mirror of
https://github.com/google/nomulus.git
synced 2025-05-06 23:17:51 +02:00
3c4bf1e690
Followup to [] ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=147169636
187 lines
7.2 KiB
Java
187 lines
7.2 KiB
Java
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package google.registry.request.auth;
|
|
|
|
import static com.google.common.truth.Truth.assertThat;
|
|
import static org.mockito.Mockito.verifyZeroInteractions;
|
|
import static org.mockito.Mockito.when;
|
|
|
|
import com.google.appengine.api.oauth.OAuthServiceFactory;
|
|
import com.google.appengine.api.users.User;
|
|
import com.google.appengine.api.users.UserService;
|
|
import com.google.common.base.Optional;
|
|
import com.google.common.collect.ImmutableList;
|
|
import com.google.common.collect.ImmutableSet;
|
|
import google.registry.request.Action;
|
|
import google.registry.testing.FakeUserService;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import org.junit.Before;
|
|
import org.junit.Test;
|
|
import org.junit.runner.RunWith;
|
|
import org.mockito.Mock;
|
|
import org.mockito.runners.MockitoJUnitRunner;
|
|
|
|
/** Unit tests for {@link RequestAuthenticator}. */
|
|
@RunWith(MockitoJUnitRunner.class)
|
|
public class RequestAuthenticatorTest {
|
|
|
|
private FakeUserService fakeUserService;
|
|
|
|
@Mock
|
|
private UserService mockUserService;
|
|
|
|
@Mock
|
|
private HttpServletRequest req;
|
|
|
|
@Action(
|
|
path = "/auth/none",
|
|
auth = @Auth(
|
|
methods = {Auth.AuthMethod.INTERNAL},
|
|
minimumLevel = AuthLevel.NONE,
|
|
userPolicy = Auth.UserPolicy.IGNORED),
|
|
method = Action.Method.GET)
|
|
public static class AuthNone {}
|
|
|
|
@Action(
|
|
path = "/auth/internalOnly",
|
|
auth = @Auth(minimumLevel = AuthLevel.APP),
|
|
method = Action.Method.GET)
|
|
public static class AuthInternalOnly {}
|
|
|
|
@Action(
|
|
path = "/auth/anyUserAnyMethod",
|
|
auth = @Auth(
|
|
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
|
|
minimumLevel = AuthLevel.USER,
|
|
userPolicy = Auth.UserPolicy.PUBLIC),
|
|
method = Action.Method.GET)
|
|
public static class AuthAnyUserAnyMethod {}
|
|
|
|
@Action(
|
|
path = "/auth/adminUserAnyMethod",
|
|
auth = @Auth(
|
|
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
|
|
minimumLevel = AuthLevel.USER,
|
|
userPolicy = Auth.UserPolicy.ADMIN),
|
|
method = Action.Method.GET)
|
|
public static class AuthAdminUserAnyMethod {
|
|
}
|
|
|
|
private final User testUser = new User("test@example.com", "test@example.com");
|
|
|
|
@Before
|
|
public void before() throws Exception {
|
|
fakeUserService = new FakeUserService();
|
|
}
|
|
|
|
private static RequestAuthenticator createRequestAuthenticator(UserService userService) {
|
|
return new RequestAuthenticator(
|
|
new AppEngineInternalAuthenticationMechanism(),
|
|
ImmutableList.<AuthenticationMechanism>of(
|
|
new OAuthAuthenticationMechanism(
|
|
OAuthServiceFactory.getOAuthService(),
|
|
ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email"),
|
|
ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email"),
|
|
ImmutableSet.of("proxy-client-id", "regtool-client-id"))),
|
|
new LegacyAuthenticationMechanism(userService));
|
|
}
|
|
|
|
private Optional<AuthResult> runTest(UserService userService, Class<?> clazz) {
|
|
return createRequestAuthenticator(userService)
|
|
.authorize(clazz.getAnnotation(Action.class).auth(), req);
|
|
}
|
|
|
|
@Test
|
|
public void testNoAuthNeeded_noneFound() throws Exception {
|
|
Optional<AuthResult> authResult = runTest(mockUserService, AuthNone.class);
