authenticateWithFakeAuthProvider();
- userRule.verifyUserGroupMembership(USER_LOGIN, GROUP1, GROUP2);
+ userRule.verifyUserGroupMembership(USER_LOGIN, GROUP1, GROUP2, "sonar-users");
}
@Test
authenticateWithFakeAuthProvider();
- userRule.verifyUserGroupMembership(USER_LOGIN, GROUP2, GROUP3);
+ userRule.verifyUserGroupMembership(USER_LOGIN, GROUP2, GROUP3, "sonar-users");
}
@Test
authenticateWithFakeAuthProvider();
// User is not member to any group
- userRule.verifyUserGroupMembership(USER_LOGIN);
+ userRule.verifyUserGroupMembership(USER_LOGIN, "sonar-users");
}
@Test
public void authenticate_with_groups() {
doCall(USER_LOGIN, null, null, GROUP_1);
- USER_RULE.verifyUserGroupMembership(USER_LOGIN, GROUP_1);
+ USER_RULE.verifyUserGroupMembership(USER_LOGIN, GROUP_1, "sonar-users");
}
@Test
doCall(USER_LOGIN, null, null, GROUP_2 + "," + GROUP_3);
- USER_RULE.verifyUserGroupMembership(USER_LOGIN, GROUP_2, GROUP_3);
+ USER_RULE.verifyUserGroupMembership(USER_LOGIN, GROUP_2, GROUP_3, "sonar-users");
}
@Test
*/
package util.user;
-import com.google.common.base.Function;
import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.collect.FluentIterable;
import com.sonar.orchestrator.Orchestrator;
import java.util.List;
+import java.util.stream.Collectors;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@Override
public void createGroup(String name, @Nullable String description) {
PostRequest request = new PostRequest("api/user_groups/create")
- .setParam("name", name)
- .setParam("description", description);
+ .setParam("name", name)
+ .setParam("description", description);
addOrganizationParam(request);
adminWsClient().wsConnector().call(request);
}
for (String groupName : groupNames) {
if (getGroupByName(groupName).isPresent()) {
PostRequest request = new PostRequest("api/user_groups/delete")
- .setParam("name", groupName);
+ .setParam("name", groupName);
addOrganizationParam(request);
adminWsClient().wsConnector().call(request);
}
}
@Override
- public void verifyUserGroupMembership(String userLogin, String... groups) {
+ public void verifyUserGroupMembership(String userLogin, String... expectedGroups) {
Groups userGroup = getUserGroups(userLogin);
- List<String> userGroupName = FluentIterable.from(userGroup.getGroups()).transform(ToGroupName.INSTANCE).toList();
- assertThat(userGroupName).containsOnly(groups);
+ List<String> userGroupName = userGroup.getGroups().stream().map(Groups.Group::getName).collect(Collectors.toList());
+ assertThat(userGroupName).containsOnly(expectedGroups);
}
@Override
public Groups getUserGroups(String userLogin) {
GetRequest request = new GetRequest("api/users/groups")
- .setParam("login", userLogin)
- .setParam("selected", "selected");
+ .setParam("login", userLogin)
+ .setParam("selected", "selected");
addOrganizationParam(request);
WsResponse response = adminWsClient().wsConnector().call(request).failIfNotSuccessful();
return Groups.parse(response.content());
public void associateGroupsToUser(String userLogin, String... groups) {
for (String group : groups) {
PostRequest request = new PostRequest("api/user_groups/add_user")
- .setParam("login", userLogin)
- .setParam("name", group);
+ .setParam("login", userLogin)
+ .setParam("name", group);
addOrganizationParam(request);
adminWsClient().wsConnector().call(request).failIfNotSuccessful();
}
}
}
- private enum ToGroupName implements Function<Groups.Group, String> {
- INSTANCE;
-
- @Override
- public String apply(@Nonnull Groups.Group group) {
- return group.getName();
- }
- }
}
import static java.lang.String.format;
import static java.util.Collections.singletonList;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
+import static org.sonar.server.user.UserUpdater.SONAR_USERS_GROUP_NAME;
public class UserIdentityAuthenticator {
}
private void syncGroups(DbSession dbSession, UserIdentity userIdentity, UserDto userDto) {
- if (userIdentity.shouldSyncGroups()) {
- String userLogin = userIdentity.getLogin();
- Set<String> userGroups = new HashSet<>(dbClient.groupMembershipDao().selectGroupsByLogins(dbSession, singletonList(userLogin)).get(userLogin));
