mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 236 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30155 Commits
59 Branches
Tree: 4d8f0c4bf3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4d8f0c4bf3'
${ noResults }
sonarqube/server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserRegistrarImplTest.java

UserRegistrarImplTest.java 29KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.authentication;

  21. 

  22. import java.util.Optional;

  23. import java.util.stream.Collectors;

  24. import org.junit.Before;

  25. import org.junit.Rule;

  26. import org.junit.Test;

  27. import org.junit.rules.ExpectedException;

  28. import org.sonar.api.config.internal.MapSettings;

  29. import org.sonar.api.impl.utils.AlwaysIncreasingSystem2;

  30. import org.sonar.api.server.authentication.UserIdentity;

  31. import org.sonar.core.util.stream.MoreCollectors;

  32. import org.sonar.db.DbTester;

  33. import org.sonar.db.user.GroupDto;

  34. import org.sonar.db.user.UserDto;

  35. import org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy;

  36. import org.sonar.server.authentication.event.AuthenticationEvent;

  37. import org.sonar.server.authentication.event.AuthenticationEvent.Source;

  38. import org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException;

  39. import org.sonar.server.es.EsTester;

  40. import org.sonar.server.organization.DefaultOrganizationProvider;

  41. import org.sonar.server.organization.TestDefaultOrganizationProvider;

  42. import org.sonar.server.user.NewUserNotifier;

  43. import org.sonar.server.user.UserUpdater;

  44. import org.sonar.server.user.index.UserIndexer;

  45. import org.sonar.server.usergroups.DefaultGroupFinder;

  46. 

  47. import static java.util.Arrays.stream;

  48. import static org.assertj.core.api.Assertions.assertThat;

  49. import static org.mockito.Mockito.mock;

  50. import static org.sonar.db.user.UserTesting.newUserDto;

  51. import static org.sonar.process.ProcessProperties.Property.ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS;

  52. import static org.sonar.server.authentication.UserRegistration.ExistingEmailStrategy.FORBID;

  53. import static org.sonar.server.authentication.event.AuthenticationEvent.Method.BASIC;

  54. import static org.sonar.server.authentication.event.AuthenticationExceptionMatcher.authenticationException;

  55. 

  56. public class UserRegistrarImplTest {

  57.   private static String USER_LOGIN = "johndoo";

  58. 

  59.   private static UserIdentity USER_IDENTITY = UserIdentity.builder()

  60.     .setProviderId("ABCD")

  61.     .setProviderLogin("johndoo")

  62.     .setName("John")

  63.     .setEmail("john@email.com")

  64.     .build();

  65. 

  66.   private static TestIdentityProvider IDENTITY_PROVIDER = new TestIdentityProvider()

  67.     .setKey("github")

  68.     .setName("name of github")

  69.     .setEnabled(true)

  70.     .setAllowsUsersToSignUp(true);

  71. 

  72.   private MapSettings settings = new MapSettings();

  73. 

  74.   @Rule

  75.   public ExpectedException expectedException = ExpectedException.none();

  76.   @Rule

  77.   public DbTester db = DbTester.create(new AlwaysIncreasingSystem2());

  78.   @Rule

  79.   public EsTester es = EsTester.create();

  80.   private UserIndexer userIndexer = new UserIndexer(db.getDbClient(), es.client());

  81.   private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(db);

  82.   private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient());

  83.   private final DefaultGroupFinder groupFinder = new DefaultGroupFinder(db.getDbClient());

  84.   private UserUpdater userUpdater = new UserUpdater(

  85.     mock(NewUserNotifier.class),

  86.     db.getDbClient(),

  87.     userIndexer,

  88.     defaultOrganizationProvider,

  89.     groupFinder,

  90.     settings.asConfig(),

  91.     localAuthentication);

  92. 

  93.   private UserRegistrarImpl underTest = new UserRegistrarImpl(db.getDbClient(), userUpdater, groupFinder);

  94.   private GroupDto defaultGroup;

  95. 

  96.   @Before

  97.   public void setUp() {

  98.     defaultGroup = insertDefaultGroup();

  99.   }

  100. 

