mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-02-22 06:26:56 +01:00
Merge branch 'develop' into feature/user_converter
This commit is contained in:
Eduard Heimbuch
@@ -96,6 +96,15 @@ class ApiKeyRealmTest {
|
||||
assertThrows(AuthorizationException.class, () -> realm.doGetAuthenticationInfo(token));
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldIgnoreTokensWithDots() {
|
||||
BearerToken token = valueOf("this.is.no.api.token");
|
||||
|
||||
boolean supports = realm.supports(token);
|
||||
|
||||
assertThat(supports).isFalse();
|
||||
}
|
||||
|
||||
void verifyScopeSet(String... permissions) {
|
||||
verify(authenticationInfoBuilder).withScope(argThat(scope -> {
|
||||
assertThat(scope).containsExactly(permissions);
|
||||
|
||||
@@ -61,4 +61,11 @@ class ApiKeyTokenHandlerTest {
|
||||
|
||||
assertThat(token).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldParseRealWorldExample() {
|
||||
Optional<ApiKeyTokenHandler.Token> token = handler.readToken("eyJhcGlLZXlJZCI6IkE2U0ROWmV0MjEiLCJ1c2VyIjoiaG9yc3QiLCJwYXNzcGhyYXNlIjoiWGNKQ01PMnZuZ1JaOEhVU21BSVoifQ");
|
||||
|
||||
assertThat(token).get().extracting("user").isEqualTo("horst");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -40,6 +40,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static sonia.scm.security.BearerToken.valueOf;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link BearerRealm}.
|
||||
@@ -96,4 +97,13 @@ class BearerRealmTest {
|
||||
void shouldThrowIllegalArgumentExceptionForWrongTypeOfToken() {
|
||||
assertThrows(IllegalArgumentException.class, () -> realm.doGetAuthenticationInfo(new UsernamePasswordToken()));
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldIgnoreTokensWithoutDot() {
|
||||
BearerToken token = valueOf("this-is-no-jwt-token");
|
||||
|
||||
boolean supports = realm.supports(token);
|
||||
|
||||
assertThat(supports).isFalse();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
package sonia.scm.update.repository;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.junit.jupiter.api.io.TempDir;
|
||||
@@ -77,63 +78,81 @@ class PublicFlagUpdateStepTest {
|
||||
//prepare backup xml
|
||||
V1RepositoryFileSystem.createV1Home(tempDir);
|
||||
Files.move(tempDir.resolve("config").resolve("repositories.xml"), tempDir.resolve("config").resolve("repositories.xml.v1.backup"));
|
||||
when(repositoryDAO.get((String) any())).thenReturn(REPOSITORY);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldDeleteOldAnonymousUserIfExists() throws JAXBException {
|
||||
User anonymous = new User("anonymous");
|
||||
when(userDAO.getAll()).thenReturn(Collections.singleton(anonymous));
|
||||
doReturn(anonymous).when(userDAO).get("anonymous");
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO).delete(anonymous);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotTryToDeleteOldAnonymousUserIfNotExists() throws JAXBException {
|
||||
when(userDAO.getAll()).thenReturn(Collections.emptyList());
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO, never()).delete(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldCreateNewAnonymousUserIfNotExists() throws JAXBException {
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
when(userDAO.getAll()).thenReturn(Collections.singleton(new User("trillian")));
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO).add(SCMContext.ANONYMOUS);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotCreateNewAnonymousUserIfAlreadyExists() throws JAXBException {
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
when(userDAO.getAll()).thenReturn(Collections.singleton(new User("_anonymous")));
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO, never()).add(SCMContext.ANONYMOUS);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldMigratePublicFlagToAnonymousRepositoryPermission() throws JAXBException {
|
||||
void shouldNotFailForDeletedRepository() throws JAXBException {
|
||||
when(userDAO.getAll()).thenReturn(Collections.emptyList());
|
||||
when(userDAO.get("_anonymous")).thenReturn(SCMContext.ANONYMOUS);
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(repositoryDAO, times(2)).modify(repositoryCaptor.capture());
|
||||
verify(repositoryDAO, never()).modify(any());
|
||||
}
|
||||
|
||||
