You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/06/20 15:59:53 UTC
svn commit: r1861697 -
/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/
Author: angela
Date: Thu Jun 20 15:59:53 2019
New Revision: 1861697
URL: http://svn.apache.org/viewvc?rev=1861697&view=rev
Log:
OAK-8419 : Improve tests for o.a.j.oak.security.user.query
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultRowToAuthorizableTest.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/GroupPredicateTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultIteratorTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitorTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilderTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/GroupPredicateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/GroupPredicateTest.java?rev=1861697&r1=1861696&r2=1861697&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/GroupPredicateTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/GroupPredicateTest.java Thu Jun 20 15:59:53 2019
@@ -18,17 +18,18 @@ package org.apache.jackrabbit.oak.securi
import javax.jcr.RepositoryException;
+import com.google.common.collect.Iterators;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.junit.Test;
-import org.mockito.Mockito;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class GroupPredicateTest extends AbstractSecurityTest {
@@ -131,8 +132,20 @@ public class GroupPredicateTest extends
public void testGetIdFails() throws Exception {
GroupPredicate gp = new GroupPredicate(userManager, testGroup.getID(), true);
- Authorizable a = Mockito.mock(Authorizable.class);
+ Authorizable a = mock(Authorizable.class);
when(a.getID()).thenThrow(new RepositoryException());
assertFalse(gp.apply(a));
}
+
+ @Test
+ public void testGetMemberIdFails() throws Exception {
+ Authorizable member = when(mock(Authorizable.class).getID()).thenThrow(new RepositoryException()).getMock();
+ Group g = when(mock(Group.class).getDeclaredMembers()).thenReturn(Iterators.singletonIterator(member)).getMock();
+ when(g.isGroup()).thenReturn(true);
+ UserManager uMgr = when(mock(UserManager.class).getAuthorizable("g")).thenReturn(g).getMock();
+ Authorizable a = when(mock(Authorizable.class).getID()).thenReturn("a").getMock();
+
+ GroupPredicate gp = new GroupPredicate(uMgr, "g", true);
+ assertFalse(gp.apply(a));
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultIteratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultIteratorTest.java?rev=1861697&r1=1861696&r2=1861697&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultIteratorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultIteratorTest.java Thu Jun 20 15:59:53 2019
@@ -48,17 +48,41 @@ public class ResultIteratorTest {
@Test
public void testCreateOffsetEqualsSize() {
- Iterator<String> it = ImmutableList.of("str").iterator();
assertFalse(ResultIterator.create(1, ResultIterator.MAX_ALL, Iterators.singletonIterator("str")).hasNext());
}
+ @Test
+ public void testCreateOffsetGtSize() {
+ assertFalse(ResultIterator.create(2, ResultIterator.MAX_ALL, Iterators.singletonIterator("str")).hasNext());
+ }
+
+ @Test
+ public void testCreateOffsetLtSize() {
+ assertEquals(1, Iterators.size(ResultIterator.create(1, ResultIterator.MAX_ALL, ImmutableList.of("str", "str").iterator())));
+ }
+
+ @Test
+ public void testCreateOffsetEqualsMax() {
+ assertEquals(1, Iterators.size(ResultIterator.create(1, 1, ImmutableList.of("str", "str").iterator())));
+ }
+
+ @Test
+ public void testCreateOffsetGtMax() {
+ assertEquals(1, Iterators.size(ResultIterator.create(2, 1, ImmutableList.of("str", "str", "str").iterator())));
+ }
+
+ @Test
+ public void testCreateOffsetLtMax() {
+ Iterator resultIt = ResultIterator.create(1, 3, ImmutableList.of("str", "str", "str", "str").iterator());
+ assertEquals(3, Iterators.size(resultIt));
+ }
+
@Test(expected = NoSuchElementException.class)
public void testNextNoElements() {
Iterator<String> it = ResultIterator.create(1, ResultIterator.MAX_ALL, Iterators.singletonIterator("str"));
it.next();
}
-
@Test
public void testNextWithOffset() {
Iterator<String> it = ResultIterator.create(1, ResultIterator.MAX_ALL, ImmutableList.of("str", "str2").iterator());
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultRowToAuthorizableTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultRowToAuthorizableTest.java?rev=1861697&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultRowToAuthorizableTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultRowToAuthorizableTest.java Thu Jun 20 15:59:53 2019
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user.query;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.PropertyValue;
+import org.apache.jackrabbit.oak.api.ResultRow;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyValues;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
+import org.apache.jackrabbit.oak.security.user.UserManagerImpl;
