Ejemplo n.º 1
0
  // test valid User, but invalid ip
  @Test
  public void testAuthenticateValidAuthButInvalidIp() throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS);
    ArrayList<String> allowedIps = new ArrayList<String>();
    allowedIps.add("192.168.1.2");
    dbuser.setAllowedIpAddresses(allowedIps);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));

    User u = auth.authenticate(request);
    assertTrue(u.getLogin() == null);
    assertTrue(u.getToken() == null);
    assertTrue(u.getPermissions() == Permission.NONE);
    assertTrue(u.getIpAddress().equals("192.168.1.1"));

    verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
  }
Ejemplo n.º 2
0
  @Test
  public void
      testAuthenticateValidAuthInHeaderAndUserInDataStoreButNotAuthorizedToRunAsAnotherUser()
          throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));
    when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");

    try {
      auth.authenticate(request);
    } catch (Exception ex) {
      assertTrue(ex.getMessage().equals("User does not have permission to run as another user"));
    }
  }
Ejemplo n.º 3
0
  @Test
  public void testAuthenticateValidAuthInHeaderAndUserInDataStore() throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));

    User u = auth.authenticate(request);
    assertTrue(u != null);
    assertTrue(u.getLogin().equals("bob"));
    assertTrue(u.getToken().equals("smith"));
    assertTrue(u.getPermissions() == Permission.LIST_ALL_JOBS);
    assertTrue(u.getIpAddress().equals("192.168.1.1"));
    assertTrue(u.getId() == dbuser.getId().longValue());

    verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
  }
Ejemplo n.º 4
0
  @Test
  public void testAuthenticateValidAuthInHeaderAndUserInDataStoreWithRunAsPerm() throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS | Permission.RUN_AS_ANOTHER_USER);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));
    when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");

    User u = auth.authenticate(request);
    assertTrue(u.getLogin().equals("bob"));
    assertTrue(u.getLoginToRunJobAs().equals("joe"));
  }