コード例 #1
0
  @Test
  public void testAuthenticate() throws Exception {
    SAML2LoginAPIAuthenticatorCmd cmd = Mockito.spy(new SAML2LoginAPIAuthenticatorCmd());

    Field apiServerField = SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_apiServer");
    apiServerField.setAccessible(true);
    apiServerField.set(cmd, apiServer);

    Field managerField = SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_samlAuthManager");
    managerField.setAccessible(true);
    managerField.set(cmd, samlAuthManager);

    Field accountServiceField = BaseCmd.class.getDeclaredField("_accountService");
    accountServiceField.setAccessible(true);
    accountServiceField.set(cmd, accountService);

    Field domainMgrField = SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_domainMgr");
    domainMgrField.setAccessible(true);
    domainMgrField.set(cmd, domainMgr);

    Field userAccountDaoField =
        SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_userAccountDao");
    userAccountDaoField.setAccessible(true);
    userAccountDaoField.set(cmd, userAccountDao);

    String spId = "someSPID";
    String url = "someUrl";
    KeyPair kp = SAMLUtils.generateRandomKeyPair();
    X509Certificate cert = SAMLUtils.generateRandomX509Certificate(kp);

    SAMLProviderMetadata providerMetadata = new SAMLProviderMetadata();
    providerMetadata.setEntityId("random");
    providerMetadata.setSigningCertificate(cert);
    providerMetadata.setEncryptionCertificate(cert);
    providerMetadata.setKeyPair(kp);
    providerMetadata.setSsoUrl("http://test.local");
    providerMetadata.setSloUrl("http://test.local");

    Mockito.when(session.getAttribute(Mockito.anyString())).thenReturn(null);

    Mockito.when(domain.getId()).thenReturn(1L);
    Mockito.when(domainMgr.getDomain(Mockito.anyString())).thenReturn(domain);
    UserAccountVO user = new UserAccountVO();
    user.setId(1000L);
    Mockito.when(userAccountDao.getUserAccount(Mockito.anyString(), Mockito.anyLong()))
        .thenReturn(user);
    Mockito.when(apiServer.verifyUser(Mockito.anyLong())).thenReturn(false);
    Mockito.when(samlAuthManager.getSPMetadata()).thenReturn(providerMetadata);
    Mockito.when(samlAuthManager.getIdPMetadata(Mockito.anyString())).thenReturn(providerMetadata);

    Map<String, Object[]> params = new HashMap<String, Object[]>();

    // SSO redirection test
    cmd.authenticate(
        "command",
        params,
        session,
        InetAddress.getByName("127.0.0.1"),
        HttpUtils.RESPONSE_TYPE_JSON,
        new StringBuilder(),
        req,
        resp);
    Mockito.verify(resp, Mockito.times(1)).sendRedirect(Mockito.anyString());

    // SSO SAMLResponse verification test, this should throw ServerApiException for auth failure
    params.put(SAMLPluginConstants.SAML_RESPONSE, new String[] {"Some String"});
    Mockito.stub(cmd.processSAMLResponse(Mockito.anyString())).toReturn(buildMockResponse());
    try {
      cmd.authenticate(
          "command",
          params,
          session,
          InetAddress.getByName("127.0.0.1"),
          HttpUtils.RESPONSE_TYPE_JSON,
          new StringBuilder(),
          req,
          resp);
    } catch (ServerApiException ignored) {
    }
    Mockito.verify(userAccountDao, Mockito.times(0))
        .getUserAccount(Mockito.anyString(), Mockito.anyLong());
    Mockito.verify(apiServer, Mockito.times(0)).verifyUser(Mockito.anyLong());
  }
コード例 #2
0
  @Override
  public String authenticate(
      String command,
      Map<String, Object[]> params,
      HttpSession session,
      String remoteAddress,
      String responseType,
      StringBuilder auditTrailSb,
      final HttpServletResponse resp)
      throws ServerApiException {

    // FIXME: ported from ApiServlet, refactor and cleanup
    final String[] username = (String[]) params.get(ApiConstants.USERNAME);
    final String[] password = (String[]) params.get(ApiConstants.PASSWORD);
    String[] domainIdArr = (String[]) params.get(ApiConstants.DOMAIN_ID);

    if (domainIdArr == null) {
      domainIdArr = (String[]) params.get(ApiConstants.DOMAIN__ID);
    }
    final String[] domainName = (String[]) params.get(ApiConstants.DOMAIN);
    Long domainId = null;
    if ((domainIdArr != null) && (domainIdArr.length > 0)) {
      try {
        // check if UUID is passed in for domain
        domainId = _apiServer.fetchDomainId(domainIdArr[0]);
        if (domainId == null) {
          domainId = Long.parseLong(domainIdArr[0]);
        }
        auditTrailSb.append(" domainid=" + domainId); // building the params for POST call
      } catch (final NumberFormatException e) {
        s_logger.warn("Invalid domain id entered by user");
        auditTrailSb.append(
            " "
                + HttpServletResponse.SC_UNAUTHORIZED
                + " "
                + "Invalid domain id entered, please enter a valid one");
        throw new ServerApiException(
            ApiErrorCode.UNAUTHORIZED,
            _apiServer.getSerializedApiError(
                HttpServletResponse.SC_UNAUTHORIZED,
                "Invalid domain id entered, please enter a valid one",
                params,
                responseType));
      }
    }

    String domain = null;
    if (domainName != null) {
      domain = domainName[0];
      auditTrailSb.append(" domain=" + domain);
      if (domain != null) {
        // ensure domain starts with '/' and ends with '/'
        if (!domain.endsWith("/")) {
          domain += '/';
        }
        if (!domain.startsWith("/")) {
          domain = "/" + domain;
        }
      }
    }

    String serializedResponse = null;
    if (username != null) {
      final String pwd = ((password == null) ? null : password[0]);
      try {
        return ApiResponseSerializer.toSerializedString(
            _apiServer.loginUser(
                session, username[0], pwd, domainId, domain, remoteAddress, params),
            responseType);
      } catch (final CloudAuthenticationException ex) {
        // TODO: fall through to API key, or just fail here w/ auth error? (HTTP 401)
        try {
          session.invalidate();
        } catch (final IllegalStateException ise) {
        }
        auditTrailSb.append(
            " " + ApiErrorCode.ACCOUNT_ERROR + " " + ex.getMessage() != null
                ? ex.getMessage()
                : "failed to authenticate user, check if username/password are correct");
        serializedResponse =
            _apiServer.getSerializedApiError(
                ApiErrorCode.ACCOUNT_ERROR.getHttpCode(),
                ex.getMessage() != null
                    ? ex.getMessage()
                    : "failed to authenticate user, check if username/password are correct",
                params,
                responseType);
      }
    }
    // We should not reach here and if we do we throw an exception
    throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, serializedResponse);
  }