Skip to content
Expand all Show whitespace changes
Inline Side-by-side
gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java
View file @ 6eef3264
......@@ -13,11 +13,11 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.rap.RapClient;
import java.util.AbstractMap.SimpleEntry;
import it.inaf.ia2.gms.authn.RapClient;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
......@@ -58,7 +58,7 @@ public class SearchService {
}
private List<SearchResponseItem> searchUsers(String query) {
return rapClient.searchUsers(query).stream()
return rapClient.getUsers(query).stream()
.map(u -> {
SearchResponseItem item = new SearchResponseItem();
item.setType(SearchResponseType.USER);
......@@ -75,22 +75,16 @@ public class SearchService {
// Select only the groups visible to the user
List<PermissionEntity> permissions = permissionsDAO.findUserPermissions(userId);
List<Map.Entry<String, String>> groupsIdPath = new ArrayList<>();
for (GroupEntity group : allGroups) {
PermissionUtils.getGroupPermission(group, permissions).ifPresent(permission -> {
groupsIdPath.add(new SimpleEntry<>(group.getId(), group.getPath()));
});
}
Set<GroupEntity> visibleGroups = getVisibleGroups(allGroups, permissions);
List<SearchResponseItem> items = new ArrayList<>();
Map<String, List<String>> groupNames = groupNameService.getNames(groupsIdPath);
for (Map.Entry<String, String> entry : groupsIdPath) {
String groupId = entry.getKey();
Map<String, List<String>> groupNames = groupNameService.getNames(visibleGroups);
for (GroupEntity group : visibleGroups) {
SearchResponseItem item = new SearchResponseItem();
item.setType(SearchResponseType.GROUP);
item.setId(groupId);
List<String> names = groupNames.get(groupId);
item.setId(group.getId());
List<String> names = groupNames.get(group.getId());
item.setLabel(String.join(" / ", names));
items.add(item);
}
......@@ -115,7 +109,7 @@ public class SearchService {
sortByGroupCompleteName(groups);
response.setGroups(groups);
List<UserPermission> permissions = getUserPermission(targetUserId, actorPermissions);
List<UserPermission> permissions = getUserPermission(groupsManager.getRoot(), targetUserId, actorPermissions);
sortByGroupCompleteName(permissions);
response.setPermissions(permissions);
......@@ -129,15 +123,9 @@ public class SearchService {
List<GroupEntity> allGroups = membershipsDAO.getUserMemberships(targetUserId);
// Select only groups visible to the actor user
List<Map.Entry<String, String>> visibleGroupsIdPath = new ArrayList<>();
for (GroupEntity group : allGroups) {
PermissionUtils.getGroupPermission(group, actorPermissions).ifPresent(permission -> {
visibleGroupsIdPath.add(new SimpleEntry<>(group.getId(), group.getPath()));
});
}
Set<GroupEntity> visibleGroups = getVisibleGroups(allGroups, actorPermissions);
return groupNameService.getNames(visibleGroupsIdPath).entrySet().stream()
return groupNameService.getNames(visibleGroups).entrySet().stream()
.map(entry -> {
UserGroup ug = new UserGroup();
ug.setGroupId(entry.getKey());
......@@ -147,24 +135,28 @@ public class SearchService {
.collect(Collectors.toList());
}
public List<UserPermission> getUserPermission(String targetUserId, List<PermissionEntity> actorPermissions) {
private Set<GroupEntity> getVisibleGroups(List<GroupEntity> allGroups, List<PermissionEntity> permissions) {
return allGroups.stream()
.filter(g -> PermissionUtils.getGroupPermission(g, permissions).isPresent())
.collect(Collectors.toSet());
}
public List<UserPermission> getUserPermission(GroupEntity group, String targetUserId, List<PermissionEntity> actorPermissions) {
List<UserPermission> permissions = new ArrayList<>();
// Super-admin user is able to see also other user permissions
PermissionUtils.getGroupPermission(groupsManager.getRoot(), actorPermissions).ifPresent(permission -> {
PermissionUtils.getGroupPermission(group, actorPermissions).ifPresent(permission -> {
if (permission.equals(Permission.ADMIN)) {
Map<String, PermissionEntity> targetUserPermissions
= permissionsDAO.findUserPermissions(targetUserId).stream()
.collect(Collectors.toMap(PermissionEntity::getGroupId, p -> p));
List<Map.Entry<String, String>> groupsIdPath = new ArrayList<>();
for (PermissionEntity p : targetUserPermissions.values()) {
groupsIdPath.add(new SimpleEntry<>(p.getGroupId(), p.getGroupPath()));
}
Set<String> groupIds = targetUserPermissions.values().stream()
.map(p -> p.getGroupId()).collect(Collectors.toSet());
for (Map.Entry<String, List<String>> entry : groupNameService.getNames(groupsIdPath).entrySet()) {
for (Map.Entry<String, List<String>> entry : groupNameService.getNamesFromIds(groupIds).entrySet()) {
UserPermission up = new UserPermission();
up.setGroupId(entry.getKey());
up.setGroupCompleteName(entry.getValue());
......