  101.   @Test

  102.   public void authenticate_new_user() {

  103.     UserDto createdUser = underTest.register(UserRegistration.builder()

  104.       .setUserIdentity(USER_IDENTITY)

  105.       .setProvider(IDENTITY_PROVIDER)

  106.       .setSource(Source.realm(BASIC, IDENTITY_PROVIDER.getName()))

  107.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  108.       .build());

  109. 

  110.     UserDto user = db.users().selectUserByLogin(createdUser.getLogin()).get();

  111.     assertThat(user).isNotNull();

  112.     assertThat(user.isActive()).isTrue();

  113.     assertThat(user.getName()).isEqualTo("John");

  114.     assertThat(user.getEmail()).isEqualTo("john@email.com");

  115.     assertThat(user.getExternalLogin()).isEqualTo("johndoo");

  116.     assertThat(user.getExternalIdentityProvider()).isEqualTo("github");

  117.     assertThat(user.getExternalId()).isEqualTo("ABCD");

  118.     assertThat(user.isRoot()).isFalse();

  119.     checkGroupMembership(user, defaultGroup);

  120.   }

  121. 

  122.   @Test

  123.   public void authenticate_new_user_with_sq_identity() {

  124.     TestIdentityProvider sqIdentityProvider = new TestIdentityProvider()

  125.       .setKey("sonarqube")

  126.       .setName("sonarqube identity name")

  127.       .setEnabled(true)

  128.       .setAllowsUsersToSignUp(true);

  129. 

  130.     UserDto createdUser = underTest.register(UserRegistration.builder()

  131.       .setUserIdentity(USER_IDENTITY)

  132.       .setProvider(sqIdentityProvider)

  133.       .setSource(Source.realm(BASIC, sqIdentityProvider.getName()))

  134.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  135.       .build());

  136. 

  137.     UserDto user = db.users().selectUserByLogin(createdUser.getLogin()).get();

  138.     assertThat(user).isNotNull();

  139.     assertThat(user.isActive()).isTrue();

  140.     assertThat(user.getLogin()).isEqualTo("johndoo");

  141.     assertThat(user.getName()).isEqualTo("John");

  142.     assertThat(user.getEmail()).isEqualTo("john@email.com");

  143.     assertThat(user.getExternalLogin()).isEqualTo("johndoo");

  144.     assertThat(user.getExternalIdentityProvider()).isEqualTo("sonarqube");

  145.     assertThat(user.getExternalId()).isEqualTo("ABCD");

  146.     assertThat(user.isLocal()).isFalse();

  147.     assertThat(user.isRoot()).isFalse();

  148.     checkGroupMembership(user, defaultGroup);

  149.   }

  150. 

  151.   @Test

  152.   public void authenticate_new_user_generate_login_when_no_login_provided() {

  153.     underTest.register(UserRegistration.builder()

  154.       .setUserIdentity(UserIdentity.builder()

  155.         .setProviderId("ABCD")

  156.         .setProviderLogin("johndoo")

  157.         .setName("John Doe")

  158.         .setEmail("john@email.com")

  159.         .build())

  160.       .setProvider(IDENTITY_PROVIDER)

  161.       .setSource(Source.realm(BASIC, IDENTITY_PROVIDER.getName()))

  162.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  163.       .build());

  164. 

  165.     UserDto user = db.getDbClient().userDao().selectByEmail(db.getSession(), "john@email.com").get(0);

  166.     assertThat(user).isNotNull();

  167.     assertThat(user.isActive()).isTrue();

  168.     assertThat(user.getLogin()).isNotEqualTo("John Doe").startsWith("john-doe");

  169.     assertThat(user.getEmail()).isEqualTo("john@email.com");

  170.     assertThat(user.getExternalLogin()).isEqualTo("johndoo");

  171.     assertThat(user.getExternalIdentityProvider()).isEqualTo("github");

  172.     assertThat(user.getExternalId()).isEqualTo("ABCD");

  173.   }

  174. 

  175.   @Test

  176.   public void authenticate_new_user_with_groups() {

  177.     GroupDto group1 = db.users().insertGroup("group1");

  178.     GroupDto group2 = db.users().insertGroup("group2");

  179. 

