@Test
public void shouldValidateRequestWhenUsernameHeaderIsEmptyString() throws AuthException {
// Given
MessageInfoContext messageInfo = mock(MessageInfoContext.class);
Subject clientSubject = new Subject();
Subject serviceSubject = new Subject();
Request request = new Request();
given(messageInfo.getRequest()).willReturn(request);
request.getHeaders().put("X-OpenIDM-Username", "");
request.getHeaders().put("X-OpenIDM-Password", "PASSWORD");
// When
AuthStatus authStatus =
module
.validateRequest(messageInfo, clientSubject, serviceSubject)
.getOrThrowUninterruptibly();
// Then
verifyZeroInteractions(authenticator);
assertTrue(clientSubject.getPrincipals().isEmpty());
assertEquals(authStatus, AuthStatus.SEND_FAILURE);
}
@Test(enabled = true)
public void shouldValidateRequestWhenAuthenticationFailed()
throws ResourceException, AuthException {
// Given
MessageInfoContext messageInfo = mock(MessageInfoContext.class);
AuthenticatorResult authResult = mock(AuthenticatorResult.class);
Subject clientSubject = new Subject();
Subject serviceSubject = new Subject();
Map<String, Object> messageInfoMap = new HashMap<String, Object>();
Map<String, Object> auditInfoMap = new HashMap<String, Object>();
Request request = new Request();
given(messageInfo.getRequest()).willReturn(request);
request.getHeaders().put("X-OpenIDM-Username", "USERNAME");
request.getHeaders().put("X-OpenIDM-Password", "PASSWORD");
given(messageInfo.getRequestContextMap()).willReturn(messageInfoMap);
messageInfoMap.put(AuditTrail.AUDIT_INFO_KEY, auditInfoMap);
given(authResult.isAuthenticated()).willReturn(false);
given(authenticator.authenticate(eq("USERNAME"), eq("PASSWORD"), Matchers.<Context>anyObject()))
.willReturn(authResult);
// When
AuthStatus authStatus =
module
.validateRequest(messageInfo, clientSubject, serviceSubject)
.getOrThrowUninterruptibly();
// Then
assertTrue(clientSubject.getPrincipals().isEmpty());
assertEquals(authStatus, AuthStatus.SEND_FAILURE);
}
@Test
public void testHeadersAreRemoved() throws Exception {
HttpBasicAuthFilter filter = new HttpBasicAuthFilter(null, null, failureHandler);
filter.setCacheHeader(false);
Exchange exchange = newExchange();
Request request = newRequest();
request.getHeaders().putSingle(AUTHORIZATION_HEADER, "Basic azerty");
doAnswer(
new Answer<Promise<Response, NeverThrowsException>>() {
@Override
public Promise<Response, NeverThrowsException> answer(
final InvocationOnMock invocation) throws Throwable {
// Produce a valid response with an authentication challenge
Response response = new Response();
response.setStatus(Status.OK);
response.getHeaders().putSingle(AUTHENTICATE_HEADER, "Realm toto");
return Promises.newResultPromise(response);
}
})
.when(terminalHandler)
.handle(eq(exchange), argThat(new AbsenceOfHeaderInRequest(AUTHORIZATION_HEADER)));
Response response = filter.filter(exchange, request, terminalHandler).getOrThrow();
// Verify that the outgoing message has no authenticate header
assertThat(response.getHeaders().get(AUTHENTICATE_HEADER)).isNull();
}
@Override
public boolean matches(final Object o) {
if (!(o instanceof Request)) {
return false;
}
Request request = (Request) o;
return request.getHeaders().get(headerName) == null;
}
@Override
public Promise<Response, NeverThrowsException> answer(InvocationOnMock invocation)
throws Throwable {
Request request = (Request) invocation.getArguments()[1];
// Verify the authorization header: base64(user:pass)
assertThat(request.getHeaders().getFirst(AUTHORIZATION_HEADER))
.isEqualTo("Basic " + credentials);
// Produce a valid response, no special headers are required
Response response = new Response();
response.setStatus(Status.OK);
return Promises.newResultPromise(response);
}