diff options
author | Antoine Vinot <antoine.vinot@sonarsource.com> | 2022-10-25 11:56:20 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-11-02 20:03:01 +0000 |
commit | 60e4b88e4567c1af3051b6cdc4c8858f8b0fca21 (patch) | |
tree | c16129850760037f3e3f1f56dbf6f15bc0b34594 /server/sonar-auth-ldap/src/test | |
parent | a22087da3ca968ed5a592ed03d47f282b6b59d63 (diff) | |
download | sonarqube-60e4b88e4567c1af3051b6cdc4c8858f8b0fca21.tar.gz sonarqube-60e4b88e4567c1af3051b6cdc4c8858f8b0fca21.zip |
SONAR-17508 - Fix SSF-327
Diffstat (limited to 'server/sonar-auth-ldap/src/test')
8 files changed, 303 insertions, 131 deletions
diff --git a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorTest.java b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorTest.java index cf56c14eec5..2559d8836d9 100644 --- a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorTest.java +++ b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorTest.java @@ -19,11 +19,13 @@ */ package org.sonar.auth.ldap; +import javax.servlet.http.HttpServletRequest; import org.junit.ClassRule; import org.junit.Test; import org.sonar.auth.ldap.server.LdapServer; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; public class DefaultLdapAuthenticatorTest { @@ -32,7 +34,7 @@ public class DefaultLdapAuthenticatorTest { */ public static final String USERS_EXAMPLE_ORG_LDIF = "/users.example.org.ldif"; /** - * A reference to an aditional ldif file. + * A reference to an additional ldif file. */ public static final String USERS_INFOSUPPORT_COM_LDIF = "/users.infosupport.com.ldif"; @ClassRule @@ -44,11 +46,12 @@ public class DefaultLdapAuthenticatorTest { public void testNoConnection() { exampleServer.disableAnonymousAccess(); try { - LdapSettingsManager settingsManager = new LdapSettingsManager(LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_SIMPLE).asConfig(), + LdapSettingsManager settingsManager = new LdapSettingsManager( + LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_SIMPLE).asConfig(), new LdapAutodiscovery()); DefaultLdapAuthenticator authenticator = new DefaultLdapAuthenticator(settingsManager.getContextFactories(), settingsManager.getUserMappings()); - boolean authenticate = authenticator.authenticate("godin", "secret1"); - assertThat(authenticate).isTrue(); + boolean isAuthenticationSuccessful = authenticator.doAuthenticate(createContext("godin", "secret1")).isSuccess(); + assertThat(isAuthenticationSuccessful).isTrue(); } finally { exampleServer.enableAnonymousAccess(); } @@ -56,20 +59,27 @@ public class DefaultLdapAuthenticatorTest { @Test public void testSimple() { - LdapSettingsManager settingsManager = new LdapSettingsManager(LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_SIMPLE).asConfig(), + LdapSettingsManager settingsManager = new LdapSettingsManager( + LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_SIMPLE).asConfig(), new LdapAutodiscovery()); DefaultLdapAuthenticator authenticator = new DefaultLdapAuthenticator(settingsManager.getContextFactories(), settingsManager.getUserMappings()); - assertThat(authenticator.authenticate("godin", "secret1")).isTrue(); - assertThat(authenticator.authenticate("godin", "wrong")).isFalse(); + LdapAuthenticationResult user1Success = authenticator.doAuthenticate(createContext("godin", "secret1")); + assertThat(user1Success.isSuccess()).isTrue(); + assertThat(user1Success.getServerKey()).isEqualTo("default"); + + assertThat(authenticator.doAuthenticate(createContext("godin", "wrong")).isSuccess()).isFalse(); - assertThat(authenticator.authenticate("tester", "secret2")).isTrue(); - assertThat(authenticator.authenticate("tester", "wrong")).isFalse(); + LdapAuthenticationResult user2Success = authenticator.doAuthenticate(createContext("tester", "secret2")); + assertThat(user2Success.isSuccess()).isTrue(); + assertThat(user2Success.getServerKey()).isEqualTo("default"); - assertThat(authenticator.authenticate("notfound", "wrong")).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("tester", "wrong")).isSuccess()).isFalse(); + + assertThat(authenticator.doAuthenticate(createContext("notfound", "wrong")).isSuccess()).isFalse(); // SONARPLUGINS-2493 - assertThat(authenticator.authenticate("godin", "")).isFalse(); - assertThat(authenticator.authenticate("godin", null)).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("godin", "")).isSuccess()).