1*b28a5538SAdam Hornacek /* 2*b28a5538SAdam Hornacek * CDDL HEADER START 3*b28a5538SAdam Hornacek * 4*b28a5538SAdam Hornacek * The contents of this file are subject to the terms of the 5*b28a5538SAdam Hornacek * Common Development and Distribution License (the "License"). 6*b28a5538SAdam Hornacek * You may not use this file except in compliance with the License. 7*b28a5538SAdam Hornacek * 8*b28a5538SAdam Hornacek * See LICENSE.txt included in this distribution for the specific 9*b28a5538SAdam Hornacek * language governing permissions and limitations under the License. 10*b28a5538SAdam Hornacek * 11*b28a5538SAdam Hornacek * When distributing Covered Code, include this CDDL HEADER in each 12*b28a5538SAdam Hornacek * file and include the License file at LICENSE.txt. 13*b28a5538SAdam Hornacek * If applicable, add the following below this CDDL HEADER, with the 14*b28a5538SAdam Hornacek * fields enclosed by brackets "[]" replaced with your own identifying 15*b28a5538SAdam Hornacek * information: Portions Copyright [yyyy] [name of copyright owner] 16*b28a5538SAdam Hornacek * 17*b28a5538SAdam Hornacek * CDDL HEADER END 18*b28a5538SAdam Hornacek */ 19*b28a5538SAdam Hornacek 20*b28a5538SAdam Hornacek /* 21*b28a5538SAdam Hornacek * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. 22*b28a5538SAdam Hornacek */ 23*b28a5538SAdam Hornacek package opengrok.auth.plugin; 24*b28a5538SAdam Hornacek 25*b28a5538SAdam Hornacek import java.io.File; 26*b28a5538SAdam Hornacek import java.io.FileOutputStream; 27*b28a5538SAdam Hornacek import java.io.IOException; 28*b28a5538SAdam Hornacek import java.io.OutputStreamWriter; 29*b28a5538SAdam Hornacek import java.io.Writer; 30*b28a5538SAdam Hornacek import java.nio.file.Files; 31*b28a5538SAdam Hornacek import java.util.Arrays; 32*b28a5538SAdam Hornacek import java.util.Collections; 33*b28a5538SAdam Hornacek import java.util.HashSet; 34*b28a5538SAdam Hornacek import java.util.Map; 35*b28a5538SAdam Hornacek import java.util.TreeMap; 36*b28a5538SAdam Hornacek import java.util.TreeSet; 37*b28a5538SAdam Hornacek import javax.servlet.http.HttpServletRequest; 38*b28a5538SAdam Hornacek import opengrok.auth.entity.LdapUser; 39*b28a5538SAdam Hornacek import opengrok.auth.plugin.entity.User; 40*b28a5538SAdam Hornacek import opengrok.auth.plugin.util.DummyHttpServletRequestLdap; 41*b28a5538SAdam Hornacek import org.junit.AfterClass; 42*b28a5538SAdam Hornacek import org.junit.Assert; 43*b28a5538SAdam Hornacek import org.junit.Before; 44*b28a5538SAdam Hornacek import org.junit.BeforeClass; 45*b28a5538SAdam Hornacek import org.junit.Test; 46*b28a5538SAdam Hornacek import org.opengrok.indexer.configuration.Group; 47*b28a5538SAdam Hornacek import org.opengrok.indexer.configuration.Project; 48*b28a5538SAdam Hornacek 49*b28a5538SAdam Hornacek public class LdapAttrPluginTest { 50*b28a5538SAdam Hornacek 51*b28a5538SAdam Hornacek private HttpServletRequest dummyRequest; 52*b28a5538SAdam Hornacek private LdapAttrPlugin plugin; 53*b28a5538SAdam Hornacek 54*b28a5538SAdam Hornacek private static File whitelistFile; 55*b28a5538SAdam Hornacek 56*b28a5538SAdam Hornacek @BeforeClass beforeClass()57*b28a5538SAdam Hornacek public static void beforeClass() throws IOException { 58*b28a5538SAdam Hornacek whitelistFile = Files.createTempFile("opengrok-auth-", "-check.tmp").toFile(); 59*b28a5538SAdam Hornacek try (Writer w = new OutputStreamWriter(new FileOutputStream(whitelistFile))) { 60*b28a5538SAdam Hornacek w.append("james@bond.com\n"); 61*b28a5538SAdam Hornacek w.append("random@email.com\n"); 62*b28a5538SAdam Hornacek w.append("just_a_text\n"); 63*b28a5538SAdam Hornacek } 64*b28a5538SAdam Hornacek } 65*b28a5538SAdam Hornacek 66*b28a5538SAdam Hornacek @AfterClass afterClass()67*b28a5538SAdam Hornacek public static void afterClass() { 68*b28a5538SAdam Hornacek whitelistFile.delete(); 69*b28a5538SAdam Hornacek } 70*b28a5538SAdam Hornacek 71*b28a5538SAdam Hornacek @Before setUp()72*b28a5538SAdam Hornacek public void setUp() { 73*b28a5538SAdam Hornacek plugin = new LdapAttrPlugin(); 74*b28a5538SAdam