|
|
verifyZeroInteractions(mockUserService);
|
|
assertThat(authResult).isPresent();
|
|
assertThat(authResult.get()).isNotNull();
|
|
assertThat(authResult.get().authLevel()).isEqualTo(AuthLevel.NONE);
|
|
}
|
|
|
|
@Test
|
|
public void testNoAuthNeeded_internalFound() throws Exception {
|
|
when(req.getHeader("X-AppEngine-QueueName")).thenReturn("__cron");
|
|
Optional<AuthResult> authResult = runTest(mockUserService, AuthNone.class);
|
|
verifyZeroInteractions(mockUserService);
|
|
assertThat(authResult).isPresent();
|
|
assertThat(authResult.get()).isNotNull();
|
|
assertThat(authResult.get().authLevel()).isEqualTo(AuthLevel.APP);
|
|
assertThat(authResult.get().userAuthInfo()).isAbsent();
|
|
}
|
|
|
|
@Test
|
|
public void testInternalAuth_notInvokedInternally() throws Exception {
|
|
Optional<AuthResult> authResult = runTest(mockUserService, AuthInternalOnly.class);
|
|
verifyZeroInteractions(mockUserService);
|
|
assertThat(authResult).isAbsent();
|
|
}
|
|
|
|
@Test
|
|
public void testInternalAuth_success() throws Exception {
|
|
when(req.getHeader("X-AppEngine-QueueName")).thenReturn("__cron");
|
|
Optional<AuthResult> authResult = runTest(mockUserService, AuthInternalOnly.class);
|
|
verifyZeroInteractions(mockUserService);
|
|
assertThat(authResult).isPresent();
|
|
assertThat(authResult.get()).isNotNull();
|
|
assertThat(authResult.get().authLevel()).isEqualTo(AuthLevel.APP);
|
|
assertThat(authResult.get().userAuthInfo()).isAbsent();
|
|
}
|
|
|
|
@Test
|
|
public void testAnyUserAnyMethod_notLoggedIn() throws Exception {
|
|
Optional<AuthResult> authResult = runTest(fakeUserService, AuthAnyUserAnyMethod.class);
|
|
assertThat(authResult).isAbsent();
|
|
}
|
|
|
|
@Test
|
|
public void testAnyUserAnyMethod_success() throws Exception {
|
|
fakeUserService.setUser(testUser, false);
|
|
Optional<AuthResult> authResult = runTest(fakeUserService, AuthAnyUserAnyMethod.class);
|
|
assertThat(authResult).isPresent();
|
|
assertThat(authResult.get()).isNotNull();
|
|
assertThat(authResult.get().authLevel()).isEqualTo(AuthLevel.USER);
|
|
assertThat(authResult.get().userAuthInfo()).isPresent();
|
|
assertThat(authResult.get().userAuthInfo().get().user()).isEqualTo(testUser);
|
|
assertThat(authResult.get().userAuthInfo().get().oauthTokenInfo()).isAbsent();
|
|
}
|
|
|
|
@Test
|
|
public void testAdminUserAnyMethod_notLoggedIn() throws Exception {
|
|
Optional<AuthResult> authResult = runTest(fakeUserService, AuthAdminUserAnyMethod.class);
|
|
assertThat(authResult).isAbsent();
|
|
}
|
|
|
|
@Test
|
|
public void testAdminUserAnyMethod_notAdminUser() throws Exception {
|
|
fakeUserService.setUser(testUser, false);
|
|
Optional<AuthResult> authResult = runTest(fakeUserService, AuthAdminUserAnyMethod.class);
|
|
assertThat(authResult).isAbsent();
|
|
}
|
|
|
|
@Test
|
|
public void testAdminUserAnyMethod_success() throws Exception {
|
|
fakeUserService.setUser(testUser, true);
|
|
Optional<AuthResult> authResult = runTest(fakeUserService, AuthAdminUserAnyMethod.class);
|
|
assertThat(authResult).isPresent();
|
|
assertThat(authResult.get().authLevel()).isEqualTo(AuthLevel.USER);
|
|
assertThat(authResult.get().userAuthInfo()).isPresent();
|
|
assertThat(authResult.get().userAuthInfo().get().user()).isEqualTo(testUser);
|
|
assertThat(authResult.get().userAuthInfo().get().oauthTokenInfo()).isAbsent();
|
|
}
|
|
|
|
// TODO(mountford) Add more tests for OAuth, misconfiguration, etc., either here or separately
|
|
}
|