mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-02-01 04:09:08 +01:00
remove GroupNames and ExternalGroupNames in favor of GroupCollector
This commit is contained in:
Eduard Heimbuch
@@ -1,9 +1,9 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.apache.shiro.util.ThreadContext;
|
||||
import org.assertj.core.util.Lists;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -12,7 +12,7 @@ import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.mockito.junit.jupiter.MockitoSettings;
|
||||
import org.mockito.quality.Strictness;
|
||||
import sonia.scm.group.GroupNames;
|
||||
import sonia.scm.group.GroupCollector;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.user.UserTestData;
|
||||
@@ -20,7 +20,6 @@ import sonia.scm.user.UserTestData;
|
||||
import java.net.URI;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@@ -33,6 +32,9 @@ class MeDtoFactoryTest {
|
||||
@Mock
|
||||
private UserManager userManager;
|
||||
|
||||
@Mock
|
||||
private GroupCollector groupCollector;
|
||||
|
||||
@Mock
|
||||
private Subject subject;
|
||||
|
||||
@@ -42,7 +44,7 @@ class MeDtoFactoryTest {
|
||||
void setUpContext() {
|
||||
ThreadContext.bind(subject);
|
||||
ResourceLinks resourceLinks = ResourceLinksMock.createMock(baseUri);
|
||||
meDtoFactory = new MeDtoFactory(resourceLinks, userManager);
|
||||
meDtoFactory = new MeDtoFactory(resourceLinks, userManager, groupCollector);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
@@ -69,24 +71,16 @@ class MeDtoFactoryTest {
|
||||
|
||||
@Test
|
||||
void shouldCreateMeDtoWithGroups() {
|
||||
prepareSubject(UserTestData.createTrillian(), "HeartOfGold", "Puzzle42");
|
||||
when(groupCollector.collect("trillian")).thenReturn(ImmutableSet.of("HeartOfGold", "Puzzle42"));
|
||||
prepareSubject(UserTestData.createTrillian());
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getGroups()).containsOnly("HeartOfGold", "Puzzle42");
|
||||
}
|
||||
|
||||
private void prepareSubject(User user, String... groups) {
|
||||
private void prepareSubject(User user) {
|
||||
PrincipalCollection collection = mock(PrincipalCollection.class);
|
||||
when(subject.getPrincipals()).thenReturn(collection);
|
||||
when(collection.oneByType(any(Class.class))).then(ic -> {
|
||||
Class<?> type = ic.getArgument(0);
|
||||
if (type.isAssignableFrom(User.class)) {
|
||||
return user;
|
||||
} else if (type.isAssignableFrom(GroupNames.class)) {
|
||||
return new GroupNames(Lists.newArrayList(groups));
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
});
|
||||
when(collection.oneByType(User.class)).thenReturn(user);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -33,6 +33,7 @@ package sonia.scm.security;
|
||||
|
||||
import com.github.sdorra.shiro.ShiroRule;
|
||||
import com.github.sdorra.shiro.SubjectAware;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.Lists;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
@@ -49,7 +50,7 @@ import org.mockito.Mockito;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import sonia.scm.cache.Cache;
|
||||
import sonia.scm.cache.CacheManager;
|
||||
import sonia.scm.group.GroupNames;
|
||||
import sonia.scm.group.GroupCollector;
|
||||
import sonia.scm.repository.Repository;
|
||||
import sonia.scm.repository.RepositoryDAO;
|
||||
import sonia.scm.repository.RepositoryPermission;
|
||||
@@ -58,8 +59,6 @@ import sonia.scm.repository.RepositoryTestData;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserTestData;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
import static java.util.Arrays.asList;
|
||||
import static java.util.Collections.singletonList;
|
||||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
@@ -96,6 +95,9 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@Mock
|
||||
private RepositoryPermissionProvider repositoryPermissionProvider;
|
||||
|
||||
@Mock
|
||||
private GroupCollector groupCollector;
