@Override
public void authenticate(UserIdentity userIdentity) {
- userIdentityAuthenticator.authenticate(userIdentity, identityProvider, request.getSession());
+ userIdentityAuthenticator.authenticate(userIdentity, identityProvider, request, response);
}
}
}
*/
package org.sonar.server.authentication;
+import static java.lang.String.format;
+import static org.sonar.api.CoreProperties.SERVER_BASE_URL;
+import static org.sonar.server.authentication.OAuth2CallbackFilter.CALLBACK_PATH;
+
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.MessageException;
-import static java.lang.String.format;
-import static org.sonar.api.CoreProperties.SERVER_BASE_URL;
-import static org.sonar.server.authentication.OAuth2CallbackFilter.CALLBACK_PATH;
-
public class OAuth2ContextFactory {
private final UserIdentityAuthenticator userIdentityAuthenticator;
@Override
public void authenticate(UserIdentity userIdentity) {
- userIdentityAuthenticator.authenticate(userIdentity, identityProvider, request.getSession());
+ userIdentityAuthenticator.authenticate(userIdentity, identityProvider, request, response);
}
}
}
*/
package org.sonar.server.authentication;
+import static com.google.common.collect.FluentIterable.from;
+import static java.lang.String.format;
+import static java.util.Collections.singletonList;
+
import com.google.common.base.Function;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
-import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.server.user.UpdateUser;
import org.sonar.server.user.UserUpdater;
-import static com.google.common.collect.FluentIterable.from;
-import static java.lang.String.format;
-import static java.util.Collections.singletonList;
-
public class UserIdentityAuthenticator {
private static final Logger LOGGER = Loggers.get(UserIdentityAuthenticator.class);
private final DbClient dbClient;
private final UserUpdater userUpdater;
+ private final JwtHttpHandler jwtHttpHandler;
- public UserIdentityAuthenticator(DbClient dbClient, UserUpdater userUpdater) {
+ public UserIdentityAuthenticator(DbClient dbClient, UserUpdater userUpdater, JwtHttpHandler jwtHttpHandler) {
this.dbClient = dbClient;
this.userUpdater = userUpdater;
+ this.jwtHttpHandler = jwtHttpHandler;
}
- public void authenticate(UserIdentity user, IdentityProvider provider, HttpSession session) {
- long userDbId = register(user, provider);
+ public void authenticate(UserIdentity user, IdentityProvider provider, HttpServletRequest request, HttpServletResponse response) {
+ UserDto userDb = register(user, provider);
// hack to disable Ruby on Rails authentication
- session.setAttribute("user_id", userDbId);
+ request.getSession().setAttribute("user_id", userDb.getId());
+ jwtHttpHandler.generateToken(userDb.getLogin(), response);
}
- private long register(UserIdentity user, IdentityProvider provider) {
+ private UserDto register(UserIdentity user, IdentityProvider provider) {
DbSession dbSession = dbClient.openSession(false);
try {
String userLogin = user.getLogin();
UserDto userDto = dbClient.userDao().selectByLogin(dbSession, userLogin);
if (userDto != null && userDto.isActive()) {
registerExistingUser(dbSession, userDto, user, provider);
- return userDto.getId();
+ return userDto;
}
return registerNewUser(dbSession, user, provider);
} finally {
}
}
- private long registerNewUser(DbSession dbSession, UserIdentity user, IdentityProvider provider) {
+ private UserDto registerNewUser(DbSession dbSession, UserIdentity user, IdentityProvider provider) {
if (!provider.allowsUsersToSignUp()) {
throw new UnauthorizedException(format("'%s' users are not allowed to sign up", provider.getKey()));
}
);
UserDto newUser = dbClient.userDao().selectOrFailByLogin(dbSession, userLogin);
syncGroups(dbSession, user, newUser);
- return newUser.getId();
+ return newUser;
}
private void registerExistingUser(DbSession dbSession, UserDto userDto, UserIdentity user, IdentityProvider provider) {
*/
package org.sonar.server.authentication;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.sonar.api.server.authentication.BaseIdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
public class BaseContextFactoryTest {
static String PUBLIC_ROOT_URL = "https://mydomain.com";
when(request.getSession()).thenReturn(session);
context.authenticate(USER_IDENTITY);
- verify(userIdentityAuthenticator).authenticate(USER_IDENTITY, identityProvider, session);
+ verify(userIdentityAuthenticator).authenticate(USER_IDENTITY, identityProvider, request, response);
}
}
*/
package org.sonar.server.authentication;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.MessageException;
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
public class OAuth2ContextFactoryTest {
@Rule
callback.authenticate(USER_IDENTITY);
- verify(userIdentityAuthenticator).authenticate(USER_IDENTITY, identityProvider, session);