gms/src/main/resources/application.properties
View file @ 6eef3264
......@@ -4,14 +4,6 @@ server.servlet.context-path=/gms
spring.main.allow-bean-definition-overriding=true
server.error.whitelabel.enabled=false
security.oauth2.client.client-id=gms
security.oauth2.client.client-secret=gms-secret
security.oauth2.client.access-token-uri=http://localhost/franco/fake-rap/token.php
security.oauth2.client.user-authorization-uri=http://localhost/franco/fake-rap/index.php
security.oauth2.resource.token-info-uri=http://localhost/franco/fake-rap/check-token.php
security.oauth2.client.scope=openid,email,profile
security.oauth2.resource.jwk.key-set-uri=http://localhost/franco/fake-rap/jwks.php
logging.level.it.inaf=TRACE
logging.level.org.springframework.security=DEBUG
logging.level.org.springframework.jdbc=TRACE
......@@ -21,8 +13,6 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/postgres
spring.datasource.username=gms
spring.datasource.password=gms
rap.ws-url=http://localhost/franco/fake-rap/get-users.php
rap.ws.basic-auth=true
support.contact.label=IA2 team
support.contact.email=ia2@inaf.it
......
gms/src/main/resources/auth.properties
View file @ 6eef3264
client_id=gms
client_secret=gms-secret
access_token_uri=http://localhost/rap-ia2/auth/oauth2/token
user_authorization_uri=http://localhost/rap-ia2/auth/oauth2/authorize
check_token_uri=http://localhost/rap-ia2/auth/oauth2/token
jwks_uri=http://localhost/rap-ia2/auth/oidc/jwks
gms_uri=http://localhost:8082/gms/ws/jwt
client_id=
client_secret=
rap_uri=https://auth.inaf.it/auth/prod/
access_token_endpoint=accessToken/
user_authorization_endpoint=authorization/
check_token_endpoint=userInfo/
jwks_endpoint=jwks?client_name=ia2gms
rap_ws_user_endpoint=portal/SendUsers.php/user
rap_client_class=it.inaf.ia2.gms.authn.ClientDbRapClient
gms_uri=https://sso-devel.ia2.inaf.it/gms
groups_autoload=false
store_state_on_login_endpoint=true
scope=openid email profile read:rap
gms/src/main/resources/sql/init.sql
View file @ 6eef3264
......@@ -63,3 +63,18 @@ CREATE TABLE invited_registration_request_group (
FOREIGN KEY (request_id) REFERENCES invited_registration_request(id),
FOREIGN KEY (group_id) REFERENCES gms_group(id)
);
CREATE VIEW group_complete_name AS
SELECT id, string_agg(name, '.') AS complete_name
FROM (
SELECT replace(name, '.', '\.') AS name, p.id
FROM gms_group g
JOIN (
SELECT UNNEST(string_to_array(path::varchar, '.')) AS rel_id, id
FROM gms_group
) AS p ON g.id = p.rel_id
ORDER BY p.id, nlevel(g.path)
) AS j GROUP BY id
UNION
SELECT id, name AS complete_name FROM gms_group WHERE id = 'ROOT'
ORDER BY complete_name;
gms/src/test/java/it/inaf/ia2/gms/GmsTestUtils.java 0 → 100644
View file @ 6eef3264
package it.inaf.ia2.gms;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class GmsTestUtils {
public static void mockPrincipal(HttpServletRequest mockedServletRequest) {
mockPrincipal(mockedServletRequest, "admin_id");
}
public static void mockPrincipal(HttpServletRequest mockedServletRequest, String userId) {
Principal principal = mock(Principal.class);
when(principal.getName()).thenReturn(userId);
when(mockedServletRequest.getUserPrincipal()).thenReturn(principal);
}
}
gms/src/test/java/it/inaf/ia2/gms/authn/ClientDbFilterTest.java 0 → 100644
View file @ 6eef3264
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.AuthConfig;
import it.inaf.ia2.aa.UserManager;
import java.net.URI;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.junit.Test;
