mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33554 Commits
59 Branches
Tree: 13e72632e0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '13e72632e0'
${ noResults }
sonarqube/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/IntegrationTest.java

IntegrationTest.java 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2024 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.auth.gitlab;

  21. 

  22. import javax.servlet.http.HttpServletRequest;

  23. import okhttp3.mockwebserver.MockResponse;

  24. import okhttp3.mockwebserver.MockWebServer;

  25. import org.junit.Before;

  26. import org.junit.Rule;

  27. import org.junit.Test;

  28. import org.mockito.ArgumentCaptor;

  29. import org.mockito.Mockito;

  30. import org.sonar.api.config.internal.MapSettings;

  31. import org.sonar.api.server.authentication.OAuth2IdentityProvider;

  32. import org.sonar.api.server.authentication.UnauthorizedException;

  33. import org.sonar.api.server.authentication.UserIdentity;

  34. 

  35. import static java.lang.String.format;

  36. import static org.assertj.core.api.Assertions.assertThat;

  37. import static org.assertj.core.api.Assertions.assertThatThrownBy;

  38. import static org.mockito.ArgumentMatchers.any;

  39. import static org.mockito.Mockito.verify;

  40. import static org.mockito.Mockito.when;

  41. import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS;

  42. import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP;

  43. import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID;

  44. import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED;

  45. import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET;

  46. import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS;

  47. import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_URL;

  48. 

  49. public class IntegrationTest {

  50. 

  51.   private static final String ANY_CODE_VALUE = "ANY_CODE";

  52. 

  53.   @Rule

  54.   public MockWebServer gitlab = new MockWebServer();

  55. 

  56.   private final MapSettings mapSettings = new MapSettings();

  57. 

  58.   private final GitLabSettings gitLabSettings = new GitLabSettings(mapSettings.asConfig());

  59. 

  60.   private String gitLabUrl;

  61. 

  62.   private final GitLabIdentityProvider gitLabIdentityProvider = new GitLabIdentityProvider(gitLabSettings,

  63.     new GitLabRestClient(gitLabSettings),

  64.     new ScribeGitLabOauth2Api(gitLabSettings));

  65. 

  66.   @Before

  67.   public void setUp() {

  68.     this.gitLabUrl = format("http://%s:%d", gitlab.getHostName(), gitlab.getPort());

  69.     mapSettings

  70.       .setProperty(GITLAB_AUTH_ENABLED, "true")

  71.       .setProperty(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, "true")

  72.       .setProperty(GITLAB_AUTH_URL, gitLabUrl)

  73.       .setProperty(GITLAB_AUTH_APPLICATION_ID, "123")

  74.       .setProperty(GITLAB_AUTH_SECRET, "456")

  75.       .setProperty(GITLAB_AUTH_ALLOWED_GROUPS, "group1,group2")

  76.       .setProperty(GITLAB_AUTH_SYNC_USER_GROUPS, "true");

  77.   }

  78. 

  79.   @Test

  80.   public void callback_whenAllowedUser_shouldAuthenticate() {

  81.     OAuth2IdentityProvider.CallbackContext callbackContext = mockCallbackContext();

  82. 

  83.     mockAccessTokenResponse();

  84.     mockUserResponse();

  85.     mockSingleGroupReponse("group1");

  86. 

  87.     gitLabIdentityProvider.callback(callbackContext);

  88. 

  89.     ArgumentCaptor<UserIdentity> argument = ArgumentCaptor.forClass(UserIdentity.class);

  90.     verify(callbackContext).authenticate(argument.capture());

  91.     assertThat(argument.getValue()).isNotNull();

  92.     assertThat(argument.getValue().getProviderId()).isEqualTo("123");

  93.     assertThat(argument.getValue().getProviderLogin()).isEqualTo("toto");

  94.     assertThat(argument.getValue().getName()).isEqualTo("Toto Toto");

  95.     assertThat(argument.getValue().getEmail()).isEqualTo("toto@toto.com");

  96.     verify(callbackContext).redirectToRequestedPage();

  97.   }

  98. 

  99.   @Test

  100.   public void callback_whenGroupNotAllowedAndGroupSyncEnabled_shouldThrow() {

  101.     OAuth2IdentityProvider.CallbackContext callbackContext = mockCallbackContext();

  102. 

