@Before
public void setUp() {
strategy = new DefaultMultifactorTriggerSelectionStrategy();
strategy.setGlobalPrincipalAttributeNameTriggers(P_ATTRS_12);
strategy.setRequestParameter(REQUEST_PARAM);
when(MFA_PROVIDER_1.getId()).thenReturn(MFA_PROVIDER_ID_1);
when(MFA_PROVIDER_2.getId()).thenReturn(MFA_PROVIDER_ID_2);
}
@Test
public void verifyRequestParameterTrigger() throws Exception {
// opt-in parameter only
assertThat(
strategy.resolve(VALID_PROVIDERS, mockRequest(MFA_PROVIDER_ID_1), null, null).orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy.resolve(VALID_PROVIDERS, mockRequest(MFA_PROVIDER_ID_2), null, null).orElse(null),
is(MFA_PROVIDER_ID_2));
assertThat(
strategy.resolve(VALID_PROVIDERS, mockRequest(MFA_INVALID), null, null).isPresent(),
is(false));
}
@Test
public void verifyNoProviders() throws Exception {
assertThat(
strategy
.resolve(
NO_PROVIDERS, mockRequest(MFA_PROVIDER_ID_1), mockService(MFA_PROVIDER_ID_1), null)
.isPresent(),
is(false));
}
@Test
public void verifyPrincipalAttributeTrigger() throws Exception {
// Principal attribute trigger
assertThat(
strategy
.resolve(VALID_PROVIDERS, null, null, mockPrincipal(P_ATTR_1, MFA_PROVIDER_ID_1))
.orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy
.resolve(VALID_PROVIDERS, null, null, mockPrincipal(P_ATTR_1, MFA_PROVIDER_ID_2))
.orElse(null),
is(MFA_PROVIDER_ID_2));
assertThat(
strategy
.resolve(VALID_PROVIDERS, null, null, mockPrincipal(P_ATTR_1, MFA_INVALID))
.isPresent(),
is(false));
}
@Test
public void verifyMultipleTriggers() throws Exception {
// opt-in overrides everything
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
mockRequest(MFA_PROVIDER_ID_1),
mockService(MFA_PROVIDER_ID_2),
mockPrincipal(P_ATTR_1, MFA_PROVIDER_ID_2))
.orElse(null),
is(MFA_PROVIDER_ID_1));
// RegisteredService overrides Principal attribute
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
mockRequest(MFA_INVALID),
mockService(MFA_PROVIDER_ID_1),
mockPrincipal(P_ATTR_1, MFA_PROVIDER_ID_2))
.orElse(null),
is(MFA_PROVIDER_ID_1));
}
@Test
public void verifyRegisteredServiceTrigger() throws Exception {
// regular RegisteredService trigger
assertThat(
strategy.resolve(VALID_PROVIDERS, null, mockService(MFA_PROVIDER_ID_1), null).orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy.resolve(VALID_PROVIDERS, null, mockService(MFA_PROVIDER_ID_2), null).orElse(null),
is(MFA_PROVIDER_ID_2));
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockService(MFA_INVALID, MFA_PROVIDER_ID_1, MFA_PROVIDER_ID_2),
null)
.get(),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy.resolve(VALID_PROVIDERS, null, mockService(MFA_INVALID), null).isPresent(),
is(false));
// Principal attribute activated RegisteredService trigger - direct match
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTR_1, VALUE_1),
mockPrincipal(RS_ATTR_1, VALUE_1))
.orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTR_1, VALUE_1),
mockPrincipal(RS_ATTR_1, VALUE_2))
.orElse(null),
nullValue());
// Principal attribute activated RegisteredService trigger - multiple attrs
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTRS_12, VALUE_1),
mockPrincipal(RS_ATTR_1, VALUE_1))
.orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTRS_12, VALUE_1),
mockPrincipal(RS_ATTR_2, VALUE_1))
.orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTRS_12, VALUE_1),
mockPrincipal(RS_ATTR_3, VALUE_1))
.orElse(null),
nullValue());
// Principal attribute activated RegisteredService trigger - pattern value
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTRS_12, VALUE_PATTERN),
mockPrincipal(RS_ATTR_2, VALUE_1))
.orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTRS_12, VALUE_PATTERN),
mockPrincipal(RS_ATTR_2, VALUE_2))
.orElse(null),
is(MFA_PROVIDER_ID_1));
assertThat(
strategy
.resolve(
VALID_PROVIDERS,
null,
mockPrincipalService(MFA_PROVIDER_ID_1, RS_ATTRS_12, VALUE_PATTERN),
mockPrincipal(RS_ATTR_2, VALUE_NOMATCH))
.isPresent(),
is(false));
}