From e70058e93a5c570e836b9276f63441888907eaf1 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Tue, 29 Nov 2016 10:35:34 +0100 Subject: [PATCH] SONAR-8416 improve ITs on authentication Complete check on message displayed in ui when functional authentication errors are generated Add ITs when errors are generated during callback of OAuth2 authentication plugins --- .../src/main/java/FakeOAuth2IdProvider.java | 15 ++- .../it/user/BaseIdentityProviderTest.java | 19 +++- .../it/user/OAuth2IdentityProviderTest.java | 92 +++++++++++++++++-- ...ot_in_log_when_unauthorized_exception.html | 44 +++++++++ ...rized_page_when_authentication_failed.html | 12 ++- ...henticate_when_not_allowed_to_sign_up.html | 14 ++- .../fail_when_email_already_exists.html | 44 +++++++++ .../authenticate_user.html | 29 ++++++ ...ot_in_log_when_unauthorized_exception.html | 44 +++++++++ ...rized_page_when_authentication_failed.html | 39 ++++++++ ...enticate_when_not_allowed_to_sign_up.html} | 14 ++- .../fail_when_email_already_exists.html | 44 +++++++++ 12 files changed, 394 insertions(+), 16 deletions(-) create mode 100644 it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html create mode 100644 it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_when_email_already_exists.html create mode 100644 it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/authenticate_user.html create mode 100644 it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html create mode 100644 it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html rename it/it-tests/src/test/resources/user/{BaseIdentityProviderTest/diplay_message_in_ui_but_not_in_log_when_unauthorized_exception.html => OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html} (70%) create mode 100644 it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html diff --git a/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java b/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java index 5f3f73ec0a9..5ed8ff0c89d 100644 --- a/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java +++ b/it/it-plugins/oauth2-auth-plugin/src/main/java/FakeOAuth2IdProvider.java @@ -21,21 +21,24 @@ import org.sonar.api.config.Settings; import org.sonar.api.server.authentication.Display; import org.sonar.api.server.authentication.OAuth2IdentityProvider; +import org.sonar.api.server.authentication.UnauthorizedException; import org.sonar.api.server.authentication.UserIdentity; public class FakeOAuth2IdProvider implements OAuth2IdentityProvider { private static final String ENABLED = "sonar.auth.fake-oauth2-id-provider.enabled"; + private static final String ALLOWS_USERS_TO_SIGN_UP = "sonar.auth.fake-oauth2-id-provider.allowsUsersToSignUp"; private static final String URL = "sonar.auth.fake-oauth2-id-provider.url"; private static final String USER_INFO = "sonar.auth.fake-oauth2-id-provider.user"; + private static final String THROW_UNAUTHORIZED_EXCEPTION = "sonar.auth.fake-oauth2-id-provider.throwUnauthorizedMessage"; + private final Settings settings; public FakeOAuth2IdProvider(Settings settings) { this.settings = settings; } - @Override public void init(InitContext context) { String url = settings.getString(URL); @@ -51,6 +54,11 @@ public class FakeOAuth2IdProvider implements OAuth2IdentityProvider { if (userInfoProperty == null) { throw new IllegalStateException(String.format("The property %s is required", USER_INFO)); } + boolean throwUnauthorizedException = settings.getBoolean(THROW_UNAUTHORIZED_EXCEPTION); + if (throwUnauthorizedException) { + throw new UnauthorizedException("A functional error has happened"); + } + String[] userInfos = userInfoProperty.split(","); context.authenticate(UserIdentity.builder() .setLogin(userInfos[0]) @@ -86,7 +94,12 @@ public class FakeOAuth2IdProvider implements OAuth2IdentityProvider { @Override public boolean allowsUsersToSignUp() { + if (settings.hasKey(ALLOWS_USERS_TO_SIGN_UP)) { + return settings.getBoolean(ALLOWS_USERS_TO_SIGN_UP); + } + // If property is not defined, default behaviour is not always allow users to sign up return true; + } } diff --git a/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java b/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java index c5408415336..e0fc5c8323d 100644 --- a/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java +++ b/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java @@ -44,7 +44,6 @@ import static util.ItUtils.setServerProperty; /** * TODO : Add missing ITs - * - creating new user using email already used * - display