import org.junit.runner.RunWith;
import static org.mockito.ArgumentMatchers.eq;
import org.mockito.Mock;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import org.mockito.junit.MockitoJUnitRunner;
@RunWith(MockitoJUnitRunner.class)
public class ClientDbFilterTest {
@Mock
private HttpServletRequest request;
@Mock
private AuthConfig authConfig;
@Mock
private UserManager userManager;
private ClientDbFilter filter;
@Test
public void testJwksUriOverride() throws Exception {
when(authConfig.getRapBaseUri()).thenReturn("http://ia2.inaf.it");
when(authConfig.getJwksEndpoint()).thenReturn("/jwks?client_name=db0");
when(request.getSession()).thenReturn(mock(HttpSession.class));
when(request.getParameter(eq("client_db"))).thenReturn("other_db");
filter = new ClientDbFilter(authConfig, userManager);
filter.doFilter(request, mock(HttpServletResponse.class), mock(FilterChain.class));
verify(userManager).addJwksUri(eq(URI.create("http://ia2.inaf.it/jwks?client_name=other_db")));
}
}
gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
View file @ 6eef3264
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.gms.authn.RapClient;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import static org.junit.Assert.assertTrue;
......@@ -19,6 +20,9 @@ public class SessionDataTest {
@Mock
private HttpServletRequest request;
@Mock
private RapClient rapClient;
@InjectMocks
private SessionData sessionData;
......@@ -28,12 +32,12 @@ public class SessionDataTest {
HttpSession session = mock(HttpSession.class);
when(request.getSession(eq(false))).thenReturn(session);
User user = new User()
.setUserId("123")
.setUserLabel("Name Surname")
.setAccessToken("<access_token>")
.setRefreshToken("<refresh_token>")
.setExpiresIn(3600);
User user = new User();
user.setUserId("123");
user.setUserLabel("Name Surname");
user.setAccessToken("<access_token>");
user.setRefreshToken("<refresh_token>");
user.setExpiresIn(3600);
when(session.getAttribute(eq("user_data"))).thenReturn(user);
......
gms/src/test/java/it/inaf/ia2/gms/controller/GroupsControllerTest.java
View file @ 6eef3264
package it.inaf.ia2.gms.controller;
import com.fasterxml.jackson.databind.ObjectMapper;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.GmsTestUtils;
import it.inaf.ia2.gms.manager.GroupsManager;
import it.inaf.ia2.gms.manager.PermissionsManager;
import it.inaf.ia2.gms.model.GroupNode;
......@@ -14,6 +14,7 @@ import it.inaf.ia2.gms.service.GroupsService;
import it.inaf.ia2.gms.service.GroupsTreeBuilder;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;
import org.junit.Before;
......@@ -50,7 +51,7 @@ public class GroupsControllerTest {
private GroupsService groupsService;
@Mock
private SessionData session;
private HttpServletRequest servletRequest;
@Mock
private PermissionsManager permissionsManager;
......@@ -71,6 +72,7 @@ public class GroupsControllerTest {
@Before
public void init() {
mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
GmsTestUtils.mockPrincipal(servletRequest);
}
@Test
......@@ -104,8 +106,6 @@ public class GroupsControllerTest {
PaginatedData<GroupNode> paginatedData = new PaginatedData<>(nodes, 1, 10);
when(groupsTreeBuilder.listSubGroups(any(), any(), any())).thenReturn(paginatedData);
when(session.getUserId()).thenReturn("admin_id");
mockMvc.perform(post("/group")
.content(mapper.writeValueAsString(request))
.contentType(MediaType.APPLICATION_JSON))
......