Hornacek Map<String, Object> parameters = new TreeMap<>(); 75*b28a5538SAdam Hornacek 76*b28a5538SAdam Hornacek parameters.put(AbstractLdapPlugin.FAKE_PARAM, true); 77*b28a5538SAdam Hornacek parameters.put(LdapAttrPlugin.FILE_PARAM, whitelistFile.getAbsolutePath()); 78*b28a5538SAdam Hornacek parameters.put(LdapAttrPlugin.ATTR_PARAM, "mail"); 79*b28a5538SAdam Hornacek 80*b28a5538SAdam Hornacek plugin.load(parameters); 81*b28a5538SAdam Hornacek } 82*b28a5538SAdam Hornacek 83*b28a5538SAdam Hornacek @SuppressWarnings("unchecked") prepareRequest(String username, String mail, String... ous)84*b28a5538SAdam Hornacek private void prepareRequest(String username, String mail, String... ous) { 85*b28a5538SAdam Hornacek dummyRequest = new DummyHttpServletRequestLdap(); 86*b28a5538SAdam Hornacek dummyRequest.setAttribute(UserPlugin.REQUEST_ATTR, 87*b28a5538SAdam Hornacek new User(username, "123", null, false)); 88*b28a5538SAdam Hornacek LdapUser ldapUser = new LdapUser(); 89*b28a5538SAdam Hornacek ldapUser.setAttribute("mail", new TreeSet<>(Collections.singletonList(mail))); 90*b28a5538SAdam Hornacek ldapUser.setAttribute("uid", new TreeSet<>(Collections.singletonList("123"))); 91*b28a5538SAdam Hornacek ldapUser.setAttribute("ou", new TreeSet<>(Arrays.asList(ous))); 92*b28a5538SAdam Hornacek dummyRequest.getSession().setAttribute(LdapUserPlugin.SESSION_ATTR, ldapUser); 93*b28a5538SAdam Hornacek plugin.setSessionEstablished(dummyRequest, true); 94*b28a5538SAdam Hornacek plugin.setSessionUsername(dummyRequest, username); 95*b28a5538SAdam Hornacek } 96*b28a5538SAdam Hornacek makeProject(String name)97*b28a5538SAdam Hornacek private Project makeProject(String name) { 98*b28a5538SAdam Hornacek Project p = new Project(); 99*b28a5538SAdam Hornacek p.setName(name); 100*b28a5538SAdam Hornacek return p; 101*b28a5538SAdam Hornacek } 102*b28a5538SAdam Hornacek makeGroup(String name)103*b28a5538SAdam Hornacek private Group makeGroup(String name) { 104*b28a5538SAdam Hornacek Group p = new Group(); 105*b28a5538SAdam Hornacek p.setName(name); 106*b28a5538SAdam Hornacek return p; 107*b28a5538SAdam Hornacek } 108*b28a5538SAdam Hornacek 109*b28a5538SAdam Hornacek /** 110*b28a5538SAdam Hornacek * Test of isAllowed method, of class LdapFilter. 111*b28a5538SAdam Hornacek */ 112*b28a5538SAdam Hornacek @Test testIsAllowed()113*b28a5538SAdam Hornacek public void testIsAllowed() { 114*b28a5538SAdam Hornacek /* 115*b28a5538SAdam Hornacek * whitelist[mail] => [james@bond.com, random@email.com, just_a_text] 116*b28a5538SAdam Hornacek */ 117*b28a5538SAdam Hornacek prepareRequest("007", "james@bond.com", "MI6", "MI7"); 118*b28a5538SAdam Hornacek 119*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 120*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 121*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 122*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 123*b28a5538SAdam Hornacek 124*b28a5538SAdam Hornacek prepareRequest("008", "james@bond.com", "MI6", "MI7"); 125*b28a5538SAdam Hornacek 126*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 127*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 128*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 129*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 130*b28a5538SAdam Hornacek 131*b28a5538SAdam Hornacek prepareRequest("009", "other@email.com", "MI6"); 132*b28a5538SAdam Hornacek 133*b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 134*b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 135*b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 136*b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 137*b28a5538SAdam Hornacek 138*b28a5538SAdam Hornacek prepareRequest("00A", "random@email.com", "MI6", "MI7"); 139*b28a5538SAdam Hornacek 140*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 141*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 142*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 143*b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 144*b28a5538SAdam Hornacek } 145*b28a5538SAdam Hornacek } 146