mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-04 09:09:18 +02:00
fix review findings
This commit is contained in:
@@ -81,37 +81,37 @@ public class AuthenticationResourceTest {
|
||||
|
||||
private static final String AUTH_JSON_TRILLIAN = "{\n" +
|
||||
"\t\"cookie\": true,\n" +
|
||||
"\t\"grantType\": \"password\",\n" +
|
||||
"\t\"grant_type\": \"password\",\n" +
|
||||
"\t\"username\": \"trillian\",\n" +
|
||||
"\t\"password\": \"secret\"\n" +
|
||||
"}";
|
||||
|
||||
private static final String AUTH_FORMENCODED_TRILLIAN = "cookie=true&grantType=password&username=trillian&password=secret";
|
||||
private static final String AUTH_FORMENCODED_TRILLIAN = "cookie=true&grant_type=password&username=trillian&password=secret";
|
||||
|
||||
private static final String AUTH_JSON_TRILLIAN_WRONG_PW = "{\n" +
|
||||
"\t\"cookie\": true,\n" +
|
||||
"\t\"grantType\": \"password\",\n" +
|
||||
"\t\"grant_type\": \"password\",\n" +
|
||||
"\t\"username\": \"trillian\",\n" +
|
||||
"\t\"password\": \"justWrong\"\n" +
|
||||
"}";
|
||||
|
||||
private static final String AUTH_JSON_NOT_EXISTING_USER = "{\n" +
|
||||
"\t\"cookie\": true,\n" +
|
||||
"\t\"grantType\": \"password\",\n" +
|
||||
"\t\"grant_type\": \"password\",\n" +
|
||||
"\t\"username\": \"iDoNotExist\",\n" +
|
||||
"\t\"password\": \"doesNotMatter\"\n" +
|
||||
"}";
|
||||
|
||||
private static final String AUTH_JSON_WITHOUT_USERNAME = String.join("\n",
|
||||
"{",
|
||||
"\"grantType\": \"password\",",
|
||||
"\"grant_type\": \"password\",",
|
||||
"\"password\": \"tricia123\"",
|
||||
"}"
|
||||
);
|
||||
|
||||
private static final String AUTH_JSON_WITHOUT_PASSWORD = String.join("\n",
|
||||
"{",
|
||||
"\"grantType\": \"password\",",
|
||||
"\"grant_type\": \"password\",",
|
||||
"\"username\": \"trillian\"",
|
||||
"}"
|
||||
);
|
||||
@@ -125,7 +125,7 @@ public class AuthenticationResourceTest {
|
||||
|
||||
private static final String AUTH_JSON_WITH_INVALID_GRANT_TYPE = String.join("\n",
|
||||
"{",
|
||||
"\"grantType\": \"el speciale\",",
|
||||
"\"grant_type\": \"el speciale\",",
|
||||
"\"username\": \"trillian\",",
|
||||
"\"password\": \"tricia123\"",
|
||||
"}"
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import org.junit.Before;
|
||||
@@ -42,9 +42,9 @@ public class ConfigDtoToScmConfigurationMapperTest {
|
||||
@InjectMocks
|
||||
private ConfigDtoToScmConfigurationMapperImpl mapper;
|
||||
|
||||
private String[] expectedUsers = { "trillian", "arthur" };
|
||||
private String[] expectedGroups = { "admin", "plebs" };
|
||||
private String[] expectedExcludes = { "ex", "clude" };
|
||||
private String[] expectedUsers = {"trillian", "arthur"};
|
||||
private String[] expectedGroups = {"admin", "plebs"};
|
||||
private String[] expectedExcludes = {"ex", "clude"};
|
||||
|
||||
@Before
|
||||
public void init() {
|
||||
@@ -56,27 +56,42 @@ public class ConfigDtoToScmConfigurationMapperTest {
|
||||
ConfigDto dto = createDefaultDto();
|
||||
ScmConfiguration config = mapper.map(dto);
|
||||
|
||||
assertEquals("prPw" , config.getProxyPassword());
|
||||
assertEquals(42 , config.getProxyPort());
|
||||
assertEquals("srvr" , config.getProxyServer());
|
||||
assertEquals("user" , config.getProxyUser());
|
||||
assertEquals("prPw", config.getProxyPassword());
|
||||
assertEquals(42, config.getProxyPort());
|
||||
assertEquals("srvr", config.getProxyServer());
|
||||
assertEquals("user", config.getProxyUser());
|
||||
assertTrue(config.isEnableProxy());
|
||||
assertEquals("realm" , config.getRealmDescription());
|
||||
assertEquals("realm", config.getRealmDescription());
|
||||
assertTrue(config.isDisableGroupingGrid());
|
||||
assertEquals("yyyy" , config.getDateFormat());
|
||||
assertTrue(config.getAnonymousMode() == AnonymousMode.FULL);
|
||||
assertEquals("baseurl" , config.getBaseUrl());
|
||||
assertEquals("yyyy", config.getDateFormat());