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("godin", null)).isSuccess()).isFalse(); } @Test @@ -78,35 +88,53 @@ public class DefaultLdapAuthenticatorTest { LdapSettingsFactory.generateAuthenticationSettings(exampleServer, infosupportServer, LdapContextFactory.AUTH_METHOD_SIMPLE).asConfig(), new LdapAutodiscovery()); DefaultLdapAuthenticator authenticator = new DefaultLdapAuthenticator(settingsManager.getContextFactories(), settingsManager.getUserMappings()); - assertThat(authenticator.authenticate("godin", "secret1")).isTrue(); - assertThat(authenticator.authenticate("godin", "wrong")).isFalse(); + LdapAuthenticationResult user1Success = authenticator.doAuthenticate(createContext("godin", "secret1")); + assertThat(user1Success.isSuccess()).isTrue(); + assertThat(user1Success.getServerKey()).isEqualTo("example"); + assertThat(authenticator.doAuthenticate(createContext("godin", "wrong")).isSuccess()).isFalse(); + + LdapAuthenticationResult user2Server1Success = authenticator.doAuthenticate(createContext("tester", "secret2")); + assertThat(user2Server1Success.isSuccess()).isTrue(); + assertThat(user2Server1Success.getServerKey()).isEqualTo("example"); - assertThat(authenticator.authenticate("tester", "secret2")).isTrue(); - assertThat(authenticator.authenticate("tester", "wrong")).isFalse(); + LdapAuthenticationResult user2Server2Success = authenticator.doAuthenticate(createContext("tester", "secret3")); + assertThat(user2Server2Success.isSuccess()).isTrue(); + assertThat(user2Server2Success.getServerKey()).isEqualTo("infosupport"); - assertThat(authenticator.authenticate("notfound", "wrong")).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("tester", "wrong")).isSuccess()).isFalse(); + + assertThat(authenticator.doAuthenticate(createContext("notfound", "wrong")).isSuccess()).isFalse(); // SONARPLUGINS-2493 - assertThat(authenticator.authenticate("godin", "")).isFalse(); - assertThat(authenticator.authenticate("godin", null)).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("godin", "")).isSuccess()).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("godin", null)).isSuccess()).isFalse(); // SONARPLUGINS-2793 - assertThat(authenticator.authenticate("robby", "secret1")).isTrue(); - assertThat(authenticator.authenticate("robby", "wrong")).isFalse(); + LdapAuthenticationResult user3Success = authenticator.doAuthenticate(createContext("robby", "secret1")); + assertThat(user3Success.isSuccess()).isTrue(); + assertThat(user3Success.getServerKey()).isEqualTo("infosupport"); + assertThat(authenticator.doAuthenticate(createContext("robby", "wrong")).isSuccess()).isFalse(); } @Test public void testSasl() { - LdapSettingsManager settingsManager = new LdapSettingsManager(LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_CRAM_MD5).asConfig(), + LdapSettingsManager settingsManager = new LdapSettingsManager( + LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_CRAM_MD5).asConfig(), new LdapAutodiscovery()); DefaultLdapAuthenticator authenticator = new DefaultLdapAuthenticator(settingsManager.getContextFactories(), settingsManager.getUserMappings()); - assertThat(authenticator.authenticate("godin", "secret1")).isTrue(); - assertThat(authenticator.authenticate("godin", "wrong")).isFalse(); + LdapAuthenticationResult user1Success = authenticator.doAuthenticate(createContext("godin", "secret1")); + assertThat(user1Success.isSuccess()).isTrue(); + assertThat(user1Success.getServerKey()).isEqualTo("default"); + + assertThat(authenticator.doAuthenticate(createContext("godin", "wrong")).isSuccess()).isFalse(); - assertThat(authenticator.authenticate("tester", "secret2")).isTrue(); - assertThat(authenticator.authenticate("tester", "wrong")).isFalse(); + LdapAuthenticationResult user2Success = authenticator.doAuthenticate(createContext("tester", "secret2")); + assertThat(user2Success.isSuccess()).isTrue(); + assertThat(user2Success.getServerKey()).isEqualTo("default"); - assertThat(authenticator.authenticate("notfound", "wrong")).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("tester", "wrong")).isSuccess()).isFalse(); + + assertThat(authenticator.doAuthenticate(createContext("notfound", "wrong")).isSuccess()).isFalse(); } @Test @@ -115,16 +143,30 @@ public class DefaultLdapAuthenticatorTest { LdapSettingsFactory.generateAuthenticationSettings(exampleServer, infosupportServer, LdapContextFactory.AUTH_METHOD_CRAM_MD5).asConfig(), new LdapAutodiscovery()); DefaultLdapAuthenticator authenticator = new DefaultLdapAuthenticator(settingsManager.getContextFactories(), settingsManager.getUserMappings()); - assertThat(authenticator.authenticate("godin", "secret1")).isTrue(); - assertThat(authenticator.authenticate("godin", "wrong")).isFalse(); + LdapAuthenticationResult