Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-11 16:05:44 +01:00
Code Issues Packages Projects Releases Activity

Test things

Browse Source
This commit is contained in:
René Pfeuffer
2018-12-01 20:46:05 +01:00
parent 80ce5af12a
commit e30d32f1cd
2 changed files with 130 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
scm-webapp/src/main/java/sonia/scm/web/security/TokenRefreshFilter.java
View File

@@ -21,8 +21,12 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.Optional;
import java.util.Set; import java.util.Set;
import static java.util.Optional.empty;
import static java.util.Optional.of;
@Priority(Filters.PRIORITY_POST_AUTHENTICATION) @Priority(Filters.PRIORITY_POST_AUTHENTICATION)
@WebElement(value = Filters.PATTERN_RESTAPI, @WebElement(value = Filters.PATTERN_RESTAPI,
morePatterns = { Filters.PATTERN_DEBUG }) morePatterns = { Filters.PATTERN_DEBUG })
@@ -31,15 +35,13 @@ public class TokenRefreshFilter extends HttpFilter {
private static final Logger LOG = LoggerFactory.getLogger(TokenRefreshFilter.class); private static final Logger LOG = LoggerFactory.getLogger(TokenRefreshFilter.class);
private final Set<WebTokenGenerator> tokenGenerators; private final Set<WebTokenGenerator> tokenGenerators;
private final AccessTokenCookieIssuer cookieIssuer;
private final JwtAccessTokenRefresher refresher; private final JwtAccessTokenRefresher refresher;
private final AccessTokenResolver resolver; private final AccessTokenResolver resolver;
private final AccessTokenCookieIssuer issuer; private final AccessTokenCookieIssuer issuer;
@Inject @Inject
public TokenRefreshFilter(Set<WebTokenGenerator> tokenGenerators, AccessTokenCookieIssuer cookieIssuer, JwtAccessTokenRefresher refresher, AccessTokenResolver resolver, AccessTokenCookieIssuer issuer) { public TokenRefreshFilter(Set<WebTokenGenerator> tokenGenerators, JwtAccessTokenRefresher refresher, AccessTokenResolver resolver, AccessTokenCookieIssuer issuer) {
this.tokenGenerators = tokenGenerators; this.tokenGenerators = tokenGenerators;
this.cookieIssuer = cookieIssuer;
this.refresher = refresher; this.refresher = refresher;
this.resolver = resolver; this.resolver = resolver;
this.issuer = issuer; this.issuer = issuer;
@@ -47,29 +49,30 @@ public class TokenRefreshFilter extends HttpFilter {
@Override @Override
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
AuthenticationToken token = createToken(request); extractToken(request).ifPresent(token -> examineToken(request, response, token));
if (token != null && token instanceof BearerToken) { chain.doFilter(request, response);
AccessToken accessToken = resolver.resolve((BearerToken) token); }
if (accessToken instanceof JwtAccessToken) {
refresher.refresh((JwtAccessToken) accessToken) private Optional<BearerToken> extractToken(HttpServletRequest request) {
.ifPresent(jwtAccessToken -> refreshToken(request, response, jwtAccessToken)); for (WebTokenGenerator generator : tokenGenerators) {
AuthenticationToken token = generator.createToken(request);
if (token instanceof BearerToken) {
return of((BearerToken) token);
} }
} }
chain.doFilter(request, response); return empty();
}
private void examineToken(HttpServletRequest request, HttpServletResponse response, BearerToken token) {
AccessToken accessToken = resolver.resolve(token);
if (accessToken instanceof JwtAccessToken) {
refresher.refresh((JwtAccessToken) accessToken)
.ifPresent(jwtAccessToken -> refreshToken(request, response, jwtAccessToken));
}
} }
private void refreshToken(HttpServletRequest request, HttpServletResponse response, JwtAccessToken jwtAccessToken) { private void refreshToken(HttpServletRequest request, HttpServletResponse response, JwtAccessToken jwtAccessToken) {
LOG.debug("refreshing authentication token"); LOG.debug("refreshing authentication token");
issuer.authenticate(request, response, jwtAccessToken); issuer.authenticate(request, response, jwtAccessToken);
} }
private AuthenticationToken createToken(HttpServletRequest request) {
for (WebTokenGenerator generator : tokenGenerators) {
AuthenticationToken token = generator.createToken(request);
if (token != null) {
return token;
}
}
return null;
}
} }

107
scm-webapp/src/test/java/sonia/scm/web/security/TokenRefreshFilterTest.java Normal file
View File

@@ -0,0 +1,107 @@
package sonia.scm.web.security;
import org.apache.shiro.authc.AuthenticationToken;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.security.AccessTokenCookieIssuer;
import sonia.scm.security.AccessTokenResolver;
import sonia.scm.security.BearerToken;
import sonia.scm.security.JwtAccessToken;
import sonia.scm.security.JwtAccessTokenRefresher;
import sonia.scm.web.WebTokenGenerator;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Set;
import static java.util.Collections.singleton;
import static java.util.Optional.of;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ExtendWith({MockitoExtension.class})
class TokenRefreshFilterTest {
@Mock
private Set<WebTokenGenerator> tokenGenerators;
@Mock
private WebTokenGenerator tokenGenerator;
@Mock
private JwtAccessTokenRefresher refresher;
@Mock
private AccessTokenResolver resolver;
@Mock
private AccessTokenCookieIssuer issuer;
@InjectMocks
private TokenRefreshFilter filter;
@Mock
private HttpServletRequest request;
@Mock
private HttpServletResponse response;
@Mock
private FilterChain filterChain;
@BeforeEach
void initGenerators() {
when(tokenGenerators.iterator()).thenReturn(singleton(tokenGenerator).iterator());
}
@Test
void shouldContinueChain() throws IOException, ServletException {
filter.doFilter(request, response, filterChain);
verify(filterChain).doFilter(request, response);
verify(issuer, never()).authenticate(any(), any(), any());
}
@Test
void shouldNotRefreshNonBearerToken() throws IOException, ServletException {
AuthenticationToken token = mock(AuthenticationToken.class);
when(tokenGenerator.createToken(request)).thenReturn(token);
filter.doFilter(request, response, filterChain);
verify(issuer, never()).authenticate(any(), any(), any());
verify(filterChain).doFilter(request, response);
}
@Test
void shouldNotRefreshNonJwtToken() throws IOException, ServletException {
BearerToken token = mock(BearerToken.class);
JwtAccessToken jwtToken = mock(JwtAccessToken.class);
when(tokenGenerator.createToken(request)).thenReturn(token);
when(resolver.resolve(token)).thenReturn(jwtToken);
filter.doFilter(request, response, filterChain);
verify(issuer, never()).authenticate(any(), any(), any());
verify(filterChain).doFilter(request, response);
}
@Test
void shouldRefreshIfRefreshable() throws IOException, ServletException {
BearerToken token = mock(BearerToken.class);
JwtAccessToken jwtToken = mock(JwtAccessToken.class);
JwtAccessToken newJwtToken = mock(JwtAccessToken.class);
when(tokenGenerator.createToken(request)).thenReturn(token);
when(resolver.resolve(token)).thenReturn(jwtToken);
when(refresher.refresh(jwtToken)).thenReturn(of(newJwtToken));
filter.doFilter(request, response, filterChain);
verify(issuer).authenticate(request, response, newJwtToken);
verify(filterChain).doFilter(request, response);
}
}