gms/src/test/java/it/inaf/ia2/gms/controller/GroupsTabResponseBuilderTest.java
View file @ 6eef3264
package it.inaf.ia2.gms.controller;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.GmsTestUtils;
import it.inaf.ia2.gms.manager.GroupsManager;
import it.inaf.ia2.gms.manager.InvitedRegistrationManager;
import it.inaf.ia2.gms.manager.PermissionsManager;
......@@ -13,6 +13,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.GroupsService;
import it.inaf.ia2.gms.service.GroupsTreeBuilder;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import org.junit.Test;
......@@ -28,7 +29,7 @@ import org.mockito.junit.MockitoJUnitRunner;
public class GroupsTabResponseBuilderTest {
@Mock
private SessionData session;
private HttpServletRequest servletRequest;
@Mock
private GroupsManager groupsManager;
......@@ -51,7 +52,7 @@ public class GroupsTabResponseBuilderTest {
@Test
public void testGetGroupsTab() {
when(session.getUserId()).thenReturn("admin_id");
GmsTestUtils.mockPrincipal(servletRequest);
GroupEntity root = new GroupEntity();
root.setId("ROOT");
......
gms/src/test/java/it/inaf/ia2/gms/controller/JWTWebServiceControllerTest.java
View file @ 6eef3264
......@@ -4,15 +4,16 @@ import it.inaf.ia2.gms.manager.GroupsManager;
import it.inaf.ia2.gms.manager.MembershipManager;
import it.inaf.ia2.gms.manager.PermissionsManager;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.RapUser;
import it.inaf.ia2.gms.model.UserPermission;
import it.inaf.ia2.gms.model.RapUserPermission;
import it.inaf.ia2.gms.persistence.GroupsDAO;
import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.GroupNameService;
import it.inaf.ia2.gms.service.GroupsService;
import it.inaf.ia2.gms.service.JoinService;
import it.inaf.ia2.rap.data.RapUser;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
......@@ -81,6 +82,7 @@ public class JWTWebServiceControllerTest {
@Before
public void init() {
controller.groupNameService = new GroupNameService(groupsDAO);
mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
root = getRoot();
lbt = getLbtGroup();
......@@ -193,8 +195,8 @@ public class JWTWebServiceControllerTest {
when(groupsDAO.findGroupByParentAndName("", "LBT")).thenReturn(Optional.of(lbt));
when(groupsDAO.findGroupByParentAndName("lbt_id", "INAF")).thenReturn(Optional.of(inaf));
List<UserPermission> permissions = new ArrayList<>();
UserPermission up = new UserPermission();
List<RapUserPermission> permissions = new ArrayList<>();
RapUserPermission up = new RapUserPermission();
up.setUser(getRapUser());
up.setPermission(Permission.ADMIN);
permissions.add(up);
......
