// test valid User, but invalid ip
@Test
public void testAuthenticateValidAuthButInvalidIp() throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS);
ArrayList<String> allowedIps = new ArrayList<String>();
allowedIps.add("192.168.1.2");
dbuser.setAllowedIpAddresses(allowedIps);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
User u = auth.authenticate(request);
assertTrue(u.getLogin() == null);
assertTrue(u.getToken() == null);
assertTrue(u.getPermissions() == Permission.NONE);
assertTrue(u.getIpAddress().equals("192.168.1.1"));
verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
}
@Test
public void
testAuthenticateValidAuthInHeaderAndUserInDataStoreButNotAuthorizedToRunAsAnotherUser()
throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");
try {
auth.authenticate(request);
} catch (Exception ex) {
assertTrue(ex.getMessage().equals("User does not have permission to run as another user"));
}
}
@Test
public void testAuthenticateValidAuthInHeaderAndUserInDataStore() throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
User u = auth.authenticate(request);
assertTrue(u != null);
assertTrue(u.getLogin().equals("bob"));
assertTrue(u.getToken().equals("smith"));
assertTrue(u.getPermissions() == Permission.LIST_ALL_JOBS);
assertTrue(u.getIpAddress().equals("192.168.1.1"));
assertTrue(u.getId() == dbuser.getId().longValue());
verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
}
@Test
public void testAuthenticateNullRequest() {
try {
AuthenticatorImpl auth = new AuthenticatorImpl();
auth.authenticate(null);
fail("Expected Exception cause request is null");
} catch (Exception ex) {
assertTrue(ex.getMessage().startsWith("Request is null"));
}
}
// test Authenticate invalid decode of authString no colon
@Test
public void testAuthenticateInvalidAuthNoColon() throws Exception {
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("ha"));
User u = auth.authenticate(request);
assertTrue(u != null);
assertTrue(u.getPermissions() == Permission.NONE);
assertTrue(u.getIpAddress().equals("192.168.1.1"));
verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
}
@Test
public void testAuthenticateUserFromLocalipv6ip() throws Exception {
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("0:0:0:0:0:0:0:1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
User u = auth.authenticate(request);
assertTrue(u != null);
assertTrue(u.getLogin().equals("bob"));
assertTrue(u.getToken().equals("smith"));
assertTrue(u.getPermissions() == Permission.ALL);
assertTrue(u.getIpAddress().equals("0:0:0:0:0:0:0:1"));
verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
}
// test Authenticate null getHeader and no such user
@Test
public void testAuthenticateWithNullHeaderAndNoQueryParametersAndNullIp() throws Exception {
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getParameter(AuthenticatorImpl.AUTHORIZATION_HEADER)).thenReturn(null);
when(request.getParameter(Constants.USER_LOGIN_PARAM)).thenReturn(null);
when(request.getParameter(Constants.USER_TOKEN_PARAM)).thenReturn(null);
when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn(null);
User u = auth.authenticate(request);
assertTrue(u != null);
assertTrue(u.getPermissions() == Permission.NONE);
assertTrue(u.getIpAddress() == null);
verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
verify(request).getParameter(Constants.USER_LOGIN_PARAM);
verify(request).getParameter(Constants.USER_TOKEN_PARAM);
verify(request).getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM);
}
@Test
public void testAuthenticateValidAuthInHeaderAndUserInDataStoreWithRunAsPerm() throws Exception {
UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();
User dbuser = new User();
dbuser.setLogin("bob");
dbuser.setToken("smith");
dbuser.setPermissions(Permission.LIST_ALL_JOBS | Permission.RUN_AS_ANOTHER_USER);
dbuser = userDAO.insert(dbuser);
AuthenticatorImpl auth = new AuthenticatorImpl();
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRemoteAddr()).thenReturn("192.168.1.1");
when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
.thenReturn("Basic " + encodeString("bob:smith"));
when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");
User u = auth.authenticate(request);
assertTrue(u.getLogin().equals("bob"));
assertTrue(u.getLoginToRunJobAs().equals("joe"));
}