1b28a5538SAdam Hornacek /* 2b28a5538SAdam Hornacek * CDDL HEADER START 3b28a5538SAdam Hornacek * 4b28a5538SAdam Hornacek * The contents of this file are subject to the terms of the 5b28a5538SAdam Hornacek * Common Development and Distribution License (the "License"). 6b28a5538SAdam Hornacek * You may not use this file except in compliance with the License. 7b28a5538SAdam Hornacek * 8b28a5538SAdam Hornacek * See LICENSE.txt included in this distribution for the specific 9b28a5538SAdam Hornacek * language governing permissions and limitations under the License. 10b28a5538SAdam Hornacek * 11b28a5538SAdam Hornacek * When distributing Covered Code, include this CDDL HEADER in each 12b28a5538SAdam Hornacek * file and include the License file at LICENSE.txt. 13b28a5538SAdam Hornacek * If applicable, add the following below this CDDL HEADER, with the 14b28a5538SAdam Hornacek * fields enclosed by brackets "[]" replaced with your own identifying 15b28a5538SAdam Hornacek * information: Portions Copyright [yyyy] [name of copyright owner] 16b28a5538SAdam Hornacek * 17b28a5538SAdam Hornacek * CDDL HEADER END 18b28a5538SAdam Hornacek */ 19b28a5538SAdam Hornacek 20b28a5538SAdam Hornacek /* 211bef0339SVladimir Kotal * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved. 22b28a5538SAdam Hornacek */ 23b28a5538SAdam Hornacek package opengrok.auth.plugin; 24b28a5538SAdam Hornacek 2502df4614SVladimir Kotal import java.util.Collections; 263c16dad8SVladimir Kotal import java.util.HashMap; 27b28a5538SAdam Hornacek import java.util.Map; 283c16dad8SVladimir Kotal import java.util.Set; 29b28a5538SAdam Hornacek import java.util.TreeMap; 303c16dad8SVladimir Kotal 31aa6abf42SAdam Hornacek import jakarta.servlet.http.HttpServletRequest; 323c16dad8SVladimir Kotal import opengrok.auth.entity.LdapUser; 33b28a5538SAdam Hornacek import opengrok.auth.plugin.entity.User; 343c16dad8SVladimir Kotal import opengrok.auth.plugin.ldap.AbstractLdapProvider; 353c16dad8SVladimir Kotal import opengrok.auth.plugin.ldap.LdapException; 363c16dad8SVladimir Kotal import opengrok.auth.plugin.ldap.LdapFacade; 373c16dad8SVladimir Kotal import opengrok.auth.plugin.util.DummyHttpServletRequestLdap; 382f7dccc7SAdam Hornacek import org.junit.jupiter.api.BeforeEach; 392f7dccc7SAdam Hornacek import org.junit.jupiter.api.Test; 40*d630fdc8SVladimir Kotal import org.mockito.Mockito; 41*d630fdc8SVladimir Kotal import org.opengrok.indexer.configuration.Group; 42*d630fdc8SVladimir Kotal import org.opengrok.indexer.configuration.Project; 433c16dad8SVladimir Kotal 443c16dad8SVladimir Kotal import static opengrok.auth.plugin.LdapUserPlugin.SESSION_ATTR; 452f7dccc7SAdam Hornacek import static org.junit.jupiter.api.Assertions.assertEquals; 46*d630fdc8SVladimir Kotal import static org.junit.jupiter.api.Assertions.assertFalse; 472f7dccc7SAdam Hornacek import static org.junit.jupiter.api.Assertions.assertNotNull; 48*d630fdc8SVladimir Kotal import static org.junit.jupiter.api.Assertions.assertSame; 492f7dccc7SAdam Hornacek import static org.junit.jupiter.api.Assertions.assertThrows; 503c16dad8SVladimir Kotal import static org.mockito.ArgumentMatchers.any; 51*d630fdc8SVladimir Kotal import static org.mockito.ArgumentMatchers.anyBoolean; 52*d630fdc8SVladimir Kotal import static org.mockito.ArgumentMatchers.anyString; 53*d630fdc8SVladimir Kotal import static org.mockito.ArgumentMatchers.eq; 541161d3e8SAdam Hornacek import static org.mockito.ArgumentMatchers.isNull; 551161d3e8SAdam Hornacek import static org.mockito.Mockito.mock; 56*d630fdc8SVladimir Kotal import static org.mockito.Mockito.times; 57*d630fdc8SVladimir Kotal import static org.mockito.Mockito.verify; 581161d3e8SAdam Hornacek import