fix review findings

This commit is contained in:
Eduard Heimbuch
2020-08-11 10:34:29 +02:00
parent a46d8c4749
commit c1cfff603b
63 changed files with 578 additions and 494 deletions

View File

@@ -81,37 +81,37 @@ public class AuthenticationResourceTest {
private static final String AUTH_JSON_TRILLIAN = "{\n" +
"\t\"cookie\": true,\n" +
"\t\"grantType\": \"password\",\n" +
"\t\"grant_type\": \"password\",\n" +
"\t\"username\": \"trillian\",\n" +
"\t\"password\": \"secret\"\n" +
"}";
private static final String AUTH_FORMENCODED_TRILLIAN = "cookie=true&grantType=password&username=trillian&password=secret";
private static final String AUTH_FORMENCODED_TRILLIAN = "cookie=true&grant_type=password&username=trillian&password=secret";
private static final String AUTH_JSON_TRILLIAN_WRONG_PW = "{\n" +
"\t\"cookie\": true,\n" +
"\t\"grantType\": \"password\",\n" +
"\t\"grant_type\": \"password\",\n" +
"\t\"username\": \"trillian\",\n" +
"\t\"password\": \"justWrong\"\n" +
"}";
private static final String AUTH_JSON_NOT_EXISTING_USER = "{\n" +
"\t\"cookie\": true,\n" +
"\t\"grantType\": \"password\",\n" +
"\t\"grant_type\": \"password\",\n" +
"\t\"username\": \"iDoNotExist\",\n" +
"\t\"password\": \"doesNotMatter\"\n" +
"}";
private static final String AUTH_JSON_WITHOUT_USERNAME = String.join("\n",
"{",
"\"grantType\": \"password\",",
"\"grant_type\": \"password\",",
"\"password\": \"tricia123\"",
"}"
);
private static final String AUTH_JSON_WITHOUT_PASSWORD = String.join("\n",
"{",
"\"grantType\": \"password\",",
"\"grant_type\": \"password\",",
"\"username\": \"trillian\"",
"}"
);
@@ -125,7 +125,7 @@ public class AuthenticationResourceTest {
private static final String AUTH_JSON_WITH_INVALID_GRANT_TYPE = String.join("\n",
"{",
"\"grantType\": \"el speciale\",",
"\"grant_type\": \"el speciale\",",
"\"username\": \"trillian\",",
"\"password\": \"tricia123\"",
"}"

View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.api.v2.resources;
import org.junit.Before;
@@ -42,9 +42,9 @@ public class ConfigDtoToScmConfigurationMapperTest {
@InjectMocks
private ConfigDtoToScmConfigurationMapperImpl mapper;
private String[] expectedUsers = { "trillian", "arthur" };
private String[] expectedGroups = { "admin", "plebs" };
private String[] expectedExcludes = { "ex", "clude" };
private String[] expectedUsers = {"trillian", "arthur"};
private String[] expectedGroups = {"admin", "plebs"};
private String[] expectedExcludes = {"ex", "clude"};
@Before
public void init() {
@@ -56,27 +56,42 @@ public class ConfigDtoToScmConfigurationMapperTest {
ConfigDto dto = createDefaultDto();
ScmConfiguration config = mapper.map(dto);
assertEquals("prPw" , config.getProxyPassword());
assertEquals(42 , config.getProxyPort());
assertEquals("srvr" , config.getProxyServer());
assertEquals("user" , config.getProxyUser());
assertEquals("prPw", config.getProxyPassword());
assertEquals(42, config.getProxyPort());
assertEquals("srvr", config.getProxyServer());
assertEquals("user", config.getProxyUser());
assertTrue(config.isEnableProxy());
assertEquals("realm" , config.getRealmDescription());
assertEquals("realm", config.getRealmDescription());
assertTrue(config.isDisableGroupingGrid());
assertEquals("yyyy" , config.getDateFormat());
assertTrue(config.getAnonymousMode() == AnonymousMode.FULL);
assertEquals("baseurl" , config.getBaseUrl());
assertEquals("yyyy", config.getDateFormat());
assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
assertEquals("baseurl", config.getBaseUrl());
assertTrue(config.isForceBaseUrl());
assertEquals(41 , config.getLoginAttemptLimit());
assertEquals(41, config.getLoginAttemptLimit());
assertTrue("proxyExcludes", config.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
assertTrue(config.isSkipFailedAuthenticators());
assertEquals("https://plug.ins" , config.getPluginUrl());
assertEquals(40 , config.getLoginAttemptLimitTimeout());
assertEquals("https://plug.ins", config.getPluginUrl());
assertEquals(40, config.getLoginAttemptLimitTimeout());
assertTrue(config.isEnabledXsrfProtection());
assertEquals("username", config.getNamespaceStrategy());
assertEquals("https://scm-manager.org/login-info", config.getLoginInfoUrl());
}
@Test
public void shouldMapAnonymousAccessFieldToAnonymousMode() {
ConfigDto dto = createDefaultDto();
ScmConfiguration config = mapper.map(dto);
assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
dto.setAnonymousMode(null);
dto.setAnonymousAccessEnabled(false);
ScmConfiguration config2 = mapper.map(dto);
assertEquals(AnonymousMode.OFF, config2.getAnonymousMode());
}
private ConfigDto createDefaultDto() {
ConfigDto configDto = new ConfigDto();
configDto.setProxyPassword("prPw");
@@ -87,7 +102,7 @@ public class ConfigDtoToScmConfigurationMapperTest {
configDto.setRealmDescription("realm");
configDto.setDisableGroupingGrid(true);
configDto.setDateFormat("yyyy");
configDto.setAnonymousMode(AnonymousMode.FULL);
configDto.setAnonymousMode(AnonymousMode.PROTOCOL_ONLY);
configDto.setBaseUrl("baseurl");
configDto.setForceBaseUrl(true);
configDto.setLoginAttemptLimit(41);