multiple identity provider plugins (probably in another class) */ public class BaseIdentityProviderTest { @@ -100,7 +99,7 @@ public class BaseIdentityProviderTest { } @Test - public void authenticate_user() throws Exception { + public void authenticate_user_through_ui() throws Exception { enablePlugin(); setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_NAME, USER_EMAIL); @@ -122,6 +121,20 @@ public class BaseIdentityProviderTest { userRule.verifyUserDoesNotExist(USER_LOGIN); } + @Test + public void fail_when_email_already_exists() throws Exception { + enablePlugin(); + setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_NAME, USER_EMAIL); + userRule.createUser("another", "Another", USER_EMAIL, "another"); + + new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("fail when email already exists", + "/user/BaseIdentityProviderTest/fail_when_email_already_exists.html").build()).runOn(ORCHESTRATOR); + + File logFile = ORCHESTRATOR.getServer().getWebLogs(); + assertThat(FileUtils.readFileToString(logFile)) + .doesNotContain("You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account"); + } + @Test public void fail_to_authenticate_when_not_allowed_to_sign_up() throws Exception { enablePlugin(); @@ -191,7 +204,7 @@ public class BaseIdentityProviderTest { setServerProperty(ORCHESTRATOR, "sonar.auth.fake-base-id-provider.throwUnauthorizedMessage", "true"); new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("fail_to_authenticate_when_not_allowed_to_sign_up", - "/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html").build()).runOn(ORCHESTRATOR); + "/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html").build()).runOn(ORCHESTRATOR); File logFile = ORCHESTRATOR.getServer().getWebLogs(); assertThat(FileUtils.readFileToString(logFile)).doesNotContain("A functional error has happened"); diff --git a/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java b/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java index ef1a2f0a3f5..f854ff98964 100644 --- a/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java +++ b/it/it-tests/src/test/java/it/user/OAuth2IdentityProviderTest.java @@ -20,10 +20,13 @@ package it.user; import com.sonar.orchestrator.Orchestrator; +import com.sonar.orchestrator.selenium.Selenese; import it.Category4Suite; +import java.io.File; import java.net.HttpURLConnection; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; +import org.apache.commons.io.FileUtils; import org.junit.After; import org.junit.Before; import org.junit.BeforeClass; @@ -33,10 +36,12 @@ import org.junit.Test; import org.sonarqube.ws.client.GetRequest; import org.sonarqube.ws.client.WsClient; import org.sonarqube.ws.client.WsResponse; +import util.selenium.SeleneseTest; import util.user.UserRule; import static org.assertj.core.api.Assertions.assertThat; import static util.ItUtils.newAdminWsClient; +import static util.ItUtils.resetSettings; import static util.ItUtils.setServerProperty; /** @@ -78,29 +83,96 @@ public class OAuth2IdentityProviderTest { fakeServerAuthProvider = new MockWebServer(); fakeServerAuthProvider.start(); fakeServerAuthProviderUrl = fakeServerAuthProvider.url("").url().toString(); + userRule.resetUsers(); + resetSettings(ORCHESTRATOR, null, "sonar.auth.fake-oauth2-id-provider.enabled", + "sonar.auth.fake-oauth2-id-provider.url", + "sonar.auth.fake-oauth2-id-provider.user", + "sonar.auth.fake-oauth2-id-provider.throwUnauthorizedMessage", + "sonar.auth.fake-oauth2-id-provider.allowsUsersToSignUp"); } @After public void tearDown() throws Exception { fakeServerAuthProvider.shutdown(); - setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.enabled", null); - setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.url", null); - setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", null); } @Test public void create_new_user_when_authenticate() throws Exception { simulateRedirectionToCallback(); - - setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.enabled", "true"); - setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.url", fakeServerAuthProviderUrl); - setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", USER_LOGIN + "," + USER_PROVIDER_ID + "," + USER_NAME + "," + USER_EMAIL); + enablePlugin(); authenticateWithFakeAuthProvider(); userRule.verifyUserExists(USER_LOGIN, USER_NAME, USER_EMAIL); } + @Test + public void authenticate_user_through_ui() throws Exception { + simulateRedirectionToCallback(); + enablePlugin(); + + new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("authenticate_user", + "/user/OAuth2IdentityProviderTest/authenticate_user.html").build()).runOn(ORCHESTRATOR); + + userRule.verifyUserExists(USER_LOGIN, USER_NAME, USER_EMAIL); + } + + @Test + public void display_unauthorized_page_when_authentication_failed_in_callback() throws Exception { + simulateRedirectionToCallback(); + enablePlugin(); + + // As this property is null, the plugin will throw an exception + setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", null); + + new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("display_unauthorized_page_when_authentication_failed", + "/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html").build()).runOn(ORCHESTRATOR); + + userRule.verifyUserDoesNotExist(USER_LOGIN); + } + + @Test + public void fail_to_authenticate_when_not_allowed_to_sign_up() throws Exception { + simulateRedirectionToCallback(); + enablePlugin(); + setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.allowsUsersToSignUp", "false"); + + new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("fail_to_authenticate_when_not_allowed_to_sign_up", + "/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html").build()).runOn(ORCHESTRATOR); + + userRule.verifyUserDoesNotExist(USER_LOGIN); + } + + @Test + public void display_message_in_ui_but_not_in_log_when_unauthorized_exception_in_callback() throws Exception { + simulateRedirectionToCallback(); + enablePlugin(); + setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.throwUnauthorizedMessage", "true"); + + new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("display_message_in_ui_but_not_in_log_when_unauthorized_exception", + "/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html").build()).runOn(ORCHESTRATOR); + + File logFile = ORCHESTRATOR.getServer().getWebLogs(); + assertThat(FileUtils.readFileToString(logFile)).doesNotContain("A functional error has happened"); + assertThat(FileUtils.readFileToString(logFile)).doesNotContain("UnauthorizedException"); + + userRule.verifyUserDoesNotExist(USER_LOGIN); + } + + @Test + public void fail_when_email_already_exists() throws Exception { + simulateRedirectionToCallback(); + enablePlugin(); + userRule.createUser("another", "Another", USER_EMAIL, "another"); + + new SeleneseTest(Selenese.builder().setHtmlTestsInClasspath("fail_when_email_already_exists", + "/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html").build()).runOn(ORCHESTRATOR); + + File logFile = ORCHESTRATOR.getServer().getWebLogs(); + assertThat(FileUtils.readFileToString(logFile)) + .doesNotContain("You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account"); + } + private void authenticateWithFakeAuthProvider() { WsResponse response = adminWsClient.wsConnector().call( new GetRequest(("/sessions/init/" + FAKE_PROVIDER_KEY))); @@ -114,4 +186,10 @@ public class OAuth2IdentityProviderTest { .setBody("Redirect to SonarQube")); } + private void enablePlugin() { + setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.enabled", "true"); + setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.url", fakeServerAuthProviderUrl); + setServerProperty(ORCHESTRATOR, "sonar.auth.fake-oauth2-id-provider.user", USER_LOGIN + "," + USER_PROVIDER_ID + "," + USER_NAME + "," + USER_EMAIL); + } + } diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html new file mode 100644 index 00000000000..b62763fb7c9 --- /dev/null +++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html @@ -0,0 +1,44 @@ + + + + + + fail_to_authenticate_when_not_allowed_to_sign_up + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
french
open/sessions/new
waitForTextcontent*Log in with Fake base identity provider*
clickcss=.oauth-providers a
waitForTextbd*You're not authorized to access this page. Please contact the administrator.*
assertTextbd*Reason : A functional error has happened*
+ + diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html index db0799b4e32..47a19a2df41 100644 --- a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html +++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html @@ -15,7 +15,17 @@ open - /sessions/init/fake-base-id-provider + /sessions/new + + + + waitForText + content + *Log in with Fake base identity provider* + + + click + css=.oauth-providers a diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html index d53f5239da9..40c300bd701 100644 --- a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html +++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html @@ -15,13 +15,23 @@ open - /sessions/init/fake-base-id-provider + /sessions/new + + + + waitForText + content + *Log in with Fake base identity provider* + + + click + css=.oauth-providers a waitForText bd - *You're not authorized to access this page. Please contact the administrator.