|
||||
|
||||
private DefaultAuthorizationCollector collector;
|
||||
|
||||
@Rule
|
||||
@@ -107,7 +109,7 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@Before
|
||||
public void setUp(){
|
||||
when(cacheManager.getCache(Mockito.any(String.class))).thenReturn(cache);
|
||||
collector = new DefaultAuthorizationCollector(cacheManager, repositoryDAO, securitySystem, repositoryPermissionProvider);
|
||||
collector = new DefaultAuthorizationCollector(cacheManager, repositoryDAO, securitySystem, repositoryPermissionProvider, groupCollector);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -290,9 +292,13 @@ public class DefaultAuthorizationCollectorTest {
|
||||
SimplePrincipalCollection spc = new SimplePrincipalCollection();
|
||||
spc.add(user.getName(), "unit");
|
||||
spc.add(user, "unit");
|
||||
spc.add(new GroupNames(group, groups), "unit");
|
||||
Subject subject = new Subject.Builder().authenticated(true).principals(spc).buildSubject();
|
||||
shiro.setSubject(subject);
|
||||
|
||||
ImmutableSet.Builder<String> builder = ImmutableSet.builder();
|
||||
builder.add(group);
|
||||
builder.add(groups);
|
||||
when(groupCollector.collect(user.getName())).thenReturn(builder.build());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -36,8 +36,6 @@ package sonia.scm.security;
|
||||
//~--- non-JDK imports --------------------------------------------------------
|
||||
|
||||
import com.google.common.collect.Collections2;
|
||||
import com.google.common.collect.Lists;
|
||||
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authc.DisabledAccountException;
|
||||
@@ -45,43 +43,44 @@ import org.apache.shiro.authc.IncorrectCredentialsException;
|
||||
import org.apache.shiro.authc.UnknownAccountException;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.apache.shiro.authc.credential.DefaultPasswordService;
|
||||
import org.apache.shiro.crypto.hash.DefaultHashService;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.SimplePrincipalCollection;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
|
||||
import sonia.scm.group.Group;
|
||||
import sonia.scm.group.GroupDAO;
|
||||
import sonia.scm.group.GroupNames;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserDAO;
|
||||
import sonia.scm.user.UserTestData;
|
||||
|
||||
import static org.hamcrest.Matchers.*;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.Permission;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
import org.apache.shiro.authz.permission.WildcardPermissionResolver;
|
||||
import org.apache.shiro.crypto.hash.DefaultHashService;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.SimplePrincipalCollection;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import sonia.scm.group.GroupDAO;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserDAO;
|
||||
import sonia.scm.user.UserTestData;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.hamcrest.Matchers.allOf;
|
||||
import static org.hamcrest.Matchers.contains;
|
||||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
import static org.hamcrest.Matchers.hasItem;
|
||||
import static org.hamcrest.Matchers.hasSize;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.hamcrest.Matchers.nullValue;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -206,32 +205,6 @@ public class DefaultRealmTest
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*/
|
||||
@Test
|
||||
public void testGroupCollection()
|
||||
{
|
||||
User user = UserTestData.createTrillian();
|
||||
//J-
|
||||
List<Group> groups = Lists.newArrayList(
|
||||
new Group(DefaultRealm.REALM, "scm", user.getName()),
|
||||
new Group(DefaultRealm.REALM, "developers", "perfect")
|
||||
);
|
||||
//J+
|
||||
|
||||
when(groupDAO.getAll()).thenReturn(groups);
|
||||
|
||||
UsernamePasswordToken token = daoUser(user, "secret");
|
||||
AuthenticationInfo info = realm.getAuthenticationInfo(token);