static org.mockito.Mockito.when; 59b28a5538SAdam Hornacek 60b28a5538SAdam Hornacek /** 61b28a5538SAdam Hornacek * @author Vladimir Kotal 62b28a5538SAdam Hornacek */ 631bef0339SVladimir Kotal class LdapUserPluginTest { 64c6f0939bSAdam Hornacek 65b28a5538SAdam Hornacek private LdapUserPlugin plugin; 66b28a5538SAdam Hornacek 672f7dccc7SAdam Hornacek @BeforeEach setUp()68b28a5538SAdam Hornacek public void setUp() { 69b28a5538SAdam Hornacek plugin = new LdapUserPlugin(); 70b28a5538SAdam Hornacek } 71b28a5538SAdam Hornacek getParamsMap()72b28a5538SAdam Hornacek private Map<String, Object> getParamsMap() { 73b28a5538SAdam Hornacek Map<String, Object> params = new TreeMap<>(); 74b28a5538SAdam Hornacek params.put(AbstractLdapPlugin.CONFIGURATION_PARAM, 75b28a5538SAdam Hornacek getClass().getResource("config.xml").getFile()); 76b28a5538SAdam Hornacek 77b28a5538SAdam Hornacek return params; 78b28a5538SAdam Hornacek } 79b28a5538SAdam Hornacek 802f7dccc7SAdam Hornacek @Test loadTestNegative1()811bef0339SVladimir Kotal void loadTestNegative1() { 82b28a5538SAdam Hornacek Map<String, Object> params = getParamsMap(); 831161d3e8SAdam Hornacek params.put("foo", "bar"); 842f7dccc7SAdam Hornacek assertThrows(NullPointerException.class, () -> plugin.load(params)); 85b28a5538SAdam Hornacek } 86b28a5538SAdam Hornacek 87b28a5538SAdam Hornacek @Test loadTestPositive()881bef0339SVladimir Kotal void loadTestPositive() { 89b28a5538SAdam Hornacek Map<String, Object> params = getParamsMap(); 901161d3e8SAdam Hornacek params.put(LdapUserPlugin.ATTRIBUTES, "mail"); 91b28a5538SAdam Hornacek plugin.load(params); 92b28a5538SAdam Hornacek } 93b28a5538SAdam Hornacek 94b28a5538SAdam Hornacek @Test filterTest()951bef0339SVladimir Kotal void filterTest() { 96b28a5538SAdam Hornacek Map<String, Object> params = getParamsMap(); 971161d3e8SAdam Hornacek params.put(LdapUserPlugin.LDAP_FILTER, "(&(objectclass=person)(mail=%username%))"); 981161d3e8SAdam Hornacek params.put(LdapUserPlugin.ATTRIBUTES, "uid,mail"); 99b28a5538SAdam Hornacek plugin.load(params); 100b28a5538SAdam Hornacek 1011bef0339SVladimir Kotal User user = new User("foo@example.com", "id", null, false); 10253c33ae5SVladimir Kotal String filter = plugin.expandFilter(user); 1031bef0339SVladimir Kotal assertEquals("(&(objectclass=person)(mail=foo@example.com))", filter); 104b28a5538SAdam Hornacek } 1053c16dad8SVladimir Kotal 1063c16dad8SVladimir Kotal @Test testFillSessionWithDnOff()1071bef0339SVladimir Kotal void testFillSessionWithDnOff() throws LdapException { 1083c16dad8SVladimir Kotal AbstractLdapProvider mockprovider = mock(LdapFacade.class); 1093c16dad8SVladimir Kotal Map<String, Set<String>> attrs = new HashMap<>(); 1101bef0339SVladimir Kotal attrs.put("mail", Collections.singleton("foo@example.com")); 1111bef0339SVladimir Kotal final String dn = "cn=FOO_BAR,L=EMEA,DC=EXAMPLE,DC=COM"; 1123c16dad8SVladimir Kotal AbstractLdapProvider.LdapSearchResult<Map<String, Set<String>>> result = 11302df4614SVladimir Kotal new AbstractLdapProvider.LdapSearchResult<>(dn, attrs); 1143c16dad8SVladimir Kotal assertNotNull(result); 1153c16dad8SVladimir Kotal when(mockprovider.lookupLdapContent(isNull(), isNull(), any(String[].class))). 