You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/03/08 20:37:27 UTC
[GitHub] [nifi] exceptionfactory commented on a change in pull request #5824: NIFI-9699 - Updated oidcCallback method to handle error cases. Added …

exceptionfactory commented on a change in pull request #5824:
URL: https://github.com/apache/nifi/pull/5824#discussion_r822048336



##########
File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/OIDCAccessResourceTest.java
##########
@@ -0,0 +1,155 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.api;
+
+import com.nimbusds.oauth2.sdk.AuthorizationCode;
+import com.nimbusds.oauth2.sdk.AuthorizationGrant;
+import com.nimbusds.oauth2.sdk.ErrorObject;
+import com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse;
+import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
+import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
+import org.apache.nifi.web.security.jwt.provider.BearerTokenProvider;
+import org.apache.nifi.web.security.jwt.provider.StandardBearerTokenProvider;
+import org.apache.nifi.web.security.oidc.OidcService;
+import org.apache.nifi.web.security.token.LoginAuthenticationToken;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;

Review comment:
       Can you change this unit test to use JUnit 5?  The `RunWith`  annotation also does not seem to be necessary.

##########
File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/OIDCAccessResourceTest.java
##########
@@ -0,0 +1,155 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.api;
+
+import com.nimbusds.oauth2.sdk.AuthorizationCode;
+import com.nimbusds.oauth2.sdk.AuthorizationGrant;
+import com.nimbusds.oauth2.sdk.ErrorObject;
+import com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse;
+import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
+import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
+import org.apache.nifi.web.security.jwt.provider.BearerTokenProvider;
+import org.apache.nifi.web.security.jwt.provider.StandardBearerTokenProvider;
+import org.apache.nifi.web.security.oidc.OidcService;
+import org.apache.nifi.web.security.token.LoginAuthenticationToken;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.Mockito;
+import org.springframework.mock.web.MockHttpServletResponse;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import static org.apache.nifi.web.api.cookie.ApplicationCookieName.OIDC_REQUEST_IDENTIFIER;
+import static org.junit.Assert.assertEquals;
+import static org.mockito.ArgumentMatchers.any;
+
+@RunWith(JUnit4.class)
+public class OIDCAccessResourceTest {
+
+    final static String REQUEST_IDENTIFIER = "an-identifier";
+    final static String OIDC_LOGIN_FAILURE_MESSAGE = "Unsuccessful login attempt.";
+
+    @Test
+    public void testOidcCallbackSuccess() throws Exception {
+        HttpServletRequest mockRequest = Mockito.mock(HttpServletRequest.class);
+        MockHttpServletResponse mockResponse = new MockHttpServletResponse();
+        Cookie[] cookies = { new Cookie(OIDC_REQUEST_IDENTIFIER.getCookieName(), REQUEST_IDENTIFIER) };
+        Mockito.when(mockRequest.getCookies()).thenReturn(cookies);
+        OidcService oidcService = Mockito.mock(OidcService.class);
+        MockOIDCAccessResource accessResource = new MockOIDCAccessResource(oidcService, true);
+        accessResource.oidcCallback(mockRequest, mockResponse);
+        Mockito.verify(oidcService).storeJwt(any(String.class), any(String.class));
+    }
+
+    @Test
+    public void testOidcCallbackFailure() throws Exception {
+        HttpServletRequest mockRequest = Mockito.mock(HttpServletRequest.class);
+        MockHttpServletResponse mockResponse = new MockHttpServletResponse();
+        Cookie[] cookies = { new Cookie(OIDC_REQUEST_IDENTIFIER.getCookieName(), REQUEST_IDENTIFIER) };
+        Mockito.when(mockRequest.getCookies()).thenReturn(cookies);
+        OidcService oidcService = Mockito.mock(OidcService.class);
+        MockOIDCAccessResource accessResource = new MockOIDCCallbackFailure(oidcService, false);
+        accessResource.oidcCallback(mockRequest, mockResponse);
+    }
+
+    public class MockOIDCCallbackFailure extends MockOIDCAccessResource {
+
+        public MockOIDCCallbackFailure(OidcService oidcService, Boolean requestShouldSucceed) throws IOException {
+            super(oidcService, requestShouldSucceed);
+        }
+
+        @Override
+        protected void forwardToLoginMessagePage(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse, final String message) throws Exception {
+            assertEquals(OIDC_LOGIN_FAILURE_MESSAGE, message);
+        }
+    }
+
+    public class MockOIDCAccessResource extends OIDCAccessResource {
+
+        final static String BEARER_TOKEN = "bearer_token";
+        final static String AUTHORIZATION_CODE = "authorization_code";
+        final static String CALLBACK_URL = "https://nifi.apache.org/nifi-api/access/oidc/callback";
+        final static String RESOURCE_URI = "resource_uri";
+        private Boolean requestShouldSucceed;
+
+        public MockOIDCAccessResource(final OidcService oidcService, final Boolean requestShouldSucceed) throws IOException {
+            this.requestShouldSucceed = requestShouldSucceed;
+            final BearerTokenProvider bearerTokenProvider = Mockito.mock(StandardBearerTokenProvider.class);
+            Mockito.when(bearerTokenProvider.getBearerToken(any(LoginAuthenticationToken.class))).thenReturn(BEARER_TOKEN);
+            setOidcService(oidcService);
+            setBearerTokenProvider(bearerTokenProvider);
+            final LoginAuthenticationToken token = Mockito.mock(LoginAuthenticationToken.class);
+            Mockito.when(oidcService.exchangeAuthorizationCodeForLoginAuthenticationToken(any(AuthorizationGrant.class))).thenReturn(token);
+        }
+
+        @Override
+        protected AuthenticationResponse parseOidcResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean isLogin) {
+            if (requestShouldSucceed) {
+                return getSuccessResponse();
+            } else {
+                return getErrorResponse();
+            }
+        }
+
+        @Override
+        protected void checkOidcState(HttpServletResponse httpServletResponse, final String oidcRequestIdentifier, AuthenticationSuccessResponse successfulOidcResponse, boolean isLogin)
+                throws Exception {
+            // do nothing
+        }
+
+        @Override
+        protected String getOidcCallback() {
+            return CALLBACK_URL;
+        }
+
+        @Override
+        protected String generateResourceUri(final String... path) {
+            return RESOURCE_URI;
+        }
+
+        @Override
+        protected URI getCookieResourceUri() {
+            try {
+                return new URI(RESOURCE_URI);
+            } catch (URISyntaxException e) {
+                e.printStackTrace();
+                return null;
+            }

Review comment:
       It should be possible to change this to use `URI.create()` which does not throw a checked exception.
   ```suggestion
               URI.create(RESOURCE_URI);
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org