+import org.apache.jackrabbit.oak.spi.query.QueryConstants;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.jetbrains.annotations.NotNull;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.jcr.SimpleCredentials;
+
+import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.NT_OAK_UNSTRUCTURED;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class ResultRowToAuthorizableTest extends AbstractSecurityTest {
+
+ private ResultRowToAuthorizable groupRrta;
+ private ResultRowToAuthorizable userRrta;
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ groupRrta = new ResultRowToAuthorizable(new UserManagerImpl(root, getPartialValueFactory(), getSecurityProvider()), root, AuthorizableType.GROUP);
+ userRrta = new ResultRowToAuthorizable(new UserManagerImpl(root, getPartialValueFactory(), getSecurityProvider()), root, AuthorizableType.USER);
+ }
+
+ private static ResultRow createResultRow(@NotNull String path) {
+ PropertyValue propValue = PropertyValues.newPath(path);
+ return when(mock(ResultRow.class).getValue(QueryConstants.JCR_PATH)).thenReturn(propValue).getMock();
+ }
+
+ @Test
+ public void testApplyNullRow() {
+ assertNull(groupRrta.apply(null));
+ }
+
+ @Test
+ public void testRowToNonExistingTree() {
+ PropertyValue propValue = PropertyValues.newPath("/path/to/nonExisting/tree");
+ ResultRow row = when(mock(ResultRow.class).getValue(QueryConstants.JCR_PATH)).thenReturn(propValue).getMock();
+ assertNull(groupRrta.apply(row));
+ }
+
+ @Test
+ public void testRowToRootTree() {
+ assertNull(groupRrta.apply(createResultRow(PathUtils.ROOT_PATH)));
+ }
+
+ @Test
+ public void testRowToUserTree() throws Exception {
+ User user = getTestUser();
+ ResultRow row = createResultRow(user.getPath());
+
+ assertNull(groupRrta.apply(row));
+
+ Authorizable a = userRrta.apply(row);
+ assertNotNull(a);
+ assertEquals(user.getID(), a.getID());
+ }
+
+ @Test
+ public void testRowToUserSubTree() throws Exception {
+ User user = getTestUser();
+ Tree t = root.getTree(user.getPath());
+ t = TreeUtil.addChild(t, "child", NT_OAK_UNSTRUCTURED);
+ ResultRow row = createResultRow(t.getPath());
+
+ assertNull(groupRrta.apply(row));
+
+ Authorizable a = userRrta.apply(row);
+ assertNotNull(a);
+ assertEquals(user.getID(), a.getID());
+ }
+
+ @Test
+ public void testRowToNonExistingUserSubTree() throws Exception {
+ User user = getTestUser();
+ ResultRow row = createResultRow(PathUtils.concat(user.getPath(), "child"));
+
+ assertNull(userRrta.apply(row));
+ }
+
+ @Test
+ public void testRowNonAccessibleUserTree() throws Exception {
+ User user = getTestUser();
+ String userPath = user.getPath();
+
+ try (ContentSession cs = login(new SimpleCredentials(user.getID(), user.getID().toCharArray()))) {
+ Root r = cs.getLatestRoot();
+ ResultRowToAuthorizable rrta = new ResultRowToAuthorizable(new UserManagerImpl(r, getPartialValueFactory(), getSecurityProvider()), r, null);
+ assertNull(rrta.apply(createResultRow(userPath)));
+ }
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/ResultRowToAuthorizableTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java?rev=1861697&r1=1861696&r2=1861697&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.java Thu Jun 20 15:59:53 2019
@@ -18,12 +18,16 @@ package org.apache.jackrabbit.oak.securi
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.query.QueryEngineSettings;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
@@ -40,8 +44,10 @@ import org.junit.Before;
import org.junit.Test;
import javax.jcr.RepositoryException;
+import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlManager;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
@@ -49,9 +55,11 @@ import java.util.Iterator;
import java.util.List;
import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.DEFAULT_ADMIN_ID;
import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.PARAM_GROUP_PATH;
import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.REP_AUTHORIZABLE_ID;
+import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.REP_DISABLED;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertSame;
@@ -71,7 +79,7 @@ public class UserQueryManagerTest extend
private Value v;
- private List<Group> groups = new ArrayList();
+ private List<Group> groups = new ArrayList<>();
@Before
public void before() throws Exception {
@@ -97,7 +105,7 @@ public class UserQueryManagerTest extend
@Override
public void after() throws Exception {
try {
- user.removeProperty(propertyName);
+ root.refresh();
for (Group g : groups) {
g.remove();
}
@@ -218,7 +226,7 @@ public class UserQueryManagerTest extend
root.commit();
for (AuthorizableType type : new AuthorizableType[] {AuthorizableType.AUTHORIZABLE, AuthorizableType.GROUP}) {
- Iterator<Authorizable> result = queryMgr.findAuthorizables("rel/path/to/" + propertyName, v.getString(), AuthorizableType.AUTHORIZABLE, false);
