private AuthenticationUtilService getTested() { AuthenticationUtilService tested = new AuthenticationUtilService(); tested.log = Logger.getLogger("testlogger"); tested.contributorProfileService = Mockito.mock(ContributorProfileService.class); tested.httpRequest = Mockito.mock(HttpServletRequest.class); return tested; }
@Test public void getAuthenticatedUserPrincipal() { AuthenticationUtilService tested = getTested(); // case - not authenticated { Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(null); Assert.assertNull(tested.getAuthenticatedUserPrincipal()); } // case - authenticated { Mockito.reset(tested.httpRequest); Principal p = Mockito.mock(Principal.class); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Assert.assertEquals(p, tested.getAuthenticatedUserPrincipal()); } }
@Test public void isAuthenticatedUserOfType() { AuthenticationUtilService tested = getTested(); // case - not authenticated { Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(null); Assert.assertFalse(tested.isAuthenticatedUserOfType(AuthenticatedUserType.CONTRIBUTOR)); Assert.assertFalse(tested.isAuthenticatedUserOfType(AuthenticatedUserType.PROVIDER)); } Principal p = Mockito.mock(Principal.class); // case - authenticated as PROVIDER { Mockito.reset(tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(true); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(false); Assert.assertFalse(tested.isAuthenticatedUserOfType(AuthenticatedUserType.CONTRIBUTOR)); Assert.assertTrue(tested.isAuthenticatedUserOfType(AuthenticatedUserType.PROVIDER)); } // case - authenticated as CONTRIBUTOR { Mockito.reset(tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); Assert.assertTrue(tested.isAuthenticatedUserOfType(AuthenticatedUserType.CONTRIBUTOR)); Assert.assertFalse(tested.isAuthenticatedUserOfType(AuthenticatedUserType.PROVIDER)); } // case - authenticated as other only { Mockito.reset(tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(false); Assert.assertFalse(tested.isAuthenticatedUserOfType(AuthenticatedUserType.CONTRIBUTOR)); Assert.assertFalse(tested.isAuthenticatedUserOfType(AuthenticatedUserType.PROVIDER)); Assert.assertFalse(tested.isAuthenticatedUserOfType(null)); } }
@Test public void getAuthenticatedProvider() { AuthenticationUtilService tested = getTested(); // case - nobody is authenticated try { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(null); tested.getAuthenticatedProvider(); Assert.fail("NotAuthenticatedException expected"); } catch (NotAuthenticatedException e) { // OK Mockito.verifyZeroInteractions(tested.contributorProfileService); } // case - CONTRIBUTOR is authenticated try { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Principal p = new ContributorPrincipal("uname"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); tested.getAuthenticatedProvider(); Assert.fail("NotAuthenticatedException expected"); } catch (NotAuthenticatedException e) { // OK Mockito.verifyZeroInteractions(tested.contributorProfileService); } // case - PROVIDER is authenticated { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Principal p = new ProviderPrincipal("uname"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(true); Assert.assertEquals("uname", tested.getAuthenticatedProvider()); Mockito.verifyNoMoreInteractions(tested.contributorProfileService); } }
@Test public void isUserInRole() { AuthenticationUtilService tested = getTested(); Mockito.when(tested.httpRequest.isUserInRole(ROLE1)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(ROLE2)).thenReturn(true); { Assert.assertFalse(tested.isUserInRole(null)); Mockito.verifyZeroInteractions(tested.httpRequest); } { Assert.assertFalse(tested.isUserInRole("")); Mockito.verifyZeroInteractions(tested.httpRequest); } { Assert.assertFalse(tested.isUserInRole(" ")); Mockito.verifyZeroInteractions(tested.httpRequest); } { Assert.assertFalse(tested.isUserInRole(ROLE1)); Mockito.verify(tested.httpRequest).isUserInRole(ROLE1); } { Assert.assertTrue(tested.isUserInRole(ROLE2)); Mockito.verify(tested.httpRequest).isUserInRole(ROLE2); } }
@Test public void updateAuthenticatedContributorProfile() { AuthenticationUtilService tested = getTested(); // case - nobody is authenticated { Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(null); Assert.assertFalse(tested.updateAuthenticatedContributorProfile()); Mockito.verifyZeroInteractions(tested.contributorProfileService); } Principal p = Mockito.mock(Principal.class); // case - provider is authenticated { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(true); Assert.assertFalse(tested.updateAuthenticatedContributorProfile()); Mockito.verifyZeroInteractions(tested.contributorProfileService); } // case - contributor is authenticated but username not in principal { Mockito.reset(tested.contributorProfileService, tested.httpRequest, p); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); Assert.assertFalse(tested.updateAuthenticatedContributorProfile()); Mockito.verifyZeroInteractions(tested.contributorProfileService); Mockito.verify(p).getName(); } // case - contributor is authenticated, username is in principal { p = new ContributorPrincipal("uname"); Mockito.reset(tested.contributorProfileService, tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); Assert.assertTrue(tested.updateAuthenticatedContributorProfile()); Mockito.verify(tested.contributorProfileService) .createOrUpdateProfile( ContributorProfileService.FIELD_TSC_JBOSSORG_USERNAME, "uname", false); Mockito.verifyNoMoreInteractions(tested.contributorProfileService); } // case - contributor is authenticated, unsupported type of principal { p = Mockito.mock(Principal.class); Mockito.reset(tested.contributorProfileService, tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); Assert.assertFalse(tested.updateAuthenticatedContributorProfile()); Mockito.verifyNoMoreInteractions(tested.contributorProfileService); } }
@Test public void getAuthenticatedContributor() { AuthenticationUtilService tested = getTested(); // case - nobody is authenticated try { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(null); tested.cachedContributorId = "aaa"; tested.getAuthenticatedContributor(false); Assert.fail("NotAuthenticatedException expected"); } catch (NotAuthenticatedException e) { // OK Assert.assertNull(tested.cachedContributorId); Mockito.verifyZeroInteractions(tested.contributorProfileService); } // case - PROVIDER is authenticated try { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Principal p = Mockito.mock(Principal.class); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(true); tested.cachedContributorId = "aaa"; tested.getAuthenticatedContributor(false); Assert.fail("NotAuthenticatedException expected"); } catch (NotAuthenticatedException e) { // OK Assert.assertNull(tested.cachedContributorId); Mockito.verifyZeroInteractions(tested.contributorProfileService); } // case - CONTRIBUTOR is authenticated, known contributor, not forced { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Principal p = new ContributorPrincipal("uname"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); boolean isForced = false; Mockito.when( tested.contributorProfileService.getContributorId( ContributorProfileService.FIELD_TSC_JBOSSORG_USERNAME, "uname", isForced)) .thenReturn("cidd"); tested.cachedContributorId = null; Assert.assertEquals("cidd", tested.getAuthenticatedContributor(isForced)); Mockito.verify(tested.contributorProfileService) .getContributorId( ContributorProfileService.FIELD_TSC_JBOSSORG_USERNAME, "uname", isForced); Mockito.verifyNoMoreInteractions(tested.contributorProfileService); Assert.assertEquals("cidd", tested.cachedContributorId); // second call uses cache, no more call of service Assert.assertEquals("cidd", tested.getAuthenticatedContributor(isForced)); Mockito.verifyNoMoreInteractions(tested.contributorProfileService); } // case - CONTRIBUTOR is authenticated, unknown contributor, forced { Mockito.reset(tested.contributorProfileService, tested.httpRequest); Principal p = new ContributorPrincipal("uname"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); boolean isForced = true; Mockito.when( tested.contributorProfileService.getContributorId( ContributorProfileService.FIELD_TSC_JBOSSORG_USERNAME, "uname", isForced)) .thenReturn(""); tested.cachedContributorId = null; Assert.assertEquals(null, tested.getAuthenticatedContributor(isForced)); Mockito.verify(tested.contributorProfileService) .getContributorId( ContributorProfileService.FIELD_TSC_JBOSSORG_USERNAME, "uname", isForced); Mockito.verifyNoMoreInteractions(tested.contributorProfileService); Assert.assertEquals(null, tested.cachedContributorId); } }
@Test public void checkProviderManagementPermission() { AuthenticationUtilService tested = getTested(); // case - nobody authenticated try { Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(null); tested.checkProviderManagementPermission("provider1"); Assert.fail("NotAuthorizedException expected"); } catch (NotAuthorizedException e) { // OK } // case - no provider passed in try { Principal p = Mockito.mock(Principal.class); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(true); tested.checkProviderManagementPermission(null); Assert.fail("NotAuthorizedException expected"); } catch (NotAuthorizedException e) { // OK } // case - provider logged in, provider passed in, match by role { Principal p = new ProviderPrincipal("provider2"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(true); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(true); tested.checkProviderManagementPermission("provider1"); } // case - contributor logged in, provider passed in, match by role { Principal p = new ContributorPrincipal("contributor"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(true); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); tested.checkProviderManagementPermission("provider1"); } // case - provider logged in, match by provider name { Principal p = new ProviderPrincipal("provider1"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(true); tested.checkProviderManagementPermission("provider1"); } // case - provider logged in, but not match by provider name try { Principal p = new ProviderPrincipal("provider2"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(true); tested.checkProviderManagementPermission("provider1"); Assert.fail("NotAuthorizedException expected"); } catch (NotAuthorizedException e) { // OK } // case - name is same but contributor is logged in, not provider try { Principal p = new ContributorPrincipal("provider1"); Mockito.when(tested.httpRequest.getUserPrincipal()).thenReturn(p); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(Role.PROVIDER)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(Role.CONTRIBUTOR)).thenReturn(true); tested.checkProviderManagementPermission("provider1"); Assert.fail("NotAuthorizedException expected"); } catch (NotAuthorizedException e) { // OK } }
@Test public void isUserInAnyOfRoles_Collection() { AuthenticationUtilService tested = getTested(); Mockito.when(tested.httpRequest.isUserInRole(ROLE1)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(ROLE2)).thenReturn(true); Mockito.when(tested.httpRequest.isUserInRole(ROLE3)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(ROLE4)).thenReturn(true); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(true); Assert.assertFalse(tested.isUserInAnyOfRoles(false, (Collection<String>) null)); List<String> collection = new ArrayList<>(); Assert.assertFalse(tested.isUserInAnyOfRoles(false, collection)); collection.add(ROLE1); Assert.assertFalse(tested.isUserInAnyOfRoles(false, collection)); collection.add(ROLE3); Assert.assertFalse(tested.isUserInAnyOfRoles(false, collection)); collection.clear(); collection.add(ROLE2); Assert.assertTrue(tested.isUserInAnyOfRoles(false, collection)); collection.clear(); collection.add(ROLE1); collection.add(ROLE3); collection.add(ROLE2); collection.add(ROLE4); Assert.assertTrue(tested.isUserInAnyOfRoles(false, collection)); // acceptAdmin param test collection.clear(); Assert.assertTrue(tested.isUserInAnyOfRoles(true, (Collection<String>) null)); Assert.assertTrue(tested.isUserInAnyOfRoles(true, collection)); collection.add(ROLE1); Assert.assertTrue(tested.isUserInAnyOfRoles(true, collection)); collection.add(ROLE3); Assert.assertTrue(tested.isUserInAnyOfRoles(true, collection)); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(false); collection.clear(); Assert.assertFalse(tested.isUserInAnyOfRoles(true, (Collection<String>) null)); Assert.assertFalse(tested.isUserInAnyOfRoles(true, collection)); collection.add(ROLE1); Assert.assertFalse(tested.isUserInAnyOfRoles(true, collection)); collection.add(ROLE3); Assert.assertFalse(tested.isUserInAnyOfRoles(true, collection)); }
@Test public void isUserInAnyOfRoles_Array() { AuthenticationUtilService tested = getTested(); Mockito.when(tested.httpRequest.isUserInRole(ROLE1)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(ROLE2)).thenReturn(true); Mockito.when(tested.httpRequest.isUserInRole(ROLE3)).thenReturn(false); Mockito.when(tested.httpRequest.isUserInRole(ROLE4)).thenReturn(true); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(true); Assert.assertFalse(tested.isUserInAnyOfRoles(false, (String[]) null)); Assert.assertFalse(tested.isUserInAnyOfRoles(false, new String[] {})); Assert.assertFalse(tested.isUserInAnyOfRoles(false, new String[] {ROLE1})); Assert.assertFalse(tested.isUserInAnyOfRoles(false, new String[] {ROLE1, ROLE3})); Assert.assertTrue(tested.isUserInAnyOfRoles(false, new String[] {ROLE2})); Assert.assertTrue(tested.isUserInAnyOfRoles(false, new String[] {ROLE1, ROLE3, ROLE2, ROLE4})); // acceptAdmin param test Assert.assertTrue(tested.isUserInAnyOfRoles(true, (String[]) null)); Assert.assertTrue(tested.isUserInAnyOfRoles(true, new String[] {})); Assert.assertTrue(tested.isUserInAnyOfRoles(true, new String[] {ROLE1})); Assert.assertTrue(tested.isUserInAnyOfRoles(true, new String[] {ROLE1, ROLE3})); Mockito.when(tested.httpRequest.isUserInRole(Role.ADMIN)).thenReturn(false); Assert.assertFalse(tested.isUserInAnyOfRoles(true, (String[]) null)); Assert.assertFalse(tested.isUserInAnyOfRoles(true, new String[] {})); Assert.assertFalse(tested.isUserInAnyOfRoles(true, new String[] {ROLE1})); Assert.assertFalse(tested.isUserInAnyOfRoles(true, new String[] {ROLE1, ROLE3})); }