View File

@@ -186,19 +186,6 @@ class MeDtoFactoryTest {
assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
}
@Test
void shouldNotGetPasswordLinkForAnonymousUser() {
User user = SCMContext.ANONYMOUS;
prepareSubject(user);
when(userManager.isTypeDefault(any())).thenReturn(true);
when(UserPermissions.changePassword(user).isPermitted()).thenReturn(true);
MeDto dto = meDtoFactory.create();
assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
}
@Test
void shouldAppendOnlySelfLinkIfAnonymousUser() {
User user = SCMContext.ANONYMOUS;

View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.api.v2.resources;
import org.apache.shiro.subject.Subject;
@@ -49,11 +49,11 @@ import static org.mockito.MockitoAnnotations.initMocks;
public class ScmConfigurationToConfigDtoMapperTest {
private URI baseUri = URI.create("http://example.com/base/");
private URI baseUri = URI.create("http://example.com/base/");
private String[] expectedUsers = { "trillian", "arthur" };
private String[] expectedGroups = { "admin", "plebs" };
private String[] expectedExcludes = { "ex", "clude" };
private String[] expectedUsers = {"trillian", "arthur"};
private String[] expectedGroups = {"admin", "plebs"};
private String[] expectedExcludes = {"ex", "clude"};
@SuppressWarnings("unused") // Is injected
private ResourceLinks resourceLinks = ResourceLinksMock.createMock(baseUri);
@@ -87,22 +87,22 @@ public class ScmConfigurationToConfigDtoMapperTest {
when(subject.isPermitted("configuration:write:global")).thenReturn(true);
ConfigDto dto = mapper.map(config);
assertEquals("heartOfGold" , dto.getProxyPassword());
assertEquals(1234 , dto.getProxyPort());
assertEquals("proxyserver" , dto.getProxyServer());
assertEquals("trillian" , dto.getProxyUser());
assertEquals("heartOfGold", dto.getProxyPassword());
assertEquals(1234, dto.getProxyPort());
assertEquals("proxyserver", dto.getProxyServer());
assertEquals("trillian", dto.getProxyUser());
assertTrue(dto.isEnableProxy());
assertEquals("description" , dto.getRealmDescription());
assertEquals("description", dto.getRealmDescription());
assertTrue(dto.isDisableGroupingGrid());
assertEquals("dd" , dto.getDateFormat());
assertSame(dto.getAnonymousMode(), AnonymousMode.FULL);
assertEquals("baseurl" , dto.getBaseUrl());
assertEquals("dd", dto.getDateFormat());
assertSame(AnonymousMode.FULL, dto.getAnonymousMode());
assertEquals("baseurl", dto.getBaseUrl());
assertTrue(dto.isForceBaseUrl());
assertEquals(1 , dto.getLoginAttemptLimit());
assertEquals(1, dto.getLoginAttemptLimit());
assertTrue("proxyExcludes", dto.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
assertTrue(dto.isSkipFailedAuthenticators());
assertEquals("pluginurl" , dto.getPluginUrl());
assertEquals(2 , dto.getLoginAttemptLimitTimeout());
assertEquals("pluginurl", dto.getPluginUrl());
assertEquals(2, dto.getLoginAttemptLimitTimeout());
assertTrue(dto.isEnabledXsrfProtection());
assertEquals("username", dto.getNamespaceStrategy());
assertEquals("https://scm-manager.org/login-info", dto.getLoginInfoUrl());
@@ -123,6 +123,21 @@ public class ScmConfigurationToConfigDtoMapperTest {
assertFalse(dto.getLinks().hasLink("update"));
}
@Test
public void shouldMapAnonymousAccessField() {
ScmConfiguration config = createConfiguration();
when(subject.hasRole("configuration:write:global")).thenReturn(false);
ConfigDto dto = mapper.map(config);
assertTrue(dto.isAnonymousAccessEnabled());
config.setAnonymousMode(AnonymousMode.OFF);
ConfigDto secondDto = mapper.map(config);
assertFalse(secondDto.isAnonymousAccessEnabled());
}
private ScmConfiguration createConfiguration() {
ScmConfiguration config = new ScmConfiguration();
config.setProxyPassword("heartOfGold");

View File

@@ -21,7 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
import org.apache.shiro.authc.AuthenticationInfo;

View File

@@ -130,7 +130,7 @@ public class JwtAccessTokenResolverTest {
String compact = createCompactToken("trillian", secureKey, exp, Scope.empty());
// expect exception
expectedException.expect(AuthenticationException.class);
expectedException.expect(TokenExpiredException.class);
expectedException.expectCause(instanceOf(ExpiredJwtException.class));
BearerToken bearer = BearerToken.valueOf(compact);

View File

@@ -42,8 +42,10 @@ import java.io.IOException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
import static sonia.scm.store.InMemoryConfigurationStoreFactory.create;
@@ -60,8 +62,8 @@ class AnonymousModeUpdateStepTest {
@BeforeEach
void initUpdateStep(@TempDir Path tempDir) throws IOException {
when(contextProvider.getBaseDirectory()).thenReturn(tempDir.toFile());
configDir = tempDir.resolve("config");
when(contextProvider.resolve(any(Path.class))).thenReturn(tempDir.toAbsolutePath());
configDir = tempDir;
Files.createDirectories(configDir);
InMemoryConfigurationStoreFactory inMemoryConfigurationStoreFactory = create();
configurationStore = inMemoryConfigurationStoreFactory.get("config", null);