From cd344664aafe87e230218eb3f7a31b5b3d0f2274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Pfeuffer?= Date: Fri, 14 Sep 2018 11:30:05 +0200 Subject: [PATCH] Test permission filter --- .../scm/web/filter/PermissionFilterTest.java | 74 +++++++++++++++++++ .../src/test/resources/sonia/scm/shiro.ini | 8 +- 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java diff --git a/scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java b/scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java new file mode 100644 index 0000000000..9fa65d51b8 --- /dev/null +++ b/scm-core/src/test/java/sonia/scm/web/filter/PermissionFilterTest.java @@ -0,0 +1,74 @@ +package sonia.scm.web.filter; + +import com.github.sdorra.shiro.ShiroRule; +import com.github.sdorra.shiro.SubjectAware; +import org.junit.Rule; +import org.junit.Test; +import sonia.scm.config.ScmConfiguration; +import sonia.scm.repository.Repository; +import sonia.scm.repository.spi.ScmProviderHttpServlet; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; + +@SubjectAware(configuration = "classpath:sonia/scm/shiro.ini") +public class PermissionFilterTest { + + public static final Repository REPOSITORY = new Repository("1", "git", "space", "name"); + + @Rule + public final ShiroRule shiroRule = new ShiroRule(); + + private final ScmProviderHttpServlet delegateServlet = mock(ScmProviderHttpServlet.class); + + private final PermissionFilter permissionFilter = new PermissionFilter(new ScmConfiguration(), delegateServlet) { + @Override + protected boolean isWriteRequest(HttpServletRequest request) { + return writeRequest; + } + }; + + private final HttpServletRequest request = mock(HttpServletRequest.class); + private final HttpServletResponse response = mock(HttpServletResponse.class); + + private boolean writeRequest = false; + + @Test + @SubjectAware(username = "reader", password = "secret") + public void shouldPassForReaderOnReadRequest() throws IOException, ServletException { + writeRequest = false; + + permissionFilter.service(request, response, REPOSITORY); + + verify(delegateServlet).service(request, response, REPOSITORY); + } + + @Test + @SubjectAware(username = "reader", password = "secret") + public void shouldBlockForReaderOnWriteRequest() throws IOException, ServletException { + writeRequest = true; + + permissionFilter.service(request, response, REPOSITORY); + + verify(response).sendError(eq(401), anyString()); + verify(delegateServlet, never()).service(request, response, REPOSITORY); + } + + @Test + @SubjectAware(username = "writer", password = "secret") + public void shouldPassForWriterOnWriteRequest() throws IOException, ServletException { + writeRequest = true; + + permissionFilter.service(request, response, REPOSITORY); + + verify(delegateServlet).service(request, response, REPOSITORY); + } +} diff --git a/scm-core/src/test/resources/sonia/scm/shiro.ini b/scm-core/src/test/resources/sonia/scm/shiro.ini index e87c81b097..fbdd35ba50 100644 --- a/scm-core/src/test/resources/sonia/scm/shiro.ini +++ b/scm-core/src/test/resources/sonia/scm/shiro.ini @@ -1,6 +1,12 @@ [users] trillian = secret, user +admin = secret, admin +writer = secret, repo_write +reader = secret, repo_read +unpriv = secret [roles] admin = * -user = something:* \ No newline at end of file +user = something:* +repo_read = "repository:read:1" +repo_write = "repository:push:1"