- Set<String> identityGroups = userIdentity.getGroups();
- LOGGER.debug("List of groups returned by the identity provider '{}'", identityGroups);
-
- Collection<String> groupsToAdd = Sets.difference(identityGroups, userGroups);
- Collection<String> groupsToRemove = Sets.difference(userGroups, identityGroups);
- Collection<String> allGroups = new ArrayList<>(groupsToAdd);
- allGroups.addAll(groupsToRemove);
- DefaultOrganization defaultOrganization = defaultOrganizationProvider.get();
- Map<String, GroupDto> groupsByName = dbClient.groupDao().selectByNames(dbSession, defaultOrganization.getUuid(), allGroups)
- .stream()
- .collect(uniqueIndex(GroupDto::getName));
-
- addGroups(dbSession, userDto, groupsToAdd, groupsByName);
- removeGroups(dbSession, userDto, groupsToRemove, groupsByName);
-
- dbSession.commit();
+ if (!userIdentity.shouldSyncGroups()) {
+ return;
}
+ String userLogin = userIdentity.getLogin();
+ Set<String> userGroups = new HashSet<>(dbClient.groupMembershipDao().selectGroupsByLogins(dbSession, singletonList(userLogin)).get(userLogin));
+ Set<String> identityGroups = userIdentity.getGroups();
+ LOGGER.debug("List of groups returned by the identity provider '{}'", identityGroups);
+
+ Collection<String> groupsToAdd = Sets.difference(identityGroups, userGroups);
+ Collection<String> groupsToRemove = Sets.difference(userGroups, identityGroups);
+ Collection<String> allGroups = new ArrayList<>(groupsToAdd);
+ allGroups.addAll(groupsToRemove);
+ DefaultOrganization defaultOrganization = defaultOrganizationProvider.get();
+ Map<String, GroupDto> groupsByName = dbClient.groupDao().selectByNames(dbSession, defaultOrganization.getUuid(), allGroups)
+ .stream()
+ .collect(uniqueIndex(GroupDto::getName));
+
+ addGroups(dbSession, userDto, groupsToAdd, groupsByName);
+ removeGroups(dbSession, userDto, groupsToRemove, groupsByName);
+
+ dbSession.commit();
}
private void addGroups(DbSession dbSession, UserDto userDto, Collection<String> groupsToAdd, Map<String, GroupDto> groupsByName) {
}
private void removeGroups(DbSession dbSession, UserDto userDto, Collection<String> groupsToRemove, Map<String, GroupDto> groupsByName) {
- groupsToRemove.stream().map(groupsByName::get).filter(Objects::nonNull).forEach(
- groupDto -> {
+ groupsToRemove.stream().map(groupsByName::get)
+ .filter(Objects::nonNull)
+ // user should always be member of sonar-users group
+ .filter(group -> !group.getName().equals(SONAR_USERS_GROUP_NAME))
+ .forEach(groupDto -> {
LOGGER.debug("Removing group '{}' from user '{}'", groupDto.getName(), userDto.getLogin());
dbClient.userGroupDao().delete(dbSession, groupDto.getId(), userDto.getId());
});
underTest.authenticate(request, response);
- verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2);
+ verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2, sonarUsers);
verifyTokenIsUpdated(NOW);
verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso());
}
public void does_not_update_groups_when_no_group_headers() throws Exception {
startWithSso();
setNotUserInToken();
- insertUser(DEFAULT_USER, group1);
+ insertUser(DEFAULT_USER, group1, sonarUsers);
HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, null);
underTest.authenticate(request, response);
- verityUserGroups(DEFAULT_LOGIN, group1);
+ verityUserGroups(DEFAULT_LOGIN, group1, sonarUsers);
verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso());
}
underTest.authenticate(request, response);
- verifyUserInDb("AnotherLogin", "Another name", "Another email", group2);
+ verifyUserInDb("AnotherLogin", "Another name", "Another email", group2, sonarUsers);
verifyTokenIsUpdated(NOW);
verify(authenticationEvent).loginSuccess(request, "AnotherLogin", Source.sso());
}
underTest.authenticate(request, response);
- verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2);
+ verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2, sonarUsers);
verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso());
}
underTest.authenticate(request, response);
- verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2);
