1b28a5538SAdam Hornacek /* 2b28a5538SAdam Hornacek * CDDL HEADER START 3b28a5538SAdam Hornacek * 4b28a5538SAdam Hornacek * The contents of this file are subject to the terms of the 5b28a5538SAdam Hornacek * Common Development and Distribution License (the "License"). 6b28a5538SAdam Hornacek * You may not use this file except in compliance with the License. 7b28a5538SAdam Hornacek * 8b28a5538SAdam Hornacek * See LICENSE.txt included in this distribution for the specific 9b28a5538SAdam Hornacek * language governing permissions and limitations under the License. 10b28a5538SAdam Hornacek * 11b28a5538SAdam Hornacek * When distributing Covered Code, include this CDDL HEADER in each 12b28a5538SAdam Hornacek * file and include the License file at LICENSE.txt. 13b28a5538SAdam Hornacek * If applicable, add the following below this CDDL HEADER, with the 14b28a5538SAdam Hornacek * fields enclosed by brackets "[]" replaced with your own identifying 15b28a5538SAdam Hornacek * information: Portions Copyright [yyyy] [name of copyright owner] 16b28a5538SAdam Hornacek * 17b28a5538SAdam Hornacek * CDDL HEADER END 18b28a5538SAdam Hornacek */ 19b28a5538SAdam Hornacek 20b28a5538SAdam Hornacek /* 21b28a5538SAdam Hornacek * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. 22b28a5538SAdam Hornacek */ 23b28a5538SAdam Hornacek package opengrok.auth.plugin; 24b28a5538SAdam Hornacek 25b28a5538SAdam Hornacek import java.io.File; 26b28a5538SAdam Hornacek import java.io.FileOutputStream; 27b28a5538SAdam Hornacek import java.io.IOException; 28b28a5538SAdam Hornacek import java.io.OutputStreamWriter; 29b28a5538SAdam Hornacek import java.io.Writer; 30b28a5538SAdam Hornacek import java.nio.file.Files; 31b28a5538SAdam Hornacek import java.util.Arrays; 32b28a5538SAdam Hornacek import java.util.Collections; 33b28a5538SAdam Hornacek import java.util.HashSet; 34b28a5538SAdam Hornacek import java.util.Map; 35b28a5538SAdam Hornacek import java.util.TreeMap; 36b28a5538SAdam Hornacek import java.util.TreeSet; 37b28a5538SAdam Hornacek import javax.servlet.http.HttpServletRequest; 38b28a5538SAdam Hornacek import opengrok.auth.entity.LdapUser; 39b28a5538SAdam Hornacek import opengrok.auth.plugin.entity.User; 40b28a5538SAdam Hornacek import opengrok.auth.plugin.util.DummyHttpServletRequestLdap; 41b28a5538SAdam Hornacek import org.junit.AfterClass; 42b28a5538SAdam Hornacek import org.junit.Assert; 43b28a5538SAdam Hornacek import org.junit.Before; 44b28a5538SAdam Hornacek import org.junit.BeforeClass; 45b28a5538SAdam Hornacek import org.junit.Test; 46b28a5538SAdam Hornacek import org.opengrok.indexer.configuration.Group; 47b28a5538SAdam Hornacek import org.opengrok.indexer.configuration.Project; 48b28a5538SAdam Hornacek 49b28a5538SAdam Hornacek public class LdapAttrPluginTest { 50b28a5538SAdam Hornacek 51b28a5538SAdam Hornacek private HttpServletRequest dummyRequest; 52b28a5538SAdam Hornacek private LdapAttrPlugin plugin; 53b28a5538SAdam Hornacek 54b28a5538SAdam Hornacek private static File whitelistFile; 55b28a5538SAdam Hornacek 56b28a5538SAdam Hornacek @BeforeClass beforeClass()57b28a5538SAdam Hornacek public static void beforeClass() throws IOException { 58b28a5538SAdam Hornacek whitelistFile = Files.createTempFile("opengrok-auth-", "-check.tmp").toFile(); 59b28a5538SAdam Hornacek try (Writer w = new OutputStreamWriter(new FileOutputStream(whitelistFile))) { 60b28a5538SAdam Hornacek w.append("james@bond.com\n"); 61b28a5538SAdam Hornacek w.append("random@email.com\n"); 62b28a5538SAdam Hornacek w.append("just_a_text\n"); 63b28a5538SAdam Hornacek } 64b28a5538SAdam Hornacek } 65b28a5538SAdam Hornacek 66b28a5538SAdam Hornacek @AfterClass afterClass()67b28a5538SAdam Hornacek public static void afterClass() { 68b28a5538SAdam Hornacek whitelistFile.delete(); 69b28a5538SAdam Hornacek } 70b28a5538SAdam Hornacek 71b28a5538SAdam Hornacek @Before setUp()72b28a5538SAdam Hornacek public void setUp() { 73b28a5538SAdam Hornacek plugin = new LdapAttrPlugin(); 74b28a5538SAdam Hornacek Map<String, Object> parameters = new TreeMap<>(); 75b28a5538SAdam Hornacek 