diff options
| author | James Moger <james.moger@gitblit.com> | 2014-03-18 21:10:48 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2014-03-18 21:10:48 -0400 |
| commit | b4a63aad7f56486c164a15ae2477bcd251b0bb1b (patch) | |
| tree | 0a7c309566d1422feb544dbd6f5cf15afea8b879 /src/test/java/com/gitblit/tests/RedmineAuthenticationTest.java | |
| parent | 8da53958ed0980a327ec50738aafd588304b9c73 (diff) | |
| download | gitblit-b4a63aad7f56486c164a15ae2477bcd251b0bb1b.tar.gz gitblit-b4a63aad7f56486c164a15ae2477bcd251b0bb1b.zip | |
Fix authentication security hole with external providers
Diffstat (limited to 'src/test/java/com/gitblit/tests/RedmineAuthenticationTest.java')
| -rw-r--r-- | src/test/java/com/gitblit/tests/RedmineAuthenticationTest.java | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/test/java/com/gitblit/tests/RedmineAuthenticationTest.java b/src/test/java/com/gitblit/tests/RedmineAuthenticationTest.java index 1fe8459f..6ede8313 100644 --- a/src/test/java/com/gitblit/tests/RedmineAuthenticationTest.java +++ b/src/test/java/com/gitblit/tests/RedmineAuthenticationTest.java @@ -8,6 +8,7 @@ import org.junit.Test; import com.gitblit.IStoredSettings; import com.gitblit.auth.RedmineAuthProvider; +import com.gitblit.manager.AuthenticationManager; import com.gitblit.manager.RuntimeManager; import com.gitblit.manager.UserManager; import com.gitblit.models.UserModel; @@ -19,10 +20,6 @@ public class RedmineAuthenticationTest extends GitblitUnitTest { + "\"last_login_on\":\"2012-09-06T23:59:26Z\",\"firstname\":\"baz\"," + "\"id\":4,\"login\":\"RedmineUserId\",\"mail\":\"baz@example.com\"}}"; - private static final String NOT_ADMIN_JSON = "{\"user\":{\"lastname\":\"foo\"," - + "\"last_login_on\":\"2012-09-08T13:59:01Z\",\"created_on\":\"2009-03-17T14:25:50Z\"," - + "\"mail\":\"baz@example.com\",\"id\":5,\"firstname\":\"baz\"}}"; - MemorySettings getSettings() { return new MemorySettings(new HashMap<String, Object>()); } @@ -38,6 +35,17 @@ public class RedmineAuthenticationTest extends GitblitUnitTest { RedmineAuthProvider newRedmineAuthentication() { return newRedmineAuthentication(getSettings()); } + + AuthenticationManager newAuthenticationManager() { + RuntimeManager runtime = new RuntimeManager(getSettings(), GitBlitSuite.BASEFOLDER).start(); + UserManager users = new UserManager(runtime).start(); + RedmineAuthProvider redmine = new RedmineAuthProvider(); + redmine.setup(runtime, users); + redmine.setTestingCurrentUserAsJson(JSON); + AuthenticationManager auth = new AuthenticationManager(runtime, users); + auth.addAuthenticationProvider(redmine); + return auth; + } @Test public void testAuthenticate() throws Exception { @@ -48,18 +56,15 @@ public class RedmineAuthenticationTest extends GitblitUnitTest { assertThat(userModel.getDisplayName(), is("baz foo")); assertThat(userModel.emailAddress, is("baz@example.com")); assertNotNull(userModel.cookie); - assertThat(userModel.canAdmin, is(true)); } @Test - public void testAuthenticateNotAdminUser() throws Exception { - RedmineAuthProvider redmine = newRedmineAuthentication(); - redmine.setTestingCurrentUserAsJson(NOT_ADMIN_JSON); - UserModel userModel = redmine.authenticate("RedmineUserId", "RedmineAPIKey".toCharArray()); - assertThat(userModel.getName(), is("redmineuserid")); + public void testAuthenticationManager() throws Exception { + AuthenticationManager auth = newAuthenticationManager(); + UserModel userModel = auth.authenticate("RedmineAdminId", "RedmineAPIKey".toCharArray()); + assertThat(userModel.getName(), is("redmineadminid")); assertThat(userModel.getDisplayName(), is("baz foo")); assertThat(userModel.emailAddress, is("baz@example.com")); assertNotNull(userModel.cookie); - assertThat(userModel.canAdmin, is(false)); } } |