aboutsummaryrefslogtreecommitdiffstats
path: root/tests/src/test/java
diff options
context:
space:
mode:
Diffstat (limited to 'tests/src/test/java')
-rw-r--r--tests/src/test/java/org/sonarqube/tests/Category5Suite.java4
-rw-r--r--tests/src/test/java/org/sonarqube/tests/user/BaseIdentityProviderTest.java60
-rw-r--r--tests/src/test/java/org/sonarqube/tests/user/HttpHeadersAuthenticationTest.java191
-rw-r--r--tests/src/test/java/org/sonarqube/tests/user/OAuth2IdentityProviderTest.java50
-rw-r--r--tests/src/test/java/org/sonarqube/tests/user/RealmAuthenticationTest.java276
-rw-r--r--tests/src/test/java/org/sonarqube/tests/user/SsoAuthenticationTest.java166
6 files changed, 379 insertions, 368 deletions
diff --git a/tests/src/test/java/org/sonarqube/tests/Category5Suite.java b/tests/src/test/java/org/sonarqube/tests/Category5Suite.java
index d45b79800cc..b2a635e0703 100644
--- a/tests/src/test/java/org/sonarqube/tests/Category5Suite.java
+++ b/tests/src/test/java/org/sonarqube/tests/Category5Suite.java
@@ -37,9 +37,9 @@ import org.sonarqube.tests.settings.SettingsTestRestartingOrchestrator;
import org.sonarqube.tests.startup.StartupIndexationTest;
import org.sonarqube.tests.telemetry.TelemetryOptOutTest;
import org.sonarqube.tests.telemetry.TelemetryUploadTest;
+import org.sonarqube.tests.user.HttpHeadersAuthenticationTest;
import org.sonarqube.tests.user.OnboardingTest;
import org.sonarqube.tests.user.RealmAuthenticationTest;
-import org.sonarqube.tests.user.SsoAuthenticationTest;
import org.sonarqube.tests.user.UserEsResilienceTest;
/**
@@ -61,7 +61,7 @@ import org.sonarqube.tests.user.UserEsResilienceTest;
// update center
UpdateCenterTest.class,
RealmAuthenticationTest.class,
- SsoAuthenticationTest.class,
+ HttpHeadersAuthenticationTest.class,
OnboardingTest.class,
BuiltInQualityProfilesNotificationTest.class,
ActiveRuleEsResilienceTest.class,
diff --git a/tests/src/test/java/org/sonarqube/tests/user/BaseIdentityProviderTest.java b/tests/src/test/java/org/sonarqube/tests/user/BaseIdentityProviderTest.java
index 4545bc08ecd..f9bfa51ce65 100644
--- a/tests/src/test/java/org/sonarqube/tests/user/BaseIdentityProviderTest.java
+++ b/tests/src/test/java/org/sonarqube/tests/user/BaseIdentityProviderTest.java
@@ -19,14 +19,13 @@
*/
package org.sonarqube.tests.user;
+import com.codeborne.selenide.Condition;
import com.google.common.base.Joiner;
import com.sonar.orchestrator.Orchestrator;
-import java.io.File;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
-import org.apache.commons.io.FileUtils;
import org.junit.After;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -41,10 +40,13 @@ import org.sonarqube.ws.client.users.DeactivateRequest;
import org.sonarqube.ws.client.users.GroupsRequest;
import org.sonarqube.ws.client.users.SearchRequest;
+import static com.codeborne.selenide.Selenide.$;
+import static java.lang.String.format;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.commons.io.FileUtils.readFileToString;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.tuple;
import static org.sonarqube.ws.UserGroups.Group;
-import static util.selenium.Selenese.runSelenese;
public class BaseIdentityProviderTest {
@@ -105,8 +107,11 @@ public class BaseIdentityProviderTest {
// As this property is null, the plugin will throw an exception
tester.settings().setGlobalSettings("sonar.auth.fake-base-id-provider.user", null);
- runSelenese(ORCHESTRATOR, "/user/BaseIdentityProviderTest/display_unauthorized_page_when_authentication_failed.html");
+ tester.openBrowser()
+ .logIn()
+ .useBaseAuth();
+ $("#bd").shouldHave(Condition.text("You're not authorized to access this page. Please contact the administrator"));
assertThat(tester.users().getByLogin(USER_LOGIN)).isNotPresent();
}
@@ -116,21 +121,45 @@ public class BaseIdentityProviderTest {
setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_PROVIDER_LOGIN, USER_NAME, USER_EMAIL);
tester.users().generate(u -> u.setLogin("another").setName("Another").setEmail(USER_EMAIL).setPassword("another"));
- runSelenese(ORCHESTRATOR, "/user/BaseIdentityProviderTest/fail_when_email_already_exists.html");
+ tester.openBrowser()
+ .logIn()
+ .useBaseAuth();
- File logFile = ORCHESTRATOR.getServer().getWebLogs();
- assertThat(FileUtils.readFileToString(logFile))
+ $("#bd").shouldHave(Condition.text(
+ format("You can't sign up because email '%s' is already used by an existing user. This means that you probably already registered with another account.", USER_EMAIL)));
+ assertThat(readFileToString(ORCHESTRATOR.getServer().getWebLogs(), UTF_8))
.doesNotContain("You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account");
}
@Test
+ public void fail_to_authenticate_user_when_email_already_exists_on_several_users() {
+ enablePlugin();
+ setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_PROVIDER_LOGIN, USER_NAME, USER_EMAIL);
+ tester.users().generate(u -> u.setEmail(USER_EMAIL));
+ tester.users().generate(u -> u.setEmail(USER_EMAIL));
+
+ tester.openBrowser()
+ .logIn()
+ .useBaseAuth();
+
+ $("#bd").shouldHave(Condition.text(
+ format("You can't sign up because email '%s' is already used by an existing user. This means that you probably already registered with another account.", USER_EMAIL)));
+ assertThat(tester.users().getByLogin(USER_LOGIN)).isNotPresent();
+ }
+
+ @Test
public void fail_to_authenticate_when_not_allowed_to_sign_up() {
enablePlugin();
setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_PROVIDER_LOGIN, USER_NAME, USER_EMAIL);
tester.settings().setGlobalSettings("sonar.auth.fake-base-id-provider.allowsUsersToSignUp", "false");
- runSelenese(ORCHESTRATOR, "/user/BaseIdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html");
+ tester.openBrowser()
+ .logIn()
+ .useBaseAuth();
+ $("#bd")
+ .shouldHave(Condition.text("You're not authorized to access this page. Please contact the administrator."))
