private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof OAuth2IdentityProvider) { handleOAuth2Provider(response, request, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Not an OAuth2IdentityProvider: %s", provider.getClass())); } } catch (AuthenticationException e) { oauth2Parameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oauth2Parameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oauth2Parameters.delete(request, response); handleError(e, response, format("Fail to callback authentication with '%s'", provider.getKey())); } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse, CALLBACK_PATH); if (provider != null) { handleProvider(httpRequest, (HttpServletResponse) response, provider); } }
@Test public void fail_when_no_oauth2_provider_provided() throws Exception { when(request.getRequestURI()).thenReturn("/oauth2/callback"); underTest.doFilter(request, response, chain); assertError("No provider key found in URI"); verifyZeroInteractions(authenticationEvent); }
@Test public void do_get_pattern() { assertThat(underTest.doGetPattern()).isNotNull(); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; IdentityProvider provider = resolveProviderOrHandleResponse(httpRequest, httpResponse, CALLBACK_PATH); if (provider != null) { handleProvider(httpRequest, (HttpServletResponse) response, provider); } }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof OAuth2IdentityProvider) { handleOAuth2Provider(response, request, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Not an OAuth2IdentityProvider: %s", provider.getClass())); } } catch (AuthenticationException e) { oauth2Parameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oauth2Parameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oauth2Parameters.delete(request, response); handleError(e, response, format("Fail to callback authentication with '%s'", provider.getKey())); } }
@Test public void redirect_with_context_path_when_failing_because_of_UnauthorizedExceptionException() throws Exception { when(server.getContextPath()).thenReturn("/sonarqube"); FailWithUnauthorizedExceptionIdProvider identityProvider = new FailWithUnauthorizedExceptionIdProvider(); when(request.getRequestURI()).thenReturn("/sonarqube/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sonarqube/sessions/unauthorized?message=Email+john%40email.com+is+already+used"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void fail_on_disabled_provider() throws Exception { when(request.getRequestURI()).thenReturn("/oauth2/callback/" + OAUTH2_PROVIDER_KEY); identityProviderRepository.addIdentityProvider(new FakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, false)); underTest.doFilter(request, response, chain); assertError("Failed to retrieve IdentityProvider for key 'github'"); verifyZeroInteractions(authenticationEvent); }
@Test public void redirect_when_failing_because_of_Exception() throws Exception { FailWithIllegalStateException identityProvider = new FailWithIllegalStateException(); when(request.getRequestURI()).thenReturn("/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sessions/unauthorized"); assertThat(logTester.logs(LoggerLevel.WARN)).containsExactlyInAnyOrder("Fail to callback authentication with 'failing'"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void fail_on_not_oauth2_provider() throws Exception { String providerKey = "openid"; when(request.getRequestURI()).thenReturn("/oauth2/callback/" + providerKey); identityProviderRepository.addIdentityProvider(new FakeBasicIdentityProvider(providerKey, true)); underTest.doFilter(request, response, chain); assertError("Not an OAuth2IdentityProvider: class org.sonar.server.authentication.FakeBasicIdentityProvider"); verifyZeroInteractions(authenticationEvent); }
@Test public void do_filter_with_context() { when(server.getContextPath()).thenReturn("/sonarqube"); when(request.getRequestURI()).thenReturn("/sonarqube/oauth2/callback/" + OAUTH2_PROVIDER_KEY); identityProviderRepository.addIdentityProvider(oAuth2IdentityProvider); underTest.doFilter(request, response, chain); assertCallbackCalled(oAuth2IdentityProvider); verify(authenticationEvent).loginSuccess(request, LOGIN, Source.oauth2(oAuth2IdentityProvider)); }
@Test public void do_filter_on_auth2_identity_provider() { when(request.getRequestURI()).thenReturn("/oauth2/callback/" + OAUTH2_PROVIDER_KEY); identityProviderRepository.addIdentityProvider(oAuth2IdentityProvider); underTest.doFilter(request, response, chain); assertCallbackCalled(oAuth2IdentityProvider); verify(authenticationEvent).loginSuccess(request, LOGIN, Source.oauth2(oAuth2IdentityProvider)); }
@Test public void redirect_when_failing_because_of_UnauthorizedExceptionException() throws Exception { FailWithUnauthorizedExceptionIdProvider identityProvider = new FailWithUnauthorizedExceptionIdProvider(); when(request.getRequestURI()).thenReturn("/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sessions/unauthorized?message=Email+john%40email.com+is+already+used"); verify(authenticationEvent).loginFailure(eq(request), authenticationExceptionCaptor.capture()); AuthenticationException authenticationException = authenticationExceptionCaptor.getValue(); assertThat(authenticationException).hasMessage("Email john@email.com is already used"); assertThat(authenticationException.getSource()).isEqualTo(Source.oauth2(identityProvider)); assertThat(authenticationException.getLogin()).isNull(); assertThat(authenticationException.getPublicMessage()).isEqualTo("Email john@email.com is already used"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void redirect_when_failing_because_of_EmailAlreadyExistException() throws Exception { UserDto existingUser = newUserDto().setEmail("john@email.com").setExternalLogin("john.bitbucket").setExternalIdentityProvider("bitbucket"); FailWithEmailAlreadyExistException identityProvider = new FailWithEmailAlreadyExistException(existingUser); when(request.getRequestURI()).thenReturn("/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sessions/email_already_exists?email=john%40email.com&login=john.github&provider=failing&existingLogin=john.bitbucket&existingProvider=bitbucket"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void do_filter_with_context_no_log_if_provider_did_not_call_authenticate_on_context() { when(server.getContextPath()).thenReturn("/sonarqube"); when(request.getRequestURI()).thenReturn("/sonarqube/oauth2/callback/" + OAUTH2_PROVIDER_KEY); FakeOAuth2IdentityProvider identityProvider = new FakeOAuth2IdentityProvider(OAUTH2_PROVIDER_KEY, true); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); assertCallbackCalled(identityProvider); verify(authenticationEvent).loginFailure(eq(request), authenticationExceptionCaptor.capture()); AuthenticationException authenticationException = authenticationExceptionCaptor.getValue(); assertThat(authenticationException).hasMessage("Plugin did not call authenticate"); assertThat(authenticationException.getSource()).isEqualTo(Source.oauth2(identityProvider)); assertThat(authenticationException.getLogin()).isNull(); assertThat(authenticationException.getPublicMessage()).isNull(); }