source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2022 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.saml.ws;
  21
  22 import java.io.IOException;
  23 import javax.servlet.FilterChain;
  24 import javax.servlet.ServletException;
  25 import javax.servlet.http.HttpServletRequest;
  26 import javax.servlet.http.HttpServletResponse;
  27 import org.junit.Before;
  28 import org.junit.Rule;
  29 import org.junit.Test;
  30 import org.sonar.api.server.ws.WebService;
  31 import org.sonar.auth.saml.SamlAuthenticator;
  32 import org.sonar.server.authentication.OAuth2ContextFactory;
  33 import org.sonar.server.tester.UserSessionRule;
  34
  35 import static org.assertj.core.api.Assertions.assertThat;
  36 import static org.mockito.ArgumentMatchers.any;
  37 import static org.mockito.ArgumentMatchers.anyString;
  38 import static org.mockito.ArgumentMatchers.matches;
  39 import static org.mockito.Mockito.mock;
  40 import static org.mockito.Mockito.verify;
  41 import static org.mockito.Mockito.verifyNoInteractions;
  42 import static org.mockito.Mockito.when;
  43
  44 public class SamlValidationInitActionTest {
  45   @Rule
  46   public UserSessionRule userSession = UserSessionRule.standalone();
  47   private SamlValidationInitAction underTest;
  48   private SamlAuthenticator samlAuthenticator;
  49   private OAuth2ContextFactory oAuth2ContextFactory;
  50
  51   @Before
  52   public void setUp() throws Exception {
  53     samlAuthenticator = mock(SamlAuthenticator.class);
  54     oAuth2ContextFactory = mock(OAuth2ContextFactory.class);
  55     underTest = new SamlValidationInitAction(samlAuthenticator, oAuth2ContextFactory, userSession);
  56   }
  57
  58   @Test
  59   public void do_get_pattern() {
  60     assertThat(underTest.doGetPattern().matches("/api/saml/validation_init")).isTrue();
  61     assertThat(underTest.doGetPattern().matches("/api/saml")).isFalse();
  62     assertThat(underTest.doGetPattern().matches("/api/saml/validation_init2")).isFalse();
  63   }
  64
  65   @Test
  66   public void do_filter_as_admin() throws IOException, ServletException {
  67     userSession.logIn().setSystemAdministrator();
  68     HttpServletRequest servletRequest = mock(HttpServletRequest.class);
  69     HttpServletResponse servletResponse = mock(HttpServletResponse.class);
  70     FilterChain filterChain = mock(FilterChain.class);
  71     String callbackUrl = "http://localhost:9000/api/validation_test";
  72     when(oAuth2ContextFactory.generateCallbackUrl(anyString()))
  73       .thenReturn(callbackUrl);
  74
  75     underTest.doFilter(servletRequest, servletResponse, filterChain);
  76
  77     verify(samlAuthenticator).initLogin(matches(callbackUrl),
  78       matches(SamlValidationInitAction.VALIDATION_RELAY_STATE),
  79       any(), any());
  80   }
  81
  82   @Test
  83   public void do_filter_as_not_admin() throws IOException, ServletException {
  84     userSession.logIn();
  85     HttpServletRequest servletRequest = mock(HttpServletRequest.class);
  86     HttpServletResponse servletResponse = mock(HttpServletResponse.class);
  87     FilterChain filterChain = mock(FilterChain.class);
  88     String callbackUrl = "http://localhost:9000/api/validation_test";
  89     when(oAuth2ContextFactory.generateCallbackUrl(anyString()))
  90       .thenReturn(callbackUrl);
  91
  92     underTest.doFilter(servletRequest, servletResponse, filterChain);
  93
  94     verifyNoInteractions(samlAuthenticator);
  95     verify(servletResponse).sendRedirect(anyString());
  96   }
  97
  98   @Test
  99   public void do_filter_as_anonymous() throws IOException, ServletException {
 100     userSession.anonymous();
 101     HttpServletRequest servletRequest = mock(HttpServletRequest.class);
 102     HttpServletResponse servletResponse = mock(HttpServletResponse.class);
 103     FilterChain filterChain = mock(FilterChain.class);
 104     String callbackUrl = "http://localhost:9000/api/validation_test";
 105     when(oAuth2ContextFactory.generateCallbackUrl(anyString()))
 106       .thenReturn(callbackUrl);
 107
 108     underTest.doFilter(servletRequest, servletResponse, filterChain);
 109
 110     verifyNoInteractions(samlAuthenticator);
 111     verify(servletResponse).sendRedirect(anyString());
 112   }
 113
 114   @Test
 115   public void verify_definition() {
 116     String controllerKey = "foo";
 117     WebService.Context context = new WebService.Context();
 118     WebService.NewController newController = context.createController(controllerKey);
 119     underTest.define(newController);
 120     newController.done();
 121
 122     WebService.Action validationInitAction = context.controller(controllerKey).action("validation_init");
 123     assertThat(validationInitAction).isNotNull();
 124     assertThat(validationInitAction.description()).isNotEmpty();
 125     assertThat(validationInitAction.handler()).isNotNull();
 126   }
 127 }