  180.     UserDto loggedInUser = authenticate(USER_LOGIN, "group1", "group2", "group3");

  181. 

  182.     Optional<UserDto> user = db.users().selectUserByLogin(loggedInUser.getLogin());

  183.     checkGroupMembership(user.get(), group1, group2, defaultGroup);

  184.   }

  185. 

  186.   @Test

  187.   public void authenticate_new_user_and_force_default_group() {

  188.     UserDto user = db.users().insertUser();

  189.     GroupDto group1 = db.users().insertGroup("group1");

  190.     db.users().insertMember(group1, user);

  191.     db.users().insertMember(defaultGroup, user);

  192. 

  193.     authenticate(user.getLogin(), "group1");

  194. 

  195.     checkGroupMembership(user, group1, defaultGroup);

  196.   }

  197. 

  198.   @Test

  199.   public void authenticate_new_user_sets_onboarded_flag_to_false_when_onboarding_setting_is_set_to_true() {

  200.     settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), true);

  201. 

  202.     UserDto user = underTest.register(UserRegistration.builder()

  203.       .setUserIdentity(USER_IDENTITY)

  204.       .setProvider(IDENTITY_PROVIDER)

  205.       .setSource(Source.local(BASIC))

  206.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  207.       .build());

  208. 

  209.     assertThat(db.users().selectUserByLogin(user.getLogin()).get().isOnboarded()).isFalse();

  210.   }

  211. 

  212.   @Test

  213.   public void authenticate_new_user_sets_onboarded_flag_to_true_when_onboarding_setting_is_set_to_false() {

  214.     settings.setProperty(ONBOARDING_TUTORIAL_SHOW_TO_NEW_USERS.getKey(), false);

  215. 

  216.     UserDto user = underTest.register(UserRegistration.builder()

  217.       .setUserIdentity(USER_IDENTITY)

  218.       .setProvider(IDENTITY_PROVIDER)

  219.       .setSource(Source.local(BASIC))

  220.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  221.       .build());

  222. 

  223.     assertThat(db.users().selectUserByLogin(user.getLogin()).get().isOnboarded()).isTrue();

  224.   }

  225. 

  226.   @Test

  227.   public void external_id_is_set_to_provider_login_when_null() {

  228.     UserIdentity newUser = UserIdentity.builder()

  229.       .setProviderId(null)

  230.       .setProviderLogin("johndoo")

  231.       .setName("JOhn")

  232.       .build();

  233. 

  234.     UserDto user = underTest.register(UserRegistration.builder()

  235.       .setUserIdentity(newUser)

  236.       .setProvider(IDENTITY_PROVIDER)

  237.       .setSource(Source.local(BASIC))

  238.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  239.       .build());

  240. 

  241.     assertThat(db.users().selectUserByLogin(user.getLogin()).get())

  242.       .extracting(UserDto::getLogin, UserDto::getExternalId, UserDto::getExternalLogin)

  243.       .contains(user.getLogin(), "johndoo", "johndoo");

  244.   }

  245. 

  246.   @Test

  247.   public void authenticate_new_user_update_existing_user_email_when_strategy_is_ALLOW() {

  248.     UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com"));

  249.     UserIdentity newUser = UserIdentity.builder()

  250.       .setProviderLogin("johndoo")

  251.       .setName(existingUser.getName())

  252.       .setEmail(existingUser.getEmail())

  253.       .build();

  254. 

  255.     UserDto user = underTest.register(UserRegistration.builder()

  256.       .setUserIdentity(newUser)

  257.       .setProvider(IDENTITY_PROVIDER)

  258.       .setSource(Source.local(BASIC))

  259.       .setExistingEmailStrategy(ExistingEmailStrategy.ALLOW)

  260.       .build());

  261. 

  262.     UserDto newUserReloaded = db.users().selectUserByLogin(user.getLogin()).get();

  263.     assertThat(newUserReloaded.getEmail()).isEqualTo(existingUser.getEmail());

  264.     UserDto existingUserReloaded = db.users().selectUserByLogin(existingUser.getLogin()).get();

  265.     assertThat(existingUserReloaded.getEmail()).isNull();

  266.   }

  267. 