* + *You're not authorized to access this page. Please contact the administrator.*Reason : 'fake-base-id-provider' users are not allowed to sign up* diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_when_email_already_exists.html b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_when_email_already_exists.html new file mode 100644 index 00000000000..b6f7e600ac3 --- /dev/null +++ b/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/fail_when_email_already_exists.html @@ -0,0 +1,44 @@ + + + + + + fail_when_email_already_exists + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
french
open/sessions/new
waitForTextcontent*Log in with Fake base identity provider*
clickcss=.oauth-providers a
waitForTextbd*You're not authorized to access this page. Please contact the administrator.*
assertTextbd*You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account*
+ + diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/authenticate_user.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/authenticate_user.html new file mode 100644 index 00000000000..22b34ba03c9 --- /dev/null +++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/authenticate_user.html @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + +
open/sessions/new
waitForTextcontent*Log in with Fake oauth2 identity provider*
clickcss=.oauth-providers a
waitForTextid=global-navigation*John*
+ + diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html new file mode 100644 index 00000000000..6a38ed69063 --- /dev/null +++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html @@ -0,0 +1,44 @@ + + + + + + fail_to_authenticate_when_not_allowed_to_sign_up + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
french
open/sessions/new
waitForTextcontent*Log in with Fake oauth2 identity provider*
clickcss=.oauth-providers a
waitForTextbd*You're not authorized to access this page. Please contact the administrator.*
assertTextbd*Reason : A functional error has happened*
+ + diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html new file mode 100644 index 00000000000..b01d24aad4c --- /dev/null +++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html @@ -0,0 +1,39 @@ + + + + + + display_unauthorized_page_when_authentication_failed + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
french
open/sessions/new
waitForTextcontent*Log in with Fake oauth2 identity provider*
clickcss=.oauth-providers a
waitForTextbd*You're not authorized to access this page. Please contact the administrator.*
+ + diff --git a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/diplay_message_in_ui_but_not_in_log_when_unauthorized_exception.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html similarity index 70% rename from it/it-tests/src/test/resources/user/BaseIdentityProviderTest/diplay_message_in_ui_but_not_in_log_when_unauthorized_exception.html rename to it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html index 4d06368ae6c..a3da2de8ed0 100644 --- a/it/it-tests/src/test/resources/user/BaseIdentityProviderTest/diplay_message_in_ui_but_not_in_log_when_unauthorized_exception.html +++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html @@ -15,13 +15,23 @@ open - /sessions/init/fake-base-id-provider + /sessions/new + + + + waitForText + content + *Log in with Fake oauth2 identity provider* + + + click + css=.oauth-providers a waitForText bd - *You're not authorized to access this page. Please contact the administrator.*Reason : A functional error has happened* + *You're not authorized to access this page. Please contact the administrator.*Reason : 'fake-oauth2-id-provider' users are not allowed to sign up* diff --git a/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html new file mode 100644 index 00000000000..7d038ac592d --- /dev/null +++ b/it/it-tests/src/test/resources/user/OAuth2IdentityProviderTest/fail_when_email_already_exists.html @@ -0,0 +1,44 @@ + + + + + + fail_when_email_already_exists + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
french
open/sessions/new
waitForTextcontent*Log in with Fake oauth2 identity provider*
clickcss=.oauth-providers a
waitForTextbd*You're not authorized to access this page. Please contact the administrator.*
assertTextbd*You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account*
+ + -- 2.39.5