|
||||
assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
|
||||
assertEquals("baseurl", config.getBaseUrl());
|
||||
assertTrue(config.isForceBaseUrl());
|
||||
assertEquals(41 , config.getLoginAttemptLimit());
|
||||
assertEquals(41, config.getLoginAttemptLimit());
|
||||
assertTrue("proxyExcludes", config.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
|
||||
assertTrue(config.isSkipFailedAuthenticators());
|
||||
assertEquals("https://plug.ins" , config.getPluginUrl());
|
||||
assertEquals(40 , config.getLoginAttemptLimitTimeout());
|
||||
assertEquals("https://plug.ins", config.getPluginUrl());
|
||||
assertEquals(40, config.getLoginAttemptLimitTimeout());
|
||||
assertTrue(config.isEnabledXsrfProtection());
|
||||
assertEquals("username", config.getNamespaceStrategy());
|
||||
assertEquals("https://scm-manager.org/login-info", config.getLoginInfoUrl());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldMapAnonymousAccessFieldToAnonymousMode() {
|
||||
ConfigDto dto = createDefaultDto();
|
||||
|
||||
ScmConfiguration config = mapper.map(dto);
|
||||
|
||||
assertEquals(AnonymousMode.PROTOCOL_ONLY, config.getAnonymousMode());
|
||||
|
||||
dto.setAnonymousMode(null);
|
||||
dto.setAnonymousAccessEnabled(false);
|
||||
ScmConfiguration config2 = mapper.map(dto);
|
||||
|
||||
assertEquals(AnonymousMode.OFF, config2.getAnonymousMode());
|
||||
}
|
||||
|
||||
private ConfigDto createDefaultDto() {
|
||||
ConfigDto configDto = new ConfigDto();
|
||||
configDto.setProxyPassword("prPw");
|
||||
@@ -87,7 +102,7 @@ public class ConfigDtoToScmConfigurationMapperTest {
|
||||
configDto.setRealmDescription("realm");
|
||||
configDto.setDisableGroupingGrid(true);
|
||||
configDto.setDateFormat("yyyy");
|
||||
configDto.setAnonymousMode(AnonymousMode.FULL);
|
||||
configDto.setAnonymousMode(AnonymousMode.PROTOCOL_ONLY);
|
||||
configDto.setBaseUrl("baseurl");
|
||||
configDto.setForceBaseUrl(true);
|
||||
configDto.setLoginAttemptLimit(41);
|
||||
|
||||
@@ -186,19 +186,6 @@ class MeDtoFactoryTest {
|
||||
assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
|
||||
}
|
||||
|
||||
@Test
|
||||
void shouldNotGetPasswordLinkForAnonymousUser() {
|
||||
User user = SCMContext.ANONYMOUS;
|
||||
prepareSubject(user);
|
||||
|
||||
when(userManager.isTypeDefault(any())).thenReturn(true);
|
||||
when(UserPermissions.changePassword(user).isPermitted()).thenReturn(true);
|
||||
|
||||
MeDto dto = meDtoFactory.create();
|
||||
assertThat(dto.getLinks().getLinkBy("password")).isNotPresent();
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
void shouldAppendOnlySelfLinkIfAnonymousUser() {
|
||||
User user = SCMContext.ANONYMOUS;
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import org.apache.shiro.subject.Subject;
|
||||
@@ -49,11 +49,11 @@ import static org.mockito.MockitoAnnotations.initMocks;
|
||||
|
||||
public class ScmConfigurationToConfigDtoMapperTest {
|
||||
|
||||
private URI baseUri = URI.create("http://example.com/base/");
|
||||
private URI baseUri = URI.create("http://example.com/base/");
|
||||
|
||||
private String[] expectedUsers = { "trillian", "arthur" };
|
||||
private String[] expectedGroups = { "admin", "plebs" };
|
||||
private String[] expectedExcludes = { "ex", "clude" };
|
||||
private String[] expectedUsers = {"trillian", "arthur"};
|
||||
private String[] expectedGroups = {"admin", "plebs"};
|
||||
private String[] expectedExcludes = {"ex", "clude"};
|
||||
|
||||
@SuppressWarnings("unused") // Is injected
|
||||
private ResourceLinks resourceLinks = ResourceLinksMock.createMock(baseUri);
|
||||
@@ -87,22 +87,22 @@ public class ScmConfigurationToConfigDtoMapperTest {
|
||||
when(subject.isPermitted("configuration:write:global")).thenReturn(true);
|
||||
ConfigDto dto = mapper.map(config);
|
||||
|
||||
assertEquals("heartOfGold" , dto.getProxyPassword());
