mirrors
/
gitblit
peilaus alkaen https://github.com/gitblit/gitblit.git
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Julkaisut 43 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3095 Commitit
11 Branchit
Puu: 719afbacd0
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '719afbacd0'
${ noResults }
gitblit/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java

AuthenticationManagerTest.java 15KB
Raaka Blame Historia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742 
  1. /*

  2.  * Copyright 2013 gitblit.com.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package com.gitblit.tests;

  17. 

  18. import java.io.BufferedReader;

  19. import java.io.IOException;

  20. import java.io.UnsupportedEncodingException;

  21. import java.security.Principal;

  22. import java.util.Collection;

  23. import java.util.Collections;

  24. import java.util.Enumeration;

  25. import java.util.HashMap;

  26. import java.util.List;

  27. import java.util.Locale;

  28. import java.util.Map;

  29. 

  30. import javax.servlet.AsyncContext;

  31. import javax.servlet.DispatcherType;

  32. import javax.servlet.RequestDispatcher;

  33. import javax.servlet.ServletContext;

  34. import javax.servlet.ServletException;

  35. import javax.servlet.ServletInputStream;

  36. import javax.servlet.ServletRequest;

  37. import javax.servlet.ServletResponse;

  38. import javax.servlet.http.Cookie;

  39. import javax.servlet.http.HttpServletRequest;

  40. import javax.servlet.http.HttpServletResponse;

  41. import javax.servlet.http.HttpSession;

  42. import javax.servlet.http.HttpSessionContext;

  43. import javax.servlet.http.HttpUpgradeHandler;

  44. import javax.servlet.http.Part;

  45. 

  46. import com.gitblit.utils.PasswordHash;

  47. import org.junit.Test;

  48. 

  49. import com.gitblit.IUserService;

  50. import com.gitblit.Keys;

  51. import com.gitblit.manager.AuthenticationManager;

  52. import com.gitblit.manager.IAuthenticationManager;

  53. import com.gitblit.manager.IRuntimeManager;

  54. import com.gitblit.manager.RuntimeManager;

  55. import com.gitblit.manager.UserManager;

  56. import com.gitblit.models.TeamModel;

  57. import com.gitblit.models.UserModel;

  58. import com.gitblit.tests.mock.MemorySettings;

  59. import com.gitblit.utils.XssFilter;

  60. import com.gitblit.utils.XssFilter.AllowXssFilter;

  61. 

  62. /**

  63.  * Class for testing local authentication.

  64.  *

  65.  * @author James Moger

  66.  *

  67.  */

  68. @SuppressWarnings("deprecation")

  69. public class AuthenticationManagerTest extends GitblitUnitTest {

  70. 

  71. 	UserManager users;

  72. 

  73. 	private static final class DummyHttpServletRequest implements HttpServletRequest {

  74. 

  75. 		@Override

  76. 		public Object getAttribute(String name) {

  77. 			return null;

  78. 		}

  79. 

  80. 		@Override

  81. 		public Enumeration<String> getAttributeNames() {

  82. 			return null;

  83. 		}

  84. 

  85. 		@Override

  86. 		public String getCharacterEncoding() {

  87. 			return null;

  88. 		}

  89. 

  90. 		@Override

  91. 		public void setCharacterEncoding(String env)

  92. 				throws UnsupportedEncodingException {

  93. 		}

  94. 

  95. 		@Override

  96. 		public int getContentLength() {

  97. 			return 0;

  98. 		}

  99. 

  100. 		@Override

  101. 		public long getContentLengthLong() {

  102. 			return 0;

  103. 		}

  104. 

  105. 		@Override

  106. 		public String getContentType() {

  107. 			return null;

  108. 		}

  109. 

  110. 		@Override

  111. 		public ServletInputStream getInputStream() throws IOException {

  112. 			return null;

  113. 		}

  114. 

  115. 		@Override

  116. 		public String getParameter(String name) {

  117. 			return null;

  118. 		}

  119. 

  120. 		@Override

  121. 		public Enumeration<String> getParameterNames() {

  122. 			return null;

  123. 		}

  124. 

  125. 		@Override

  126. 		public String[] getParameterValues(String name) {

  127. 			return null;

  128. 		}

  129. 

  130. 		@Override

  131. 		public Map<String, String[]> getParameterMap() {

  132. 			return null;

  133. 		}

  134. 

  135. 		@Override

  136. 		public String getProtocol() {

  137. 			return null;

  138. 		}

  139. 