gms/src/test/java/it/inaf/ia2/gms/controller/SearchControllerTest.java
View file @ 6eef3264
package it.inaf.ia2.gms.controller;
import com.fasterxml.jackson.databind.ObjectMapper;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.GmsTestUtils;
import it.inaf.ia2.gms.model.response.PaginatedData;
import it.inaf.ia2.gms.model.response.SearchResponseItem;
import it.inaf.ia2.gms.model.response.UserSearchResponse;
import it.inaf.ia2.gms.service.SearchService;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
......@@ -29,7 +30,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
public class SearchControllerTest {
@Mock
private SessionData session;
private HttpServletRequest servletRequest;
@Mock
private SearchService searchService;
......@@ -44,8 +45,7 @@ public class SearchControllerTest {
@Before
public void init() {
mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
when(session.getUserId()).thenReturn("admin_id");
GmsTestUtils.mockPrincipal(servletRequest);
}
@Test
......@@ -56,7 +56,7 @@ public class SearchControllerTest {
when(searchService.search(any(), any(), anyInt(), anyInt())).thenReturn(response);
mockMvc.perform(get("/search?query=searchText&page=1&pageSize=10")
.contentType(MediaType.APPLICATION_JSON_UTF8))
.contentType(MediaType.APPLICATION_JSON_VALUE))
.andExpect(status().isOk());
verify(searchService, times(1)).search(eq("searchText"), eq("admin_id"), eq(1), eq(10));
......@@ -68,7 +68,7 @@ public class SearchControllerTest {
when(searchService.getUserSearchResult(any(), any())).thenReturn(new UserSearchResponse());
mockMvc.perform(get("/search/user/user_id")
.contentType(MediaType.APPLICATION_JSON_UTF8))
.contentType(MediaType.APPLICATION_JSON_VALUE))
.andExpect(status().isOk());
verify(searchService, times(1)).getUserSearchResult(eq("admin_id"), eq("user_id"));
......
gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java
View file @ 6eef3264
package it.inaf.ia2.gms.manager;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.model.Identity;
import it.inaf.ia2.gms.model.IdentityType;
import it.inaf.ia2.gms.GmsTestUtils;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.RapUser;
import it.inaf.ia2.gms.persistence.GroupsDAO;
import it.inaf.ia2.gms.persistence.InvitedRegistrationDAO;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
import it.inaf.ia2.gms.rap.RapClient;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.Identity;
import it.inaf.ia2.rap.data.IdentityType;
import it.inaf.ia2.rap.data.RapUser;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.junit.Before;
import org.junit.Test;
......@@ -51,7 +52,7 @@ public class InvitedRegistrationManagerTest {
@Mock
private RapClient rapClient;
@Mock
private SessionData sessionData;
private HttpServletRequest servletRequest;
@Mock
private LoggingDAO loggingDAO;
@Mock
......@@ -95,14 +96,14 @@ public class InvitedRegistrationManagerTest {
when(httpSession.getAttribute(eq("invited-registration"))).thenReturn(regFromToken);
when(sessionData.getUserId()).thenReturn(USER_ID);
GmsTestUtils.mockPrincipal(servletRequest, USER_ID);
RapUser user = new RapUser();
user.setId(USER_ID);
Identity identity = new Identity();
identity.setType(IdentityType.EDU_GAIN);
identity.setEmail(EMAIL);
user.setIdentities(Collections.singletonList(identity));
user.getIdentities().addAll(Collections.singletonList(identity));
when(rapClient.getUser(eq(USER_ID))).thenReturn(user);
......@@ -145,7 +146,7 @@ public class InvitedRegistrationManagerTest {
when(httpSession.getAttribute(eq("invited-registration"))).thenReturn(regFromToken);
when(sessionData.getUserId()).thenReturn(USER_ID);
GmsTestUtils.mockPrincipal(servletRequest, USER_ID);
RapUser user = new RapUser();
user.setId(USER_ID);
......
gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java
View file @ 6eef3264
......@@ -2,17 +2,18 @@ package it.inaf.ia2.gms.manager;
import it.inaf.ia2.gms.DataSourceConfig;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.RapUser;
import it.inaf.ia2.gms.model.UserPermission;
import it.inaf.ia2.gms.model.RapUserPermission;
import it.inaf.ia2.gms.persistence.GroupsDAO;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.rap.RapClient;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.sql.DataSource;
import static org.junit.Assert.assertEquals;
......@@ -52,7 +53,7 @@ public class PermissionsManagerIntegrationTest {
// Mock RAP client
RapUser rapUser = new RapUser();
rapUser.setId(USER_ID);
when(rapClient.getUsers(any())).thenReturn(Collections.singletonList(rapUser));
when(rapClient.getUsers(any(Set.class))).thenReturn(Collections.singletonList(rapUser));
PermissionsService permissionsService = new PermissionsService(permissionsDAO, loggingDAO);
PermissionsManager permissionsManager = new PermissionsManager(permissionsService, rapClient, loggingDAO);
......@@ -61,7 +62,7 @@ public class PermissionsManagerIntegrationTest {
// Create root
GroupEntity root = new GroupEntity();
root.setId("ROOT");
root.setName("Root");
root.setName("ROOT");
root.setPath("");
root = groupsDAO.createGroup(root);
......@@ -72,7 +73,7 @@ public class PermissionsManagerIntegrationTest {
superAdminPermission.setGroupPath(root.getPath());
permissionsDAO.createOrUpdatePermission(superAdminPermission);
List<UserPermission> permissions = permissionsManager.getAllPermissions(root);
List<RapUserPermission> permissions = permissionsManager.getAllPermissions(root);
assertEquals(1, permissions.size());
assertEquals(Permission.ADMIN, permissions.get(0).getPermission());
......
gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java
View file @ 6eef3264
......@@ -13,7 +13,7 @@ public class UserAwareComponentTestUtil {
public static void setUser(UserAwareComponent component, String userId) {
Map<String, Object> jwtClaims = new HashMap<>();
jwtClaims.put("sub", userId);
RapPrincipal principal = new RapPrincipal(jwtClaims);
RapPrincipal principal = new RapPrincipal("token", jwtClaims);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getUserPrincipal()).thenReturn(principal);
ReflectionTestUtils.setField(component, "request", request);
......
gms/src/test/java/it/inaf/ia2/gms/persistence/GroupsDAOTest.java
View file @ 6eef3264
......@@ -5,9 +5,11 @@ import it.inaf.ia2.gms.HooksConfig;
import it.inaf.ia2.gms.model.GroupBreadcrumb;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.hook.GroupsHook;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import javax.sql.DataSource;
import static org.junit.Assert.assertEquals;
......@@ -114,6 +116,15 @@ public class GroupsDAOTest {
assertTrue(optGroup.isPresent());
assertEquals(lbtInaf.getId(), optGroup.get().getId());
// Complete names
Set<String> groupIds = new HashSet<>();
groupIds.add(groups.get(0).getId());
groupIds.add(lbt.getId());
Map<String, String> completeGroupNames = dao.getGroupCompleteNamesFromId(groupIds);
assertEquals(2, completeGroupNames.size());
assertEquals("LBT", completeGroupNames.get(lbt.getId()));
assertEquals("LBT.INAF", completeGroupNames.get(groups.get(0).getId()));
// Children map
Map<String, Boolean> childrenMap = dao.getHasChildrenMap(Sets.newSet(root.getId()));
assertEquals(1, childrenMap.size());
......@@ -151,4 +162,9 @@ public class GroupsDAOTest {
private String getNewGroupId() {
return UUID.randomUUID().toString().replaceAll("-", "");
}
@Test
public void testGroupCompleteNamesEmptyInput() {
assertTrue(dao.getGroupCompleteNamesFromId(new HashSet<>()).isEmpty());
}
}
gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java
View file @ 6eef3264
......@@ -10,9 +10,9 @@ import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.request.GroupsRequest;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.rap.RapClient;
import it.inaf.ia2.gms.service.GroupsTreeBuilder;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.gms.authn.RapClient;
import java.util.List;
import javax.sql.DataSource;
import static org.junit.Assert.assertEquals;
......