+ .shouldHave(Condition.text(format("Reason: '%s' users are not allowed to sign up", FAKE_PROVIDER_KEY)));
assertThat(tester.users().getByLogin(USER_LOGIN)).isNotPresent();
}
@@ -190,13 +219,16 @@ public class BaseIdentityProviderTest {
setUserCreatedByAuthPlugin(USER_LOGIN, USER_PROVIDER_ID, USER_PROVIDER_LOGIN, USER_NAME, USER_EMAIL);
tester.settings().setGlobalSettings("sonar.auth.fake-base-id-provider.throwUnauthorizedMessage", "true");
- runSelenese(ORCHESTRATOR,
- "/user/BaseIdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html");
-
- File logFile = ORCHESTRATOR.getServer().getWebLogs();
- assertThat(FileUtils.readFileToString(logFile)).doesNotContain("A functional error has happened");
- assertThat(FileUtils.readFileToString(logFile)).doesNotContain("UnauthorizedException");
+ tester.openBrowser()
+ .logIn()
+ .useBaseAuth();
+ $("#bd")
+ .shouldHave(Condition.text("You're not authorized to access this page. Please contact the administrator"))
+ .shouldHave(Condition.text("Reason: A functional error has happened"));
+ assertThat(readFileToString(ORCHESTRATOR.getServer().getWebLogs(), UTF_8))
+ .doesNotContain("A functional error has happened")
+ .doesNotContain("UnauthorizedException");
assertThat(tester.users().getByLogin(USER_LOGIN)).isNotPresent();
}
diff --git a/tests/src/test/java/org/sonarqube/tests/user/HttpHeadersAuthenticationTest.java b/tests/src/test/java/org/sonarqube/tests/user/HttpHeadersAuthenticationTest.java
new file mode 100644
index 00000000000..300c60c0f60
--- /dev/null
+++ b/tests/src/test/java/org/sonarqube/tests/user/HttpHeadersAuthenticationTest.java
@@ -0,0 +1,191 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2018 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonarqube.tests.user;
+
+import com.sonar.orchestrator.Orchestrator;
+import java.net.URLEncoder;
+import java.util.List;
+import javax.annotation.Nullable;
+import okhttp3.Response;
+import org.apache.commons.io.FileUtils;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.sonarqube.qa.util.Tester;
+import org.sonarqube.ws.UserGroups.Group;
+import org.sonarqube.ws.Users.CreateWsResponse.User;
+import org.sonarqube.ws.Users.SearchWsResponse;
+import org.sonarqube.ws.client.users.SearchRequest;
+
+import static java.lang.String.format;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.util.Arrays.asList;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.groups.Tuple.tuple;
+import static util.ItUtils.call;
+import static util.ItUtils.newOrchestratorBuilder;
+
+/**
+ * Test authentication using HTTP headers.
+ * <p>
+ * It starts its own server as it's using a different authentication system
+ */
+public class HttpHeadersAuthenticationTest {
+
+ private static final String LOGIN_HEADER = "H-Login";
+ private static final String NAME_HEADER = "H-Name";
+ private static final String EMAIL_HEADER = "H-Email";
+ private static final String GROUPS_HEADER = "H-Groups";
+
+ @ClassRule
+ public static final Orchestrator orchestrator = newOrchestratorBuilder()
+ .setServerProperty("sonar.web.sso.enable", "true")
+ .setServerProperty("sonar.web.sso.loginHeader", LOGIN_HEADER)
+ .setServerProperty("sonar.web.sso.nameHeader", NAME_HEADER)
+ .setServerProperty("sonar.web.sso.emailHeader", EMAIL_HEADER)
+ .setServerProperty("sonar.web.sso.groupsHeader", GROUPS_HEADER)
+ .build();
+
+ @Rule
+ public Tester tester = new Tester(orchestrator).disableOrganizations();
+
+ @Test
+ public void authenticate() {
+ String login = tester.users().generateLogin();
+
+ doCall(login, "Tester", "tester@email.com", null);
+
+ verifyUser(login, "Tester", "tester@email.com");
+ }
+
+ @Test
+ public void authenticate_with_only_login() {
+ String login = tester.users().generateLogin();
+
+ doCall(login, null, null, null);
+
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(login)).getUsersList())
+ .extracting(SearchWsResponse.User::getLogin, SearchWsResponse.User::getName, SearchWsResponse.User::hasEmail)
+ .containsExactlyInAnyOrder(tuple(login, login, false));
+ }
+
+ @Test
+ public void update_user_when_headers_are_updated() {
+ String login = tester.users().generateLogin();
+ doCall(login, "Tester", "tester@email.com", null);
+ verifyUser(login, "Tester", "tester@email.com");
+
+ // As we don't keep the JWT token is the test, the user is updated
+ doCall(login, "new name", "new email", null);
+ verifyUser(login, "new name", "new email");
+ }
+
+ @Test
+ public void authenticate_with_groups() {
+ String login = tester.users().generateLogin();
+ Group group = tester.groups().generate();
+
+ doCall(login, null, null, group.getName());
+
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(login)).getUsersList())
+ .extracting(SearchWsResponse.User::getLogin, u -> u.getGroups().getGroupsList())
+ .containsExactlyInAnyOrder(tuple(login, asList(group.getName(), "sonar-users")));
+ }
+
+ @Test
+ public void synchronize_groups_when_authenticating_existing_user() {
+ User user = tester.users().generate();
+ Group group1 = tester.groups().generate();
+ Group group2 = tester.groups().generate();
+ Group group3 = tester.groups().generate();
+ tester.groups().addMemberToGroups(null, user.getLogin(), group1.getName(), group2.getName());
+
+ doCall(user.getLogin(), null, null, group2.getName() + "," + group3.getName());
+
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(user.getLogin())).getUsersList())
+ .extracting(SearchWsResponse.User::getLogin, u -> u.getGroups().getGroupsList())
+ .containsExactlyInAnyOrder(tuple(user.getLogin(), asList(group2.getName(), group3.getName(), "sonar-users")));