  140. 		@Override

  141. 		public String getScheme() {

  142. 			return null;

  143. 		}

  144. 

  145. 		@Override

  146. 		public String getServerName() {

  147. 			return null;

  148. 		}

  149. 

  150. 		@Override

  151. 		public int getServerPort() {

  152. 			return 0;

  153. 		}

  154. 

  155. 		@Override

  156. 		public BufferedReader getReader() throws IOException {

  157. 			return null;

  158. 		}

  159. 

  160. 		@Override

  161. 		public String getRemoteAddr() {

  162. 			return null;

  163. 		}

  164. 

  165. 		@Override

  166. 		public String getRemoteHost() {

  167. 			return null;

  168. 		}

  169. 

  170. 		@Override

  171. 		public void setAttribute(String name, Object o) {

  172. 		}

  173. 

  174. 		@Override

  175. 		public void removeAttribute(String name) {

  176. 		}

  177. 

  178. 		@Override

  179. 		public Locale getLocale() {

  180. 			return null;

  181. 		}

  182. 

  183. 		@Override

  184. 		public Enumeration<Locale> getLocales() {

  185. 			return null;

  186. 		}

  187. 

  188. 		@Override

  189. 		public boolean isSecure() {

  190. 			return false;

  191. 		}

  192. 

  193. 		@Override

  194. 		public RequestDispatcher getRequestDispatcher(String path) {

  195. 			return null;

  196. 		}

  197. 

  198. 		@Override

  199. 		public String getRealPath(String path) {

  200. 			return null;

  201. 		}

  202. 

  203. 		@Override

  204. 		public int getRemotePort() {

  205. 			return 0;

  206. 		}

  207. 

  208. 		@Override

  209. 		public String getLocalName() {

  210. 			return null;

  211. 		}

  212. 

  213. 		@Override

  214. 		public String getLocalAddr() {

  215. 			return null;

  216. 		}

  217. 

  218. 		@Override

  219. 		public int getLocalPort() {

  220. 			return 0;

  221. 		}

  222. 

  223. 		@Override

  224. 		public ServletContext getServletContext() {

  225. 			return null;

  226. 		}

  227. 

  228. 		@Override

  229. 		public AsyncContext startAsync() throws IllegalStateException {

  230. 			return null;

  231. 		}

  232. 

  233. 		@Override

  234. 		public AsyncContext startAsync(ServletRequest servletRequest,

  235. 				ServletResponse servletResponse)

  236. 						throws IllegalStateException {

  237. 			return null;

  238. 		}

  239. 

  240. 		@Override

  241. 		public boolean isAsyncStarted() {

  242. 			return false;

  243. 		}

  244. 

  245. 		@Override

  246. 		public boolean isAsyncSupported() {

  247. 			return false;

  248. 		}

  249. 

  250. 		@Override

  251. 		public AsyncContext getAsyncContext() {

  252. 			return null;

  253. 		}

  254. 

  255. 		@Override

  256. 		public DispatcherType getDispatcherType() {

  257. 			return null;

  258. 		}

  259. 

  260. 		@Override

  261. 		public String getAuthType() {

  262. 			return null;

  263. 		}

  264. 

  265. 		@Override

  266. 		public Cookie[] getCookies() {

  267. 			return null;

  268. 		}

  269. 

  270. 		@Override

  271. 		public long getDateHeader(String name) {

  272. 			return 0;

  273. 		}

  274. 

  275. 		@Override

  276. 		public String getHeader(String name) {

  277. 			return null;

  278. 		}

  279. 

  280. 		@Override

  281. 		public Enumeration<String> getHeaders(String name) {

  282. 			return null;

  283. 		}

  284. 

  285. 		@Override

  286. 		public Enumeration<String> getHeaderNames() {

  287. 			return null;

  288. 		}

  289. 

  290. 		@Override

  291. 		public int getIntHeader(String name) {

  292. 			return 0;

  293. 		}

  294. 

  295. 		@Override

  296. 		public String getMethod() {

  297. 			return null;

  298. 		}

  299. 

  300. 		@Override

  301. 		public String getPathInfo() {

  302. 			return null;

  303. 		}

  304. 

  305. 		@Override

  306. 		public String getPathTranslated() {

  307. 			return null;

  308. 		}

  309. 

  310. 		@Override

  311. 		public String getContextPath() {

  312. 			return null;

  313. 		}

  314. 

  315. 		@Override

  316. 		public String getQueryString() {

  317. 			return null;

  318. 		}

  319. 

