@Test public void authenticate_from_sso() { when(httpHeadersAuthentication.authenticate(request, response)).thenReturn(Optional.of(A_USER)); when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); assertThat(underTest.authenticate(request, response).getUuid()).isEqualTo(A_USER.getUuid()); verify(httpHeadersAuthentication).authenticate(request, response); verify(jwtHttpHandler, never()).validateToken(request, response); verify(response, never()).setStatus(anyInt()); }
@Test public void return_empty_if_not_authenticated() { when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); when(httpHeadersAuthentication.authenticate(request, response)).thenReturn(Optional.empty()); when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty()); UserSession session = underTest.authenticate(request, response); assertThat(session.isLoggedIn()).isFalse(); assertThat(session.getUuid()).isNull(); verify(response, never()).setStatus(anyInt()); }
@Test public void authenticate_from_jwt_token() { when(httpHeadersAuthentication.authenticate(request, response)).thenReturn(Optional.empty()); when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.of(A_USER)); assertThat(underTest.authenticate(request, response).getUuid()).isEqualTo(A_USER.getUuid()); verify(response, never()).setStatus(anyInt()); }
@Test public void authenticate_from_basic_header() { when(basicAuthentication.authenticate(request)).thenReturn(Optional.of(A_USER)); when(httpHeadersAuthentication.authenticate(request, response)).thenReturn(Optional.empty()); when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); assertThat(underTest.authenticate(request, response).getUuid()).isEqualTo(A_USER.getUuid()); verify(jwtHttpHandler).validateToken(request, response); verify(basicAuthentication).authenticate(request); verify(response, never()).setStatus(anyInt()); }
@Test public void does_not_authenticate_when_not_enabled() { startWithoutSso(); underTest.authenticate(createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUPS), response); verifyUserNotAuthenticated(); verifyZeroInteractions(jwtHttpHandler, authenticationEvent); }
@Test public void does_not_authenticate_when_no_header() { startWithSso(); setNotUserInToken(); underTest.authenticate(createRequest(Collections.emptyMap()), response); verifyUserNotAuthenticated(); verifyTokenIsNotUpdated(); verifyZeroInteractions(authenticationEvent); }
@Test public void does_not_update_user_when_user_is_in_token_and_refresh_time_is_close() { startWithSso(); UserDto user = insertUser(DEFAULT_USER, group1); setUserInToken(user, CLOSE_REFRESH_TIME); HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2); underTest.authenticate(request, response); // User is not updated verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1); verifyTokenIsNotUpdated(); verifyZeroInteractions(authenticationEvent); }
@Test public void trim_groups() { startWithSso(); setNotUserInToken(); HttpServletRequest request = createRequest(DEFAULT_LOGIN, null, null, " dev , admin "); underTest.authenticate(request, response); verifyUserInDb(DEFAULT_LOGIN, DEFAULT_LOGIN, null, group1, group2, sonarUsers); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void use_login_when_name_is_not_provided() { startWithSso(); setNotUserInToken(); HttpServletRequest request = createRequest(DEFAULT_LOGIN, null, null, null); underTest.authenticate(request, response); verifyUserInDb(DEFAULT_LOGIN, DEFAULT_LOGIN, null, sonarUsers); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void does_not_update_groups_when_no_group_headers() { startWithSso(); setNotUserInToken(); insertUser(DEFAULT_USER, group1, sonarUsers); HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, null); underTest.authenticate(request, response); verityUserGroups(DEFAULT_LOGIN, group1, sonarUsers); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void remove_groups_when_group_headers_is_empty() { startWithSso(); setNotUserInToken(); insertUser(DEFAULT_USER, group1); HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, ""); underTest.authenticate(request, response); verityUserHasNoGroup(DEFAULT_LOGIN); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void create_user_when_authenticating_new_user() { startWithSso(); setNotUserInToken(); HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUPS); underTest.authenticate(request, response); verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2, sonarUsers); verifyTokenIsUpdated(NOW); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void use_refresh_time_from_settings() { settings.setProperty("sonar.web.sso.refreshIntervalInMinutes", "10"); startWithSso(); UserDto user = insertUser(DEFAULT_USER, group1); // Refresh time was updated 6 minutes ago => less than 10 minutes ago so not updated setUserInToken(user, NOW - 6 * 60 * 1000L); HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2); underTest.authenticate(request, response); // User is not updated verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1); verifyTokenIsNotUpdated(); verifyZeroInteractions(authenticationEvent); }