+ Iterator<Authorizable> result = queryMgr.findAuthorizables("rel/path/to/" + propertyName, v.getString(), type, false);
assertResultContainsAuthorizables(result, g);
}
}
@@ -329,7 +337,7 @@ public class UserQueryManagerTest extend
@Test
public void testQueryScopeNotMember() throws Exception {
- Group g = createGroup("g1", null);
+ createGroup("g1", null);
user.setProperty(propertyName, v);
root.commit();
@@ -553,4 +561,38 @@ public class UserQueryManagerTest extend
Iterator<Authorizable> result = uqm.findAuthorizables(REP_AUTHORIZABLE_ID, DEFAULT_ADMIN_ID, AuthorizableType.AUTHORIZABLE);
assertTrue(result.hasNext());
}
+
+ @Test
+ public void testFindReservedProperty() throws Exception {
+ user.setProperty("subtree/"+REP_DISABLED, valueFactory.createValue("disabled"));
+
+ Iterator<Authorizable> result = queryMgr.findAuthorizables(REP_DISABLED, "disabled", AuthorizableType.USER);
+ assertFalse(result.hasNext());
+
+ user.removeProperty("subtree/"+REP_DISABLED);
+ user.disable("disabled");
+
+ result = queryMgr.findAuthorizables(REP_DISABLED, "disabled", AuthorizableType.USER);
+ assertTrue(result.hasNext());
+ }
+
+ @Test
+ public void testFindResultNotAccessible() throws Exception {
+ user.setProperty("profile/name", valueFactory.createValue("userName"));
+ AccessControlManager acMgr = getAccessControlManager(root);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, PathUtils.concat(user.getPath(), "profile"));
+ if (acl != null && acl.addAccessControlEntry(user.getPrincipal(), privilegesFromNames(JCR_READ))) {
+ acMgr.setPolicy(acl.getPath(), acl);
+ }
+ root.commit();
+
+ try (ContentSession cs = login(new SimpleCredentials(user.getID(), user.getID().toCharArray()))) {
+ Root r = cs.getLatestRoot();
+ UserManagerImpl uMgr = new UserManagerImpl(r, getPartialValueFactory(), getSecurityProvider());
+ UserQueryManager uqm = new UserQueryManager(uMgr, getNamePathMapper(), ConfigurationParameters.EMPTY, r);
+
+ Iterator<Authorizable> result = uqm.findAuthorizables("name", "userName", AuthorizableType.USER);
+ assertFalse(result.hasNext());
+ }
+ }
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitorTest.java?rev=1861697&r1=1861696&r2=1861697&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitorTest.java Thu Jun 20 15:59:53 2019
@@ -22,6 +22,8 @@ import javax.jcr.Value;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.commons.QueryUtils;
import org.apache.jackrabbit.oak.namepath.impl.LocalNameMapper;
@@ -70,14 +72,13 @@ public class XPathConditionVisitorTest e
}
@Test
- public void testVisitNode() throws Exception {
+ public void testVisitNode() {
visitor.visit(new Condition.Node(SERACH_EXPR));
String s = statement.toString();
assertFalse(s.contains(SERACH_EXPR));
assertTrue(s.contains(QueryUtils.escapeForQuery(SERACH_EXPR)));
assertTrue(s.contains(QueryUtils.escapeForQuery(QueryUtils.escapeNodeName(SERACH_EXPR))));
-
}
@Test
@@ -139,7 +140,7 @@ public class XPathConditionVisitorTest e
@Test
public void testVisitImpersonation() throws Exception {
- String principalName = getTestUser().getPrincipal().getName();;
+ String principalName = getTestUser().getPrincipal().getName();
Condition.Impersonation c = new Condition.Impersonation(principalName);
visitor.visit(c);
@@ -160,6 +161,37 @@ public class XPathConditionVisitorTest e
}
@Test
+ public void testVisitImpersonationGroup() throws Exception {
+ UserManager uMgr = getUserManager(root);
+ Group g = null;
+ try {
+ g = uMgr.createGroup("g");
+ root.commit();
+ Condition.Impersonation c = new Condition.Impersonation(g.getPrincipal().getName());
+ visitor.visit(c);
+
+ String s = statement.toString();
+ assertTrue(s.contains(UserConstants.REP_IMPERSONATORS));
+ assertFalse(s.contains("@rcj:primaryType='" + UserConstants.NT_REP_USER + "'"));
+ } finally {
+ if (g != null) {
+ g.remove();
+ root.commit();
+ }
+ }
+ }
+
+ @Test
+ public void testVisitImpersonationNonExistingPrincipal() {
+ Condition.Impersonation c = new Condition.Impersonation("nonExisting");
+ visitor.visit(c);
+
+ String s = statement.toString();
+ assertTrue(s.contains(UserConstants.REP_IMPERSONATORS));
+ assertFalse(s.contains("@rcj:primaryType='" + UserConstants.NT_REP_USER + "'"));
+ }
+
+ @Test
public void testVisitNot() throws Exception {
visitor.visit(new Condition.Not(testCondition));
assertTrue(statement.toString().startsWith("not("));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilderTest.java?rev=1861697&r1=1861696&r2=1861697&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilderTest.java Thu Jun 20 15:59:53 2019
@@ -97,7 +97,7 @@ public class XPathQueryBuilderTest exten
@Test
public void testSetSelector() throws Exception {
- Map<Class<? extends Authorizable>, AuthorizableType> m = new HashMap();
+ Map<Class<? extends Authorizable>, AuthorizableType> m = new HashMap<>();
m.put(User.class, AuthorizableType.USER);
m.put(getTestUser().getClass(), AuthorizableType.USER);
m.put(Authorizable.class, AuthorizableType.AUTHORIZABLE);