You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/04/18 11:13:17 UTC
svn commit: r1739712 - in
/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external:
DefaultSyncHandlerTest.java TestIdentityProvider.java
impl/DefaultSyncHandlerTest.java
Author: angela
Date: Mon Apr 18 09:13:17 2016
New Revision: 1739712
URL: http://svn.apache.org/viewvc?rev=1739712&view=rev
Log:
OAK-4216 : Improve testing of DefaultSyncHandler
Added:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandlerTest.java
- copied, changed from r1738253, jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandlerTest.java
Removed:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandlerTest.java
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java
Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java?rev=1739712&r1=1739711&r2=1739712&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java Mon Apr 18 09:13:17 2016
@@ -29,10 +29,11 @@ import javax.security.auth.login.LoginEx
public class TestIdentityProvider implements ExternalIdentityProvider {
+ public static final String ID_TEST_USER = "testUser";
+
private final Map<String, ExternalGroup> externalGroups = new HashMap<String, ExternalGroup>();
private final Map<String, ExternalUser> externalUsers = new HashMap<String, ExternalUser>();
-
public TestIdentityProvider() {
addGroup(new TestGroup("aa"));
addGroup(new TestGroup("aaa"));
@@ -40,7 +41,7 @@ public class TestIdentityProvider implem
addGroup(new TestGroup("b").withGroups("a"));
addGroup(new TestGroup("c"));
- addUser(new TestUser("testUser")
+ addUser(new TestUser(ID_TEST_USER)
.withProperty("name", "Test User")
.withProperty("profile/name", "Public Name")
.withProperty("profile/age", 72)
Copied: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandlerTest.java (from r1738253, jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandlerTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandlerTest.java?p2=jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandlerTest.java&p1=jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandlerTest.java&r1=1738253&r2=1739712&rev=1739712&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandlerTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandlerTest.java Mon Apr 18 09:13:17 2016
@@ -14,20 +14,32 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.spi.security.authentication.external;
+package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;
import java.util.Calendar;
-
+import java.util.Iterator;
+import java.util.Set;
+import javax.annotation.Nonnull;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
-import javax.jcr.ValueFactory;
+import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModuleTestBase;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -36,6 +48,7 @@ import static org.junit.Assert.assertEqu
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
/**
@@ -43,11 +56,20 @@ import static org.junit.Assert.assertTru
*/
public class DefaultSyncHandlerTest extends ExternalLoginModuleTestBase {
- private final String userId = "testUser";
+ private String userId = TestIdentityProvider.ID_TEST_USER;
+
+ private UserManager userManager;
+ private DefaultSyncHandler syncHandler;
@Before
public void before() throws Exception {
super.before();
+
+ userManager = getUserManager(root);
+ SyncHandler sh = syncManager.getSyncHandler("default");
+
+ assertTrue(sh instanceof DefaultSyncHandler);
+ syncHandler = (DefaultSyncHandler) sh;
}
@After
@@ -68,23 +90,39 @@ public class DefaultSyncHandlerTest exte
protected void setSyncConfig(DefaultSyncConfig cfg) {
if (cfg != null) {
cfg.user().setExpirationTime(500);
+ cfg.group().setExpirationTime(Long.MAX_VALUE);
}
super.setSyncConfig(cfg);
}
+ private void sync(@Nonnull String id, boolean isGroup) throws Exception {
+ SyncContext ctx = syncHandler.createContext(idp, userManager, getValueFactory());
+ ExternalIdentity exIdentity = (isGroup) ? idp.getGroup(id) : idp.getUser(id);
+ SyncResult res = ctx.sync(exIdentity);
+ assertSame(SyncResult.Status.ADD, res.getStatus());
+ root.commit();
+ }
+
+ @Test
+ public void testGetName() {
+ assertEquals(syncConfig.getName(), syncHandler.getName());
+ }
+
+ @Test
+ public void testCreateContext() throws Exception {
+ SyncContext ctx = syncHandler.createContext(idp, userManager, new ValueFactoryImpl(root, NamePathMapper.DEFAULT));
+ assertTrue(ctx instanceof DefaultSyncContext);
+ }
+
@Test
public void testFindMissingIdentity() throws Exception {
- UserManager userManager = getUserManager(root);
- SyncHandler mgr = syncManager.getSyncHandler("default");
- SyncedIdentity id = mgr.findIdentity(userManager, "foobar");
+ SyncedIdentity id = syncHandler.findIdentity(userManager, "foobar");
assertNull("unknown authorizable should not exist", id);
}
@Test
public void testFindLocalIdentity() throws Exception {
- UserManager userManager = getUserManager(root);
- SyncHandler mgr = syncManager.getSyncHandler("default");
- SyncedIdentity id = mgr.findIdentity(userManager, "admin");
+ SyncedIdentity id = syncHandler.findIdentity(userManager, "admin");
assertNotNull("known authorizable should exist", id);
assertNull("local user should not have external ref", id.getExternalIdRef());
}