|
||||
GroupNames groupNames = info.getPrincipals().oneByType(GroupNames.class);
|
||||
|
||||
assertNotNull(groupNames);
|
||||
assertThat(groupNames.getCollection(), hasSize(2));
|
||||
assertThat(groupNames, hasItems("scm", GroupNames.AUTHENTICATED));
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
@@ -251,12 +224,6 @@ public class DefaultRealmTest
|
||||
assertThat(collection.getRealmNames(), hasSize(1));
|
||||
assertThat(collection.getRealmNames(), hasItem(DefaultRealm.REALM));
|
||||
assertEquals(user, collection.oneByType(User.class));
|
||||
|
||||
GroupNames groups = collection.oneByType(GroupNames.class);
|
||||
|
||||
assertNotNull(groups);
|
||||
assertThat(groups.getCollection(), hasSize(1));
|
||||
assertThat(groups.getCollection(), hasItem(GroupNames.AUTHENTICATED));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -36,27 +36,25 @@ import com.github.sdorra.shiro.SubjectAware;
|
||||
import com.google.common.collect.Sets;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.apache.shiro.util.ThreadContext;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import sonia.scm.group.ExternalGroupNames;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import static org.hamcrest.Matchers.*;
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.hamcrest.Matchers.isEmptyOrNullString;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.Mockito.anyString;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
|
||||
|
||||
/**
|
||||
@@ -137,7 +135,6 @@ public class JwtAccessTokenBuilderTest {
|
||||
.issuer("https://www.scm-manager.org")
|
||||
.expiresIn(5, TimeUnit.SECONDS)
|
||||
.custom("a", "b")
|
||||
.groups("one", "two", "three")
|
||||
.scope(Scope.valueOf("repo:*"))
|
||||
.build();
|
||||
|
||||
@@ -154,36 +151,6 @@ public class JwtAccessTokenBuilderTest {
|
||||
assertClaims(new JwtAccessToken(claims, compact));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithExternalGroups() {
|
||||
applyExternalGroupsToSubject(true, "external");
|
||||
JwtAccessToken token = factory.create().subject("dent").build();
|
||||
assertArrayEquals(new String[]{"external"}, token.getCustom(JwtAccessToken.GROUPS_CLAIM_KEY).map(x -> (String[]) x).get());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithInternalGroups() {
|
||||
applyExternalGroupsToSubject(false, "external");
|
||||
JwtAccessToken token = factory.create().subject("dent").build();
|
||||
assertFalse(token.getCustom(JwtAccessToken.GROUPS_CLAIM_KEY).isPresent());
|
||||
}
|
||||
|
||||
private void applyExternalGroupsToSubject(boolean external, String... groups) {
|
||||
Subject subject = spy(SecurityUtils.getSubject());
|
||||
when(subject.getPrincipals()).thenAnswer(invocation -> enrichWithGroups(invocation, groups, external));
|
||||
shiro.setSubject(subject);
|
||||
}
|
||||
|
||||
private Object enrichWithGroups(InvocationOnMock invocation, String[] groups, boolean external) throws Throwable {
|
||||
PrincipalCollection principals = (PrincipalCollection) spy(invocation.callRealMethod());
|
||||
|
||||
List<String> groupCollection = Arrays.asList(groups);
|
||||
if (external) {
|
||||
when(principals.oneByType(ExternalGroupNames.class)).thenReturn(new ExternalGroupNames(groupCollection));
|
||||
}
|
||||
return principals;
|
||||
}
|
||||
|
||||
private void assertClaims(JwtAccessToken token){
|
||||
assertThat(token.getId(), not(isEmptyOrNullString()));
|
||||
assertNotNull( token.getIssuedAt() );
|
||||
@@ -194,6 +161,5 @@ public class JwtAccessTokenBuilderTest {
|
||||
assertEquals(token.getIssuer().get(), "https://www.scm-manager.org");
|
||||
assertEquals("b", token.getCustom("a").get());
|
||||
assertEquals("[\"repo:*\"]", token.getScope().toString());
|
||||
assertThat(token.getGroups(), containsInAnyOrder("one", "two", "three"));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user