  268.   @Test

  269.   public void throw_EmailAlreadyExistException_when_authenticating_new_user_when_email_already_exists_and_strategy_is_WARN() {

  270.     UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com"));

  271.     UserIdentity newUser = UserIdentity.builder()

  272.       .setProviderLogin("johndoo")

  273.       .setName(existingUser.getName())

  274.       .setEmail(existingUser.getEmail())

  275.       .build();

  276. 

  277.     expectedException.expect(EmailAlreadyExistsRedirectionException.class);

  278. 

  279.     underTest.register(UserRegistration.builder()

  280.       .setUserIdentity(newUser)

  281.       .setProvider(IDENTITY_PROVIDER)

  282.       .setSource(Source.local(BASIC))

  283.       .setExistingEmailStrategy(ExistingEmailStrategy.WARN)

  284.       .build());

  285.   }

  286. 

  287.   @Test

  288.   public void throw_AuthenticationException_when_authenticating_new_user_when_email_already_exists_and_strategy_is_FORBID() {

  289.     db.users().insertUser(u -> u.setEmail("john@email.com"));

  290.     Source source = Source.realm(AuthenticationEvent.Method.FORM, IDENTITY_PROVIDER.getName());

  291. 

  292.     expectedException.expect(authenticationException().from(source)

  293.       .withLogin(USER_IDENTITY.getProviderLogin())

  294.       .andPublicMessage("You can't sign up because email 'john@email.com' is already used by an existing user. " +

  295.         "This means that you probably already registered with another account."));

  296.     expectedException.expectMessage("Email 'john@email.com' is already used");

  297. 

  298.     underTest.register(UserRegistration.builder()

  299.       .setUserIdentity(USER_IDENTITY)

  300.       .setProvider(IDENTITY_PROVIDER)

  301.       .setSource(source)

  302.       .setExistingEmailStrategy(FORBID)

  303.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  304.       .build());

  305.   }

  306. 

  307.   @Test

  308.   public void throw_AuthenticationException_when_authenticating_new_user_and_email_already_exists_multiple_times() {

  309.     db.users().insertUser(u -> u.setEmail("john@email.com"));

  310.     db.users().insertUser(u -> u.setEmail("john@email.com"));

  311.     Source source = Source.realm(AuthenticationEvent.Method.FORM, IDENTITY_PROVIDER.getName());

  312. 

  313.     expectedException.expect(authenticationException().from(source)

  314.       .withLogin(USER_IDENTITY.getProviderLogin())

  315.       .andPublicMessage("You can't sign up because email 'john@email.com' is already used by an existing user. " +

  316.         "This means that you probably already registered with another account."));

  317.     expectedException.expectMessage("Email 'john@email.com' is already used");

  318. 

  319.     underTest.register(UserRegistration.builder()

  320.       .setUserIdentity(USER_IDENTITY)

  321.       .setProvider(IDENTITY_PROVIDER)

  322.       .setSource(source)

  323.       .setExistingEmailStrategy(FORBID)

  324.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  325.       .build());

  326.   }

  327. 

  328.   @Test

  329.   public void fail_to_authenticate_new_user_when_allow_users_to_signup_is_false() {

  330.     TestIdentityProvider identityProvider = new TestIdentityProvider()

  331.       .setKey("github")

  332.       .setName("Github")

  333.       .setEnabled(true)

  334.       .setAllowsUsersToSignUp(false);

  335.     Source source = Source.realm(AuthenticationEvent.Method.FORM, identityProvider.getName());

  336. 

  337.     expectedException.expect(authenticationException().from(source).withLogin(USER_IDENTITY.getProviderLogin()).andPublicMessage("'github' users are not allowed to sign up"));

  338.     expectedException.expectMessage("User signup disabled for provider 'github'");

  339. 

  340.     underTest.register(UserRegistration.builder()

  341.       .setUserIdentity(USER_IDENTITY)

  342.       .setProvider(identityProvider)

  343.       .setSource(source)

  344.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  345.       .build());

  346.   }

  347. 

