// test valid User, but invalid ip @Test public void testAuthenticateValidAuthButInvalidIp() throws Exception { UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl(); User dbuser = new User(); dbuser.setLogin("bob"); dbuser.setToken("smith"); dbuser.setPermissions(Permission.LIST_ALL_JOBS); ArrayList<String> allowedIps = new ArrayList<String>(); allowedIps.add("192.168.1.2"); dbuser.setAllowedIpAddresses(allowedIps); dbuser = userDAO.insert(dbuser); AuthenticatorImpl auth = new AuthenticatorImpl(); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getRemoteAddr()).thenReturn("192.168.1.1"); when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER)) .thenReturn("Basic " + encodeString("bob:smith")); User u = auth.authenticate(request); assertTrue(u.getLogin() == null); assertTrue(u.getToken() == null); assertTrue(u.getPermissions() == Permission.NONE); assertTrue(u.getIpAddress().equals("192.168.1.1")); verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER); }
@Test public void testAuthenticateValidAuthInHeaderAndUserInDataStoreButNotAuthorizedToRunAsAnotherUser() throws Exception { UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl(); User dbuser = new User(); dbuser.setLogin("bob"); dbuser.setToken("smith"); dbuser.setPermissions(Permission.LIST_ALL_JOBS); dbuser = userDAO.insert(dbuser); AuthenticatorImpl auth = new AuthenticatorImpl(); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getRemoteAddr()).thenReturn("192.168.1.1"); when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER)) .thenReturn("Basic " + encodeString("bob:smith")); when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe"); try { auth.authenticate(request); } catch (Exception ex) { assertTrue(ex.getMessage().equals("User does not have permission to run as another user")); } }
@Test public void testAuthenticateValidAuthInHeaderAndUserInDataStore() throws Exception { UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl(); User dbuser = new User(); dbuser.setLogin("bob"); dbuser.setToken("smith"); dbuser.setPermissions(Permission.LIST_ALL_JOBS); dbuser = userDAO.insert(dbuser); AuthenticatorImpl auth = new AuthenticatorImpl(); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getRemoteAddr()).thenReturn("192.168.1.1"); when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER)) .thenReturn("Basic " + encodeString("bob:smith")); User u = auth.authenticate(request); assertTrue(u != null); assertTrue(u.getLogin().equals("bob")); assertTrue(u.getToken().equals("smith")); assertTrue(u.getPermissions() == Permission.LIST_ALL_JOBS); assertTrue(u.getIpAddress().equals("192.168.1.1")); assertTrue(u.getId() == dbuser.getId().longValue()); verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER); }
@Test public void testAuthenticateNullRequest() { try { AuthenticatorImpl auth = new AuthenticatorImpl(); auth.authenticate(null); fail("Expected Exception cause request is null"); } catch (Exception ex) { assertTrue(ex.getMessage().startsWith("Request is null")); } }
// test Authenticate invalid decode of authString no colon @Test public void testAuthenticateInvalidAuthNoColon() throws Exception { AuthenticatorImpl auth = new AuthenticatorImpl(); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getRemoteAddr()).thenReturn("192.168.1.1"); when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER)) .thenReturn("Basic " + encodeString("ha")); User u = auth.authenticate(request); assertTrue(u != null); assertTrue(u.getPermissions() == Permission.NONE); assertTrue(u.getIpAddress().equals("192.168.1.1")); verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER); }
@Test public void testAuthenticateUserFromLocalipv6ip() throws Exception { AuthenticatorImpl auth = new AuthenticatorImpl(); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getRemoteAddr()).thenReturn("0:0:0:0:0:0:0:1"); when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER)) .thenReturn("Basic " + encodeString("bob:smith")); User u = auth.authenticate(request); assertTrue(u != null); assertTrue(u.getLogin().equals("bob")); assertTrue(u.getToken().equals("smith")); assertTrue(u.getPermissions() == Permission.ALL); assertTrue(u.getIpAddress().equals("0:0:0:0:0:0:0:1")); verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER); }
// test Authenticate null getHeader and no such user @Test public void testAuthenticateWithNullHeaderAndNoQueryParametersAndNullIp() throws Exception { AuthenticatorImpl auth = new AuthenticatorImpl(); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getParameter(AuthenticatorImpl.AUTHORIZATION_HEADER)).thenReturn(null); when(request.getParameter(Constants.USER_LOGIN_PARAM)).thenReturn(null); when(request.getParameter(Constants.USER_TOKEN_PARAM)).thenReturn(null); when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn(null); User u = auth.authenticate(request); assertTrue(u != null); assertTrue(u.getPermissions() == Permission.NONE); assertTrue(u.getIpAddress() == null); verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER); verify(request).getParameter(Constants.USER_LOGIN_PARAM); verify(request).getParameter(Constants.USER_TOKEN_PARAM); verify(request).getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM); }
@Test public void testAuthenticateValidAuthInHeaderAndUserInDataStoreWithRunAsPerm() throws Exception { UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl(); User dbuser = new User(); dbuser.setLogin("bob"); dbuser.setToken("smith"); dbuser.setPermissions(Permission.LIST_ALL_JOBS | Permission.RUN_AS_ANOTHER_USER); dbuser = userDAO.insert(dbuser); AuthenticatorImpl auth = new AuthenticatorImpl(); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getRemoteAddr()).thenReturn("192.168.1.1"); when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER)) .thenReturn("Basic " + encodeString("bob:smith")); when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe"); User u = auth.authenticate(request); assertTrue(u.getLogin().equals("bob")); assertTrue(u.getLoginToRunJobAs().equals("joe")); }