@Override public void redirectToRequestedPage() { try { Optional<String> redirectTo = oAuthParameters.getReturnTo(request); oAuthParameters.delete(request, response); getResponse().sendRedirect(redirectTo.orElse(server.getContextPath() + "/")); } catch (IOException e) { throw new IllegalStateException("Fail to redirect to requested page", e); } }
private void verifyDeleteAuthCookie() { verify(auth2AuthenticationParameters).delete(eq(request), eq(response)); }
@Test public void delete() { when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")}); underTest.delete(request, response); verify(response).addCookie(cookieArgumentCaptor.capture()); Cookie updatedCookie = cookieArgumentCaptor.getValue(); assertThat(updatedCookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME); assertThat(updatedCookie.getValue()).isNull(); assertThat(updatedCookie.getPath()).isEqualTo("/"); assertThat(updatedCookie.getMaxAge()).isEqualTo(0); } }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof OAuth2IdentityProvider) { handleOAuth2Provider(response, request, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Not an OAuth2IdentityProvider: %s", provider.getClass())); } } catch (AuthenticationException e) { oauth2Parameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oauth2Parameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oauth2Parameters.delete(request, response); handleError(e, response, format("Fail to callback authentication with '%s'", provider.getKey())); } }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof BaseIdentityProvider) { handleBaseIdentityProvider(request, response, (BaseIdentityProvider) provider); } else if (provider instanceof OAuth2IdentityProvider) { oAuthOAuth2AuthenticationParameters.init(request, response); handleOAuth2IdentityProvider(request, response, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Unsupported IdentityProvider class: %s", provider.getClass())); } } catch (AuthenticationException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oAuthOAuth2AuthenticationParameters.delete(request, response); handleError(e, response, format("Fail to initialize authentication with provider '%s'", provider.getKey())); } }
@Test public void delete_oauth2_parameters_during_redirection() { when(oAuthParameters.getReturnTo(request)).thenReturn(Optional.of("/settings")); when(server.getContextPath()).thenReturn(""); OAuth2IdentityProvider.CallbackContext callback = newCallbackContext(); callback.redirectToRequestedPage(); verify(oAuthParameters).delete(eq(request), eq(response)); }
@Test public void redirect_with_context_path_when_failing_because_of_UnauthorizedExceptionException() throws Exception { when(server.getContextPath()).thenReturn("/sonarqube"); FailWithUnauthorizedExceptionIdProvider identityProvider = new FailWithUnauthorizedExceptionIdProvider(); when(request.getRequestURI()).thenReturn("/sonarqube/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sonarqube/sessions/unauthorized?message=Email+john%40email.com+is+already+used"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void redirect_when_failing_because_of_Exception() throws Exception { FailWithIllegalStateException identityProvider = new FailWithIllegalStateException(); when(request.getRequestURI()).thenReturn("/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sessions/unauthorized"); assertThat(logTester.logs(LoggerLevel.WARN)).containsExactlyInAnyOrder("Fail to callback authentication with 'failing'"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void redirect_when_failing_because_of_UnauthorizedExceptionException() throws Exception { FailWithUnauthorizedExceptionIdProvider identityProvider = new FailWithUnauthorizedExceptionIdProvider(); when(request.getRequestURI()).thenReturn("/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sessions/unauthorized?message=Email+john%40email.com+is+already+used"); verify(authenticationEvent).loginFailure(eq(request), authenticationExceptionCaptor.capture()); AuthenticationException authenticationException = authenticationExceptionCaptor.getValue(); assertThat(authenticationException).hasMessage("Email john@email.com is already used"); assertThat(authenticationException.getSource()).isEqualTo(Source.oauth2(identityProvider)); assertThat(authenticationException.getLogin()).isNull(); assertThat(authenticationException.getPublicMessage()).isEqualTo("Email john@email.com is already used"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void redirect_when_failing_because_of_EmailAlreadyExistException() throws Exception { UserDto existingUser = newUserDto().setEmail("john@email.com").setExternalLogin("john.bitbucket").setExternalIdentityProvider("bitbucket"); FailWithEmailAlreadyExistException identityProvider = new FailWithEmailAlreadyExistException(existingUser); when(request.getRequestURI()).thenReturn("/oauth2/callback/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sessions/email_already_exists?email=john%40email.com&login=john.github&provider=failing&existingLogin=john.bitbucket&existingProvider=bitbucket"); verify(oAuthRedirection).delete(eq(request), eq(response)); }
@Test public void redirect_when_failing_because_of_EmailAlreadyExistException() throws Exception { UserDto existingUser = newUserDto().setEmail("john@email.com").setExternalLogin("john.bitbucket").setExternalIdentityProvider("bitbucket"); FailWithEmailAlreadyExistException identityProvider = new FailWithEmailAlreadyExistException("failing", existingUser); when(request.getRequestURI()).thenReturn("/sessions/init/" + identityProvider.getKey()); identityProviderRepository.addIdentityProvider(identityProvider); underTest.doFilter(request, response, chain); verify(response).sendRedirect("/sessions/email_already_exists?email=john%40email.com&login=john.github&provider=failing&existingLogin=john.bitbucket&existingProvider=bitbucket"); verify(auth2AuthenticationParameters).delete(eq(request), eq(response)); }
@Override public void redirectToRequestedPage() { try { Optional<String> redirectTo = oAuthParameters.getReturnTo(request); oAuthParameters.delete(request, response); getResponse().sendRedirect(redirectTo.orElse(server.getContextPath() + "/")); } catch (IOException e) { throw new IllegalStateException("Fail to redirect to requested page", e); } }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof OAuth2IdentityProvider) { handleOAuth2Provider(response, request, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Not an OAuth2IdentityProvider: %s", provider.getClass())); } } catch (AuthenticationException e) { oauth2Parameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oauth2Parameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oauth2Parameters.delete(request, response); handleError(e, response, format("Fail to callback authentication with '%s'", provider.getKey())); } }
private void handleProvider(HttpServletRequest request, HttpServletResponse response, IdentityProvider provider) { try { if (provider instanceof BaseIdentityProvider) { handleBaseIdentityProvider(request, response, (BaseIdentityProvider) provider); } else if (provider instanceof OAuth2IdentityProvider) { oAuthOAuth2AuthenticationParameters.init(request, response); handleOAuth2IdentityProvider(request, response, (OAuth2IdentityProvider) provider); } else { handleError(response, format("Unsupported IdentityProvider class: %s", provider.getClass())); } } catch (AuthenticationException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); authenticationEvent.loginFailure(request, e); handleAuthenticationError(e, response, getContextPath()); } catch (RedirectionException e) { oAuthOAuth2AuthenticationParameters.delete(request, response); redirectTo(response, e.getPath(getContextPath())); } catch (Exception e) { oAuthOAuth2AuthenticationParameters.delete(request, response); handleError(e, response, format("Fail to initialize authentication with provider '%s'", provider.getKey())); } }