RepositoryPermission migratedRepositoryPermission = repositoryCaptor.getValue().getPermissions().iterator().next();
|
||||
assertThat(migratedRepositoryPermission.getName()).isEqualTo(SCMContext.USER_ANONYMOUS);
|
||||
assertThat(migratedRepositoryPermission.getRole()).isEqualTo("READ");
|
||||
assertThat(migratedRepositoryPermission.isGroupPermission()).isFalse();
|
||||
@Nested
|
||||
class WithExistingRepository {
|
||||
|
||||
@BeforeEach
|
||||
void mockRepository() {
|
||||
when(repositoryDAO.get((String) any())).thenReturn(REPOSITORY);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldDeleteOldAnonymousUserIfExists() throws JAXBException {
|
||||
User anonymous = new User("anonymous");
|
||||
when(userDAO.getAll()).thenReturn(Collections.singleton(anonymous));
|
||||
doReturn(anonymous).when(userDAO).get("anonymous");
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO).delete(anonymous);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotTryToDeleteOldAnonymousUserIfNotExists() throws JAXBException {
|
||||
when(userDAO.getAll()).thenReturn(Collections.emptyList());
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO, never()).delete(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldCreateNewAnonymousUserIfNotExists() throws JAXBException {
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
when(userDAO.getAll()).thenReturn(Collections.singleton(new User("trillian")));
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO).add(SCMContext.ANONYMOUS);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotCreateNewAnonymousUserIfAlreadyExists() throws JAXBException {
|
||||
doReturn(SCMContext.ANONYMOUS).when(userDAO).get(SCMContext.USER_ANONYMOUS);
|
||||
when(userDAO.getAll()).thenReturn(Collections.singleton(new User("_anonymous")));
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(userDAO, never()).add(SCMContext.ANONYMOUS);
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldMigratePublicFlagToAnonymousRepositoryPermission() throws JAXBException {
|
||||
when(userDAO.getAll()).thenReturn(Collections.emptyList());
|
||||
when(userDAO.get("_anonymous")).thenReturn(SCMContext.ANONYMOUS);
|
||||
|
||||
updateStep.doUpdate();
|
||||
|
||||
verify(repositoryDAO, times(2)).modify(repositoryCaptor.capture());
|
||||
|
||||
RepositoryPermission migratedRepositoryPermission = repositoryCaptor.getValue().getPermissions().iterator().next();
|
||||
assertThat(migratedRepositoryPermission.getName()).isEqualTo(SCMContext.USER_ANONYMOUS);
|
||||
assertThat(migratedRepositoryPermission.getRole()).isEqualTo("READ");
|
||||
assertThat(migratedRepositoryPermission.isGroupPermission()).isFalse();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
package sonia.scm.web.security;
|
||||
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
@@ -52,6 +52,7 @@ import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static sonia.scm.security.BearerToken.valueOf;
|
||||
|
||||
@ExtendWith({MockitoExtension.class})
|
||||
class TokenRefreshFilterTest {
|
||||
@@ -103,7 +104,7 @@ class TokenRefreshFilterTest {
|
||||
|
||||
@Test
|
||||
void shouldNotRefreshNonJwtToken() throws IOException, ServletException {
|
||||
BearerToken token = mock(BearerToken.class);
|
||||
BearerToken token = createValidToken();
|
||||
JwtAccessToken jwtToken = mock(JwtAccessToken.class);
|
||||
when(tokenGenerator.createToken(request)).thenReturn(token);
|
||||
when(resolver.resolve(token)).thenReturn(jwtToken);
|
||||
@@ -116,7 +117,7 @@ class TokenRefreshFilterTest {
|
||||
|
||||
@Test
|
||||
void shouldRefreshIfRefreshable() throws IOException, ServletException {
|
||||
BearerToken token = mock(BearerToken.class);
|
||||
BearerToken token = createValidToken();
|
||||
JwtAccessToken jwtToken = mock(JwtAccessToken.class);
|
||||
JwtAccessToken newJwtToken = mock(JwtAccessToken.class);
|
||||
when(tokenGenerator.createToken(request)).thenReturn(token);
|
||||
@@ -128,4 +129,8 @@ class TokenRefreshFilterTest {
|
||||
verify(issuer).authenticate(request, response, newJwtToken);
|
||||
verify(filterChain).doFilter(request, response);
|
||||
}
|
||||
|
||||
BearerToken createValidToken() {
|
||||
return valueOf("some.jwt.token");
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user