1163c16dad8SVladimir Kotal thenReturn(result); 1173c16dad8SVladimir Kotal 1183c16dad8SVladimir Kotal Map<String, Object> params = getParamsMap(); 1191161d3e8SAdam Hornacek params.put(LdapUserPlugin.ATTRIBUTES, "mail"); 1201161d3e8SAdam Hornacek params.put(LdapUserPlugin.USE_DN, false); 1213c16dad8SVladimir Kotal LdapUserPlugin plugin = new LdapUserPlugin(); 1223c16dad8SVladimir Kotal plugin.load(params, mockprovider); 123*d630fdc8SVladimir Kotal assertSame(mockprovider, plugin.getLdapProvider()); 1243c16dad8SVladimir Kotal 1253c16dad8SVladimir Kotal HttpServletRequest request = new DummyHttpServletRequestLdap(); 1261bef0339SVladimir Kotal User user = new User("foo@example.com", "id"); 1273c16dad8SVladimir Kotal plugin.fillSession(request, user); 1283c16dad8SVladimir Kotal 1293c16dad8SVladimir Kotal assertNotNull(request.getSession().getAttribute(SESSION_ATTR)); 13002df4614SVladimir Kotal assertEquals(dn, ((LdapUser) request.getSession().getAttribute(SESSION_ATTR)).getDn()); 1313c16dad8SVladimir Kotal } 13266cf937cSVladimir Kotal 13366cf937cSVladimir Kotal @Test testNegativeCache()134*d630fdc8SVladimir Kotal void testNegativeCache() throws LdapException { 135*d630fdc8SVladimir Kotal AbstractLdapProvider mockprovider = mock(LdapFacade.class); 136*d630fdc8SVladimir Kotal when(mockprovider.lookupLdapContent(isNull(), isNull(), any(String[].class))).thenReturn(null); 137*d630fdc8SVladimir Kotal 138*d630fdc8SVladimir Kotal Map<String, Object> params = getParamsMap(); 139*d630fdc8SVladimir Kotal params.put(LdapUserPlugin.ATTRIBUTES, "mail"); 140*d630fdc8SVladimir Kotal params.put(LdapUserPlugin.USE_DN, false); 141*d630fdc8SVladimir Kotal LdapUserPlugin origPlugin = new LdapUserPlugin(); 142*d630fdc8SVladimir Kotal LdapUserPlugin plugin = Mockito.spy(origPlugin); 143*d630fdc8SVladimir Kotal plugin.load(params, mockprovider); 144*d630fdc8SVladimir Kotal assertSame(mockprovider, plugin.getLdapProvider()); 145*d630fdc8SVladimir Kotal 146*d630fdc8SVladimir Kotal HttpServletRequest dummyRequest = new DummyHttpServletRequestLdap(); 147*d630fdc8SVladimir Kotal User user = new User("foo@example.com", "id"); 148*d630fdc8SVladimir Kotal dummyRequest.setAttribute(UserPlugin.REQUEST_ATTR, new User("foo", "123")); 149*d630fdc8SVladimir Kotal plugin.fillSession(dummyRequest, user); 150*d630fdc8SVladimir Kotal 151*d630fdc8SVladimir Kotal assertNotNull(dummyRequest.getSession().getAttribute(SESSION_ATTR)); 152*d630fdc8SVladimir Kotal assertFalse(plugin.isAllowed(dummyRequest, new Project("foo"))); 153*d630fdc8SVladimir Kotal assertFalse(plugin.isAllowed(dummyRequest, new Group("bar"))); 154*d630fdc8SVladimir Kotal // Make sure that the session was filled so that the second call to isAllowed() did not fill it again. 155*d630fdc8SVladimir Kotal verify(plugin, times(2)).updateSession(eq(dummyRequest), anyString(), anyBoolean()); 156*d630fdc8SVladimir Kotal } 157*d630fdc8SVladimir Kotal 158*d630fdc8SVladimir Kotal @Test testInstance()1591bef0339SVladimir Kotal void testInstance() { 16066cf937cSVladimir Kotal Map<String, Object> params = getParamsMap(); 1611161d3e8SAdam Hornacek params.put(LdapUserPlugin.ATTRIBUTES, "mail"); 1621161d3e8SAdam Hornacek params.put(LdapUserPlugin.INSTANCE, "42"); 16366cf937cSVladimir Kotal plugin.load(params); 16466cf937cSVladimir Kotal 16566cf937cSVladimir Kotal HttpServletRequest request = new DummyHttpServletRequestLdap(); 16666cf937cSVladimir Kotal LdapUser ldapUser = new LdapUser(); 16766cf937cSVladimir Kotal plugin.updateSession(request, ldapUser); 16866cf937cSVladimir Kotal assertEquals(request.getSession().getAttribute(SESSION_ATTR + "42"), ldapUser); 16966cf937cSVladimir Kotal } 17066cf937cSVladimir Kotal 1712f7dccc7SAdam Hornacek @Test testInvalidInstance()1721bef0339SVladimir Kotal void testInvalidInstance() { 17366cf937cSVladimir Kotal Map<String, Object> params = getParamsMap(); 1741161d3e8SAdam Hornacek params.put(LdapUserPlugin.ATTRIBUTES, "mail"); 1751161d3e8SAdam Hornacek params.put(LdapUserPlugin.INSTANCE, "foobar"); 1762f7dccc7SAdam Hornacek assertThrows(NumberFormatException.class, () -> plugin.load(params)); 17766cf937cSVladimir Kotal } 178b28a5538SAdam Hornacek } 179