  320. 		@Override

  321. 		public String getRemoteUser() {

  322. 			return null;

  323. 		}

  324. 

  325. 		@Override

  326. 		public boolean isUserInRole(String role) {

  327. 			if(role != null && "admin".equals(role)) {

  328. 				return true;

  329. 			}

  330. 			return false;

  331. 		}

  332. 

  333. 		@Override

  334. 		public Principal getUserPrincipal() {

  335. 			return new Principal(){

  336. 				@Override

  337. 				public String getName() {

  338. 					return "sunnyjim";

  339. 				}

  340. 

  341. 			};

  342. 		}

  343. 

  344. 		@Override

  345. 		public String getRequestedSessionId() {

  346. 			return null;

  347. 		}

  348. 

  349. 		@Override

  350. 		public String getRequestURI() {

  351. 			return null;

  352. 		}

  353. 

  354. 		@Override

  355. 		public StringBuffer getRequestURL() {

  356. 			return null;

  357. 		}

  358. 

  359. 		@Override

  360. 		public String getServletPath() {

  361. 			return null;

  362. 		}

  363. 

  364. 		@Override

  365. 		public HttpSession getSession(boolean create) {

  366. 			return null;

  367. 		}

  368. 

  369. 		final Map<String, Object> sessionAttributes = new HashMap<String, Object>();

  370. 		@Override

  371. 		public HttpSession getSession() {

  372. 			return new HttpSession() {

  373. 

  374. 				@Override

  375. 				public long getCreationTime() {

  376. 					return 0;

  377. 				}

  378. 

  379. 				@Override

  380. 				public String getId() {

  381. 					return null;

  382. 				}

  383. 

  384. 				@Override

  385. 				public long getLastAccessedTime() {

  386. 					return 0;

  387. 				}

  388. 

  389. 				@Override

  390. 				public ServletContext getServletContext() {

  391. 					return null;

  392. 				}

  393. 

  394. 				@Override

  395. 				public void setMaxInactiveInterval(int interval) {

  396. 				}

  397. 

  398. 				@Override

  399. 				public int getMaxInactiveInterval() {

  400. 					return 0;

  401. 				}

  402. 

  403. 				@Override

  404. 				public HttpSessionContext getSessionContext() {

  405. 					return null;

  406. 				}

  407. 

  408. 				@Override

  409. 				public Object getAttribute(String name) {

  410. 					return sessionAttributes.get(name);

  411. 				}

  412. 

  413. 				@Override

  414. 				public Object getValue(String name) {

  415. 					return null;

  416. 				}

  417. 

  418. 				@Override

  419. 				public Enumeration<String> getAttributeNames() {

  420. 					return Collections.enumeration(sessionAttributes.keySet());

  421. 				}

  422. 

  423. 				@Override

  424. 				public String[] getValueNames() {

  425. 					return null;

  426. 				}

  427. 

  428. 				@Override

  429. 				public void setAttribute(String name,

  430. 						Object value) {

  431. 				}

  432. 

  433. 				@Override

  434. 				public void putValue(String name, Object value) {

  435. 				}

  436. 

  437. 				@Override

  438. 				public void removeAttribute(String name) {

  439. 				}

  440. 

  441. 				@Override

  442. 				public void removeValue(String name) {

  443. 				}

  444. 

  445. 				@Override

  446. 				public void invalidate() {

  447. 				}

  448. 

  449. 				@Override

  450. 				public boolean isNew() {

  451. 					return false;

  452. 				}

  453. 

  454. 			};

  455. 		}

  456. 

  457. 		@Override

  458. 		public String changeSessionId() {

  459. 			return null;

  460. 		}

  461. 

  462. 		@Override

  463. 		public boolean isRequestedSessionIdValid() {

  464. 			return false;

  465. 		}

  466. 

  467. 		@Override

  468. 		public boolean isRequestedSessionIdFromCookie() {

  469. 			return false;

  470. 		}

  471. 

  472. 		@Override

  473. 		public boolean isRequestedSessionIdFromURL() {

  474. 			return false;

  475. 		}

  476. 

  477. 		@Override

  478. 		public boolean isRequestedSessionIdFromUrl() {

  479. 			return false;

  480. 		}

  481. 

  482. 		@Override

  483. 		public boolean authenticate(HttpServletResponse response)

  484. 				throws IOException, ServletException {

  485. 			return false;

  486. 		}

  487. 

  488. 		@Override

  489. 		public void login(String username, String password)

  490. 				throws ServletException {

  491. 		}

  492. 