gms/src/test/java/it/inaf/ia2/gms/rap/RapClientTest.java
View file @ 6eef3264
package it.inaf.ia2.gms.rap;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.model.RapUser;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
......@@ -34,120 +33,120 @@ import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.HttpServerErrorException.InternalServerError;
import org.springframework.web.client.RestTemplate;
@RunWith(MockitoJUnitRunner.class)
//@RunWith(MockitoJUnitRunner.class)
public class RapClientTest {
@Mock
private HttpServletRequest request;
@Mock
private SessionData sessionData;
@Mock
private RestTemplate restTemplate;
@Mock
private RestTemplate refreshTokenRestTemplate;
private RapClient rapClient;
@Before
public void init() {
rapClient = new RapClient(restTemplate);
ReflectionTestUtils.setField(rapClient, "request", request);
ReflectionTestUtils.setField(rapClient, "refreshTokenRestTemplate", refreshTokenRestTemplate);
ReflectionTestUtils.setField(rapClient, "scope", "openid");
}
@Test
public void testUnauthorizedNoRefreshJsonMsg() {
String jsonError = "{\"error\":\"Unauthorized: foo\"}";
HttpClientErrorException exception = Unauthorized
.create(HttpStatus.UNAUTHORIZED, "401", HttpHeaders.EMPTY, jsonError.getBytes(), StandardCharsets.UTF_8);
when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
}))).thenThrow(exception);
try {
rapClient.getUser("123");
} catch (HttpClientErrorException ex) {
assertEquals("401 Unauthorized: foo", ex.getMessage());
}
}
@Test
public void testUnauthorizedNoRefreshNotJsonMsg() {
String errorMessage = "THIS IS NOT A JSON";
HttpClientErrorException exception = Unauthorized
.create(HttpStatus.UNAUTHORIZED, "401", HttpHeaders.EMPTY, errorMessage.getBytes(), StandardCharsets.UTF_8);
when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
}))).thenThrow(exception);
try {
rapClient.getUser("123");
} catch (HttpClientErrorException ex) {
assertNotNull(ex.getMessage());
}
}
@Test
public void testServerErrorJsonMsg() {
String jsonError = "{\"error\":\"Fatal error\"}";
HttpServerErrorException exception = InternalServerError
.create(HttpStatus.INTERNAL_SERVER_ERROR, "500", HttpHeaders.EMPTY, jsonError.getBytes(), StandardCharsets.UTF_8);
when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
}))).thenThrow(exception);
try {
rapClient.getUser("123");
} catch (HttpServerErrorException ex) {
assertEquals("500 Fatal error", ex.getMessage());
}
}
@Test
public void testRefreshToken() {
when(request.getSession(eq(false))).thenReturn(mock(HttpSession.class));
when(sessionData.getExpiresIn()).thenReturn(-100l);
ReflectionTestUtils.setField(rapClient, "sessionData", sessionData);
ReflectionTestUtils.setField(rapClient, "clientId", "clientId");
ReflectionTestUtils.setField(rapClient, "clientSecret", "clientSecret");
ReflectionTestUtils.setField(rapClient, "accessTokenUri", "https://sso.ia2.inaf.it");
String jsonError = "{\"error\":\"Unauthorized: token expired\"}";
HttpClientErrorException exception = Unauthorized
.create(HttpStatus.UNAUTHORIZED, "401", HttpHeaders.EMPTY, jsonError.getBytes(), StandardCharsets.UTF_8);
when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
}))).thenThrow(exception)
.thenReturn(ResponseEntity.ok(new RapUser()));
ResponseEntity refreshTokenResponse = mock(ResponseEntity.class);
Map<String, Object> mockedBody = new HashMap<>();
mockedBody.put("access_token", "<access_token>");
mockedBody.put("refresh_token", "<refresh_token>");
mockedBody.put("expires_in", 3600);
when(refreshTokenResponse.getBody()).thenReturn(mockedBody);
when(refreshTokenRestTemplate.postForEntity(anyString(), any(HttpEntity.class), any()))
.thenReturn(refreshTokenResponse);
RapUser user = rapClient.getUser("123");
assertNotNull(user);
// verifies that token is refreshed
verify(sessionData, times(1)).setAccessToken(eq("<access_token>"));
