source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2016 SonarSource SA
   4  * mailto:contact AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.authentication;
  21
  22 import com.google.common.base.Optional;
  23 import javax.servlet.http.HttpSession;
  24 import org.junit.Before;
  25 import org.junit.Rule;
  26 import org.junit.Test;
  27 import org.junit.rules.ExpectedException;
  28 import org.mockito.ArgumentCaptor;
  29 import org.sonar.api.server.authentication.UserIdentity;
  30 import org.sonar.core.util.UuidFactory;
  31 import org.sonar.db.DbClient;
  32 import org.sonar.db.DbSession;
  33 import org.sonar.db.user.UserDao;
  34 import org.sonar.db.user.UserDto;
  35 import org.sonar.server.user.NewUser;
  36 import org.sonar.server.user.UpdateUser;
  37 import org.sonar.server.user.UserUpdater;
  38
  39 import static org.assertj.core.api.Assertions.assertThat;
  40 import static org.mockito.Matchers.eq;
  41 import static org.mockito.Mockito.mock;
  42 import static org.mockito.Mockito.verify;
  43 import static org.mockito.Mockito.when;
  44
  45 public class UserIdentityAuthenticatorTest {
  46
  47   static String USER_LOGIN = "ABCD";
  48   static UserDto ACTIVE_USER = new UserDto().setId(10L).setLogin(USER_LOGIN).setActive(true);
  49   static UserDto UNACTIVE_USER = new UserDto().setId(11L).setLogin("UNACTIVE").setActive(false);
  50
  51   static UserIdentity USER_IDENTITY = UserIdentity.builder()
  52     .setId("johndoo")
  53     .setName("John")
  54     .setEmail("john@email.com")
  55     .build();
  56
  57   static TestIdentityProvider IDENTITY_PROVIDER = new TestIdentityProvider()
  58     .setKey("github")
  59     .setEnabled(true)
  60     .setAllowsUsersToSignUp(true);
  61
  62   @Rule
  63   public ExpectedException thrown = ExpectedException.none();
  64
  65   DbClient dbClient = mock(DbClient.class);
  66   DbSession dbSession = mock(DbSession.class);
  67   UserDao userDao = mock(UserDao.class);
  68
  69   HttpSession httpSession = mock(HttpSession.class);
  70   UserUpdater userUpdater = mock(UserUpdater.class);
  71   UuidFactory uuidFactory = mock(UuidFactory.class);
  72
  73   UserIdentityAuthenticator underTest = new UserIdentityAuthenticator(dbClient, userUpdater, uuidFactory);
  74
  75   @Before
  76   public void setUp() throws Exception {
  77     when(dbClient.openSession(false)).thenReturn(dbSession);
  78     when(dbClient.userDao()).thenReturn(userDao);
  79     when(uuidFactory.create()).thenReturn(USER_LOGIN);
  80   }
  81
  82   @Test
  83   public void authenticate_new_user() throws Exception {
  84     when(userDao.selectByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(Optional.<UserDto>absent());
  85     when(userDao.selectOrFailByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(ACTIVE_USER);
  86
  87     underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
  88
  89     ArgumentCaptor<NewUser> newUserArgumentCaptor = ArgumentCaptor.forClass(NewUser.class);
  90     verify(userUpdater).create(eq(dbSession), newUserArgumentCaptor.capture());
  91     NewUser newUser = newUserArgumentCaptor.getValue();
  92
  93     assertThat(newUser.login()).isEqualTo(USER_LOGIN);
  94     assertThat(newUser.name()).isEqualTo("John");
  95     assertThat(newUser.email()).isEqualTo("john@email.com");
  96     assertThat(newUser.externalIdentity().getProvider()).isEqualTo("github");
  97     assertThat(newUser.externalIdentity().getId()).isEqualTo("johndoo");
  98   }
  99
 100   @Test
 101   public void authenticate_existing_user() throws Exception {
 102     when(userDao.selectByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(Optional.of(ACTIVE_USER));
 103
 104     underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
 105
 106     ArgumentCaptor<UpdateUser> updateUserArgumentCaptor = ArgumentCaptor.forClass(UpdateUser.class);
 107     verify(userUpdater).update(eq(dbSession), updateUserArgumentCaptor.capture());
 108     UpdateUser newUser = updateUserArgumentCaptor.getValue();
 109
 110     assertThat(newUser.login()).isEqualTo(USER_LOGIN);
 111     assertThat(newUser.name()).isEqualTo("John");
 112     assertThat(newUser.email()).isEqualTo("john@email.com");
 113   }
 114
 115   @Test
 116   public void authenticate_existing_disabled_user() throws Exception {
 117     when(userDao.selectByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(Optional.of(UNACTIVE_USER));
 118     when(userDao.selectOrFailByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(UNACTIVE_USER);
 119
 120     underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
 121
 122     ArgumentCaptor<NewUser> newUserArgumentCaptor = ArgumentCaptor.forClass(NewUser.class);
 123     verify(userUpdater).create(eq(dbSession), newUserArgumentCaptor.capture());
 124   }
 125
 126   @Test
 127   public void update_session_for_rails() throws Exception {
 128     when(userDao.selectByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(Optional.of(ACTIVE_USER));
 129
 130     underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
 131
 132     verify(httpSession).setAttribute("user_id", ACTIVE_USER.getId());
 133   }
 134
 135   @Test
 136   public void fail_to_authenticate_new_user_when_allow_users_to_signup_is_false() throws Exception {
 137     when(userDao.selectByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(Optional.<UserDto>absent());
 138     when(userDao.selectOrFailByExternalIdentity(dbSession, USER_IDENTITY.getId(), IDENTITY_PROVIDER.getKey())).thenReturn(ACTIVE_USER);
 139
 140     TestIdentityProvider identityProvider = new TestIdentityProvider()
 141       .setKey("github")
 142       .setName("Github")
 143       .setEnabled(true)
 144       .setAllowsUsersToSignUp(false);
 145
 146     thrown.expect(NotAllowUserToSignUpException.class);
 147     underTest.authenticate(USER_IDENTITY, identityProvider, httpSession);
 148   }
 149 }