  348.   @Test

  349.   public void authenticate_and_update_existing_user_matching_login() {

  350.     db.users().insertUser(u -> u

  351.       .setName("Old name")

  352.       .setEmail("Old email")

  353.       .setExternalId("old id")

  354.       .setExternalLogin("old identity")

  355.       .setExternalIdentityProvider("old provide"));

  356. 

  357.     UserDto user = underTest.register(UserRegistration.builder()

  358.       .setUserIdentity(USER_IDENTITY)

  359.       .setProvider(IDENTITY_PROVIDER)

  360.       .setSource(Source.local(BASIC))

  361.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  362.       .build());

  363. 

  364.     assertThat(db.users().selectUserByLogin(user.getLogin()).get())

  365.       .extracting(UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider, UserDto::isActive)

  366.       .contains("John", "john@email.com", "ABCD", "johndoo", "github", true);

  367.   }

  368. 

  369.   @Test

  370.   public void authenticate_and_update_existing_user_matching_external_id() {

  371.     UserDto user = db.users().insertUser(u -> u

  372.       .setLogin("Old login")

  373.       .setName("Old name")

  374.       .setEmail("Old email")

  375.       .setExternalId(USER_IDENTITY.getProviderId())

  376.       .setExternalLogin("old identity")

  377.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  378. 

  379.     underTest.register(UserRegistration.builder()

  380.       .setUserIdentity(USER_IDENTITY)

  381.       .setProvider(IDENTITY_PROVIDER)

  382.       .setSource(Source.local(BASIC))

  383.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  384.       .build());

  385. 

  386.     assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid()))

  387.       .extracting(UserDto::getLogin, UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider,

  388.         UserDto::isActive)

  389.       .contains(USER_LOGIN, "John", "john@email.com", "ABCD", "johndoo", "github", true);

  390.   }

  391. 

  392.   @Test

  393.   public void authenticate_and_update_existing_user_matching_external_login() {

  394.     UserDto user = db.users().insertUser(u -> u

  395.       .setLogin("Old login")

  396.       .setName("Old name")

  397.       .setEmail(USER_IDENTITY.getEmail())

  398.       .setExternalId("Old id")

  399.       .setExternalLogin(USER_IDENTITY.getProviderLogin())

  400.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  401. 

  402.     underTest.register(UserRegistration.builder()

  403.       .setUserIdentity(USER_IDENTITY)

  404.       .setProvider(IDENTITY_PROVIDER)

  405.       .setSource(Source.local(BASIC))

  406.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  407.       .build());

  408. 

  409.     assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid()))

  410.       .extracting(UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider,

  411.         UserDto::isActive)

  412.       .contains("John", "john@email.com", "ABCD", "johndoo", "github", true);

  413.   }

  414. 

  415.   @Test

  416.   public void authenticate_existing_user_and_login_should_not_be_updated() {

  417.     UserDto user = db.users().insertUser(u -> u

  418.       .setLogin("old login")

  419.       .setName(USER_IDENTITY.getName())

  420.       .setEmail(USER_IDENTITY.getEmail())

  421.       .setExternalId(USER_IDENTITY.getProviderId())

  422.       .setExternalLogin("old identity")

  423.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  424. 

  425.     underTest.register(UserRegistration.builder()

  426.       .setUserIdentity(USER_IDENTITY)

  427.       .setProvider(IDENTITY_PROVIDER)

  428.       .setSource(Source.local(BASIC))

  429.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  430.       .build());

  431. 

  432.     // no new user should be created

  433.     assertThat(db.countRowsOfTable(db.getSession(), "users")).isEqualTo(1);

  434.     assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid()))

  435.       .extracting(UserDto::getLogin, UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider,

  436.         UserDto::isActive)

  437.       .containsExactlyInAnyOrder("old login", USER_IDENTITY.getName(), USER_IDENTITY.getEmail(), USER_IDENTITY.getProviderId(), USER_IDENTITY.getProviderLogin(),

  438.         IDENTITY_PROVIDER.getKey(),

  439.         true);

  440.   }

  441. 