+ }
+
+ @Test
+ public void authentication_with_local_user_is_possible_when_no_header() {
+ User user = tester.users().generate();
+
+ // Check any ws, no error should be thrown
+ tester.as(user.getLogin(), user.getLogin()).wsClient().system().ping();
+ }
+
+ @Test
+ public void display_message_in_ui_but_not_in_log_when_unauthorized_exception() throws Exception {
+ String login = "invalid login $";
+ Response response = doCall(login, null, null, null);
+
+ assertThat(response.code()).isEqualTo(200);
+ assertThat(response.request().url().toString()).contains("sessions/unauthorized");
+
+ List<String> logsLines = FileUtils.readLines(orchestrator.getServer().getWebLogs(), UTF_8);
+ assertThat(logsLines).doesNotContain("org.sonar.server.exceptions.BadRequestException: Use only letters, numbers, and .-_@ please.");
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(login)).getUsersList()).isEmpty();
+ }
+
+ @Test
+ public void fail_when_email_already_exists() throws Exception {
+ String login = tester.users().generateLogin();
+ User existingUser = tester.users().generate();
+
+ Response response = doCall(login, "Tester", existingUser.getEmail(), null);
+
+ String expectedError = format("You can't sign up because email '%s' is already used by an existing user. This means that you probably already registered with another account",
+ existingUser.getEmail());
+ assertThat(response.code()).isEqualTo(200);
+ assertThat(response.request().url().toString()).contains(URLEncoder.encode(expectedError, UTF_8.name()));
+ assertThat(FileUtils.readLines(orchestrator.getServer().getWebLogs(), UTF_8)).doesNotContain(expectedError);
+ }
+
+ @Test
+ public void fail_to_authenticate_user_when_email_already_exists_on_several_users() throws Exception {
+ String login = tester.users().generateLogin();
+ tester.users().generate(u -> u.setEmail("john@email.com"));
+ tester.users().generate(u -> u.setEmail("john@email.com"));
+
+ Response response = doCall(login, "Tester", "john@email.com", null);
+
+ String expectedError = "You can't sign up because email 'john@email.com' is already used by an existing user. This means that you probably already registered with another account";
+ assertThat(response.code()).isEqualTo(200);
+ assertThat(response.request().url().toString()).contains(URLEncoder.encode(expectedError, UTF_8.name()));
+ assertThat(FileUtils.readLines(orchestrator.getServer().getWebLogs(), UTF_8)).doesNotContain(expectedError);
+ }
+
+ private static Response doCall(String login, @Nullable String name, @Nullable String email, @Nullable String groups) {
+ return call(orchestrator.getServer().getUrl(),
+ LOGIN_HEADER, login,
+ NAME_HEADER, name,
+ EMAIL_HEADER, email,
+ GROUPS_HEADER, groups);
+ }
+
+ private void verifyUser(String login, String name, String email) {
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(login)).getUsersList())
+ .extracting(SearchWsResponse.User::getLogin, SearchWsResponse.User::getName, SearchWsResponse.User::getEmail,
+ SearchWsResponse.User::getExternalIdentity, SearchWsResponse.User::getExternalProvider, SearchWsResponse.User::getLocal)
+ .containsExactlyInAnyOrder(tuple(login, name, email, login, "sonarqube", false));
+ }
+
+}
diff --git a/tests/src/test/java/org/sonarqube/tests/user/OAuth2IdentityProviderTest.java b/tests/src/test/java/org/sonarqube/tests/user/OAuth2IdentityProviderTest.java
index b7e194b3785..b6a74623aa1 100644
--- a/tests/src/test/java/org/sonarqube/tests/user/OAuth2IdentityProviderTest.java
+++ b/tests/src/test/java/org/sonarqube/tests/user/OAuth2IdentityProviderTest.java
@@ -21,11 +21,9 @@ package org.sonarqube.tests.user;
import com.codeborne.selenide.Condition;
import com.sonar.orchestrator.Orchestrator;
-import java.io.File;
import java.net.HttpURLConnection;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
-import org.apache.commons.io.FileUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.ClassRule;
@@ -37,10 +35,12 @@ import org.sonarqube.ws.Users.SearchWsResponse.User;
import org.sonarqube.ws.client.GetRequest;
import org.sonarqube.ws.client.permissions.AddUserRequest;
import org.sonarqube.ws.client.users.CreateRequest;
-import util.selenium.Selenese;
import static com.codeborne.selenide.Condition.visible;
import static com.codeborne.selenide.Selenide.$;
+import static java.lang.String.format;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.commons.io.FileUtils.readFileToString;
import static org.assertj.core.api.Assertions.assertThat;
/**
@@ -137,8 +137,11 @@ public class OAuth2IdentityProviderTest {
// As this property is null, the plugin will throw an exception
tester.settings().setGlobalSettings("sonar.auth.fake-oauth2-id-provider.user", null);
- Selenese.runSelenese(orchestrator, "/user/OAuth2IdentityProviderTest/display_unauthorized_page_when_authentication_failed.html");
+ tester.openBrowser()
+ .logIn()
+ .useOAuth2();
+ $("#bd").shouldHave(Condition.text("You're not authorized to access this page. Please contact the administrator"));
assertThatUserDoesNotExist(USER_LOGIN);
}
@@ -148,8 +151,13 @@ public class OAuth2IdentityProviderTest {
enablePlugin();
tester.settings().setGlobalSettings("sonar.auth.fake-oauth2-id-provider.allowsUsersToSignUp", "false");
- Selenese.runSelenese(orchestrator, "/user/OAuth2IdentityProviderTest/fail_to_authenticate_when_not_allowed_to_sign_up.html");
+ tester.openBrowser()
+ .logIn()
+ .useOAuth2();
+ $("#bd")
+ .shouldHave(Condition.text("You're not authorized to access this page. Please contact the administrator."))
