Merge branch 'develop' into feature/trace_api

2026-02-22 06:26:56 +01:00 · 2020-10-27 15:00:10 +01:00
parent e992e17040 520db79a38
commit 8f52fc50f1
62 changed files with 7863 additions and 481 deletions
--- a/scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenBuilderTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenBuilderTest.java
@@ -21,122 +21,98 @@
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
-    
+
 package sonia.scm.security;

-import com.github.sdorra.shiro.ShiroRule;
-import com.github.sdorra.shiro.SubjectAware;
 import com.google.common.collect.Sets;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
+import org.apache.shiro.authz.AuthorizationException;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;

 import java.util.Set;
 import java.util.concurrent.TimeUnit;

-import static org.hamcrest.Matchers.isEmptyOrNullString;
-import static org.hamcrest.Matchers.not;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.assertTrue;
+import static java.util.Collections.singleton;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.anyString;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.lenient;
 import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;

 /**
 * Unit test for {@link JwtAccessTokenBuilder}.
- * 
+ *
 * @author Sebastian Sdorra
 */
-@RunWith(MockitoJUnitRunner.class)
-@SubjectAware(
-  configuration = "classpath:sonia/scm/shiro-001.ini",
-  username = "trillian",
-  password = "secret"
-)
-public class JwtAccessTokenBuilderTest {
-  
-  {
-    ThreadContext.unbindSubject();
-  }
+@ExtendWith(MockitoExtension.class)
+class JwtAccessTokenBuilderTest {

  @Mock
  private KeyGenerator keyGenerator;
-  
+
  @Mock
  private SecureKeyResolver secureKeyResolver;
-  
+
  private Set<AccessTokenEnricher> enrichers;
-  
+
  private JwtAccessTokenBuilderFactory factory;
-  
-  @Rule
-  public ShiroRule shiro = new ShiroRule();
-  
+
+  @Mock
+  private Subject subject;
+  @Mock
+  private PrincipalCollection principalCollection;
+
+  @BeforeEach
+  void bindSubject() {
+    lenient().when(subject.getPrincipal()).thenReturn("trillian");
+    lenient().when(subject.getPrincipals()).thenReturn(principalCollection);
+    ThreadContext.bind(subject);
+  }
+
+  @AfterEach
+  void unbindSubject() {
+    ThreadContext.unbindSubject();
+  }
+
  /**
   * Prepare mocks and set up object under test.
   */
-  @Before
-  public void setUpObjectUnderTest() {
-    when(keyGenerator.createKey()).thenReturn("42");
-    when(secureKeyResolver.getSecureKey(anyString())).thenReturn(createSecureKey());
+  @BeforeEach
+  void setUpObjectUnderTest() {
+    lenient().when(keyGenerator.createKey()).thenReturn("42");
+    lenient().when(secureKeyResolver.getSecureKey(anyString())).thenReturn(createSecureKey());
    enrichers = Sets.newHashSet();
    factory = new JwtAccessTokenBuilderFactory(keyGenerator, secureKeyResolver, enrichers);
  }
-  
-  /**
-   * Tests {@link JwtAccessTokenBuilder#build()} with subject from shiro context.
-   */
-  @Test
-  public void testBuildWithoutSubject() {
-    JwtAccessToken token = factory.create().build();
-    assertEquals("trillian", token.getSubject());
-  }
-  
-  /**
-   * Tests {@link JwtAccessTokenBuilder#build()} with explicit subject.
-   */
-  @Test
-  public void testBuildWithSubject() {
-    JwtAccessToken token = factory.create().subject("dent").build();
-    assertEquals("dent", token.getSubject());
-  }
-  
-  /**
-   * Tests {@link JwtAccessTokenBuilder#build()} with enricher.
-   */
-  @Test
-  public void testBuildWithEnricher() {
-    enrichers.add((b) -> b.custom("c", "d"));
-    JwtAccessToken token = factory.create().subject("dent").build();
-    assertEquals("d", token.getCustom("c").get());
-  }
-  
+
  /**
   * Tests {@link JwtAccessTokenBuilder#build()}.
   */
  @Test
-  public void testBuild(){
+  void testBuild() {
    JwtAccessToken token = factory.create().subject("dent")
      .issuer("https://www.scm-manager.org")
      .expiresIn(5, TimeUnit.SECONDS)
      .custom("a", "b")
      .scope(Scope.valueOf("repo:*"))
      .build();
-    
+
    // assert claims
    assertClaims(token);
-    
+
    // reparse and assert again
    String compact = token.compact();
-    assertThat(compact, not(isEmptyOrNullString()));
+    assertThat(compact).isNotEmpty();
    Claims claims = Jwts.parser()
      .setSigningKey(secureKeyResolver.getSecureKey("dent").getBytes())
      .parseClaimsJws(compact)
@@ -144,15 +120,67 @@ public class JwtAccessTokenBuilderTest {
    assertClaims(new JwtAccessToken(claims, compact));
  }