  442.   @Test

  443.   public void authenticate_existing_user_matching_external_login_when_external_id_is_null() {

  444.     UserDto user = db.users().insertUser(u -> u

  445.       .setName("Old name")

  446.       .setEmail("Old email")

  447.       .setExternalId("Old id")

  448.       .setExternalLogin("johndoo")

  449.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  450. 

  451.     underTest.register(UserRegistration.builder()

  452.       .setUserIdentity(UserIdentity.builder()

  453.         .setProviderId(null)

  454.         .setProviderLogin("johndoo")

  455.         .setName("John")

  456.         .setEmail("john@email.com")

  457.         .build())

  458.       .setProvider(IDENTITY_PROVIDER)

  459.       .setSource(Source.local(BASIC))

  460.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  461.       .build());

  462. 

  463.     assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid()))

  464.       .extracting(UserDto::getLogin, UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider,

  465.         UserDto::isActive)

  466.       .contains(user.getLogin(), "John", "john@email.com", "johndoo", "johndoo", "github", true);

  467.   }

  468. 

  469.   @Test

  470.   public void authenticate_existing_user_when_login_is_not_provided() {

  471.     UserDto user = db.users().insertUser(u -> u.setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  472. 

  473.     underTest.register(UserRegistration.builder()

  474.       .setUserIdentity(UserIdentity.builder()

  475.         .setProviderId(user.getExternalId())

  476.         .setProviderLogin(user.getExternalLogin())

  477.         // No login provided

  478.         .setName(user.getName())

  479.         .setEmail(user.getEmail())

  480.         .build())

  481.       .setProvider(IDENTITY_PROVIDER)

  482.       .setSource(Source.local(BASIC))

  483.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  484.       .build());

  485. 

  486.     // No new user is created

  487.     assertThat(db.countRowsOfTable(db.getSession(), "users")).isEqualTo(1);

  488.     assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid()))

  489.       .extracting(UserDto::getLogin, UserDto::getName, UserDto::getEmail, UserDto::getExternalId, UserDto::getExternalLogin, UserDto::getExternalIdentityProvider,

  490.         UserDto::isActive)

  491.       .contains(user.getExternalLogin(), user.getName(), user.getEmail(), user.getExternalId(), user.getExternalLogin(), user.getExternalIdentityProvider(), true);

  492.   }

  493. 

  494.   @Test

  495.   public void authenticate_existing_user_with_login_update_and_strategy_is_ALLOW() {

  496.     UserDto user = db.users().insertUser(u -> u

  497.       .setLogin("Old login")

  498.       .setExternalId(USER_IDENTITY.getProviderId())

  499.       .setExternalLogin("old identity")

  500.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  501. 

  502.     underTest.register(UserRegistration.builder()

  503.       .setUserIdentity(USER_IDENTITY)

  504.       .setProvider(IDENTITY_PROVIDER)

  505.       .setSource(Source.local(BASIC))

  506.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  507.       .build());

  508. 

  509.     assertThat(db.getDbClient().userDao().selectByUuid(db.getSession(), user.getUuid()))

  510.       .extracting(UserDto::getLogin, UserDto::getExternalLogin)

  511.       .contains(USER_LOGIN, USER_IDENTITY.getProviderLogin());

  512.   }

  513. 

  514.   @Test

  515.   public void authenticate_existing_disabled_user() {

  516.     db.users().insertUser(u -> u

  517.       .setLogin(USER_LOGIN)

  518.       .setActive(false)

  519.       .setName("Old name")

  520.       .setEmail("Old email")

  521.       .setExternalId("Old id")

  522.       .setExternalLogin(USER_IDENTITY.getProviderLogin())

  523.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  524. 

  525.     underTest.register(UserRegistration.builder()

  526.       .setUserIdentity(USER_IDENTITY)

  527.       .setProvider(IDENTITY_PROVIDER)

  528.       .setSource(Source.local(BASIC))

  529.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  530.       .build());

  531. 