+ .shouldHave(Condition.text(format("Reason: '%s' users are not allowed to sign up", FAKE_PROVIDER_KEY)));
assertThatUserDoesNotExist(USER_LOGIN);
}
@@ -159,12 +167,16 @@ public class OAuth2IdentityProviderTest {
enablePlugin();
tester.settings().setGlobalSettings("sonar.auth.fake-oauth2-id-provider.throwUnauthorizedMessage", "true");
- Selenese.runSelenese(orchestrator, "/user/OAuth2IdentityProviderTest/display_message_in_ui_but_not_in_log_when_unauthorized_exception.html");
-
- File logFile = orchestrator.getServer().getWebLogs();
- assertThat(FileUtils.readFileToString(logFile)).doesNotContain("A functional error has happened");
- assertThat(FileUtils.readFileToString(logFile)).doesNotContain("UnauthorizedException");
-
+ tester.openBrowser()
+ .logIn()
+ .useOAuth2();
+
+ $("#bd")
+ .shouldHave(Condition.text("You're not authorized to access this page. Please contact the administrator"))
+ .shouldHave(Condition.text("Reason: A functional error has happened"));
+ assertThat(readFileToString(orchestrator.getServer().getWebLogs(), UTF_8))
+ .doesNotContain("A functional error has happened")
+ .doesNotContain("UnauthorizedException");
assertThatUserDoesNotExist(USER_LOGIN);
}
@@ -206,6 +218,22 @@ public class OAuth2IdentityProviderTest {
}
@Test
+ public void fail_to_authenticate_user_when_email_already_exists_on_several_users() {
+ simulateRedirectionToCallback();
+ enablePlugin();
+ tester.users().generate(u -> u.setEmail(USER_EMAIL));
+ tester.users().generate(u -> u.setEmail(USER_EMAIL));
+
+ tester.openBrowser()
+ .logIn()
+ .useOAuth2();
+
+ $("#bd").shouldHave(Condition.text(
+ format("You can't sign up because email '%s' is already used by an existing user. This means that you probably already registered with another account.", USER_EMAIL)));
+ assertThatUserDoesNotExist(USER_LOGIN);
+ }
+
+ @Test
public void provision_user_before_authentication() {
simulateRedirectionToCallback();
enablePlugin();
diff --git a/tests/src/test/java/org/sonarqube/tests/user/RealmAuthenticationTest.java b/tests/src/test/java/org/sonarqube/tests/user/RealmAuthenticationTest.java
index c733ffab7e6..e34e6371168 100644
--- a/tests/src/test/java/org/sonarqube/tests/user/RealmAuthenticationTest.java
+++ b/tests/src/test/java/org/sonarqube/tests/user/RealmAuthenticationTest.java
@@ -21,43 +21,30 @@ package org.sonarqube.tests.user;
import com.codeborne.selenide.Condition;
import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.Maps;
import com.sonar.orchestrator.Orchestrator;
+import java.util.Collections;
import java.util.Map;
import javax.annotation.CheckForNull;
-import org.junit.After;
-import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
-import org.sonar.wsclient.Host;
-import org.sonar.wsclient.Sonar;
-import org.sonar.wsclient.base.HttpException;
-import org.sonar.wsclient.connectors.HttpClient4Connector;
-import org.sonar.wsclient.services.AuthenticationQuery;
-import org.sonar.wsclient.user.UserParameters;
import org.sonarqube.qa.util.Tester;
import org.sonarqube.qa.util.pageobjects.Navigation;
import org.sonarqube.qa.util.pageobjects.SystemInfoPage;
import org.sonarqube.qa.util.pageobjects.UsersManagementPage;
+import org.sonarqube.ws.UserGroups.Group;
+import org.sonarqube.ws.Users;
import org.sonarqube.ws.Users.SearchWsResponse.User;
-import org.sonarqube.ws.client.GetRequest;
-import org.sonarqube.ws.client.WsResponse;
-import org.sonarqube.ws.client.users.CreateRequest;
+import org.sonarqube.ws.client.users.ChangePasswordRequest;
import org.sonarqube.ws.client.users.SearchRequest;
-import util.user.UserRule;
-import static java.net.HttpURLConnection.HTTP_OK;
-import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED;
+import static java.util.Arrays.asList;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.groups.Tuple.tuple;
-import static org.junit.Assert.fail;
+import static util.ItUtils.expectHttpError;
import static util.ItUtils.newOrchestratorBuilder;
-import static util.ItUtils.newUserWsClient;
import static util.ItUtils.pluginArtifact;
-import static util.ItUtils.resetSettings;
-import static util.selenium.Selenese.runSelenese;
/**
* Test REALM authentication.