-  private void assertClaims(JwtAccessToken token){
-    assertThat(token.getId(), not(isEmptyOrNullString()));
-    assertNotNull( token.getIssuedAt() );
-    assertNotNull( token.getExpiration());
-    assertTrue(token.getExpiration().getTime() > token.getIssuedAt().getTime());
-    assertEquals("dent", token.getSubject());
-    assertTrue(token.getIssuer().isPresent());
-    assertEquals(token.getIssuer().get(), "https://www.scm-manager.org");
-    assertEquals("b", token.getCustom("a").get());
-    assertEquals("[\"repo:*\"]", token.getScope().toString());
+  private void assertClaims(JwtAccessToken token) {
+    assertThat(token.getId()).isNotEmpty();
+    assertThat(token.getIssuedAt()).isNotNull();
+    assertThat(token.getExpiration()).isNotNull();
+    assertThat(token.getExpiration().getTime() > token.getIssuedAt().getTime()).isTrue();
+    assertThat(token.getSubject()).isEqualTo("dent");
+    assertThat(token.getIssuer()).isNotEmpty();
+    assertThat(token.getIssuer()).get().isEqualTo("https://www.scm-manager.org");
+    assertThat(token.getCustom("a")).get().isEqualTo("b");
+    assertThat(token.getScope()).hasToString("[\"repo:*\"]");
+  }
+
+  @Nested
+  class FromApiKeyRealm {
+
+    @BeforeEach
+    void mockApiKeyRealm() {
+      lenient().when(principalCollection.getRealmNames()).thenReturn(singleton("ApiTokenRealm"));
+    }
+
+    @Test
+    void testRejectedRequest() {
+      JwtAccessTokenBuilder builder = factory.create().subject("dent");
+      assertThrows(AuthorizationException.class, builder::build);
+    }
+  }
+
+  @Nested
+  class FromDefaultRealm {
+
+    @BeforeEach
+    void mockDefaultRealm() {
+      lenient().when(principalCollection.getRealmNames()).thenReturn(singleton("DefaultRealm"));
+    }
+
+    /**
+     * Tests {@link JwtAccessTokenBuilder#build()} with subject from shiro context.
+     */
+    @Test
+    void testBuildWithoutSubject() {
+      JwtAccessToken token = factory.create().build();
+      assertThat(token.getSubject()).isEqualTo("trillian");
+    }
+
+    /**
+     * Tests {@link JwtAccessTokenBuilder#build()} with explicit subject.
+     */
+    @Test
+    void testBuildWithSubject() {
+      JwtAccessToken token = factory.create().subject("dent").build();
+      assertThat(token.getSubject()).isEqualTo("dent");
+    }
+
+    /**
+     * Tests {@link JwtAccessTokenBuilder#build()} with enricher.
+     */
+    @Test
+    void testBuildWithEnricher() {
+      enrichers.add((b) -> b.custom("c", "d"));
+      JwtAccessToken token = factory.create().subject("dent").build();
+      assertThat(token.getCustom("c")).get().isEqualTo("d");
+    }
  }
 }