@Test public void detect_group_header_even_with_wrong_case() { settings.setProperty("sonar.web.sso.loginHeader", "login"); settings.setProperty("sonar.web.sso.nameHeader", "name"); settings.setProperty("sonar.web.sso.emailHeader", "email"); settings.setProperty("sonar.web.sso.groupsHeader", "Groups"); startWithSso(); setNotUserInToken(); HttpServletRequest request = createRequest(ImmutableMap.of("login", DEFAULT_LOGIN, "name", DEFAULT_NAME, "email", DEFAULT_EMAIL, "groups", GROUPS)); underTest.authenticate(request, response); verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2, sonarUsers); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void update_user_when_user_in_token_but_no_refresh_time() { startWithSso(); UserDto user = insertUser(DEFAULT_USER, group1); setUserInToken(user, null); HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2); underTest.authenticate(request, response); // User is updated verifyUserInDb(DEFAULT_LOGIN, "new name", "new email", group2); verifyTokenIsUpdated(NOW); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void use_headers_from_settings() { settings.setProperty("sonar.web.sso.loginHeader", "head-login"); settings.setProperty("sonar.web.sso.nameHeader", "head-name"); settings.setProperty("sonar.web.sso.emailHeader", "head-email"); settings.setProperty("sonar.web.sso.groupsHeader", "head-groups"); startWithSso(); setNotUserInToken(); HttpServletRequest request = createRequest(ImmutableMap.of("head-login", DEFAULT_LOGIN, "head-name", DEFAULT_NAME, "head-email", DEFAULT_EMAIL, "head-groups", GROUPS)); underTest.authenticate(request, response); verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2, sonarUsers); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void update_user_when_login_from_token_is_different_than_login_from_request() { startWithSso(); insertUser(DEFAULT_USER, group1); setUserInToken(DEFAULT_USER, CLOSE_REFRESH_TIME); HttpServletRequest request = createRequest("AnotherLogin", "Another name", "Another email", GROUP2); underTest.authenticate(request, response); verifyUserInDb("AnotherLogin", "Another name", "Another email", group2, sonarUsers); verifyTokenIsUpdated(NOW); verify(authenticationEvent).loginSuccess(request, "AnotherLogin", Source.sso()); }
@Test public void update_user_when_user_in_token_but_refresh_time_is_old() { startWithSso(); UserDto user = insertUser(DEFAULT_USER, group1); // Refresh time was updated 6 minutes ago => more than 5 minutes setUserInToken(user, NOW - 6 * 60 * 1000L); HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2); underTest.authenticate(request, response); // User is updated verifyUserInDb(DEFAULT_LOGIN, "new name", "new email", group2); verifyTokenIsUpdated(NOW); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }
@Test public void throw_AuthenticationException_when_BadRequestException_is_generated() { startWithSso(); setNotUserInToken(); expectedException.expect(authenticationException().from(Source.sso()).withoutLogin().andNoPublicMessage()); expectedException.expectMessage("Use only letters, numbers, and .-_@ please."); try { underTest.authenticate(createRequest("invalid login", DEFAULT_NAME, DEFAULT_EMAIL, GROUPS), response); } finally { verifyZeroInteractions(authenticationEvent); } }
@Test public void update_user_when_authenticating_exiting_user() { startWithSso(); setNotUserInToken(); insertUser(newUserDto().setLogin(DEFAULT_LOGIN).setName("old name").setEmail("old email"), group1); // Name, email and groups are different HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUP2); underTest.authenticate(request, response); verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group2); verifyTokenIsUpdated(NOW); verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso()); }