@@ -66,18 +53,9 @@ import static util.selenium.Selenese.runSelenese;
*/
public class RealmAuthenticationTest {
- private static final String TECH_USER = "techUser";
- private static final String USER_LOGIN = "tester";
- private static final String ADMIN_USER_LOGIN = "admin-user";
-
@Rule
public ExpectedException thrown = ExpectedException.none();
- /**
- * Property from security-plugin for user management.
- */
- private static final String USERS_PROPERTY = "sonar.fakeauthenticator.users";
-
@ClassRule
public static final Orchestrator orchestrator = newOrchestratorBuilder()
.addPlugin(pluginArtifact("security-plugin"))
@@ -85,53 +63,36 @@ public class RealmAuthenticationTest {
.build();
@Rule
- public UserRule userRule = UserRule.from(orchestrator);
-
- @Rule
public Tester tester = new Tester(orchestrator).disableOrganizations();
- @Before
- @After
- public void resetData() {
- resetSettings(orchestrator, null, USERS_PROPERTY, "sonar.security.updateUserAttributes");
- }
-
- @Before
- public void initAdminUser() {
- userRule.createAdminUser(ADMIN_USER_LOGIN, ADMIN_USER_LOGIN);
- }
-
- @After
- public void deleteAdminUser() {
- userRule.resetUsers();
- }
-
/**
* SONAR-3137, SONAR-2292
* Restriction on password length (minimum 4 characters) should be disabled, when external system enabled.
*/
@Test
- public void shouldSynchronizeDetailsAndGroups() {
+ public void synchronize_details_and_groups() {
// Given clean Sonar installation and no users in external system
- String username = USER_LOGIN;
+ String username = tester.users().generateLogin();
String password = "123";
- Map<String, String> users = Maps.newHashMap();
+ Group group = tester.groups().generate();
// When user created in external system
- users.put(username + ".password", password);
- users.put(username + ".name", "Tester Testerovich");
- users.put(username + ".email", "tester@example.org");
- users.put(username + ".groups", "sonar-user");
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(
+ username + ".password", password,
+ username + ".name", "Tester Testerovich",
+ username + ".email", "tester@example.org",
+ username + ".groups", group.getName()));
+
// Then
verifyAuthenticationIsOk(username, password);
- verifyUser();
-
- // with external details and groups
- runSelenese(orchestrator, "/user/ExternalAuthenticationTest/external-user-details.html");
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(username)).getUsersList())
+ .extracting(User::getLogin, User::getName, User::getEmail,
+ User::getExternalIdentity, User::getExternalProvider, User::getLocal, u -> u.getGroups().getGroupsList())
+ .containsExactlyInAnyOrder(tuple(username, "Tester Testerovich", "tester@example.org", username, "sonarqube", false, asList(group.getName(), "sonar-users")));
// SONAR-4462
- SystemInfoPage page = tester.openBrowser().logIn().submitCredentials(ADMIN_USER_LOGIN).openSystemInfo();
+ Users.CreateWsResponse.User adminUser = tester.users().generateAdministrator();
+ SystemInfoPage page = tester.openBrowser().logIn().submitCredentials(adminUser.getLogin()).openSystemInfo();
page.getCardItem("System").shouldHaveFieldWithValue("External User Authentication", "FakeRealm");
}
@@ -139,56 +100,54 @@ public class RealmAuthenticationTest {
* SONAR-4034
*/
@Test
- public void shouldUpdateDetailsByDefault() {
+ public void update_details_by_default() {
// Given clean Sonar installation and no users in external system
- String username = USER_LOGIN;
+ String username = tester.users().generateLogin();
String password = "123";
- Map<String, String> users = Maps.newHashMap();
// When user created in external system
- users.put(username + ".password", password);
- users.put(username + ".name", "Tester Testerovich");
- users.put(username + ".email", "tester@example.org");
- users.put(username + ".groups", "sonar-user");
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(
+ username + ".password", password,
+ username + ".name", "Tester Testerovich",
+ username + ".email", "tester@example.org"));
+
// Then
verifyAuthenticationIsOk(username, password);
- verifyUser();
-
- // with external details and groups
- // TODO replace by WS ? Or with new Selenese utils
- runSelenese(orchestrator, "/user/ExternalAuthenticationTest/external-user-details.html");
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(username)).getUsersList())
+ .extracting(User::getLogin, User::getName, User::getEmail)
+ .containsExactlyInAnyOrder(tuple(username, "Tester Testerovich", "tester@example.org"));
// Now update user details
- users.put(username + ".name", "Tester2 Testerovich");
- users.put(username + ".email", "tester2@example.org");
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(
+ username + ".password", password,
+ username + ".name", "Tester2 Testerovich",
+ username + ".email", "tester2@example.org"));
+
// Then
verifyAuthenticationIsOk(username, password);
// with external details and groups updated
- runSelenese(orchestrator, "/user/ExternalAuthenticationTest/external-user-details2.html");
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(username)).getUsersList())
+ .extracting(User::getLogin, User::getName, User::getEmail)
+ .containsExactlyInAnyOrder(tuple(username, "Tester2 Testerovich", "tester2@example.org"));
}
/**
* SONAR-3138
*/
@Test
- public void shouldNotFallback() {
+ public void does_not_fallback() {
// Given clean Sonar installation and no users in external system
- String login = USER_LOGIN;
+ String login = tester.users().generateLogin();
String password = "1234567";
- Map<String, String> users = Maps.newHashMap();
// When user created in external system
- users.put(login + ".password", password);
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(login + ".password", password));
// Then
verifyAuthenticationIsOk(login, password);
// When external system does not work