  103.     mockAccessTokenResponse();

  104.     mockUserResponse();

  105.     mockSingleGroupReponse("wrong-group");

  106. 

  107.     assertThatThrownBy(() -> gitLabIdentityProvider.callback(callbackContext))

  108.       .isInstanceOf((UnauthorizedException.class))

  109.       .hasMessage("You are not allowed to authenticate");

  110.   }

  111. 

  112.   @Test

  113.   public void callback_whenGroupNotAllowedAndGroupSyncDisabled_shouldThrow() {

  114.     mapSettings.setProperty(GITLAB_AUTH_SYNC_USER_GROUPS, "false");

  115.     OAuth2IdentityProvider.CallbackContext callbackContext = mockCallbackContext();

  116. 

  117.     mockAccessTokenResponse();

  118.     mockUserResponse();

  119.     mockSingleGroupReponse("wrong-group");

  120. 

  121.     gitLabIdentityProvider.callback(callbackContext);

  122. 

  123.     verify(callbackContext).authenticate(any());

  124.     verify(callbackContext).redirectToRequestedPage();

  125.   }

  126. 

  127.   @Test

  128.   public void callback_whenAllowedUserBySubgroupMembership_shouldAuthenticate() {

  129.     OAuth2IdentityProvider.CallbackContext callbackContext = mockCallbackContext();

  130. 

  131.     mockAccessTokenResponse();

  132.     mockUserResponse();

  133.     mockSingleGroupReponse("group1/subgroup");

  134. 

  135.     gitLabIdentityProvider.callback(callbackContext);

  136. 

  137.     verify(callbackContext).authenticate(any());

  138.     verify(callbackContext).redirectToRequestedPage();

  139.   }

  140. 

  141. 

  142.   @Test

  143.   public void callback_shouldSynchronizeGroups() throws InterruptedException {

  144.     mapSettings.setProperty(GITLAB_AUTH_SYNC_USER_GROUPS, "true");

  145.     OAuth2IdentityProvider.CallbackContext callbackContext = mockCallbackContext();

  146. 

  147.     mockAccessTokenResponse();

  148.     mockUserResponse();

  149.     // Response for /groups

  150.     gitlab.enqueue(new MockResponse().setBody("""

  151.       [

  152.         {

  153.           "id": 1,

  154.           "full_path": "group1"

  155.         },

  156.         {

  157.           "id": 2,

  158.           "full_path": "group2"

  159.         }

  160.       ]

  161.       """));

  162. 

  163.     gitLabIdentityProvider.callback(callbackContext);

  164. 

  165.     ArgumentCaptor<UserIdentity> captor = ArgumentCaptor.forClass(UserIdentity.class);

  166.     verify(callbackContext).authenticate(captor.capture());

  167.     UserIdentity value = captor.getValue();

  168.     assertThat(value.getGroups()).contains("group1", "group2");

  169.     assertThat(gitlab.takeRequest().getPath()).isEqualTo("/oauth/token");

  170.     assertThat(gitlab.takeRequest().getPath()).isEqualTo("/api/v4/user");

  171.     assertThat(gitlab.takeRequest().getPath()).isEqualTo("/api/v4/groups?min_access_level=10&per_page=100");

  172.   }

  173. 

  174.   @Test

  175.   public void callback_whenMultiplePagesOfGroups_shouldSynchronizeAllGroups() {

  176.     mapSettings.setProperty(GITLAB_AUTH_SYNC_USER_GROUPS, "true");

  177.     OAuth2IdentityProvider.CallbackContext callbackContext = mockCallbackContext();

  178. 

  179.     mockAccessTokenResponse();

  180.     mockUserResponse();

  181.     // Response for /groups, first page

  182.     gitlab.enqueue(new MockResponse()

  183.       .setBody("""

  184.         [

  185.           {

  186.             "id": 1,

  187.             "full_path": "group1"

  188.           },

  189.           {

  190.             "id": 2,

  191.             "full_path": "group2"

  192.           }

  193.         ]

  194.         """)

  195.       .setHeader("Link", format(" <%s/groups?per_page=100&page=2>; rel=\"next\"," +

  196.         "  <%s/groups?per_page=100&&page=3>; rel=\"last\"," +

  197.         "  <%s/groups?per_page=100&&page=1>; rel=\"first\"", gitLabUrl, gitLabUrl, gitLabUrl)));

