// test valid User, but invalid ip
@Test
public void testAuthenticateValidAuthButInvalidIp() throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS);
ArrayList<String> allowedIps = new ArrayList<String>();
allowedIps.add("192.168.1.2");
dbuser.setAllowedIpAddresses(allowedIps);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
User u = auth.authenticate(request);
assertTrue(u.getLogin() == null);
assertTrue(u.getToken() == null);
assertTrue(u.getPermissions() == Permission.NONE);
assertTrue(u.getIpAddress().equals("192.168.1.1"));
verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
}
@Test
public void
testAuthenticateValidAuthInHeaderAndUserInDataStoreButNotAuthorizedToRunAsAnotherUser()
throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");
try {
auth.authenticate(request);
} catch (Exception ex) {
assertTrue(ex.getMessage().equals("User does not have permission to run as another user"));
}
}
@Test
public void testAuthenticateValidAuthInHeaderAndUserInDataStore() throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
User u = auth.authenticate(request);
assertTrue(u != null);
assertTrue(u.getLogin().equals("bob"));
assertTrue(u.getToken().equals("smith"));
assertTrue(u.getPermissions() == Permission.LIST_ALL_JOBS);
assertTrue(u.getIpAddress().equals("192.168.1.1"));
assertTrue(u.getId() == dbuser.getId().longValue());
verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
}
public User updateUser(int id, String login, String pwd, String email, User user) {
Session session = sessionFactory.getCurrentSession();
user.setEmail(email);
user.setId(id);
user.setLogin(login);
user.setPwd(pwd);
user.setLast_date_pwd(new Date());
session.update(user);
return user;
}
public User createUser(String login, String pwd, String email)
throws MySQLIntegrityConstraintViolationException, ConstraintViolationException {
Session session = sessionFactory.getCurrentSession();
User user = new User();
user.setEmail(email);
user.setLogin(login);
user.setPwd(pwd);
user.setLast_date_pwd(new Date());
session.persist(user);
return user;
}
/** GetUser */
@WebMethod(operationName = "getUser", action = "getUser")
public User getUser(
@WebParam(name = "sessionId") String sessionId, @WebParam(name = "login") String login) {
Connection con = null;
Statement st = null;
ResultSet rs = null;
User foundUser = null;
try {
con =
DriverManager.getConnection(
PostgresConfig.url, PostgresConfig.user, PostgresConfig.password);
// if(!checkSessionId(login, sessionId, con))
// return null;
st = con.createStatement();
////////////////////////////////////////////////////////////////////////////////
rs = st.executeQuery("SELECT * FROM users WHERE login=\'" + login + "\'");
while (rs.next()) {
User user = new User();
user.setFirstName(rs.getString("imie"));
user.setLastName(rs.getString("nazwisko"));
user.setLogin(rs.getString("login"));
user.setMail(rs.getString("mail"));
user.setPhoneNumber(rs.getString("telefon"));
foundUser = user;
break;
}
System.out.println("Polaczono");
////////////////////////////////////////////////////////////////////////////////
} catch (SQLException e) {
System.out.println("Blad polaczenia");
System.out.println(e.getMessage());
System.out.println(e.getErrorCode());
} finally {
try {
if (rs != null) rs.close();
if (st != null) st.close();
if (con != null) con.close();
} catch (SQLException ex) {
System.out.println("Blad zamykania polaczenia");
System.out.println(ex.getMessage());
System.out.println(ex.getErrorCode());
}
}
return foundUser;
}
/** ListUsers */
@WebMethod(operationName = "listUsers", action = "listUsers")
public List<User> listUsers() {
List<User> users = new LinkedList<User>();
Connection con = null;
Statement st = null;
ResultSet rs = null;
try {
con =
DriverManager.getConnection(
PostgresConfig.url, PostgresConfig.user, PostgresConfig.password);
st = con.createStatement();
////////////////////////////////////////////////////////////////////////////////
rs = st.executeQuery("SELECT * FROM users;");
while (rs.next()) {
User user = new User();
user.setFirstName(rs.getString("imie"));
user.setLastName(rs.getString("nazwisko"));
user.setLogin(rs.getString("login"));
user.setMail(rs.getString("mail"));
user.setPhoneNumber(rs.getString("telefon"));
users.add(user);
}
System.out.println("Polaczono");
////////////////////////////////////////////////////////////////////////////////
} catch (SQLException e) {
System.out.println("Blad polaczenia");
System.out.println(e.getMessage());
System.out.println(e.getErrorCode());
} finally {
try {
if (rs != null) rs.close();
if (st != null) st.close();
if (con != null) con.close();
} catch (SQLException ex) {
System.out.println("Blad zamykania polaczenia");
System.out.println(ex.getMessage());
System.out.println(ex.getErrorCode());
}
}
return users;
}
@Test
public void testAuthenticateValidAuthInHeaderAndUserInDataStoreWithRunAsPerm() throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS | Permission.RUN_AS_ANOTHER_USER);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");
User u = auth.authenticate(request);
assertTrue(u.getLogin().equals("bob"));
assertTrue(u.getLoginToRunJobAs().equals("joe"));
}
@BeforeMethod
public void before() throws IOException {
user = new User();
user.setLogin("login");
user.setPassword("password");
service = mock(GistService.class);
gc = mock(GitHubClient.class);
gist = new Gist();
gist.setDescription(DESCRIPTION);
list = new ArrayList<Gist>();
for (int i = 0; i < 5; i++) {
list.add(new Gist());
}
when(service.getGist("test")).thenReturn(gist);
when(service.updateGist(gist)).thenReturn(gist);
when(service.getGists(user.getLogin())).thenReturn(list);
when(service.createGist(gist)).thenReturn(gist);
// when(service.deleteGist("test")).thenThrow();
when(service.getClient()).thenReturn(gc);
when(gc.setCredentials(user.getLogin(), user.getPassword())).thenReturn(gc);
gf = new GistFetcher(service);
}
private static void generateXMLForUser() {
User u = new User();
u.setLogin("newlogin");
String xml = RedmineXMLGenerator.toXML(u);
logger.debug(xml);
}
private void setLogin(LoginContext login) {
user.setLogin(login);
}