- users.remove(login + ".password");
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(Collections.emptyMap());
// Then
verifyAuthenticationIsNotOk(login, password);
}
@@ -197,16 +156,14 @@ public class RealmAuthenticationTest {
* SONAR-4543
*/
@Test
- public void adminIsLocalAccountByDefault() {
+ public void admin_is_local_account_by_default() {
// Given clean Sonar installation and no users in external system
String login = "admin";
String localPassword = "admin";
String remotePassword = "nimda";
- Map<String, String> users = Maps.newHashMap();
// When admin created in external system with a different password
- users.put(login + ".password", remotePassword);
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(login + ".password", remotePassword));
// Then this is local DB that should be used
verifyAuthenticationIsNotOk(login, remotePassword);
@@ -217,52 +174,49 @@ public class RealmAuthenticationTest {
* SONAR-1334, SONAR-3185 (createUsers=true is default)
*/
@Test
- public void shouldCreateNewUsers() {
+ public void create_new_users() {
// Given clean Sonar installation and no users in external system
- String username = USER_LOGIN;
+ String username = tester.users().generateLogin();
String password = "1234567";
- Map<String, String> users = Maps.newHashMap();
// When user not exists in external system
// Then
verifyAuthenticationIsNotOk(username, password);
// When user created in external system
- users.put(username + ".password", password);
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(username + ".password", password));
// Then
verifyAuthenticationIsOk(username, password);
- verifyUser();
+ verifyUser(username);
verifyAuthenticationIsNotOk(username, "wrong");
}
// SONAR-3258
@Test
- public void shouldAutomaticallyReactivateDeletedUser() {
+ public void reactivate_deleted_user() {
// Given clean Sonar installation and no users in external system
+ Users.CreateWsResponse.User adminUser = tester.users().generateAdministrator();
// Let's create and delete the user "tester" in Sonar DB
+ String login = tester.users().generateLogin();
Navigation nav = tester.openBrowser();
- UsersManagementPage page = nav.logIn().submitCredentials(ADMIN_USER_LOGIN).openUsersManagement();
+ UsersManagementPage page = nav.logIn().submitCredentials(adminUser.getLogin()).openUsersManagement();
page
- .createUser(USER_LOGIN)
+ .createUser(login)
.hasUsersCount(3)
- .getUser(USER_LOGIN)
+ .getUser(login)
.deactivateUser();
page.hasUsersCount(2);
nav.logOut()
- .logIn().submitWrongCredentials(USER_LOGIN, USER_LOGIN)
+ .logIn().submitWrongCredentials(login, login)
.getErrorMessage().shouldHave(Condition.text("Authentication failed"));
// And now update the security with the user that was deleted
- String login = USER_LOGIN;
String password = "1234567";
- Map<String, String> users = Maps.newHashMap();
- users.put(login + ".password", password);
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(login + ".password", password));
// check that the deleted/deactivated user "tester" has been reactivated and can now log in
verifyAuthenticationIsOk(login, password);
- verifyUser();
+ verifyUser(login);
}
/**
@@ -271,24 +225,20 @@ public class RealmAuthenticationTest {
@Test
public void update_password_of_technical_user() {
// Create user in external authentication
- updateUsersInExtAuth(ImmutableMap.of(USER_LOGIN + ".password", USER_LOGIN));
- verifyAuthenticationIsOk(USER_LOGIN, USER_LOGIN);
+ String login = tester.users().generateLogin();
+ updateUsersInExtAuth(ImmutableMap.of(login + ".password", login));
+ verifyAuthenticationIsOk(login, login);
// Create technical user in db
- createUserInDb(TECH_USER, "old_password");
- assertThat(checkAuthenticationThroughWebService(TECH_USER, "old_password")).isTrue();
+ Users.CreateWsResponse.User techUser = tester.users().generate(u -> u.setPassword("old_password"));
+ verifyAuthenticationIsOk(techUser.getLogin(), "old_password");
// Updating password of technical user is allowed
- updateUserPasswordInDb(TECH_USER, "new_password");
- assertThat(checkAuthenticationThroughWebService(TECH_USER, "new_password")).isTrue();
+ tester.users().service().changePassword(new ChangePasswordRequest().setLogin(techUser.getLogin()).setPassword("new_password"));
+ verifyAuthenticationIsOk(techUser.getLogin(), "new_password");
// But updating password of none local user is not allowed
- try {
- updateUserPasswordInDb(USER_LOGIN, "new_password");
- fail();
- } catch (HttpException e) {
- verifyHttpException(e, 400);
- }
+ expectHttpError(400, () -> tester.users().service().changePassword(new ChangePasswordRequest().setLogin(login).setPassword("new_password")));
}
/**
@@ -297,16 +247,14 @@ public class RealmAuthenticationTest {
@Test
public void authentication_with_ws() {
// Given clean Sonar installation and no users in external system
- String login = USER_LOGIN;
+ String login = tester.users().generateLogin();
String password = "1234567";
- Map<String, String> users = Maps.newHashMap();
// When user created in external system
- users.put(login + ".password", password);
- updateUsersInExtAuth(users);
+ updateUsersInExtAuth(ImmutableMap.of(login + ".password", password));
verifyAuthenticationIsOk(login, password);
- verifyUser();
+ verifyUser(login);
verifyAuthenticationIsNotOk("wrong", password);
verifyAuthenticationIsNotOk(login, "wrong");
verifyAuthenticationIsNotOk(login, null);
@@ -332,71 +280,54 @@ public class RealmAuthenticationTest {
@Test
public void provision_user_before_authentication() {
- tester.wsClient().users().create(new CreateRequest()
- .setLogin(USER_LOGIN)
- .setName("Tester Testerovich")
+ Users.CreateWsResponse.User user = tester.users().generate(u -> u.setName("Tester Testerovich")
.setEmail("tester@example.org")
+ .setPassword(null)
.setLocal("false"));