  493. 		@Override

  494. 		public void logout() throws ServletException {

  495. 		}

  496. 

  497. 		@Override

  498. 		public Collection<Part> getParts() throws IOException,

  499. 		ServletException {

  500. 			return null;

  501. 		}

  502. 

  503. 		@Override

  504. 		public Part getPart(String name) throws IOException,

  505. 		ServletException {

  506. 			return null;

  507. 		}

  508. 

  509. 		@Override

  510. 		public <T extends HttpUpgradeHandler> T upgrade(

  511. 				Class<T> handlerClass) throws IOException,

  512. 				ServletException {

  513. 			return null;

  514. 		}

  515. 

  516. 	}

  517. 

  518. 	HashMap<String, Object> settings = new HashMap<String, Object>();

  519. 

  520. 	MemorySettings getSettings() {

  521. 		return new MemorySettings(settings);

  522. 	}

  523. 

  524. 	IAuthenticationManager newAuthenticationManager() {

  525. 		XssFilter xssFilter = new AllowXssFilter();

  526. 		RuntimeManager runtime = new RuntimeManager(getSettings(), xssFilter, GitBlitSuite.BASEFOLDER).start();

  527. 		users = new UserManager(runtime, null).start();

  528. 		final Map<String, UserModel> virtualUsers = new HashMap<String, UserModel>();

  529. 		users.setUserService(new IUserService() {

  530. 

  531. 			@Override

  532. 			public void setup(IRuntimeManager runtimeManager) {

  533. 			}

  534. 

  535. 			@Override

  536. 			public String getCookie(UserModel model) {

  537. 				return null;

  538. 			}

  539. 

  540. 			@Override

  541. 			public UserModel getUserModel(char[] cookie) {

  542. 				return null;

  543. 			}

  544. 

  545. 			@Override

  546. 			public UserModel getUserModel(String username) {

  547. 				return virtualUsers.get(username);

  548. 			}

  549. 

  550. 			@Override

  551. 			public boolean updateUserModel(UserModel model) {

  552. 				virtualUsers.put(model.username, model);

  553. 				return true;

  554. 			}

  555. 

  556. 			@Override

  557. 			public boolean updateUserModels(Collection<UserModel> models) {

  558. 				return false;

  559. 			}

  560. 

  561. 			@Override

  562. 			public boolean updateUserModel(String username, UserModel model) {

  563. 				virtualUsers.put(username, model);

  564. 				return true;

  565. 			}

  566. 

  567. 			@Override

  568. 			public boolean deleteUserModel(UserModel model) {

  569. 				return false;

  570. 			}

  571. 

  572. 			@Override

  573. 			public boolean deleteUser(String username) {

  574. 				return false;

  575. 			}

  576. 

  577. 			@Override

  578. 			public List<String> getAllUsernames() {

  579. 				return null;

  580. 			}

  581. 

  582. 			@Override

  583. 			public List<UserModel> getAllUsers() {

  584. 				return null;

  585. 			}

  586. 

  587. 			@Override

  588. 			public List<String> getAllTeamNames() {

  589. 				return null;

  590. 			}

  591. 

  592. 			@Override

  593. 			public List<TeamModel> getAllTeams() {

  594. 				return null;

  595. 			}

  596. 

  597. 			@Override

  598. 			public List<String> getTeamNamesForRepositoryRole(String role) {

  599. 				return null;

  600. 			}

  601. 

  602. 			@Override

  603. 			public TeamModel getTeamModel(String teamname) {

  604. 				return null;

  605. 			}

  606. 

  607. 			@Override

  608. 			public boolean updateTeamModel(TeamModel model) {

  609. 				return false;

  610. 			}

  611. 

  612. 			@Override

  613. 			public boolean updateTeamModels(Collection<TeamModel> models) {

  614. 				return false;

  615. 			}

  616. 

  617. 			@Override

  618. 			public boolean updateTeamModel(String teamname, TeamModel model) {

  619. 				return false;

  620. 			}

  621. 

  622. 			@Override

  623. 			public boolean deleteTeamModel(TeamModel model) {

  624. 				return false;

  625. 			}

  626. 

  627. 			@Override

  628. 			public boolean deleteTeam(String teamname) {

  629. 				return false;

  630. 			}

  631. 

  632. 			@Override

  633. 			public List<String> getUsernamesForRepositoryRole(String role) {

  634. 				return null;

  635. 			}

  636. 

