add anonymous mode for webclient / change footer and redirects if user is anonymous / add login button if user is anonymous

2026-05-07 11:05:28 +02:00 · 2020-08-03 17:41:40 +02:00
parent b926238e03
commit 4c9e96f7e2
21 changed files with 324 additions and 151 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IndexDtoGenerator.java
@@ -21,7 +21,7 @@
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
-    
+
 package sonia.scm.api.v2.resources;

 import com.google.common.base.Strings;
@@ -35,6 +35,7 @@ import sonia.scm.config.ConfigurationPermissions;
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.group.GroupPermissions;
 import sonia.scm.plugin.PluginPermissions;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.security.Authentications;
 import sonia.scm.security.PermissionPermissions;
 import sonia.scm.user.UserPermissions;
@@ -70,7 +71,7 @@ public class IndexDtoGenerator extends HalAppenderMapper {
      builder.single(link("loginInfo", loginInfoUrl));
    }

-    if (SecurityUtils.getSubject().isAuthenticated()) {
+    if (SecurityUtils.getSubject().isAuthenticated() && !Authentications.isAuthenticatedSubjectAnonymous() || isAnonymousAccess()) {
      builder.single(link("me", resourceLinks.me().self()));

      if (Authentications.isAuthenticatedSubjectAnonymous()) {
@@ -120,4 +121,8 @@ public class IndexDtoGenerator extends HalAppenderMapper {

    return new IndexDto(builder.build(), embeddedBuilder.build(), scmContextProvider.getVersion());
  }
+
+  private boolean isAnonymousAccess() {
+    return Authentications.isAuthenticatedSubjectAnonymous() && configuration.getAnonymousMode() == AnonymousMode.FULL;
+  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeDtoFactory.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeDtoFactory.java
@@ -83,14 +83,16 @@ public class MeDtoFactory extends HalAppenderMapper {

  private MeDto createDto(User user) {
    Links.Builder linksBuilder = linkingTo().self(resourceLinks.me().self());
-    if (UserPermissions.delete(user).isPermitted()) {
-      linksBuilder.single(link("delete", resourceLinks.me().delete(user.getName())));
-    }
-    if (UserPermissions.modify(user).isPermitted()) {
-      linksBuilder.single(link("update", resourceLinks.me().update(user.getName())));
-    }
-    if (userManager.isTypeDefault(user) && UserPermissions.changePassword(user).isPermitted() && !Authentications.isSubjectAnonymous(user.getName())) {
-      linksBuilder.single(link("password", resourceLinks.me().passwordChange()));
+    if (isNotAnonymous(user)) {
+      if (UserPermissions.delete(user).isPermitted()) {
+        linksBuilder.single(link("delete", resourceLinks.me().delete(user.getName())));
+      }
+      if (UserPermissions.modify(user).isPermitted()) {
+        linksBuilder.single(link("update", resourceLinks.me().update(user.getName())));
+      }
+      if (userManager.isTypeDefault(user) && UserPermissions.changePassword(user).isPermitted()) {
+        linksBuilder.single(link("password", resourceLinks.me().passwordChange()));
+      }
    }

    Embedded.Builder embeddedBuilder = embeddedBuilder();
@@ -99,4 +101,7 @@ public class MeDtoFactory extends HalAppenderMapper {
    return new MeDto(linksBuilder.build(), embeddedBuilder.build());
  }