// The user is created in SonarQube but doesn't exist yet in external authentication system
- verifyAuthenticationIsNotOk(USER_LOGIN, "123");
+ verifyAuthenticationIsNotOk(user.getLogin(), "123");
updateUsersInExtAuth(ImmutableMap.of(
- USER_LOGIN + ".password", "123",
- USER_LOGIN + ".name", "Tester Testerovich",
- USER_LOGIN + ".email", "tester@example.org"));
+ user.getLogin() + ".password", "123",
+ user.getLogin() + ".name", "Tester Testerovich",
+ user.getLogin() + ".email", "tester@example.org"));
- verifyAuthenticationIsOk(USER_LOGIN, "123");
- verifyUser();
+ verifyAuthenticationIsOk(user.getLogin(), "123");
+ verifyUser(user.getLogin());
}
@Test
public void fail_to_authenticate_user_when_email_already_exists() {
- userRule.createUser("another", "Another", "tester@example.org", "another");
-
- String username = USER_LOGIN;
+ Users.CreateWsResponse.User user = tester.users().generate();
+ String username = tester.users().generateLogin();
String password = "123";
- Map<String, String> users = Maps.newHashMap();
- users.put(username + ".password", password);
- users.put(username + ".name", "Tester Testerovich");
- users.put(username + ".email", "tester@example.org");
- users.put(username + ".groups", "sonar-user");
- updateUsersInExtAuth(users);
+
+ updateUsersInExtAuth(ImmutableMap.of(
+ username + ".password", password,
+ username + ".email", user.getEmail()));
verifyAuthenticationIsNotOk(username, password);
}
- private void verifyHttpException(Exception e, int expectedCode) {
- assertThat(e).isInstanceOf(HttpException.class);
- HttpException exception = (HttpException) e;
- assertThat(exception.status()).isEqualTo(expectedCode);
- }
+ @Test
+ public void fail_to_authenticate_user_when_email_already_exists_on_several_users() {
+ Users.CreateWsResponse.User user1 = tester.users().generate(u -> u.setEmail("user@email.com"));
+ Users.CreateWsResponse.User user2 = tester.users().generate(u -> u.setEmail("user@email.com"));
+ String username = tester.users().generateLogin();
+ String password = "123";
- private boolean checkAuthenticationThroughWebService(String login, String password) {
- return createWsClient(login, password).find(new AuthenticationQuery()).isValid();
+ updateUsersInExtAuth(ImmutableMap.of(
+ username + ".password", password,
+ username + ".email", "user@email.com"));
+
+ verifyAuthenticationIsNotOk(username, password);
}
/**
* Updates information about users in security-plugin.
*/
private void updateUsersInExtAuth(Map<String, String> users) {
- tester.settings().setGlobalSettings(USERS_PROPERTY, format(users));
- }
-
- private void createUserInDb(String login, String password) {
- orchestrator.getServer().adminWsClient().userClient().create(UserParameters.create().login(login).name(login)
- .password(password).passwordConfirmation(password));
- }
-
- private void updateUserPasswordInDb(String login, String newPassword) {
- orchestrator.getServer().adminWsClient().post("/api/users/change_password", "login", login, "password", newPassword);
- }
-
- /**
- * Utility method to create {@link Sonar} with specified {@code username} and {@code password}.
- * Orchestrator does not provide such method.
- */
- private Sonar createWsClient(String username, String password) {
- return new Sonar(new HttpClient4Connector(new Host(orchestrator.getServer().getUrl(), username, password)));
+ tester.settings().setGlobalSettings("sonar.fakeauthenticator.users", format(users));
}
@CheckForNull
@@ -412,22 +343,17 @@ public class RealmAuthenticationTest {
}
private void verifyAuthenticationIsOk(String login, String password) {
- assertThat(checkAuthenticationWithWebService(login, password).code()).isEqualTo(HTTP_OK);
+ tester.as(login, password).wsClient().system().ping();
}
private void verifyAuthenticationIsNotOk(String login, String password) {
- assertThat(checkAuthenticationWithWebService(login, password).code()).isEqualTo(HTTP_UNAUTHORIZED);
- }
-
- private void verifyUser(){
- assertThat(tester.wsClient().users().search(new SearchRequest().setQ(USER_LOGIN)).getUsersList())
- .extracting(User::getLogin, User::getExternalIdentity, User::getExternalProvider, User::getLocal)
- .containsExactlyInAnyOrder(tuple(USER_LOGIN, USER_LOGIN, "sonarqube", false));
+ expectHttpError(401, () -> tester.as(login, password).wsClient().system().ping());
}
- private WsResponse checkAuthenticationWithWebService(String login, String password) {
- // Call any WS
- return newUserWsClient(orchestrator, login, password).wsConnector().call(new GetRequest("api/rules/search"));
+ private void verifyUser(String login) {
+ assertThat(tester.wsClient().users().search(new SearchRequest().setQ(login)).getUsersList())
+ .extracting(User::getLogin, User::getExternalIdentity, User::getExternalProvider, User::getLocal)
+ .containsExactlyInAnyOrder(tuple(login, login, "sonarqube", false));
}
}
diff --git a/tests/src/test/java/org/sonarqube/tests/user/SsoAuthenticationTest.java b/tests/src/test/java/org/sonarqube/tests/user/SsoAuthenticationTest.java
deleted file mode 100644
index 146f37ea777..00000000000
--- a/tests/src/test/java/org/sonarqube/tests/user/SsoAuthenticationTest.java
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2018 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonarqube.tests.user;
-
-import com.sonar.orchestrator.Orchestrator;
-import java.net.URLEncoder;
-import java.util.List;
-import javax.annotation.Nullable;
-import okhttp3.Response;
-import org.apache.commons.io.FileUtils;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Test;
-import org.junit.rules.RuleChain;
-import util.user.UserRule;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static org.assertj.core.api.Assertions.assertThat;
-import static util.ItUtils.call;
-import static util.ItUtils.newOrchestratorBuilder;
-
-/**
- * Test SSO authentication (using HTTP headers).