+ verify(userIdentityAuthenticator).authenticate(USER_IDENTITY, identityProvider, request, response);
}
@Test
*/
package org.sonar.server.authentication;
+import static com.google.common.collect.Sets.newHashSet;
+import static java.util.Collections.singletonList;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.junit.Before;
import org.junit.Rule;
import org.sonar.server.user.UserUpdater;
import org.sonar.server.user.index.UserIndexer;
-import static com.google.common.collect.Sets.newHashSet;
-import static java.util.Collections.singletonList;
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-
public class UserIdentityAuthenticatorTest {
static String USER_LOGIN = "github-johndoo";
UserDao userDao = dbClient.userDao();
GroupDao groupDao = dbClient.groupDao();
Settings settings = new Settings();
+ JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
HttpSession httpSession = mock(HttpSession.class);
+
UserUpdater userUpdater = new UserUpdater(
mock(NewUserNotifier.class),
settings,
system2
);
- UserIdentityAuthenticator underTest = new UserIdentityAuthenticator(dbClient, userUpdater);
+ UserIdentityAuthenticator underTest = new UserIdentityAuthenticator(dbClient, userUpdater, jwtHttpHandler);
@Before
public void setUp() throws Exception {
settings.setProperty("sonar.defaultGroup", DEFAULT_GROUP);
addGroup(DEFAULT_GROUP);
+ when(request.getSession()).thenReturn(httpSession);
}
@Test
public void authenticate_new_user() throws Exception {
- underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
+ underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, request, response);
dbSession.commit();
UserDto userDto = userDao.selectByLogin(dbSession, USER_LOGIN);
.setName("John")
// group3 doesn't exist in db, it will be ignored
.setGroups(newHashSet("group1", "group2", "group3"))
- .build(), IDENTITY_PROVIDER, httpSession);
+ .build(), IDENTITY_PROVIDER, request, response);
dbSession.commit();
UserDto userDto = userDao.selectByLogin(dbSession, USER_LOGIN);
);
dbSession.commit();
- underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
+ underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, request, response);
dbSession.commit();
UserDto userDto = userDao.selectByLogin(dbSession, USER_LOGIN);
);
dbSession.commit();
- underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
+ underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, request, response);
dbSession.commit();
UserDto userDto = userDao.selectByLogin(dbSession, USER_LOGIN);
.setName("John")
// group3 doesn't exist in db, it will be ignored
.setGroups(newHashSet("group1", "group2", "group3"))
- .build(), IDENTITY_PROVIDER, httpSession);
+ .build(), IDENTITY_PROVIDER, request, response);
dbSession.commit();
Set<String> userGroups = new HashSet<>(dbClient.groupMembershipDao().selectGroupsByLogins(dbSession, singletonList(USER_LOGIN)).get(USER_LOGIN));
.setName("John")
// Only group1 is returned by the id provider => group2 will be removed
.setGroups(newHashSet("group1"))
- .build(), IDENTITY_PROVIDER, httpSession);
+ .build(), IDENTITY_PROVIDER, request, response);
dbSession.commit();
verifyUserGroups(USER_LOGIN, "group1");
.setName("John")
// No group => group1 and group2 will be removed
.setGroups(Collections.<String>emptySet())
- .build(), IDENTITY_PROVIDER, httpSession);
+ .build(), IDENTITY_PROVIDER, request, response);
dbSession.commit();
verifyNoUserGroups(USER_LOGIN);
userDao.insert(dbSession, userDto);
dbSession.commit();
- underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
+ underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, request, response);
+
+ verify(httpSession).setAttribute("user_id", userDto.getId());
+ }
+
+ @Test
+ public void create_jwt_token() throws Exception {
+ UserDto userDto = UserTesting.newUserDto().setLogin(USER_LOGIN);
+ userDao.insert(dbSession, userDto);
+ dbSession.commit();
+
+ underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, request, response);
verify(httpSession).setAttribute("user_id", userDto.getId());
+ verify(jwtHttpHandler).generateToken(USER_LOGIN, response);
}
@Test
thrown.expect(UnauthorizedException.class);
thrown.expectMessage("'github' users are not allowed to sign up");
- underTest.authenticate(USER_IDENTITY, identityProvider, httpSession);
+ underTest.authenticate(USER_IDENTITY, identityProvider, request, response);
}
@Test
thrown.expect(UnauthorizedException.class);
thrown.expectMessage("You can't sign up because email 'john@email.com' is already used by an existing user. " +
"This means that you probably already registered with another account.");
- underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, httpSession);
+ underTest.authenticate(USER_IDENTITY, IDENTITY_PROVIDER, request, response);
}
private void verifyUserGroups(String userLogin, String... groups) {