From 70979ecf22b6dd89ff50fe0107129e2d462863a9 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Wed, 20 Jul 2016 10:27:18 +0200 Subject: [PATCH] Improve Authentication ITs --- .../java/it/user/ForceAuthenticationTest.java | 82 +++++++++---------- .../java/it/user/LocalAuthenticationTest.java | 32 ++++---- ...ct_to_login_when_not_enough_privilege.html | 59 +++++++++++++ ..._be_unlogged_when_going_to_login_page.html | 64 +++++++++++++++ 4 files changed, 178 insertions(+), 59 deletions(-) create mode 100644 it/it-tests/src/test/resources/user/LocalAuthenticationTest/redirect_to_login_when_not_enough_privilege.html create mode 100644 it/it-tests/src/test/resources/user/LocalAuthenticationTest/should_not_be_unlogged_when_going_to_login_page.html diff --git a/it/it-tests/src/test/java/it/user/ForceAuthenticationTest.java b/it/it-tests/src/test/java/it/user/ForceAuthenticationTest.java index 58788abf9bf..f0b9c074d4d 100644 --- a/it/it-tests/src/test/java/it/user/ForceAuthenticationTest.java +++ b/it/it-tests/src/test/java/it/user/ForceAuthenticationTest.java @@ -21,21 +21,20 @@ package it.user; import com.sonar.orchestrator.Orchestrator; import it.Category4Suite; -import java.io.IOException; -import org.apache.http.HttpResponse; -import org.apache.http.client.HttpClient; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.util.EntityUtils; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; import org.junit.experimental.categories.Category; -import org.sonar.wsclient.base.HttpException; -import org.sonar.wsclient.services.PropertyDeleteQuery; -import org.sonar.wsclient.services.PropertyUpdateQuery; +import org.sonarqube.ws.client.GetRequest; +import org.sonarqube.ws.client.WsClient; +import org.sonarqube.ws.client.WsResponse; import util.QaOnly; import static org.assertj.core.api.Assertions.assertThat; +import static util.ItUtils.newAdminWsClient; +import static util.ItUtils.newWsClient; +import static util.ItUtils.setServerProperty; @Category(QaOnly.class) public class ForceAuthenticationTest { @@ -43,48 +42,43 @@ public class ForceAuthenticationTest { @ClassRule public static final Orchestrator orchestrator = Category4Suite.ORCHESTRATOR; - /** - * SONAR-5542 - */ - @Test - public void force_authentication_should_be_used_on_java_web_services_but_not_on_batch_index_and_file() throws IOException { - try { - orchestrator.getServer().getAdminWsClient().update(new PropertyUpdateQuery("sonar.forceAuthentication", "true")); + static WsClient wsClient; + static WsClient adminWsClient; - // /batch/index should never need authentication - String batchIndex = orchestrator.getServer().wsClient().get("/batch/index"); - assertThat(batchIndex).isNotEmpty(); + @BeforeClass + public static void setUp() throws Exception { + setServerProperty(orchestrator, "sonar.forceAuthentication", "true"); + wsClient = newWsClient(orchestrator); + adminWsClient = newAdminWsClient(orchestrator); + } - String jar = batchIndex.split("\\|")[0]; + @AfterClass + public static void tearDown() throws Exception { + setServerProperty(orchestrator, "sonar.forceAuthentication", null); + } - // /batch/file should never need authentication - HttpClient httpclient = new DefaultHttpClient(); - try { - HttpGet get = new HttpGet(orchestrator.getServer().getUrl() + "/batch/file?name=" + jar); - HttpResponse response = httpclient.execute(get); - assertThat(response.getStatusLine().getStatusCode()).isEqualTo(200); - EntityUtils.consume(response.getEntity()); + @Test + public void batch_ws_does_not_require_authentication() throws Exception { + WsResponse batchIndex = wsClient.wsConnector().call(new GetRequest("/batch/index")).failIfNotSuccessful(); + String batchIndexContent = batchIndex.content(); - // As Sonar runner is still using /batch/key, we have