- * <p>
- * It starts its own server as it's using a different authentication system
- */
-public class SsoAuthenticationTest {
-
- private static final String LOGIN_HEADER = "H-Login";
- private static final String NAME_HEADER = "H-Name";
- private static final String EMAIL_HEADER = "H-Email";
- private static final String GROUPS_HEADER = "H-Groups";
-
- static final String USER_LOGIN = "tester";
- static final String USER_NAME = "Tester";
- static final String USER_EMAIL = "tester@email.com";
-
- static final String GROUP_1 = "group-1";
- static final String GROUP_2 = "group-2";
- static final String GROUP_3 = "group-3";
-
- @ClassRule
- public static final Orchestrator orchestrator = newOrchestratorBuilder()
- .setServerProperty("sonar.web.sso.enable", "true")
- .setServerProperty("sonar.web.sso.loginHeader", LOGIN_HEADER)
- .setServerProperty("sonar.web.sso.nameHeader", NAME_HEADER)
- .setServerProperty("sonar.web.sso.emailHeader", EMAIL_HEADER)
- .setServerProperty("sonar.web.sso.groupsHeader", GROUPS_HEADER)
- .build();
-
- private static UserRule userRule = UserRule.from(orchestrator);
-
- @ClassRule
- public static RuleChain ruleChain = RuleChain.outerRule(orchestrator).around(userRule);
-
- @Before
- public void resetData() {
- userRule.resetUsers();
- }
-
- @Test
- public void authenticate() {
- doCall(USER_LOGIN, USER_NAME, USER_EMAIL, null);
-
- userRule.verifyUserExists(USER_LOGIN, USER_NAME, USER_EMAIL);
- }
-
- @Test
- public void authenticate_with_only_login() {
- doCall(USER_LOGIN, null, null, null);
-
- userRule.verifyUserExists(USER_LOGIN, USER_LOGIN, null);
- }
-
- @Test
- public void update_user_when_headers_are_updated() {
- doCall(USER_LOGIN, USER_NAME, USER_EMAIL, null);
- userRule.verifyUserExists(USER_LOGIN, USER_NAME, USER_EMAIL);
-
- // As we don't keep the JWT token is the test, the user is updated
- doCall(USER_LOGIN, "new name", "new email", null);
- userRule.verifyUserExists(USER_LOGIN, "new name", "new email");
- }
-
- @Test
- public void authenticate_with_groups() {
- doCall(USER_LOGIN, null, null, GROUP_1);
-
- userRule.verifyUserGroupMembership(USER_LOGIN, GROUP_1, "sonar-users");
- }
-
- @Test
- public void synchronize_groups_when_authenticating_existing_user() {
- userRule.createGroup(GROUP_1);
- userRule.createGroup(GROUP_2);
- userRule.createGroup(GROUP_3);
- userRule.createUser(USER_LOGIN, "password");
- userRule.associateGroupsToUser(USER_LOGIN, GROUP_1, GROUP_2);
-
- doCall(USER_LOGIN, null, null, GROUP_2 + "," + GROUP_3);
-
- userRule.verifyUserGroupMembership(USER_LOGIN, GROUP_2, GROUP_3, "sonar-users");
- }
-
- @Test
- public void authentication_with_local_user_is_possible_when_no_header() {
- userRule.createUser(USER_LOGIN, "password");
-
- checkLocalAuthentication(USER_LOGIN, "password");
- }
-
- @Test
- public void display_message_in_ui_but_not_in_log_when_unauthorized_exception() throws Exception {
- Response response = doCall("invalid login $", null, null, null);
-
- assertThat(response.code()).isEqualTo(200);
- assertThat(response.request().url().toString()).contains("sessions/unauthorized");
-
- List<String> logsLines = FileUtils.readLines(orchestrator.getServer().getWebLogs(), UTF_8);
- assertThat(logsLines).doesNotContain("org.sonar.server.exceptions.BadRequestException: Use only letters, numbers, and .-_@ please.");
- userRule.verifyUserDoesNotExist(USER_LOGIN);
- }
-
- @Test
- public void fail_when_email_already_exists() throws Exception {
- userRule.createUser("another", "Another", USER_EMAIL, "another");
-
- Response response = doCall(USER_LOGIN, USER_NAME, USER_EMAIL, null);
-
- String expectedError = "You can't sign up because email 'tester@email.com' is already used by an existing user. This means that you probably already registered with another account";
- assertThat(response.code()).isEqualTo(200);
- assertThat(response.request().url().toString()).contains(URLEncoder.encode(expectedError, UTF_8.name()));
- assertThat(FileUtils.readLines(orchestrator.getServer().getWebLogs(), UTF_8)).doesNotContain(expectedError);
- }
-
- private static Response doCall(String login, @Nullable String name, @Nullable String email, @Nullable String groups) {
- return call(orchestrator.getServer().getUrl(),
- LOGIN_HEADER, login,
- NAME_HEADER, name,
- EMAIL_HEADER, email,
- GROUPS_HEADER, groups);
- }
-
- private boolean checkLocalAuthentication(String login, String password) {
- String result = orchestrator.getServer().wsClient(login, password).get("/api/authentication/validate");
- return result.contains("{\"valid\":true}");
- }
-
-}