|
||||
assertEquals(1234 , dto.getProxyPort());
|
||||
assertEquals("proxyserver" , dto.getProxyServer());
|
||||
assertEquals("trillian" , dto.getProxyUser());
|
||||
assertEquals("heartOfGold", dto.getProxyPassword());
|
||||
assertEquals(1234, dto.getProxyPort());
|
||||
assertEquals("proxyserver", dto.getProxyServer());
|
||||
assertEquals("trillian", dto.getProxyUser());
|
||||
assertTrue(dto.isEnableProxy());
|
||||
assertEquals("description" , dto.getRealmDescription());
|
||||
assertEquals("description", dto.getRealmDescription());
|
||||
assertTrue(dto.isDisableGroupingGrid());
|
||||
assertEquals("dd" , dto.getDateFormat());
|
||||
assertSame(dto.getAnonymousMode(), AnonymousMode.FULL);
|
||||
assertEquals("baseurl" , dto.getBaseUrl());
|
||||
assertEquals("dd", dto.getDateFormat());
|
||||
assertSame(AnonymousMode.FULL, dto.getAnonymousMode());
|
||||
assertEquals("baseurl", dto.getBaseUrl());
|
||||
assertTrue(dto.isForceBaseUrl());
|
||||
assertEquals(1 , dto.getLoginAttemptLimit());
|
||||
assertEquals(1, dto.getLoginAttemptLimit());
|
||||
assertTrue("proxyExcludes", dto.getProxyExcludes().containsAll(Arrays.asList(expectedExcludes)));
|
||||
assertTrue(dto.isSkipFailedAuthenticators());
|
||||
assertEquals("pluginurl" , dto.getPluginUrl());
|
||||
assertEquals(2 , dto.getLoginAttemptLimitTimeout());
|
||||
assertEquals("pluginurl", dto.getPluginUrl());
|
||||
assertEquals(2, dto.getLoginAttemptLimitTimeout());
|
||||
assertTrue(dto.isEnabledXsrfProtection());
|
||||
assertEquals("username", dto.getNamespaceStrategy());
|
||||
assertEquals("https://scm-manager.org/login-info", dto.getLoginInfoUrl());
|
||||
@@ -123,6 +123,21 @@ public class ScmConfigurationToConfigDtoMapperTest {
|
||||
assertFalse(dto.getLinks().hasLink("update"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldMapAnonymousAccessField() {
|
||||
ScmConfiguration config = createConfiguration();
|
||||
|
||||
when(subject.hasRole("configuration:write:global")).thenReturn(false);
|
||||
ConfigDto dto = mapper.map(config);
|
||||
|
||||
assertTrue(dto.isAnonymousAccessEnabled());
|
||||
|
||||
config.setAnonymousMode(AnonymousMode.OFF);
|
||||
ConfigDto secondDto = mapper.map(config);
|
||||
|
||||
assertFalse(secondDto.isAnonymousAccessEnabled());
|
||||
}
|
||||
|
||||
private ScmConfiguration createConfiguration() {
|
||||
ScmConfiguration config = new ScmConfiguration();
|
||||
config.setProxyPassword("heartOfGold");
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
package sonia.scm.security;
|
||||
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
|
||||
@@ -130,7 +130,7 @@ public class JwtAccessTokenResolverTest {
|
||||
String compact = createCompactToken("trillian", secureKey, exp, Scope.empty());
|
||||
|
||||
// expect exception
|
||||
expectedException.expect(AuthenticationException.class);
|
||||
expectedException.expect(TokenExpiredException.class);
|
||||
expectedException.expectCause(instanceOf(ExpiredJwtException.class));
|
||||
|
||||
BearerToken bearer = BearerToken.valueOf(compact);
|
||||
|
||||
@@ -42,8 +42,10 @@ import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static sonia.scm.store.InMemoryConfigurationStoreFactory.create;
|
||||
|
||||
@@ -60,8 +62,8 @@ class AnonymousModeUpdateStepTest {
|
||||
|
||||
@BeforeEach
|
||||
void initUpdateStep(@TempDir Path tempDir) throws IOException {
|
||||
when(contextProvider.getBaseDirectory()).thenReturn(tempDir.toFile());
|
||||
configDir = tempDir.resolve("config");
|
||||
when(contextProvider.resolve(any(Path.class))).thenReturn(tempDir.toAbsolutePath());
|
||||
configDir = tempDir;
|
||||
Files.createDirectories(configDir);
|
||||
InMemoryConfigurationStoreFactory inMemoryConfigurationStoreFactory = create();
|
||||
configurationStore = inMemoryConfigurationStoreFactory.get("config", null);
|
||||
|
||||
Reference in New Issue
Block a user