConfiguration;
|
||||
import sonia.scm.group.GroupNames;
|
||||
import sonia.scm.repository.PermissionType;
|
||||
import sonia.scm.repository.Repository;
|
||||
@@ -76,6 +78,8 @@ import static org.mockito.Mockito.when;
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class DefaultAuthorizationCollectorTest {
|
||||
|
||||
private ScmConfiguration configuration;
|
||||
|
||||
@Mock
|
||||
private Cache cache;
|
||||
|
||||
@@ -99,8 +103,38 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@Before
|
||||
public void setUp(){
|
||||
when(cacheManager.getCache(Mockito.any(String.class))).thenReturn(cache);
|
||||
configuration = new ScmConfiguration();
|
||||
collector = new DefaultAuthorizationCollector(configuration, cacheManager, repositoryDAO, securitySystem);
|
||||
}
|
||||
|
||||
collector = new DefaultAuthorizationCollector(cacheManager, repositoryDAO, securitySystem);
|
||||
@Test
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void shouldGetAdminPrivilegedByConfiguration() {
|
||||
configuration.setAdminUsers(ImmutableSet.of("trillian"));
|
||||
authenticate(UserTestData.createTrillian(), "main");
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertIsAdmin(authInfo);
|
||||
}
|
||||
|
||||
private void assertIsAdmin(AuthorizationInfo authInfo) {
|
||||
assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER, Role.ADMIN));
|
||||
assertThat(authInfo.getObjectPermissions(), nullValue());
|
||||
assertThat(authInfo.getStringPermissions(), Matchers.contains("*"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void shouldGetAdminPrivilegedByGroupConfiguration() {
|
||||
configuration.setAdminGroups(ImmutableSet.of("heartOfGold"));
|
||||
authenticate(UserTestData.createTrillian(), "heartOfGold");
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertIsAdmin(authInfo);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -142,7 +176,7 @@ public class DefaultAuthorizationCollectorTest {
|
||||
public void testCollectWithCache() {
|
||||
authenticate(UserTestData.createTrillian(), "main");
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
collector.collect();
|
||||
verify(cache).put(any(), any());
|
||||
}
|
||||
|
||||
@@ -176,9 +210,7 @@ public class DefaultAuthorizationCollectorTest {
|
||||
authenticate(trillian, "main");
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER, Role.ADMIN));
|
||||
assertThat(authInfo.getObjectPermissions(), nullValue());
|
||||
assertThat(authInfo.getStringPermissions(), Matchers.contains("*"));
|
||||
assertIsAdmin(authInfo);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -238,7 +270,7 @@ public class DefaultAuthorizationCollectorTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCollector#invalidateCache(sonia.scm.security.AuthorizationChangedEvent)}.
|
||||
* Tests {@link DefaultAuthorizationCollector#invalidateCache(sonia.scm.security.AuthorizationChangedEvent)}.
|
||||
*/
|
||||
@Test
|
||||
public void testInvalidateCache() {
|
||||
|
||||
@@ -47,8 +47,7 @@ import org.mockito.junit.MockitoJUnitRunner;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import static org.hamcrest.Matchers.isEmptyOrNullString;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.hamcrest.Matchers.*;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertThat;
|
||||
@@ -135,6 +134,7 @@ public class JwtAccessTokenBuilderTest {
|
||||
.issuer("https://www.scm-manager.org")
|
||||
.expiresIn(5, TimeUnit.SECONDS)
|
||||
.custom("a", "b")
|
||||
.groups("one", "two", "three")
|
||||
.scope(Scope.valueOf("repo:*"))
|
||||
.build();
|
||||
|
||||
@@ -161,5 +161,6 @@ public class JwtAccessTokenBuilderTest {
|
||||
assertEquals(token.getIssuer().get(), "https://www.scm-manager.org");
|
||||
assertEquals("b", token.getCustom("a").get());
|
||||
assertEquals("[\"repo:*\"]", token.getScope().toString());
|
||||
assertThat(token.getGroups(), containsInAnyOrder("one", "two", "three"));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user