@@ -94,48 +132,130 @@ public class DefaultSyncHandlerTest exte
login(new SimpleCredentials(userId, new char[0])).close();
root.refresh();
- UserManager userManager = getUserManager(root);
- SyncHandler mgr = syncManager.getSyncHandler("default");
- SyncedIdentity id = mgr.findIdentity(userManager, userId);
+ SyncedIdentity id = syncHandler.findIdentity(userManager, userId);
assertNotNull("known authorizable should exist", id);
assertEquals("external user should have correct external ref.idp", idp.getName(), id.getExternalIdRef().getProviderName());
assertEquals("external user should have correct external ref.id", userId, id.getExternalIdRef().getId());
}
@Test
- public void testRequiresNoSync() throws Exception {
+ public void testFindGroupIdentity() throws Exception {
+ SyncedIdentity si = syncHandler.findIdentity(userManager, "c");
+ assertNull(si);
+
+ sync("c", true);
+
+ si = syncHandler.findIdentity(userManager, "c");
+ assertNotNull(si);
+ assertTrue(si.isGroup());
+ assertNotNull(si.getExternalIdRef());
+ }
+
+ @Test
+ public void testFindIdentityWithRemovedExternalId() throws Exception {
+ sync(userId, false);
+
+ // NOTE: this is only possible as long the rep:externalId property is not protected
+ Authorizable authorizable = userManager.getAuthorizable(userId);
+ authorizable.removeProperty(DefaultSyncContext.REP_EXTERNAL_ID);
+ root.commit();
+
+ SyncedIdentity si = syncHandler.findIdentity(userManager, userId);
+ assertNull(si.getExternalIdRef());
+ }
+
+ @Test
+ public void testRequiresSyncAfterCreate() throws Exception {
login(new SimpleCredentials(userId, new char[0])).close();
root.refresh();
- UserManager userManager = getUserManager(root);
- SyncHandler mgr = syncManager.getSyncHandler("default");
- SyncedIdentity id = mgr.findIdentity(userManager, userId);
- assertNotNull("known authorizable should exist", id);
+ SyncedIdentity id = syncHandler.findIdentity(userManager, userId);
+ assertNotNull("Known authorizable should exist", id);
- assertFalse("freshly synced id should not require sync", mgr.requiresSync(id));
+ assertFalse("Freshly synced id should not require sync", syncHandler.requiresSync(id));
}
@Test
- public void testRequiresSync() throws Exception {
+ public void testRequiresSyncExpiredSyncProperty() throws Exception {
login(new SimpleCredentials(userId, new char[0])).close();
root.refresh();
- ValueFactory valueFactory = new ValueFactoryImpl(root, NamePathMapper.DEFAULT);
final Calendar nowCal = Calendar.getInstance();
nowCal.setTimeInMillis(nowCal.getTimeInMillis() - 1000);
- Value nowValue = valueFactory.createValue(nowCal);
+ Value nowValue = getValueFactory().createValue(nowCal);
- UserManager userManager = getUserManager(root);
Authorizable a = userManager.getAuthorizable(userId);
a.setProperty(DefaultSyncContext.REP_LAST_SYNCED, nowValue);
root.commit();
- SyncHandler mgr = syncManager.getSyncHandler("default");
- SyncedIdentity id = mgr.findIdentity(userManager, userId);
+ SyncedIdentity id = syncHandler.findIdentity(userManager, userId);
assertNotNull("known authorizable should exist", id);
- assertTrue("synced id should require sync", mgr.requiresSync(id));
+ assertTrue("synced id should require sync", syncHandler.requiresSync(id));
}
+ @Test
+ public void testRequiresSyncMissingSyncProperty() throws Exception {
+ sync(userId, false);
+ Authorizable a = userManager.getAuthorizable(userId);
+ a.removeProperty(DefaultSyncContext.REP_LAST_SYNCED);
+ root.commit();
+
+ SyncedIdentity si = syncHandler.findIdentity(userManager, userId);
+ assertNotNull(si);
+ assertTrue(syncHandler.requiresSync(si));
+ }
+
+ @Test
+ public void testRequiresSyncMissingExternalIDRef() throws Exception {
+ assertTrue(syncHandler.requiresSync(new DefaultSyncedIdentity(userId, null, false, Long.MAX_VALUE)));
+ }
+
+ @Test
+ public void testRequiresSyncNotYetSynced() throws Exception {
+ assertTrue(syncHandler.requiresSync(new DefaultSyncedIdentity(userId, idp.getUser(userId).getExternalId(), false, Long.MIN_VALUE)));
+ }
+
+ @Test
+ public void testRequiresSyncGroup() throws Exception {
+ sync("c", true);
+
+ SyncedIdentity si = syncHandler.findIdentity(userManager, "c");
+ assertNotNull(si);
+ assertTrue(si.isGroup());
+ assertFalse(syncHandler.requiresSync(si));
+ }
+
+ @Test
+ public void testListIdentitiesBeforeSync() throws Exception {
+ Iterator<SyncedIdentity> identities = syncHandler.listIdentities(userManager);
+ while (identities.hasNext()) {
+ SyncedIdentity si = identities.next();
+ assertNull(si.getExternalIdRef());
+ }
+ }
+
+ @Test
+ public void testListIdentitiesAfterSync() throws Exception {
+ sync(userId, false);
+
+ // membership-nesting is 1 => expect only 'userId' plus the declared group-membership
+ Set<String> expected = Sets.newHashSet(userId);
+ for (ExternalIdentityRef extRef : idp.getUser(userId).getDeclaredGroups()) {
+ expected.add(extRef.getId());
+ }
+
+ Iterator<SyncedIdentity> identities = syncHandler.listIdentities(userManager);
+ while (identities.hasNext()) {
+ SyncedIdentity si = identities.next();
+ if (expected.contains(si.getId())) {
+ expected.remove(si.getId());
+ assertNotNull(si.getExternalIdRef());
+ } else {
+ assertNull(si.getExternalIdRef());
+ }
+ }
+ assertTrue(expected.isEmpty());
+ }
}
\ No newline at end of file