  532.     UserDto userDto = db.users().selectUserByLogin(USER_LOGIN).get();

  533.     assertThat(userDto.isActive()).isTrue();

  534.     assertThat(userDto.getName()).isEqualTo("John");

  535.     assertThat(userDto.getEmail()).isEqualTo("john@email.com");

  536.     assertThat(userDto.getExternalId()).isEqualTo("ABCD");

  537.     assertThat(userDto.getExternalLogin()).isEqualTo("johndoo");

  538.     assertThat(userDto.getExternalIdentityProvider()).isEqualTo("github");

  539.     assertThat(userDto.isRoot()).isFalse();

  540.   }

  541. 

  542.   @Test

  543.   public void authenticate_existing_user_when_email_already_exists_and_strategy_is_ALLOW() {

  544.     UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com"));

  545.     UserDto currentUser = db.users().insertUser(u -> u.setExternalLogin("johndoo").setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()).setEmail(null));

  546. 

  547.     UserIdentity userIdentity = UserIdentity.builder()

  548.       .setProviderLogin(currentUser.getExternalLogin())

  549.       .setName("John")

  550.       .setEmail("john@email.com")

  551.       .build();

  552. 

  553.     currentUser = underTest.register(UserRegistration.builder()

  554.       .setUserIdentity(userIdentity)

  555.       .setProvider(IDENTITY_PROVIDER)

  556.       .setSource(Source.local(BASIC))

  557.       .setExistingEmailStrategy(ExistingEmailStrategy.ALLOW)

  558.       .build());

  559. 

  560.     UserDto existingUserReloaded = db.users().selectUserByLogin(existingUser.getLogin()).get();

  561.     assertThat(existingUserReloaded.getEmail()).isNull();

  562. 

  563.     UserDto currentUserReloaded = db.users().selectUserByLogin(currentUser.getLogin()).get();

  564.     assertThat(currentUserReloaded.getEmail()).isEqualTo("john@email.com");

  565. 

  566.   }

  567. 

  568.   @Test

  569.   public void throw_EmailAlreadyExistException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_WARN() {

  570.     UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com"));

  571.     UserDto currentUser = db.users().insertUser(u -> u.setEmail(null));

  572.     UserIdentity userIdentity = UserIdentity.builder()

  573.       .setProviderLogin("johndoo")

  574.       .setName("John")

  575.       .setEmail("john@email.com")

  576.       .build();

  577. 

  578.     expectedException.expect(EmailAlreadyExistsRedirectionException.class);

  579. 

  580.     underTest.register(UserRegistration.builder()

  581.       .setUserIdentity(userIdentity)

  582.       .setProvider(IDENTITY_PROVIDER)

  583.       .setSource(Source.local(BASIC))

  584.       .setExistingEmailStrategy(ExistingEmailStrategy.WARN)

  585.       .build());

  586.   }

  587. 

  588.   @Test

  589.   public void throw_AuthenticationException_when_authenticating_existing_user_when_email_already_exists_and_strategy_is_FORBID() {

  590.     UserDto existingUser = db.users().insertUser(u -> u.setEmail("john@email.com"));

  591.     UserDto currentUser = db.users().insertUser(u -> u.setEmail(null));

  592.     UserIdentity userIdentity = UserIdentity.builder()

  593.       .setProviderLogin("johndoo")

  594.       .setName("John")

  595.       .setEmail("john@email.com")

  596.       .build();

  597. 

  598.     expectedException.expect(authenticationException().from(Source.realm(AuthenticationEvent.Method.FORM, IDENTITY_PROVIDER.getName()))

  599.       .withLogin(userIdentity.getProviderLogin())

  600.       .andPublicMessage("You can't sign up because email 'john@email.com' is already used by an existing user. " +

  601.         "This means that you probably already registered with another account."));

  602.     expectedException.expectMessage("Email 'john@email.com' is already used");

  603. 

  604.     underTest.register(UserRegistration.builder()

  605.       .setUserIdentity(userIdentity)

  606.       .setProvider(IDENTITY_PROVIDER)

  607.       .setSource(Source.realm(AuthenticationEvent.Method.FORM, IDENTITY_PROVIDER.getName()))

  608.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  609.       .build());

  610.   }

  611. 