  198.     // Response for /groups, page 2

  199.     gitlab.enqueue(new MockResponse()

  200.       .setBody("""

  201.         [

  202.           {

  203.             "id": 3,

  204.             "full_path": "group3"

  205.           },

  206.           {

  207.             "id": 4,

  208.             "full_path": "group4"

  209.           }

  210.         ]

  211.         """)

  212.       .setHeader("Link", format("<%s/groups?per_page=100&page=3>; rel=\"next\"," +

  213.         "  <%s/groups?per_page=100&&page=3>; rel=\"last\"," +

  214.         "  <%s/groups?per_page=100&&page=1>; rel=\"first\"", gitLabUrl, gitLabUrl, gitLabUrl)));

  215.     // Response for /groups, page 3

  216.     gitlab.enqueue(new MockResponse()

  217.       .setBody("""

  218.         [

  219.           {

  220.             "id": 5,

  221.             "full_path": "group5"

  222.           },

  223.           {

  224.             "id": 6,

  225.             "full_path": "group6"

  226.           }

  227.         ]

  228.         """)

  229.       .setHeader("Link", format("<%s/groups?per_page=100&&page=3>; rel=\"last\"," +

  230.         "  <%s/groups?per_page=100&&page=1>; rel=\"first\"", gitLabUrl, gitLabUrl)));

  231. 

  232.     gitLabIdentityProvider.callback(callbackContext);

  233. 

  234.     ArgumentCaptor<UserIdentity> captor = ArgumentCaptor.forClass(UserIdentity.class);

  235.     verify(callbackContext).authenticate(captor.capture());

  236.     UserIdentity value = captor.getValue();

  237.     assertThat(value.getGroups()).contains("group1", "group2", "group3", "group4", "group5", "group6");

  238.   }

  239. 

  240.   @Test

  241.   public void callback_whenNoUser_shouldThrow() {

  242.     OAuth2IdentityProvider.CallbackContext callbackContext = mockCallbackContext();

  243. 

  244.     mockAccessTokenResponse();

  245.     // Response for /user

  246.     gitlab.enqueue(new MockResponse().setResponseCode(404).setBody("empty"));

  247. 

  248.     assertThatThrownBy(() -> gitLabIdentityProvider.callback(callbackContext))

  249.       .hasMessage("Fail to execute request '" + gitLabSettings.url() + "/api/v4/user'. HTTP code: 404, response: empty")

  250.       .isInstanceOf((IllegalStateException.class));

  251.   }

  252. 

  253.   private static OAuth2IdentityProvider.CallbackContext mockCallbackContext() {

  254.     OAuth2IdentityProvider.CallbackContext callbackContext = Mockito.mock(OAuth2IdentityProvider.CallbackContext.class);

  255.     when(callbackContext.getCallbackUrl()).thenReturn("http://server/callback");

  256. 

  257.     HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);

  258.     when(httpServletRequest.getParameter("code")).thenReturn(ANY_CODE_VALUE);

  259.     when(callbackContext.getRequest()).thenReturn(httpServletRequest);

  260.     return callbackContext;

  261.   }

  262. 

  263.   private void mockAccessTokenResponse() {

  264.     // Response for OAuth access token

  265.     gitlab.enqueue(new MockResponse().setBody("""

  266.       {

  267.         "access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",

  268.         "token_type": "bearer",

  269.         "expires_in": 7200,

  270.         "refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"

  271.       }

  272.       """));

  273.   }

  274. 

  275.   private void mockUserResponse() {

  276.     // Response for /user

  277.     gitlab.enqueue(new MockResponse().setBody("""

  278.       {

  279.         "id": 123,

  280.         "username": "toto",

  281.         "name": "Toto Toto",

  282.         "email": "toto@toto.com"

  283.       }

  284.       """));

  285.   }

  286. 

  287.   private void mockSingleGroupReponse(String group) {

  288.     // Response for /groups

  289.     gitlab.enqueue(new MockResponse().setBody("""

  290.       [

  291.         {

  292.           "id": 1,

  293.           "full_path": "%s"

  294.         }

  295.       ]

  296.       """.formatted(group)));

  297.   }

  298. 

  299. }