user1Success = authenticator.doAuthenticate(createContext("godin", "secret1")); + assertThat(user1Success.isSuccess()).isTrue(); + assertThat(authenticator.doAuthenticate(createContext("godin", "wrong")).isSuccess()).isFalse(); + + LdapAuthenticationResult user2Server1Success = authenticator.doAuthenticate(createContext("tester", "secret2")); + assertThat(user2Server1Success.isSuccess()).isTrue(); + assertThat(user2Server1Success.getServerKey()).isEqualTo("example"); + + LdapAuthenticationResult user2Server2Success = authenticator.doAuthenticate(createContext("tester", "secret3")); + assertThat(user2Server2Success.isSuccess()).isTrue(); + assertThat(user2Server2Success.getServerKey()).isEqualTo("infosupport"); - assertThat(authenticator.authenticate("tester", "secret2")).isTrue(); - assertThat(authenticator.authenticate("tester", "wrong")).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("tester", "wrong")).isSuccess()).isFalse(); - assertThat(authenticator.authenticate("notfound", "wrong")).isFalse(); + assertThat(authenticator.doAuthenticate(createContext("notfound", "wrong")).isSuccess()).isFalse(); + + LdapAuthenticationResult user3Success = authenticator.doAuthenticate(createContext("robby", "secret1")); + assertThat(user3Success.isSuccess()).isTrue(); + + assertThat(authenticator.doAuthenticate(createContext("robby", "wrong")).isSuccess()).isFalse(); + } - assertThat(authenticator.authenticate("robby", "secret1")).isTrue(); - assertThat(authenticator.authenticate("robby", "wrong")).isFalse(); + private static LdapAuthenticator.Context createContext(String username, String password) { + return new LdapAuthenticator.Context(username, password, mock(HttpServletRequest.class)); } } diff --git a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapGroupsProviderTest.java b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapGroupsProviderTest.java index dd759b2804e..6a527e6cb0a 100644 --- a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapGroupsProviderTest.java +++ b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapGroupsProviderTest.java @@ -20,12 +20,14 @@ package org.sonar.auth.ldap; import java.util.Collection; +import javax.servlet.http.HttpServletRequest; import org.junit.ClassRule; import org.junit.Test; import org.sonar.api.config.internal.MapSettings; import org.sonar.auth.ldap.server.LdapServer; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; public class DefaultLdapGroupsProviderTest { @@ -44,58 +46,71 @@ public class DefaultLdapGroupsProviderTest { public static LdapServer infosupportServer = new LdapServer(USERS_INFOSUPPORT_COM_LDIF, "infosupport.com", "dc=infosupport,dc=com"); @Test - public void defaults() { + public void doGetGroups_when_single_server_without_key() { MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, null); LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); - DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), settingsManager.getGroupMappings()); - Collection<String> groups; + DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), + settingsManager.getGroupMappings()); - groups = groupsProvider.getGroups("tester"); + Collection<String> groups = getGroupsForContext(createContextForDefaultServer("tester"), groupsProvider); assertThat(groups).containsOnly("sonar-users"); - groups = groupsProvider.getGroups("godin"); + groups = getGroupsForContext(createContextForDefaultServer("godin"), groupsProvider); assertThat(groups).containsOnly("sonar-users", "sonar-developers"); - groups = groupsProvider.getGroups("notfound"); + groups = getGroupsForContext(createContextForDefaultServer("unknown_user"), groupsProvider); assertThat(groups).isEmpty(); } @Test - public void defaultsMultipleLdap() { + public void doGetGroups_when_two_ldap_servers() { MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, infosupportServer); LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); - DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), settingsManager.getGroupMappings()); + DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), + settingsManager.getGroupMappings()); - Collection<String> groups; - - groups = groupsProvider.getGroups("tester"); + Collection<String> groups = getGroupsForContext(createContextForExampleServer("tester"), groupsProvider); assertThat(groups).containsOnly("sonar-users"); - groups = groupsProvider.getGroups("godin"); + groups = getGroupsForContext(createContextForExampleServer("godin"), groupsProvider); assertThat(groups).containsOnly("sonar-users", "sonar-developers"); - groups = groupsProvider.getGroups("notfound"); + groups = getGroupsForContext(createContextForExampleServer("unknown_user"), groupsProvider); assertThat(groups).isEmpty(); - groups = groupsProvider.getGroups("testerInfo"); + groups = getGroupsForContext(createContextForInfoSupportServer("testerInfo"), groupsProvider); assertThat(groups).containsOnly("sonar-users"); - groups = groupsProvider.getGroups("robby"); + groups = getGroupsForContext(createContextForInfoSupportServer("robby"), groupsProvider); assertThat(groups).containsOnly("sonar-users", "sonar-developers"); } @Test + public void doGetGroups_when_two_ldap_servers_with_same_username_resolves_groups_from_right_server() { + MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, infosupportServer); + + LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); + DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), + settingsManager.getGroupMappings()); + + Collection<String> groups = getGroupsForContext(createContextForExampleServer("duplicated"), groupsProvider); + assertThat(groups).containsOnly("sonar-users"); + + groups = getGroupsForContext(createContextForInfoSupportServer("duplicated"), groupsProvider); + assertThat(groups).containsOnly("sonar-developers"); + } + + @Test public void posix() { MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, null); settings.setProperty("ldap.group.request", "(&(objectClass=posixGroup)(memberUid={uid}))"); LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); - DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), settingsManager.getGroupMappings()); - - Collection<String> groups; + DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), + settingsManager.getGroupMappings()); - groups = groupsProvider.getGroups("godin"); + Collection<String> groups = getGroupsForContext(createContextForDefaultServer("godin"), groupsProvider); assertThat(groups).containsOnly("linux-users"); } @@ -105,27 +120,29 @@ public class DefaultLdapGroupsProviderTest { settings.setProperty("ldap.example.group.request", "(&(objectClass=posixGroup)(memberUid={uid}))"); settings.setProperty("ldap.infosupport.group.request", "(&(objectClass=posixGroup)(memberUid={uid}))"); LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); - DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), settingsManager.getGroupMappings()); - - Collection<String> groups; + DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), + settingsManager.getGroupMappings()); - groups = groupsProvider.getGroups("godin"); + Collection<String> groups = getGroupsForContext(createContextForExampleServer("godin"), groupsProvider); assertThat(groups).containsOnly("linux-users"); - groups = groupsProvider.getGroups("robby"); + groups = getGroupsForContext(createContextForInfoSupportServer("robby"), groupsProvider); assertThat(groups).containsOnly("linux-users"); } + private static Collection<String> getGroupsForContext(LdapGroupsProvider.Context context, DefaultLdapGroupsProvider groupsProvider) { + return groupsProvider.doGetGroups(context); + } + @Test public void mixed() { MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, infosupportServer); settings.setProperty("ldap.example.group.request", "(&(|(objectClass=groupOfUniqueNames)(objectClass=posixGroup))(|(uniqueMember={dn})(memberUid={uid})))"); LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); - DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), settingsManager.getGroupMappings()); - - Collection<String> groups; + DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), + settingsManager.getGroupMappings()); - groups = groupsProvider.getGroups("godin"); + Collection<String> groups = getGroupsForContext(createContextForExampleServer("godin"), groupsProvider); assertThat(groups).containsOnly("sonar-users", "sonar-developers", "linux-users"); } @@ -135,15 +152,30 @@ public class DefaultLdapGroupsProviderTest { settings.setProperty("ldap.example.group.request", "(&(|(objectClass=groupOfUniqueNames)(objectClass=posixGroup))(|(uniqueMember={dn})(memberUid={uid})))"); settings.setProperty("ldap.infosupport.group.request", "(&(|(objectClass=groupOfUniqueNames)(objectClass=posixGroup))(|(uniqueMember={dn})(memberUid={uid})))"); LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); - DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), settingsManager.getGroupMappings()); + DefaultLdapGroupsProvider groupsProvider = new DefaultLdapGroupsProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings(), + settingsManager.getGroupMappings()); - Collection<String> groups; - - groups = groupsProvider.getGroups("godin"); + Collection<String> groups = getGroupsForContext(createContextForExampleServer("godin"), groupsProvider); assertThat(groups).containsOnly("sonar-users", "sonar-developers", "linux-users"); - groups = groupsProvider.getGroups("robby"); + groups = getGroupsForContext(createContextForInfoSupportServer("robby"), groupsProvider); assertThat(groups).containsOnly("sonar-users", "sonar-developers", "linux-users"); } + private static LdapGroupsProvider.Context createContextForDefaultServer(String userName) { + return createContext("default", userName); + } + + private static LdapGroupsProvider.Context createContextForExampleServer(String userName) { + return createContext("example", userName); + } + + private static LdapGroupsProvider.Context createContextForInfoSupportServer(String userName) { + return createContext("infosupport", userName); + } + + private static LdapGroupsProvider.Context createContext(String serverName, String userName) { + return new LdapGroupsProvider.Context(serverName, userName, mock(HttpServletRequest.class)); + } + } diff --git a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapUsersProviderTest.java b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapUsersProviderTest.java index 79f601b520f..cde909e415b 100644 --- a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapUsersProviderTest.java +++ b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/DefaultLdapUsersProviderTest.java @@ -19,12 +19,14 @@ */ package org.sonar.auth.ldap; +import javax.servlet.http.HttpServletRequest; import org.junit.ClassRule; import org.junit.Test; import org.sonar.api.config.internal.MapSettings; import org.sonar.auth.ldap.server.LdapServer; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; public class DefaultLdapUsersProviderTest { /** @@ -32,7 +34,7 @@ public class DefaultLdapUsersProviderTest { */ public static final String USERS_EXAMPLE_ORG_LDIF = "/users.example.org.ldif"; /** - * A reference to an aditional ldif file. + * A reference to an additional ldif file. */ public static final String USERS_INFOSUPPORT_COM_LDIF = "/users.infosupport.com.ldif"; @@ -42,35 +44,54 @@ public class DefaultLdapUsersProviderTest { public static LdapServer infosupportServer = new LdapServer(USERS_INFOSUPPORT_COM_LDIF, "infosupport.com", "dc=infosupport,dc=com"); @Test - public void test() { + public void test_user_from_first_server() { MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, infosupportServer); LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); DefaultLdapUsersProvider usersProvider = new DefaultLdapUsersProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings()); - LdapUserDetails details; - - details = usersProvider.getUserDetails("godin"); + LdapUserDetails details = usersProvider.doGetUserDetails(createContext("example", "godin")); assertThat(details.getName()).isEqualTo("Evgeny Mandrikov"); assertThat(details.getEmail()).isEqualTo("godin@example.org"); + } - details = usersProvider.getUserDetails("tester"); - assertThat(details.getName()).isEqualTo("Tester Testerovich"); - assertThat(details.getEmail()).isEqualTo("tester@example.org"); - - details = usersProvider.getUserDetails("without_email"); - assertThat(details.getName()).isEqualTo("Without Email"); - assertThat(details.getEmail()).isEmpty(); - - details = usersProvider.getUserDetails("notfound"); - assertThat(details).isNull(); + @Test + public void test_user_from_second_server() { + MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, infosupportServer); + LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); + DefaultLdapUsersProvider usersProvider = new DefaultLdapUsersProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings()); - details = usersProvider.getUserDetails("robby"); + LdapUserDetails details = usersProvider.doGetUserDetails(createContext("infosupport", "robby")); assertThat(details.getName()).isEqualTo("Robby Developer"); assertThat(details.getEmail()).isEqualTo("rd@infosupport.com"); - details = usersProvider.getUserDetails("testerInfo"); - assertThat(details.getName()).isEqualTo("Tester Testerovich"); - assertThat(details.getEmail()).isEqualTo("tester@infosupport.com"); } + @Test + public void test_user_on_multiple_servers() { + MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, infosupportServer); + LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); + DefaultLdapUsersProvider usersProvider = new DefaultLdapUsersProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings()); + + LdapUserDetails detailsExample = usersProvider.doGetUserDetails(createContext("example", "tester")); + assertThat(detailsExample.getName()).isEqualTo("Tester Testerovich"); + assertThat(detailsExample.getEmail()).isEqualTo("tester@example.org"); + + LdapUserDetails detailsInfoSupport = usersProvider.doGetUserDetails(createContext("infosupport", "tester")); + assertThat(detailsInfoSupport.getName()).isEqualTo("Tester Testerovich Testerov"); + assertThat(detailsInfoSupport.getEmail()).isEqualTo("tester@example2.org"); + } + + @Test + public void test_user_doesnt_exist() { + MapSettings settings = LdapSettingsFactory.generateSimpleAnonymousAccessSettings(exampleServer, infosupportServer); + LdapSettingsManager settingsManager = new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery()); + DefaultLdapUsersProvider usersProvider = new DefaultLdapUsersProvider(settingsManager.getContextFactories(), settingsManager.getUserMappings()); + + LdapUserDetails details = usersProvider.doGetUserDetails(createContext("example", "notfound")); + assertThat(details).isNull(); + } + + private static LdapUsersProvider.Context createContext(String serverKey, String username) { + return new LdapUsersProvider.Context(serverKey, username, mock(HttpServletRequest.class)); + } } diff --git a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/KerberosTest.java b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/KerberosTest.java index ac08ebe08fc..b0e49f746d3 100644 --- a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/KerberosTest.java +++ b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/KerberosTest.java @@ -21,7 +21,7 @@ package org.sonar.auth.ldap; import java.io.File; import javax.servlet.http.HttpServletRequest; -import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; import org.mockito.Mockito; @@ -29,6 +29,7 @@ import org.sonar.api.config.internal.MapSettings; import org.sonar.auth.ldap.server.LdapServer; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; public class KerberosTest { @@ -39,33 +40,58 @@ public class KerberosTest { @ClassRule public static LdapServer server = new LdapServer("/krb.ldif"); - @Test - public void test() { - MapSettings settings = configure(); - LdapRealm ldapRealm = new LdapRealm(new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery())); + LdapAuthenticator authenticator; + LdapRealm ldapRealm; + @Before + public void before() { + MapSettings settings = configure(); + ldapRealm = new LdapRealm(new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery())); ldapRealm.init(); - assertThat(ldapRealm.doGetAuthenticator().doAuthenticate(new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "wrong_user_password", Mockito.mock(HttpServletRequest.class)))) - .isFalse(); - assertThat(ldapRealm.doGetAuthenticator().doAuthenticate(new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "user_password", Mockito.mock(HttpServletRequest.class)))).isTrue(); + authenticator = ldapRealm.doGetAuthenticator(); + } + + @Test + public void test_wrong_password() { + LdapAuthenticator.Context wrongPasswordContext = new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "wrong_user_password", Mockito.mock(HttpServletRequest.class)); + assertThat(authenticator.doAuthenticate(wrongPasswordContext).isSuccess()).isFalse(); + } + + @Test + public void test_correct_password() { + + LdapAuthenticator.Context correctPasswordContext = new LdapAuthenticator.Context("Godin@EXAMPLE.ORG", "user_password", Mockito.mock(HttpServletRequest.class)); + assertThat(authenticator.doAuthenticate(correctPasswordContext).isSuccess()).isTrue(); + + } + + @Test + public void test_default_realm() { + // Using default realm from krb5.conf: - assertThat(ldapRealm.doGetAuthenticator().doAuthenticate(new LdapAuthenticator.Context("Godin", "user_password", Mockito.mock(HttpServletRequest.class)))).isTrue(); + LdapAuthenticator.Context defaultRealmContext = new LdapAuthenticator.Context("Godin", "user_password", Mockito.mock(HttpServletRequest.class)); + assertThat(authenticator.doAuthenticate(defaultRealmContext).isSuccess()).isTrue(); + } - assertThat(ldapRealm.getGroupsProvider().doGetGroups(new LdapGroupsProvider.Context("godin", Mockito.mock(HttpServletRequest.class)))).containsOnly("sonar-users"); + @Test + public void test_groups() { + LdapGroupsProvider groupsProvider = ldapRealm.getGroupsProvider(); + LdapGroupsProvider.Context groupsContext = new