You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by gu...@apache.org on 2020/11/12 01:56:18 UTC
[pulsar-manager] branch master updated: When user management is
disabled login fails (#351)
This is an automated email from the ASF dual-hosted git repository.
guangning pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-manager.git
The following commit(s) were added to refs/heads/master by this push:
new 609510f When user management is disabled login fails (#351)
609510f is described below
commit 609510f0d95fd426577e1521073628e9db6e6b81
Author: Stepan <ts...@gmail.com>
AuthorDate: Thu Nov 12 04:54:16 2020 +0300
When user management is disabled login fails (#351)
**Fixes #347**
### Motivation
Bug. If user management is turned off then user has no way to log in as default credentials don't pass login validation.
### Modifications
When check for super user is being performed and user management is disabled then use token generated for default credentials which are defined in properties file.
---
.../manager/service/impl/RolesServiceImpl.java | 19 +++++++++++
.../manager/service/RolesServiceImplTest.java | 38 +++++++++++++++++++++-
2 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java b/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java
index cd6f61f..7c99587 100644
--- a/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java
+++ b/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java
@@ -31,13 +31,18 @@ import org.apache.pulsar.manager.entity.TenantsRepository;
import org.apache.pulsar.manager.entity.UserInfoEntity;
import org.apache.pulsar.manager.entity.UsersRepository;
import org.apache.pulsar.manager.service.ClustersService;
+import org.apache.pulsar.manager.service.JwtService;
import org.apache.pulsar.manager.service.RolesService;
import org.apache.pulsar.manager.service.TenantsService;
import org.apache.pulsar.manager.utils.ResourceType;
import org.apache.pulsar.manager.utils.ResourceVerbs;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
@@ -47,6 +52,8 @@ import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
+import static java.util.Objects.requireNonNull;
+
@Slf4j
@Service
public class RolesServiceImpl implements RolesService {
@@ -75,6 +82,12 @@ public class RolesServiceImpl implements RolesService {
@Autowired
private NamespacesRepository namespacesRepository;
+ @Autowired
+ private JwtService jwtService;
+
+ @Value("${user.management.enable}")
+ private boolean userManagementEnabled;
+
private final String VERBS_SEPARATOR = ",";
private static final Pattern pattern = Pattern.compile("[A-Za-z0-9_]+");
@@ -247,7 +260,13 @@ public class RolesServiceImpl implements RolesService {
result.put("message", "Validate tenant success");
return result;
}
+
public boolean isSuperUser(String token) {
+ if (!userManagementEnabled) {
+ HttpServletRequest request = requireNonNull((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+ String serverToken = jwtService.getToken(request.getSession().getId());
+ return StringUtils.equalsIgnoreCase(serverToken, token);
+ }
Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByAccessToken(token);
if (!userInfoEntityOptional.isPresent()) {
return false;
diff --git a/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java b/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java
index 604ec3d..071fb37 100644
--- a/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java
+++ b/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java
@@ -31,17 +31,27 @@ import org.apache.pulsar.manager.utils.ResourceVerbs;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.mockito.Mockito;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.powermock.modules.junit4.PowerMockRunnerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.util.ReflectionTestUtils;
import java.util.Map;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
@RunWith(PowerMockRunner.class)
@PowerMockRunnerDelegate(SpringRunner.class)
@PowerMockIgnore( {"javax.*", "sun.*", "com.sun.*", "org.xml.*", "org.w3c.*"})
@@ -73,6 +83,9 @@ public class RolesServiceImplTest {
@Autowired
private NamespacesRepository namespacesRepository;
+ @MockBean
+ private JwtService jwtService;
+
@Test
public void validateRoleInfoEntityTest() {
RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
@@ -126,7 +139,7 @@ public class RolesServiceImplTest {
roleInfoEntity.setResourceVerbs("xxxx");
Map<String, String> stringMapVerbs = rolesService.validateRoleInfoEntity(roleInfoEntity);
- Assert.assertTrue(stringMapVerbs.get("error").startsWith("Verb"));
+ assertTrue(stringMapVerbs.get("error").startsWith("Verb"));
roleInfoEntity.setResourceType(ResourceType.TOPICS.name());
roleInfoEntity.setResourceVerbs(ResourceVerbs.ADMIN.name());
@@ -186,4 +199,27 @@ public class RolesServiceImplTest {
"test-access-token", "test-tenant");
Assert.assertEquals(currentTenantValidateSuccess.get("message"), "Validate tenant success");
}
+
+ @Test
+ public void isSuperUser_Permits_ifUserManagementIsOff_andDefaultUserIsUsed() {
+ ReflectionTestUtils.setField(rolesService, "userManagementEnabled", false);
+ String account = "pulsar";
+ String password = "pulsar";
+ String token = jwtService.toToken(account + "-" + password);
+
+ when(jwtService.getToken(Mockito.anyString())).thenReturn(token);
+ assertTrue(rolesService.isSuperUser(token));
+ ReflectionTestUtils.setField(rolesService, "userManagementEnabled", true);
+ }
+
+ @Test
+ public void isSuperUser_Forbids_ifUserManagementIsOn_andDefaultUserIsUsed() {
+ String account = "pulsar";
+ String password = "pulsar";
+ String token = jwtService.toToken(account + "-" + password);
+
+ assertFalse(rolesService.isSuperUser(token));
+ verify(jwtService, never()).getToken(anyString());
+ }
+
}