verify(sessionData, times(1)).setExpiresIn(eq(3600l));
}
// @Mock
// private HttpServletRequest request;
//
// @Mock
// private SessionData sessionData;
//
// @Mock
// private RestTemplate restTemplate;
//
// @Mock
// private RestTemplate refreshTokenRestTemplate;
//
// private RapClient rapClient;
//
// @Before
// public void init() {
// rapClient = new RapClient(restTemplate);
// ReflectionTestUtils.setField(rapClient, "request", request);
// ReflectionTestUtils.setField(rapClient, "refreshTokenRestTemplate", refreshTokenRestTemplate);
// ReflectionTestUtils.setField(rapClient, "scope", "openid");
// }
//
// @Test
// public void testUnauthorizedNoRefreshJsonMsg() {
//
// String jsonError = "{\"error\":\"Unauthorized: foo\"}";
//
// HttpClientErrorException exception = Unauthorized
// .create(HttpStatus.UNAUTHORIZED, "401", HttpHeaders.EMPTY, jsonError.getBytes(), StandardCharsets.UTF_8);
//
// when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
// }))).thenThrow(exception);
//
// try {
// rapClient.getUser("123");
// } catch (HttpClientErrorException ex) {
// assertEquals("401 Unauthorized: foo", ex.getMessage());
// }
// }
//
// @Test
// public void testUnauthorizedNoRefreshNotJsonMsg() {
//
// String errorMessage = "THIS IS NOT A JSON";
//
// HttpClientErrorException exception = Unauthorized
// .create(HttpStatus.UNAUTHORIZED, "401", HttpHeaders.EMPTY, errorMessage.getBytes(), StandardCharsets.UTF_8);
//
// when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
// }))).thenThrow(exception);
//
// try {
// rapClient.getUser("123");
// } catch (HttpClientErrorException ex) {
// assertNotNull(ex.getMessage());
// }
// }
//
// @Test
// public void testServerErrorJsonMsg() {
//
// String jsonError = "{\"error\":\"Fatal error\"}";
//
// HttpServerErrorException exception = InternalServerError
// .create(HttpStatus.INTERNAL_SERVER_ERROR, "500", HttpHeaders.EMPTY, jsonError.getBytes(), StandardCharsets.UTF_8);
//
// when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
// }))).thenThrow(exception);
//
// try {
// rapClient.getUser("123");
// } catch (HttpServerErrorException ex) {
// assertEquals("500 Fatal error", ex.getMessage());
// }
// }
//
// @Test
// public void testRefreshToken() {
//
// when(request.getSession(eq(false))).thenReturn(mock(HttpSession.class));
// when(sessionData.getExpiresIn()).thenReturn(-100l);
//
// ReflectionTestUtils.setField(rapClient, "sessionData", sessionData);
// ReflectionTestUtils.setField(rapClient, "clientId", "clientId");
// ReflectionTestUtils.setField(rapClient, "clientSecret", "clientSecret");
// ReflectionTestUtils.setField(rapClient, "accessTokenUri", "https://sso.ia2.inaf.it");
//
// String jsonError = "{\"error\":\"Unauthorized: token expired\"}";
//
// HttpClientErrorException exception = Unauthorized
// .create(HttpStatus.UNAUTHORIZED, "401", HttpHeaders.EMPTY, jsonError.getBytes(), StandardCharsets.UTF_8);
//
// when(restTemplate.exchange(anyString(), eq(HttpMethod.GET), any(HttpEntity.class), eq(new ParameterizedTypeReference<RapUser>() {
// }))).thenThrow(exception)
// .thenReturn(ResponseEntity.ok(new RapUser()));
//
// ResponseEntity refreshTokenResponse = mock(ResponseEntity.class);
// Map<String, Object> mockedBody = new HashMap<>();
// mockedBody.put("access_token", "<access_token>");
// mockedBody.put("refresh_token", "<refresh_token>");
// mockedBody.put("expires_in", 3600);
// when(refreshTokenResponse.getBody()).thenReturn(mockedBody);
//
// when(refreshTokenRestTemplate.postForEntity(anyString(), any(HttpEntity.class), any()))
// .thenReturn(refreshTokenResponse);
//
// RapUser user = rapClient.getUser("123");
// assertNotNull(user);
//
// // verifies that token is refreshed
// verify(sessionData, times(1)).setAccessToken(eq("<access_token>"));
// verify(sessionData, times(1)).setExpiresIn(eq(3600l));
// }
}