@Override public void redirectToRequestedPage() { try { Optional<String> redirectTo = oAuthParameters.getReturnTo(request); oAuthParameters.delete(request, response); getResponse().sendRedirect(redirectTo.orElse(server.getContextPath() + "/")); } catch (IOException e) { throw new IllegalStateException("Fail to redirect to requested page", e); } }
@Test public void get_allowEmailShift_parameter() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"allowEmailShift\":\"true\"}")}); Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request); assertThat(allowEmailShift).isNotEmpty(); assertThat(allowEmailShift.get()).isTrue(); }
@Test public void getAllowUpdateLogin() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"allowUpdateLogin\":\"true\"}")}); Optional<Boolean> allowLoginUpdate = underTest.getAllowUpdateLogin(request); assertThat(allowLoginUpdate).isNotEmpty(); assertThat(allowLoginUpdate.get()).isTrue(); }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof BaseIdentityProvider) { handleBaseIdentityProvider(request, response, (BaseIdentityProvider) provider); } else if (provider instanceof OAuth2IdentityProvider) { oAuthOAuth2AuthenticationParameters.init(request, response); handleOAuth2IdentityProvider(request, response, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Unsupported IdentityProvider class: %s", provider.getClass())); } } catch (AuthenticationException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oAuthOAuth2AuthenticationParameters.delete(request, response); handleError(e, response, format("Fail to initialize authentication with provider '%s'", provider.getKey())); } }
private void verifyDeleteAuthCookie() { verify(auth2AuthenticationParameters).delete(eq(request), eq(response)); }
@Override public void authenticate(UserIdentity userIdentity) { Boolean allowEmailShift = oAuthParameters.getAllowEmailShift(request).orElse(false); Boolean allowUpdateLogin = oAuthParameters.getAllowUpdateLogin(request).orElse(false); UserDto userDto = userRegistrar.register( UserRegistration.builder() .setUserIdentity(userIdentity) .setProvider(identityProvider) .setSource(AuthenticationEvent.Source.oauth2(identityProvider)) .setExistingEmailStrategy(allowEmailShift ? ExistingEmailStrategy.ALLOW : ExistingEmailStrategy.WARN) .setUpdateLoginStrategy(allowUpdateLogin ? UpdateLoginStrategy.ALLOW : UpdateLoginStrategy.WARN) .build()); jwtHttpHandler.generateToken(userDto, request, response); threadLocalUserSession.set(userSessionFactory.create(userDto)); } }
@Test public void init_does_not_create_cookie_when_parameters_are_null() { when(request.getParameter("return_to")).thenReturn(null); when(request.getParameter("allowEmailShift")).thenReturn(null); when(request.getParameter("allowUpdateLogin")).thenReturn(null); underTest.init(request, response); verify(response, never()).addCookie(any(Cookie.class)); }
@Test public void get_return_to_parameter() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")}); Optional<String> redirection = underTest.getReturnTo(request); assertThat(redirection).isNotEmpty(); assertThat(redirection.get()).isEqualTo("/settings"); }
@Test public void delete() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")}); underTest.delete(request, response); verify(response).addCookie(cookieArgumentCaptor.capture()); Cookie updatedCookie = cookieArgumentCaptor.getValue(); assertThat(updatedCookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME); assertThat(updatedCookie.getValue()).isNull(); assertThat(updatedCookie.getPath()).isEqualTo("/"); assertThat(updatedCookie.getMaxAge()).isEqualTo(0); } }
@Override public void authenticate(UserIdentity userIdentity) { Boolean allowEmailShift = oAuthParameters.getAllowEmailShift(request).orElse(false); Boolean allowUpdateLogin = oAuthParameters.getAllowUpdateLogin(request).orElse(false); UserDto userDto = userIdentityAuthenticator.authenticate( UserIdentityAuthenticatorParameters.builder() .setUserIdentity(userIdentity) .setProvider(identityProvider) .setSource(AuthenticationEvent.Source.oauth2(identityProvider)) .setExistingEmailStrategy(allowEmailShift ? ExistingEmailStrategy.ALLOW : ExistingEmailStrategy.WARN) .setUpdateLoginStrategy(allowUpdateLogin ? UpdateLoginStrategy.ALLOW : UpdateLoginStrategy.WARN) .build()); jwtHttpHandler.generateToken(userDto, request, response); threadLocalUserSession.set(userSessionFactory.create(userDto)); } }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof BaseIdentityProvider) { handleBaseIdentityProvider(request, response, (BaseIdentityProvider) provider); } else if (provider instanceof OAuth2IdentityProvider) { oAuthOAuth2AuthenticationParameters.init(request, response); handleOAuth2IdentityProvider(request, response, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Unsupported IdentityProvider class: %s", provider.getClass())); } } catch (AuthenticationException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oAuthOAuth2AuthenticationParameters.delete(request, response); handleError(e, response, format("Fail to initialize authentication with provider '%s'", provider.getKey())); } }
@Test public void init_does_not_create_cookie_when_no_parameter() { underTest.init(request, response); verify(response, never()).addCookie(any(Cookie.class)); }
@Test public void get_return_to_is_empty_when_no_value() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")}); Optional<String> redirection = underTest.getReturnTo(request); assertThat(redirection).isEmpty(); }
@Test public void delete_oauth2_parameters_during_redirection() { when(oAuthParameters.getReturnTo(request)).thenReturn(Optional.of("/settings")); when(server.getContextPath()).thenReturn(""); OAuth2IdentityProvider.CallbackContext callback = newCallbackContext(); callback.redirectToRequestedPage(); verify(oAuthParameters).delete(eq(request), eq(response)); }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof OAuth2IdentityProvider) { handleOAuth2Provider(response, request, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Not an OAuth2IdentityProvider: %s", provider.getClass())); } } catch (AuthenticationException e) { oauth2Parameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oauth2Parameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oauth2Parameters.delete(request, response); handleError(e, response, format("Fail to callback authentication with '%s'", provider.getKey())); } }
@Test public void init_does_not_create_cookie_when_parameters_are_empty() { when(request.getParameter("return_to")).thenReturn(""); when(request.getParameter("allowEmailShift")).thenReturn(""); when(request.getParameter("allowUpdateLogin")).thenReturn(""); underTest.init(request, response); verify(response, never()).addCookie(any(Cookie.class)); }
@Test public void get_return_to_is_empty_when_no_cookie() { when(request.getCookies()).thenReturn(new Cookie[] {}); Optional<String> redirection = underTest.getReturnTo(request); assertThat(redirection).isEmpty(); }
@Test public void get_allowEmailShift_is_empty_when_no_value() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")}); Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request); assertThat(allowEmailShift).isEmpty(); }
@Test public void getAllowUpdateLogin_is_empty_when_no_value() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")}); Optional<Boolean> allowLoginUpdate = underTest.getAllowUpdateLogin(request); assertThat(allowLoginUpdate).isEmpty(); }
@Override public void redirectToRequestedPage() { try { Optional<String> redirectTo = oAuthParameters.getReturnTo(request); oAuthParameters.delete(request, response); getResponse().sendRedirect(redirectTo.orElse(server.getContextPath() + "/")); } catch (IOException e) { throw new IllegalStateException("Fail to redirect to requested page", e); } }