Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-09 06:55:47 +01:00
Code Issues Packages Projects Releases Activity

fix handling of post authentication filters for protocol request

Browse Source 
do not call PushStateDispatcher in the HttpProtocolServletAuthenticationFilter,
because the HttpProtocolServlet already does this.
This commit is contained in:
Sebastian Sdorra
2019-03-12 13:58:46 +01:00
parent d54b5360e2
commit cd302a3768
2 changed files with 77 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scm-webapp/src/main/java/sonia/scm/web/filter/HttpProtocolServletAuthenticationFilter.java
View File

@@ -1,7 +1,6 @@
package sonia.scm.web.filter; package sonia.scm.web.filter;
import sonia.scm.Priority; import sonia.scm.Priority;
import sonia.scm.PushStateDispatcher;
import sonia.scm.config.ScmConfiguration; import sonia.scm.config.ScmConfiguration;
import sonia.scm.filter.Filters; import sonia.scm.filter.Filters;
import sonia.scm.filter.WebElement; import sonia.scm.filter.WebElement;
@@ -12,6 +11,8 @@ import sonia.scm.web.WebTokenGenerator;
import sonia.scm.web.protocol.HttpProtocolServlet; import sonia.scm.web.protocol.HttpProtocolServlet;
import javax.inject.Inject; import javax.inject.Inject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
@@ -21,25 +22,23 @@ import java.util.Set;
@WebElement(value = HttpProtocolServlet.PATTERN) @WebElement(value = HttpProtocolServlet.PATTERN)
public class HttpProtocolServletAuthenticationFilter extends AuthenticationFilter { public class HttpProtocolServletAuthenticationFilter extends AuthenticationFilter {
private final PushStateDispatcher dispatcher;
private final UserAgentParser userAgentParser; private final UserAgentParser userAgentParser;
@Inject @Inject
public HttpProtocolServletAuthenticationFilter( public HttpProtocolServletAuthenticationFilter(
ScmConfiguration configuration, ScmConfiguration configuration,
Set<WebTokenGenerator> tokenGenerators, Set<WebTokenGenerator> tokenGenerators,
PushStateDispatcher dispatcher,
UserAgentParser userAgentParser) { UserAgentParser userAgentParser) {
super(configuration, tokenGenerators); super(configuration, tokenGenerators);
this.dispatcher = dispatcher;
this.userAgentParser = userAgentParser; this.userAgentParser = userAgentParser;
} }
@Override @Override
protected void sendUnauthorizedError(HttpServletRequest request, HttpServletResponse response) throws IOException { protected void handleUnauthorized(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
UserAgent userAgent = userAgentParser.parse(request); UserAgent userAgent = userAgentParser.parse(request);
if (userAgent.isBrowser()) { if (userAgent.isBrowser()) {
dispatcher.dispatch(request, response, request.getRequestURI()); // we can proceed the filter chain because the HttpProtocolServlet will render the ui if the client is a browser
chain.doFilter(request, response);
} else { } else {
HttpUtil.sendUnauthorized(request, response); HttpUtil.sendUnauthorized(request, response);
} }

72
scm-webapp/src/test/java/sonia/scm/web/filter/HttpProtocolServletAuthenticationFilterTest.java Normal file
View File

@@ -0,0 +1,72 @@
package sonia.scm.web.filter;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.util.HttpUtil;
import sonia.scm.web.UserAgent;
import sonia.scm.web.UserAgentParser;
import sonia.scm.web.WebTokenGenerator;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
class HttpProtocolServletAuthenticationFilterTest {
private ScmConfiguration configuration = new ScmConfiguration();
private Set<WebTokenGenerator> tokenGenerators = Collections.emptySet();
@Mock
private UserAgentParser userAgentParser;
private HttpProtocolServletAuthenticationFilter authenticationFilter;
@Mock
private HttpServletRequest request;
@Mock
private HttpServletResponse response;
@Mock
private FilterChain filterChain;
private UserAgent nonBrowser = UserAgent.builder("i'm not a browser").browser(false).build();
private UserAgent browser = UserAgent.builder("i am a browser").browser(true).build();
@BeforeEach
void setUpObjectUnderTest() {
authenticationFilter = new HttpProtocolServletAuthenticationFilter(configuration, tokenGenerators, userAgentParser);
}
@Test
void shouldSendUnauthorized() throws IOException, ServletException {
when(userAgentParser.parse(request)).thenReturn(nonBrowser);
authenticationFilter.handleUnauthorized(request, response, filterChain);
verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED, HttpUtil.STATUS_UNAUTHORIZED_MESSAGE);
}
@Test
void shouldCallFilterChain() throws IOException, ServletException {
when(userAgentParser.parse(request)).thenReturn(browser);
authenticationFilter.handleUnauthorized(request, response, filterChain);
verify(filterChain).doFilter(request, response);
}
}