LdapGroupsProvider.Context("default", "godin", Mockito.mock(HttpServletRequest.class)); + assertThat(groupsProvider.doGetGroups(groupsContext)) + .containsOnly("sonar-users"); } @Test public void wrong_bind_password() { MapSettings settings = configure() .setProperty("ldap.bindPassword", "wrong_bind_password"); - LdapRealm ldapRealm = new LdapRealm(new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery())); - try { - ldapRealm.init(); - Assert.fail(); - } catch (LdapException e) { - assertThat(e.getMessage()).isEqualTo("Unable to open LDAP connection"); - } + LdapRealm wrongPasswordRealm = new LdapRealm(new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery())); + + assertThatThrownBy(wrongPasswordRealm::init) + .isInstanceOf(LdapException.class) + .hasMessage("Unable to open LDAP connection"); + } private static MapSettings configure() { diff --git a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapRealmTest.java b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapRealmTest.java index ba1656009ef..a194ace6ac3 100644 --- a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapRealmTest.java +++ b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapRealmTest.java @@ -27,7 +27,7 @@ import org.sonar.api.config.internal.MapSettings; import org.sonar.auth.ldap.server.LdapServer; import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.Assert.fail; +import static org.assertj.core.api.Assertions.assertThatThrownBy; public class LdapRealmTest { @@ -49,32 +49,29 @@ public class LdapRealmTest { public void noConnection() { MapSettings settings = new MapSettings() .setProperty("ldap.url", "ldap://no-such-host") - .setProperty("ldap.group.baseDn", "cn=groups,dc=example,dc=org"); + .setProperty("ldap.group.baseDn", "cn=groups,dc=example,dc=org") + .setProperty("ldap.user.baseDn", "cn=users,dc=example,dc=org"); LdapRealm realm = new LdapRealm(new LdapSettingsManager(settings.asConfig(), new LdapAutodiscovery())); - try { - realm.init(); - fail("Since there is no connection, the init method has to throw an exception."); - } catch (LdapException e) { - assertThat(e).hasMessage("Unable to open LDAP connection"); - } + assertThatThrownBy(realm::init).isInstanceOf(LdapException.class).hasMessage("Unable to open LDAP connection"); + assertThat(realm.doGetAuthenticator()).isInstanceOf(DefaultLdapAuthenticator.class); - assertThat(realm.getUsersProvider()).isInstanceOf(LdapUsersProvider.class).isInstanceOf(DefaultLdapUsersProvider.class); - assertThat(realm.getGroupsProvider()).isInstanceOf(LdapGroupsProvider.class).isInstanceOf(DefaultLdapGroupsProvider.class); - try { - LdapUsersProvider.Context userContext = new DefaultLdapUsersProvider.Context("tester", Mockito.mock(HttpServletRequest.class)); - realm.getUsersProvider().doGetUserDetails(userContext); - fail("Since there is no connection, the doGetUserDetails method has to throw an exception."); - } catch (LdapException e) { - assertThat(e.getMessage()).contains("Unable to retrieve details for user tester"); - } - try { - LdapGroupsProvider.Context groupsContext = new DefaultLdapGroupsProvider.Context("tester", Mockito.mock(HttpServletRequest.class)); - realm.getGroupsProvider().doGetGroups(groupsContext); - fail("Since there is no connection, the doGetGroups method has to throw an exception."); - } catch (LdapException e) { - assertThat(e.getMessage()).contains("Unable to retrieve details for user tester"); - } + LdapUsersProvider usersProvider = realm.getUsersProvider(); + assertThat(usersProvider).isInstanceOf(LdapUsersProvider.class).isInstanceOf(DefaultLdapUsersProvider.class); + + LdapGroupsProvider groupsProvider = realm.getGroupsProvider(); + assertThat(groupsProvider).isInstanceOf(LdapGroupsProvider.class).isInstanceOf(DefaultLdapGroupsProvider.class); + + LdapUsersProvider.Context userContext = new DefaultLdapUsersProvider.Context("<default>", "tester", Mockito.mock(HttpServletRequest.class)); + assertThatThrownBy(() -> usersProvider.doGetUserDetails(userContext)) + .isInstanceOf(LdapException.class) + .hasMessage("Unable to retrieve details for user tester and server key <default>: No user mapping found."); + + LdapGroupsProvider.Context groupsContext = new DefaultLdapGroupsProvider.Context("default", "tester", Mockito.mock(HttpServletRequest.class)); + assertThatThrownBy(() -> groupsProvider.doGetGroups(groupsContext)) + .isInstanceOf(LdapException.class) + .hasMessage("Unable to retrieve groups for user tester in server with key <default>"); + } } diff --git a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapSearchTest.java