76b28a5538SAdam Hornacek parameters.put(AbstractLdapPlugin.FAKE_PARAM, true); 77b28a5538SAdam Hornacek parameters.put(LdapAttrPlugin.FILE_PARAM, whitelistFile.getAbsolutePath()); 78b28a5538SAdam Hornacek parameters.put(LdapAttrPlugin.ATTR_PARAM, "mail"); 79b28a5538SAdam Hornacek 80b28a5538SAdam Hornacek plugin.load(parameters); 81b28a5538SAdam Hornacek } 82b28a5538SAdam Hornacek 83b28a5538SAdam Hornacek @SuppressWarnings("unchecked") prepareRequest(String username, String mail, String... ous)84b28a5538SAdam Hornacek private void prepareRequest(String username, String mail, String... ous) { 85b28a5538SAdam Hornacek dummyRequest = new DummyHttpServletRequestLdap(); 86b28a5538SAdam Hornacek dummyRequest.setAttribute(UserPlugin.REQUEST_ATTR, 87*ef89dd12SVladimir Kotal new User(username, "123")); 88*ef89dd12SVladimir Kotal 89b28a5538SAdam Hornacek LdapUser ldapUser = new LdapUser(); 90b28a5538SAdam Hornacek ldapUser.setAttribute("mail", new TreeSet<>(Collections.singletonList(mail))); 91b28a5538SAdam Hornacek ldapUser.setAttribute("uid", new TreeSet<>(Collections.singletonList("123"))); 92b28a5538SAdam Hornacek ldapUser.setAttribute("ou", new TreeSet<>(Arrays.asList(ous))); 93*ef89dd12SVladimir Kotal 94b28a5538SAdam Hornacek dummyRequest.getSession().setAttribute(LdapUserPlugin.SESSION_ATTR, ldapUser); 95b28a5538SAdam Hornacek plugin.setSessionEstablished(dummyRequest, true); 96b28a5538SAdam Hornacek plugin.setSessionUsername(dummyRequest, username); 97b28a5538SAdam Hornacek } 98b28a5538SAdam Hornacek makeProject(String name)99b28a5538SAdam Hornacek private Project makeProject(String name) { 100b28a5538SAdam Hornacek Project p = new Project(); 101b28a5538SAdam Hornacek p.setName(name); 102b28a5538SAdam Hornacek return p; 103b28a5538SAdam Hornacek } 104b28a5538SAdam Hornacek makeGroup(String name)105b28a5538SAdam Hornacek private Group makeGroup(String name) { 106b28a5538SAdam Hornacek Group p = new Group(); 107b28a5538SAdam Hornacek p.setName(name); 108b28a5538SAdam Hornacek return p; 109b28a5538SAdam Hornacek } 110b28a5538SAdam Hornacek 111b28a5538SAdam Hornacek /** 112b28a5538SAdam Hornacek * Test of isAllowed method, of class LdapFilter. 113b28a5538SAdam Hornacek */ 114b28a5538SAdam Hornacek @Test testIsAllowed()115b28a5538SAdam Hornacek public void testIsAllowed() { 116b28a5538SAdam Hornacek /* 117b28a5538SAdam Hornacek * whitelist[mail] => [james@bond.com, random@email.com, just_a_text] 118b28a5538SAdam Hornacek */ 119b28a5538SAdam Hornacek prepareRequest("007", "james@bond.com", "MI6", "MI7"); 120b28a5538SAdam Hornacek 121b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 122b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 123b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 124b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 125b28a5538SAdam Hornacek 126b28a5538SAdam Hornacek prepareRequest("008", "james@bond.com", "MI6", "MI7"); 127b28a5538SAdam Hornacek 128b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 129b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 130b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 131b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 132b28a5538SAdam Hornacek 133b28a5538SAdam Hornacek prepareRequest("009", "other@email.com", "MI6"); 134b28a5538SAdam Hornacek 135b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 136b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 137b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 138b28a5538SAdam Hornacek Assert.assertFalse(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 139b28a5538SAdam Hornacek 140b28a5538SAdam Hornacek prepareRequest("00A", "random@email.com", "MI6", "MI7"); 141b28a5538SAdam Hornacek 142b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Random Project"))); 143b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeProject("Project 1"))); 144b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 1"))); 145b28a5538SAdam Hornacek Assert.assertTrue(plugin.isAllowed(dummyRequest, makeGroup("Group 2"))); 146b28a5538SAdam Hornacek } 147b28a5538SAdam Hornacek } 148