to also verify it - get = new HttpGet(orchestrator.getServer().getUrl() + "/batch/" + jar); - response = httpclient.execute(get); - assertThat(response.getStatusLine().getStatusCode()).isEqualTo(200); - EntityUtils.consume(response.getEntity()); + assertThat(batchIndexContent).isNotEmpty(); + String jar = batchIndexContent.split("\\|")[0]; - } finally { - httpclient.getConnectionManager().shutdown(); - } + assertThat(wsClient.wsConnector().call( + new GetRequest("/batch/file").setParam("name", jar)).failIfNotSuccessful().contentStream()).isNotNull(); - // but other java web services should need authentication - try { - orchestrator.getServer().wsClient().get("/api"); - } catch (HttpException e) { - assertThat(e.getMessage()).contains("401"); - } + // As sonar-runner is still using deprecated /batch/key, we have to also verify it + assertThat(wsClient.wsConnector().call(new GetRequest("/batch/" + jar)).failIfNotSuccessful().contentStream()).isNotNull(); + } + + @Test + public void other_ws_require_authentication() throws Exception { + assertThat(wsClient.wsConnector().call(new GetRequest("/api/issues/search")).code()).isEqualTo(401); + assertThat(adminWsClient.wsConnector().call(new GetRequest("/api/issues/search")).code()).isEqualTo(200); - } finally { - orchestrator.getServer().getAdminWsClient().delete(new PropertyDeleteQuery("sonar.forceAuthentication")); - } + assertThat(wsClient.wsConnector().call(new GetRequest("/api/rules/search")).code()).isEqualTo(401); + assertThat(adminWsClient.wsConnector().call(new GetRequest("/api/rules/search")).code()).isEqualTo(200); } } diff --git a/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java b/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java index 83019aecd2f..8026250318b 100644 --- a/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java +++ b/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java @@ -86,6 +86,8 @@ public class LocalAuthenticationTest { userRule.createUser(LOGIN, "123456"); addUserPermission(LOGIN, "admin"); addUserPermission(LOGIN, "scan"); + + userRule.createUser("simple-user", "password"); } @AfterClass @@ -204,18 +206,18 @@ public class LocalAuthenticationTest { new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("authentication", "/user/LocalAuthenticationTest/login_successful.html", "/user/LocalAuthenticationTest/login_wrong_password.html", + "/user/LocalAuthenticationTest/should_not_be_unlogged_when_going_to_login_page.html", + "/user/LocalAuthenticationTest/redirect_to_login_when_not_enough_privilege.html", // SONAR-2132 "/user/LocalAuthenticationTest/redirect_to_original_url_after_direct_login.html", // SONAR-2009 - "/user/LocalAuthenticationTest/redirect_to_original_url_after_indirect_login.html" - ).build()).runOn(ORCHESTRATOR); + "/user/LocalAuthenticationTest/redirect_to_original_url_after_indirect_login.html").build()).runOn(ORCHESTRATOR); setServerProperty(ORCHESTRATOR, "sonar.forceAuthentication", "true"); new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("force-authentication", // SONAR-3473 - "/user/LocalAuthenticationTest/force-authentication.html" - ).build()).runOn(ORCHESTRATOR); + "/user/LocalAuthenticationTest/force-authentication.html").build()).runOn(ORCHESTRATOR); } @Test @@ -238,19 +240,19 @@ public class LocalAuthenticationTest { */ @Test public void authentication_with_any_ws() throws Exception { - assertThat(checkAuthenticationWithAnyWebService("admin", "admin").code()).isEqualTo(200); - assertThat(checkAuthenticationWithAnyWebService("wrong", "admin").code()).isEqualTo(401); - assertThat(checkAuthenticationWithAnyWebService("admin", "wrong").code()).isEqualTo(401); - assertThat(checkAuthenticationWithAnyWebService("admin", null).code()).isEqualTo(401); - assertThat(checkAuthenticationWithAnyWebService(null, null).code()).isEqualTo(200); + assertThat(checkAuthenticationWithAnyWS("admin", "admin").code()).isEqualTo(200); + assertThat(checkAuthenticationWithAnyWS("wrong", "admin").code()).isEqualTo(401); + assertThat(checkAuthenticationWithAnyWS("admin", "wrong").code()).isEqualTo(401); + assertThat(checkAuthenticationWithAnyWS("admin", null).code()).isEqualTo(401); + assertThat(checkAuthenticationWithAnyWS(null, null).code()).isEqualTo(200); setServerProperty(ORCHESTRATOR, "sonar.forceAuthentication", "true"); - assertThat(checkAuthenticationWithAnyWebService("admin", "admin").code()).isEqualTo(200); - assertThat(checkAuthenticationWithAnyWebService("wrong", "admin").code()).isEqualTo(401); - assertThat(checkAuthenticationWithAnyWebService("admin", "wrong").code()).isEqualTo(401); - assertThat(checkAuthenticationWithAnyWebService("admin", null).code()).isEqualTo(401); - assertThat(checkAuthenticationWithAnyWebService(null, null).code()).isEqualTo(401); + assertThat(checkAuthenticationWithAnyWS("admin", "admin").code()).isEqualTo(200); + assertThat(checkAuthenticationWithAnyWS("wrong", "admin").code()).isEqualTo(401); + assertThat(checkAuthenticationWithAnyWS("admin", "wrong").code()).isEqualTo(401); + assertThat(checkAuthenticationWithAnyWS("admin", null).code()).isEqualTo(401); + assertThat(checkAuthenticationWithAnyWS(null, null).code()).isEqualTo(401); } private boolean checkAuthenticationWithAuthenticateWebService(String login, String password) { @@ -258,7 +260,7 @@ public class LocalAuthenticationTest { return result.contains("{\"valid\":true}"); } - private WsResponse checkAuthenticationWithAnyWebService(String login, String password) { + private WsResponse checkAuthenticationWithAnyWS(String login, String password) { WsClient wsClient = WsClientFactories.getDefault().newClient(HttpConnector.newBuilder().url(ORCHESTRATOR.getServer().getUrl()).credentials(login, password).build()); // Call any WS return wsClient.wsConnector().call(new GetRequest("api/rules/search")); diff --git a/it/it-tests/src/test/resources/user/LocalAuthenticationTest/redirect_to_login_when_not_enough_privilege.html b/it/it-tests/src/test/resources/user/LocalAuthenticationTest/redirect_to_login_when_not_enough_privilege.html new file mode 100644 index 00000000000..3fbb9ddb8ac --- /dev/null +++ b/it/it-tests/src/test/resources/user/LocalAuthenticationTest/redirect_to_login_when_not_enough_privilege.html @@ -0,0 +1,59 @@ + + + + + + redirect-to-original-url-after-direct-login + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
open/sessions/new
waitForTextcontent*Log In to SonarQube*
typeid=loginsimple-user
typeid=passwordpassword
clickAndWaitcommit
waitForElementPresentcss=.js-user-authenticated
open/settings
waitForTextcontent*Log In to SonarQube*
assertTextcontent*You are not authorized to access this page. Please log in with more privileges and try again.*
+ + diff --git a/it/it-tests/src/test/resources/user/LocalAuthenticationTest/should_not_be_unlogged_when_going_to_login_page.html b/it/it-tests/src/test/resources/user/LocalAuthenticationTest/should_not_be_unlogged_when_going_to_login_page.html new file mode 100644 index 00000000000..66a0ab89a51 --- /dev/null +++ b/it/it-tests/src/test/resources/user/LocalAuthenticationTest/should_not_be_unlogged_when_going_to_login_page.html @@ -0,0 +1,64 @@ + + + + + + redirect-to-original-url-after-direct-login + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
open/sessions/new
waitForTextcontent*Log In to SonarQube*
typeid=loginsimple-user
typeid=passwordpassword
clickAndWaitcommit
waitForElementPresentcss=.js-user-authenticated
open/sessions/new
waitForTextcontent*Log In to SonarQube*
open/
waitForTextcss=.js-user-authenticated*simple-user*
+ + -- 2.39.5