@Test
public void shouldValidateRequestWhenUsernameHeaderIsEmptyString() throws AuthException {
// Given
MessageInfoContext messageInfo = mock(MessageInfoContext.class);
Subject clientSubject = new Subject();
Subject serviceSubject = new Subject();
Request request = new Request();
given(messageInfo.getRequest()).willReturn(request);
request.getHeaders().put("X-OpenIDM-Username", "");
request.getHeaders().put("X-OpenIDM-Password", "PASSWORD");
// When
AuthStatus authStatus =
module
.validateRequest(messageInfo, clientSubject, serviceSubject)
.getOrThrowUninterruptibly();
// Then
verifyZeroInteractions(authenticator);
assertTrue(clientSubject.getPrincipals().isEmpty());
assertEquals(authStatus, AuthStatus.SEND_FAILURE);
}
@Test(enabled = true)
public void shouldValidateRequestWhenAuthenticationFailed()
throws ResourceException, AuthException {
// Given
MessageInfoContext messageInfo = mock(MessageInfoContext.class);
AuthenticatorResult authResult = mock(AuthenticatorResult.class);
Subject clientSubject = new Subject();
Subject serviceSubject = new Subject();
Map<String, Object> messageInfoMap = new HashMap<String, Object>();
Map<String, Object> auditInfoMap = new HashMap<String, Object>();
Request request = new Request();
given(messageInfo.getRequest()).willReturn(request);
request.getHeaders().put("X-OpenIDM-Username", "USERNAME");
request.getHeaders().put("X-OpenIDM-Password", "PASSWORD");
given(messageInfo.getRequestContextMap()).willReturn(messageInfoMap);
messageInfoMap.put(AuditTrail.AUDIT_INFO_KEY, auditInfoMap);
given(authResult.isAuthenticated()).willReturn(false);
given(authenticator.authenticate(eq("USERNAME"), eq("PASSWORD"), Matchers.<Context>anyObject()))
.willReturn(authResult);
// When
AuthStatus authStatus =
module
.validateRequest(messageInfo, clientSubject, serviceSubject)
.getOrThrowUninterruptibly();
// Then
assertTrue(clientSubject.getPrincipals().isEmpty());
assertEquals(authStatus, AuthStatus.SEND_FAILURE);
}
@BeforeMethod
public void setUp() throws ResourceException {
AuthenticatorFactory authenticatorFactory = mock(AuthenticatorFactory.class);
authenticator = mock(Authenticator.class);
when(authenticatorFactory.apply(any(JsonValue.class))).thenReturn(authenticator);
module = new DelegatedAuthModule(authenticatorFactory, IDMAuthModule.DELEGATED);
module.initialize(null, null, null, json(object(field("queryOnResource", ""))).asMap());
}
@Test
public void shouldSecureResponse() throws AuthException {
// Given
MessageInfoContext messageInfo = mock(MessageInfoContext.class);
Subject serviceSubject = new Subject();
// When
AuthStatus authStatus =
module.secureResponse(messageInfo, serviceSubject).getOrThrowUninterruptibly();
// Then
assertEquals(authStatus, AuthStatus.SEND_SUCCESS);
verifyZeroInteractions(messageInfo);
}