  612.   @Test

  613.   public void does_not_fail_to_authenticate_user_when_email_has_not_changed_and_strategy_is_FORBID() {

  614.     UserDto currentUser = db.users().insertUser(u -> u.setEmail("john@email.com")

  615.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey()));

  616.     UserIdentity userIdentity = UserIdentity.builder()

  617.       .setProviderId(currentUser.getExternalId())

  618.       .setProviderLogin(currentUser.getExternalLogin())

  619.       .setName("John")

  620.       .setEmail("john@email.com")

  621.       .build();

  622. 

  623.     underTest.register(UserRegistration.builder()

  624.       .setUserIdentity(userIdentity)

  625.       .setProvider(IDENTITY_PROVIDER)

  626.       .setSource(Source.local(BASIC))

  627.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  628.       .build());

  629. 

  630.     UserDto currentUserReloaded = db.users().selectUserByLogin(currentUser.getLogin()).get();

  631.     assertThat(currentUserReloaded.getEmail()).isEqualTo("john@email.com");

  632.   }

  633. 

  634.   @Test

  635.   public void authenticate_existing_user_and_add_new_groups() {

  636.     UserDto user = db.users().insertUser(newUserDto()

  637.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey())

  638.       .setExternalLogin(USER_IDENTITY.getProviderLogin())

  639.       .setActive(true)

  640.       .setName("John"));

  641.     GroupDto group1 = db.users().insertGroup("group1");

  642.     GroupDto group2 = db.users().insertGroup("group2");

  643. 

  644.     authenticate(USER_IDENTITY.getProviderLogin(), "group1", "group2", "group3");

  645. 

  646.     checkGroupMembership(user, group1, group2);

  647.   }

  648. 

  649.   @Test

  650.   public void authenticate_existing_user_and_remove_groups() {

  651.     UserDto user = db.users().insertUser(newUserDto()

  652.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey())

  653.       .setExternalLogin(USER_IDENTITY.getProviderLogin())

  654.       .setActive(true)

  655.       .setName("John"));

  656.     GroupDto group1 = db.users().insertGroup("group1");

  657.     GroupDto group2 = db.users().insertGroup("group2");

  658.     db.users().insertMember(group1, user);

  659.     db.users().insertMember(group2, user);

  660. 

  661.     authenticate(USER_IDENTITY.getProviderLogin(), "group1");

  662. 

  663.     checkGroupMembership(user, group1);

  664.   }

  665. 

  666.   @Test

  667.   public void authenticate_existing_user_and_remove_all_groups_expect_default() {

  668.     UserDto user = db.users().insertUser(newUserDto()

  669.       .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey())

  670.       .setExternalLogin(USER_IDENTITY.getProviderLogin()));

  671.     GroupDto group1 = db.users().insertGroup("group1");

  672.     GroupDto group2 = db.users().insertGroup("group2");

  673.     db.users().insertMember(group1, user);

  674.     db.users().insertMember(group2, user);

  675.     db.users().insertMember(defaultGroup, user);

  676. 

  677.     authenticate(user.getExternalLogin());

  678. 

  679.     checkGroupMembership(user, defaultGroup);

  680.   }

  681. 

  682.   private UserDto authenticate(String providerLogin, String... groups) {

  683.     return underTest.register(UserRegistration.builder()

  684.       .setUserIdentity(UserIdentity.builder()

  685.         .setProviderLogin(providerLogin)

  686.         .setName("John")

  687.         // No group

  688.         .setGroups(stream(groups).collect(MoreCollectors.toSet()))

  689.         .build())

  690.       .setProvider(IDENTITY_PROVIDER)

  691.       .setSource(Source.local(BASIC))

  692.       .setExistingEmailStrategy(ExistingEmailStrategy.FORBID)

  693.       .build());

  694.   }

  695. 

  696.   private void checkGroupMembership(UserDto user, GroupDto... expectedGroups) {

  697.     assertThat(db.users().selectGroupUuidsOfUser(user)).containsOnly(stream(expectedGroups).map(GroupDto::getUuid).collect(Collectors.toList()).toArray(new String[] {}));

  698.   }

  699. 

  700.   private GroupDto insertDefaultGroup() {

  701.     return db.users().insertDefaultGroup();

  702.   }

  703. 

  704. }