  637. 			@Override

  638. 			public boolean renameRepositoryRole(String oldRole,

  639. 					String newRole) {

  640. 				return false;

  641. 			}

  642. 

  643. 			@Override

  644. 			public boolean deleteRepositoryRole(String role) {

  645. 				return false;

  646. 			}

  647. 

  648. 		});

  649. 		AuthenticationManager auth = new AuthenticationManager(runtime, users).start();

  650. 		return auth;

  651. 	}

  652. 

  653. 	@Test

  654. 	public void testAuthenticate() throws Exception {

  655. 		IAuthenticationManager auth = newAuthenticationManager();

  656. 

  657. 		UserModel user = new UserModel("sunnyjim");

  658. 		user.password = "password";

  659. 		users.updateUserModel(user);

  660. 

  661. 		assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));

  662. 		user.disabled = true;

  663. 

  664. 		users.updateUserModel(user);

  665. 		assertNull(auth.authenticate(user.username, user.password.toCharArray(), null));

  666. 		users.deleteUserModel(user);

  667. 	}

  668. 

  669. 

  670. 	@Test

  671. 	public void testAuthenticateUpgradePlaintext() throws Exception {

  672. 		IAuthenticationManager auth = newAuthenticationManager();

  673. 

  674. 		UserModel user = new UserModel("sunnyjim");

  675. 		user.password = "password";

  676. 		users.updateUserModel(user);

  677. 

  678. 		assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));

  679. 

  680. 		// validate that plaintext password was automatically updated to hashed one

  681. 		assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));

  682. 	}

  683. 

  684. 

  685. 	@Test

  686. 	public void testAuthenticateUpgradeMD5() throws Exception {

  687. 		IAuthenticationManager auth = newAuthenticationManager();

  688. 

  689. 		UserModel user = new UserModel("sunnyjim");

  690. 		user.password = "MD5:5F4DCC3B5AA765D61D8327DEB882CF99";

  691. 		users.updateUserModel(user);

  692. 

  693. 		assertNotNull(auth.authenticate(user.username, "password".toCharArray(), null));

  694. 

  695. 		// validate that MD5 password was automatically updated to hashed one

  696. 		assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));

  697. 	}

  698. 

  699. 

  700. 	@Test

  701. 	public void testContenairAuthenticate() throws Exception {

  702. 		settings.put(Keys.realm.container.autoCreateAccounts, "true");

  703. 		settings.put(Keys.realm.container.autoAccounts.displayName, "displayName");

  704. 		settings.put(Keys.realm.container.autoAccounts.emailAddress, "emailAddress");

  705. 		settings.put(Keys.realm.container.autoAccounts.adminRole, "admin");

  706. 		settings.put(Keys.realm.container.autoAccounts.locale, "locale");

  707. 

  708. 		DummyHttpServletRequest request = new DummyHttpServletRequest();

  709. 		request.sessionAttributes.put("displayName", "Sunny Jim");

  710. 		request.sessionAttributes.put("emailAddress", "Jim.Sunny@gitblit.com");

  711. 		request.sessionAttributes.put("locale", "it");

  712. 

  713. 		IAuthenticationManager auth = newAuthenticationManager();

  714. 

  715. 		UserModel user = auth.authenticate(request);

  716. 

  717. 		assertTrue(user.canAdmin);

  718. 		assertEquals("Sunny Jim", user.displayName);

  719. 		assertEquals("Jim.Sunny@gitblit.com", user.emailAddress);

  720. 		assertEquals(Locale.ITALIAN, user.getPreferences().getLocale());

  721. 	}

  722. 

  723. 	@Test

  724. 	public void testContenairAuthenticateEmpty() throws Exception {

  725. 		settings.put(Keys.realm.container.autoCreateAccounts, "true");

  726. 		settings.put(Keys.realm.container.autoAccounts.displayName, "displayName");

  727. 		settings.put(Keys.realm.container.autoAccounts.emailAddress, "emailAddress");

  728. 		settings.put(Keys.realm.container.autoAccounts.adminRole, "notAdmin");

  729. 

  730. 		DummyHttpServletRequest request = new DummyHttpServletRequest();

  731. 

  732. 		IAuthenticationManager auth = newAuthenticationManager();

  733. 

  734. 		UserModel user = auth.authenticate(request);

  735. 

  736. 		assertFalse(user.canAdmin);

  737. 		assertEquals("sunnyjim", user.displayName);

  738. 		assertNull(user.emailAddress);

  739. 		assertNull(user.getPreferences().getLocale());

  740. 	}

  741. 

  742. }