+ verifyUserInDb(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, group1, group2, sonarUsers);
verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso());
}
underTest.authenticate(request, response);
- verifyUserInDb(DEFAULT_LOGIN, DEFAULT_LOGIN, null, group1, group2);
+ verifyUserInDb(DEFAULT_LOGIN, DEFAULT_LOGIN, null, group1, group2, sonarUsers);
verify(authenticationEvent).loginSuccess(request, DEFAULT_LOGIN, Source.sso());
}
*/
package org.sonar.server.authentication;
-import java.util.Arrays;
import java.util.Optional;
+import java.util.stream.Collectors;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.sonar.server.user.index.UserIndexer;
import static com.google.common.collect.Sets.newHashSet;
+import static java.util.Arrays.stream;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
import static org.sonar.db.user.UserTesting.newUserDto;
public class UserIdentityAuthenticatorTest {
private static String USER_LOGIN = "github-johndoo";
- private static String DEFAULT_GROUP = "default";
private static UserIdentity USER_IDENTITY = UserIdentity.builder()
.setProviderLogin("johndoo")
assertThat(user.getExternalIdentityProvider()).isEqualTo("github");
assertThat(user.isRoot()).isFalse();
- assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(defaultGroup.getId());
+ checkGroupMembership(user, defaultGroup);
}
@Test
authenticate(USER_LOGIN, "group1", "group2", "group3");
Optional<UserDto> user = db.users().selectUserByLogin(USER_LOGIN);
- assertThat(user).isPresent();
- assertThat(user.get().isRoot()).isFalse();
-
- assertThat(db.users().selectGroupIdsOfUser(user.get())).containsOnly(group1.getId(), group2.getId());
+ checkGroupMembership(user.get(), group1, group2, defaultGroup);
}
@Test
.setName("John"));
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1");
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2");
+ db.users().insertMember(defaultGroup, user);
authenticate(USER_LOGIN, "group1", "group2", "group3");
- assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(group1.getId(), group2.getId());
+ checkGroupMembership(user, group1, group2, defaultGroup);
}
@Test
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2");
db.users().insertMember(group1, user);
db.users().insertMember(group2, user);
+ db.users().insertMember(defaultGroup, user);
authenticate(USER_LOGIN, "group1");
- assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(group1.getId());
+ checkGroupMembership(user, group1, defaultGroup);
}
@Test
- public void authenticate_existing_user_and_remove_all_groups() throws Exception {
+ public void authenticate_existing_user_and_remove_all_groups_expect_default() throws Exception {
UserDto user = db.users().insertUser();
GroupDto group1 = db.users().insertGroup(db.getDefaultOrganization(), "group1");
GroupDto group2 = db.users().insertGroup(db.getDefaultOrganization(), "group2");
db.users().insertMember(group1, user);
db.users().insertMember(group2, user);
+ db.users().insertMember(defaultGroup, user);
authenticate(user.getLogin());
- assertThat(db.users().selectGroupIdsOfUser(user)).isEmpty();
+ checkGroupMembership(user, defaultGroup);
}
@Test
.setLogin(USER_LOGIN)
.setActive(true)
.setName("John"));
+ db.users().insertMember(defaultGroup, user);
String groupName = "a-group";
GroupDto groupInDefaultOrg = db.users().insertGroup(db.getDefaultOrganization(), groupName);
GroupDto groupInOrg = db.users().insertGroup(org, groupName);
.setGroups(newHashSet(groupName))
.build(), IDENTITY_PROVIDER, Source.sso());
- assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(groupInDefaultOrg.getId());
+ checkGroupMembership(user, groupInDefaultOrg, defaultGroup);
}
@Test
.setLogin(login)
.setName("John")
// No group
- .setGroups(Arrays.stream(groups).collect(MoreCollectors.toSet()))
+ .setGroups(stream(groups).collect(MoreCollectors.toSet()))
.build(), IDENTITY_PROVIDER, Source.sso());
}
+ private void checkGroupMembership(UserDto user, GroupDto... expectedGroups) {
+ assertThat(db.users().selectGroupIdsOfUser(user)).containsOnly(stream(expectedGroups).map(GroupDto::getId).collect(Collectors.toList()).toArray(new Integer[] {}));
+ }
}