+  private boolean isNotAnonymous(User user) {
+    return !Authentications.isSubjectAnonymous(user.getName());
+  }
 }
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexDtoGeneratorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/IndexDtoGeneratorTest.java
@@ -0,0 +1,137 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.api.v2.resources;
+
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import sonia.scm.BasicContextProvider;
+import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
+
+import java.net.URI;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+import static sonia.scm.SCMContext.USER_ANONYMOUS;
+
+@ExtendWith(MockitoExtension.class)
+class IndexDtoGeneratorTest {
+
+  private static final ScmPathInfo scmPathInfo = () -> URI.create("/api/v2");
+
+  @Mock
+  private ScmConfiguration configuration;
+  @Mock
+  private BasicContextProvider contextProvider;
+  @Mock
+  private ResourceLinks resourceLinks;
+
+  @Mock
+  private Subject subject;
+
+  @InjectMocks
+  private IndexDtoGenerator generator;
+
+  @BeforeEach
+  void bindSubject() {
+    ThreadContext.bind(subject);
+  }
+
+  @AfterEach
+  void tearDownSubject() {
+    ThreadContext.unbindSubject();
+  }
+
+  @Test
+  void shouldAppendMeIfAuthenticated() {
+    mockSubjectRelatedResourceLinks();
+    when(subject.isAuthenticated()).thenReturn(true);
+
+    when(contextProvider.getVersion()).thenReturn("2.x");
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isPresent();
+  }
+
+  @Test
+  void shouldNotAppendMeIfUserIsAuthenticatedButAnonymous() {
+    mockResourceLinks();
+    when(subject.getPrincipal()).thenReturn(USER_ANONYMOUS);
+    when(subject.isAuthenticated()).thenReturn(true);
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isNotPresent();
+  }
+
+  @Test
+  void shouldAppendMeIfUserIsAnonymousAndAnonymousModeIsFullEnabled() {
+    mockSubjectRelatedResourceLinks();
+    when(subject.getPrincipal()).thenReturn(USER_ANONYMOUS);
+    when(subject.isAuthenticated()).thenReturn(true);
+    when(configuration.getAnonymousMode()).thenReturn(AnonymousMode.FULL);
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isPresent();
+  }
+
+  @Test
+  void shouldNotAppendMeIfUserIsAnonymousAndAnonymousModeIsProtocolOnly() {
+    mockResourceLinks();
+    when(subject.getPrincipal()).thenReturn(USER_ANONYMOUS);
+    when(subject.isAuthenticated()).thenReturn(true);
+    when(configuration.getAnonymousMode()).thenReturn(AnonymousMode.PROTOCOL_ONLY);
+
+    IndexDto dto = generator.generate();
+
+    assertThat(dto.getLinks().getLinkBy("me")).isNotPresent();
+  }
+
+
+  private void mockResourceLinks() {
+    when(resourceLinks.index()).thenReturn(new ResourceLinks.IndexLinks(scmPathInfo));
+    when(resourceLinks.uiPluginCollection()).thenReturn(new ResourceLinks.UIPluginCollectionLinks(scmPathInfo));
+    when(resourceLinks.authentication()).thenReturn(new ResourceLinks.AuthenticationLinks(scmPathInfo));
+  }
+
+  private void mockSubjectRelatedResourceLinks() {
+    mockResourceLinks();
+    when(resourceLinks.repositoryCollection()).thenReturn(new ResourceLinks.RepositoryCollectionLinks(scmPathInfo));
+    when(resourceLinks.repositoryVerbs()).thenReturn(new ResourceLinks.RepositoryVerbLinks(scmPathInfo));
+    when(resourceLinks.repositoryTypeCollection()).thenReturn(new ResourceLinks.RepositoryTypeCollectionLinks(scmPathInfo));
+    when(resourceLinks.repositoryRoleCollection()).thenReturn(new ResourceLinks.RepositoryRoleCollectionLinks(scmPathInfo));
+    when(resourceLinks.namespaceStrategies()).thenReturn(new ResourceLinks.NamespaceStrategiesLinks(scmPathInfo));
+    when(resourceLinks.me()).thenReturn(new ResourceLinks.MeLinks(scmPathInfo, new ResourceLinks.UserLinks(scmPathInfo)));
+  }
+}
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/MeDtoFactoryTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/MeDtoFactoryTest.java
@@ -198,6 +198,19 @@ class MeDtoFactoryTest {
    assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
  }

+
+  @Test
+  void shouldAppendOnlySelfLinkIfAnonymousUser() {
+    User user = SCMContext.ANONYMOUS;
+    prepareSubject(user);
+
+    MeDto dto = meDtoFactory.create();
+    assertThat(dto.getLinks().getLinkBy("self")).isPresent();
+    assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
+    assertThat(dto.getLinks().getLinkBy("delete")).isNotPresent();
+    assertThat(dto.getLinks().getLinkBy("update")).isNotPresent();
+  }
+
  @Test
  void shouldAppendLinks() {
    prepareSubject(UserTestData.createTrillian());
@@ -213,6 +226,4 @@ class MeDtoFactoryTest {
    MeDto dto = meDtoFactory.create();
    assertThat(dto.getLinks().getLinkBy("profile").get().getHref()).isEqualTo("http://hitchhiker.com/users/trillian");
  }
-
-
 }