b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapSearchTest.java index 721fc546a36..d584cf21476 100644 --- a/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapSearchTest.java +++ b/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/LdapSearchTest.java @@ -24,6 +24,7 @@ import java.util.Enumeration; import java.util.Map; import javax.naming.NamingException; import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; @@ -57,12 +58,19 @@ public class LdapSearchTest { assertThat(search.getParameters()).isEqualTo(new String[] {"inetOrgPerson"}); assertThat(search.getReturningAttributes()).isEqualTo(new String[] {"objectClass"}); assertThat(search.toString()).isEqualTo("LdapSearch{baseDn=dc=example,dc=org, scope=subtree, request=(objectClass={0}), parameters=[inetOrgPerson], attributes=[objectClass]}"); - assertThat(enumerationToArrayList(search.find()).size()).isEqualTo(3); + assertThat(enumerationToArrayList(search.find())) + .extracting(SearchResult::getName) + .containsExactlyInAnyOrder( + "cn=Without Email,ou=users", + "cn=Evgeny Mandrikov,ou=users", + "cn=Tester Testerovich,ou=users", + "cn=duplicated,ou=users" + ); + assertThatThrownBy(search::findUnique) .isInstanceOf(NamingException.class) .hasMessage("Non unique result for " + search.toString()); - } @Test diff --git a/server/sonar-auth-ldap/src/test/resources/users.example.org.ldif b/server/sonar-auth-ldap/src/test/resources/users.example.org.ldif index 3dc462afbb0..fe3341c92f9 100644 --- a/server/sonar-auth-ldap/src/test/resources/users.example.org.ldif +++ b/server/sonar-auth-ldap/src/test/resources/users.example.org.ldif @@ -23,6 +23,20 @@ cn: bind uid: sonar userpassword: bindpassword +# Duplicated user on infosupport ldap +dn: cn=duplicated,ou=users,dc=example,dc=org +objectClass: organizationalPerson +objectClass: person +objectClass: extensibleObject +objectClass: uidObject +objectClass: inetOrgPerson +objectClass: top +cn: duplicated +uid: duplicated +sn: Duplicated +mail: duplicated@example.org +userpassword: duplicated + # Typical user dn: cn=Evgeny Mandrikov,ou=users,dc=example,dc=org objectClass: organizationalPerson @@ -82,6 +96,7 @@ objectclass: groupOfUniqueNames cn: sonar-users uniqueMember: cn=Tester Testerovich,ou=users,dc=example,dc=org uniqueMember: cn=Evgeny Mandrikov,ou=users,dc=example,dc=org +uniqueMember: cn=duplicated,ou=users,dc=example,dc=org # sonar-developers dn: cn=sonar-developers,ou=groups,dc=example,dc=org @@ -95,4 +110,4 @@ objectclass: posixGroup objectclass: top cn: linux-users gidNumber: 10000 -memberUid: godin
\ No newline at end of file +memberUid: godin diff --git a/server/sonar-auth-ldap/src/test/resources/users.infosupport.com.ldif b/server/sonar-auth-ldap/src/test/resources/users.infosupport.com.ldif index a08174bf72b..d57addd4bf3 100644 --- a/server/sonar-auth-ldap/src/test/resources/users.infosupport.com.ldif +++ b/server/sonar-auth-ldap/src/test/resources/users.infosupport.com.ldif @@ -23,6 +23,20 @@ cn: bind uid: sonar userpassword: bindpassword +# Duplicated user on example ldap +dn: cn=duplicated,ou=users,dc=infosupport,dc=com +objectClass: organizationalPerson +objectClass: person +objectClass: extensibleObject +objectClass: uidObject +objectClass: inetOrgPerson +objectClass: top +cn: duplicated +uid: duplicated +sn: Duplicated +mail: duplicated@infosupport.com +userpassword: duplicated + # Typical user dn: cn=Robby Developer,ou=users,dc=infosupport,dc=com objectClass: organizationalPerson @@ -53,6 +67,22 @@ mail: tester@infosupport.com uid: testerInfo userpassword: secret2 +# User repeated on multiple servers +dn: cn=Tester Testerovich Testerov,ou=users,dc=infosupport,dc=com +objectClass: organizationalPerson +objectClass: person +objectClass: extensibleObject +objectClass: uidObject +objectClass: inetOrgPerson +objectClass: top +cn: Tester Testerovich Testerov +givenname: Tester +sn: Testerovich +mail: tester@example2.org +uid: tester +userpassword: secret3 + + # Special case which can cause NPE dn: cn=Without Email,ou=users,dc=infosupport,dc=com objectClass: organizationalPerson @@ -88,6 +118,7 @@ dn: cn=sonar-developers,ou=groups,dc=infosupport,dc=com objectclass: groupOfUniqueNames cn: sonar-developers uniqueMember: cn=Robby Developer,ou=users,dc=infosupport,dc=com +uniqueMember: cn=duplicated,ou=users,dc=infosupport,dc=com # linux-users dn: cn=linux-users,ou=groups,dc=infosupport,dc=com @@ -95,4 +126,4 @@ objectclass: posixGroup objectclass: top cn: linux-users gidNumber: 10000 -memberUid: robby
\ No newline at end of file +memberUid: robby |