You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2020/09/23 14:24:05 UTC
svn commit: r1881956 - in /jackrabbit/oak/trunk/oak-core: ./
src/test/java/org/apache/jackrabbit/oak/security/authentication/token/
Author: angela
Date: Wed Sep 23 14:24:05 2020
New Revision: 1881956
URL: http://svn.apache.org/viewvc?rev=1881956&view=rev
Log:
OAK-9227 : Improvements to token authentication tests
Modified:
jackrabbit/oak/trunk/oak-core/pom.xml
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestCredentialsSupport.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestLoginModule.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenDefaultLoginModuleTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleCredentialsSupportTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenNoRefreshTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplExceptionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java
Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Wed Sep 23 14:24:05 2020
@@ -180,9 +180,6 @@
<includes>
<include>org.apache.jackrabbit.oak.security.authorization.composite</include>
<include>org.apache.jackrabbit.oak.security.internal</include>
- <include>org.apache.jackrabbit.oak.security.authorization.permission</include>
- <include>org.apache.jackrabbit.oak.security.user</include>
- <include>org.apache.jackrabbit.oak.security.authentication.token</include>
<include>org.apache.jackrabbit.oak.security.authorization.accesscontrol</include>
<include>org.apache.jackrabbit.oak.security.authorization.restriction</include>
</includes>
@@ -193,7 +190,25 @@
<limit>
<counter>BRANCH</counter>
<value>COVEREDRATIO</value>
- <minimum>0.96</minimum>
+ <minimum>0.98</minimum>
+ </limit>
+ </limits>
+ </rule>
+ <rule>
+ <element>PACKAGE</element>
+ <includes>
+ <include>org.apache.jackrabbit.oak.security.user</include>
+ <include>org.apache.jackrabbit.oak.security.authorization.permission</include>
+ <include>org.apache.jackrabbit.oak.security.authentication.token</include>
+ </includes>
+ <excludes>
+ <exclude>*Test</exclude>
+ </excludes>
+ <limits>
+ <limit>
+ <counter>BRANCH</counter>
+ <value>COVEREDRATIO</value>
+ <minimum>0.97</minimum>
</limit>
</limits>
</rule>
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java Wed Sep 23 14:24:05 2020
@@ -17,6 +17,7 @@
package org.apache.jackrabbit.oak.security.authentication.token;
import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
@@ -36,6 +37,7 @@ import org.junit.Before;
import java.util.Collections;
+import static com.google.common.base.Preconditions.checkNotNull;
import static org.junit.Assert.assertNotNull;
/**
@@ -100,6 +102,11 @@ public abstract class AbstractTokenTest
}
@NotNull
+ Tree getUserTree(@NotNull String uid) throws RepositoryException {
+ return root.getTree(checkNotNull(getUserManager(root).getAuthorizable(uid)).getPath());
+ }
+
+ @NotNull
static TokenInfo createTokenInfo(@NotNull TokenProvider tp, @NotNull String userId) {
TokenInfo info = tp.createToken(userId, Collections.emptyMap());
assertNotNull(info);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestCredentialsSupport.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestCredentialsSupport.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestCredentialsSupport.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestCredentialsSupport.java Wed Sep 23 14:24:05 2020
@@ -49,7 +49,7 @@ public class TestCredentialsSupport impl
@NotNull
@Override
public Set<Class> getCredentialClasses() {
- return ImmutableSet.<Class>of(Creds.class);
+ return ImmutableSet.of(Creds.class);
}
@Nullable
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestLoginModule.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TestLoginModule.java Wed Sep 23 14:24:05 2020
@@ -38,7 +38,6 @@ public class TestLoginModule extends Abs
private CredentialsSupport credentialsSupport;
private Credentials credentials;
private String userId;
- private AuthInfo info;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
@@ -80,7 +79,7 @@ public class TestLoginModule extends Abs
public boolean commit() {
if (userId != null) {
subject.getPrincipals().add(EveryonePrincipal.getInstance());
- info = new AuthInfoImpl(userId, credentialsSupport.getAttributes(credentials), subject.getPrincipals());
+ AuthInfo info = new AuthInfoImpl(userId, credentialsSupport.getAttributes(credentials), subject.getPrincipals());
setAuthInfo(info, subject);
return true;
} else {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java Wed Sep 23 14:24:05 2020
@@ -64,7 +64,7 @@ public class TokenAuthenticationTest ext
@Test
public void testAuthenticateWithInvalidCredentials() throws Exception {
- List<Credentials> invalid = new ArrayList<Credentials>();
+ List<Credentials> invalid = new ArrayList<>();
invalid.add(new GuestCredentials());
invalid.add(new SimpleCredentials(userId, new char[0]));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java Wed Sep 23 14:24:05 2020
@@ -65,7 +65,7 @@ public class TokenConfigurationImplOSGiT
}
@Test
- public void testDefaultCredentialsSupport() throws Exception {
+ public void testDefaultCredentialsSupport() {
TokenProvider tp = tokenConfiguration.getTokenProvider(root);
assertTrue(tp.doCreateToken(sc));
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java Wed Sep 23 14:24:05 2020
@@ -89,7 +89,7 @@ public class TokenConfigurationImplTest
@Test
public void testGetValidators() {
- List<? extends ValidatorProvider> validators = tc.getValidators(root.getContentSession().getWorkspaceName(), ImmutableSet.<Principal>of(), new MoveTracker());
+ List<? extends ValidatorProvider> validators = tc.getValidators(root.getContentSession().getWorkspaceName(), ImmutableSet.of(), new MoveTracker());
assertNotNull(validators);
assertEquals(1, validators.size());
assertTrue(validators.get(0) instanceof TokenValidatorProvider);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenDefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenDefaultLoginModuleTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenDefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenDefaultLoginModuleTest.java Wed Sep 23 14:24:05 2020
@@ -48,12 +48,12 @@ public class TokenDefaultLoginModuleTest
AppConfigurationEntry tokenEntry = new AppConfigurationEntry(
TokenLoginModule.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
- Collections.<String, Object>emptyMap());
+ Collections.emptyMap());
AppConfigurationEntry defaultEntry = new AppConfigurationEntry(
LoginModuleImpl.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
- Collections.<String, Object>emptyMap());
+ Collections.emptyMap());
return new AppConfigurationEntry[] {tokenEntry, defaultEntry};
}
};
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java Wed Sep 23 14:24:05 2020
@@ -16,21 +16,26 @@
*/
package org.apache.jackrabbit.oak.security.authentication.token;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
+import org.apache.jackrabbit.util.Text;
import org.junit.Before;
import org.junit.Test;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
/**
* TokenInfoTest...
@@ -108,17 +113,17 @@ public class TokenInfoTest extends Abstr
@Test
public void testGetAttributes() {
- Map<String, String> reserved = new HashMap<String, String>();
+ Map<String, String> reserved = new HashMap<>();
reserved.put(TOKEN_ATTRIBUTE, "value");
reserved.put(TOKEN_ATTRIBUTE_KEY, "value");
reserved.put(TOKEN_ATTRIBUTE_EXPIRY, "value");
- Map<String, String> privateAttributes = new HashMap<String, String>();
+ Map<String, String> privateAttributes = new HashMap<>();
privateAttributes.put(".token_exp", "value");
privateAttributes.put(".tokenTest", "value");
privateAttributes.put(".token_something", "value");
- Map<String, String> publicAttributes = new HashMap<String, String>();
+ Map<String, String> publicAttributes = new HashMap<>();
publicAttributes.put("any", "value");
publicAttributes.put("another", "value");
@@ -131,17 +136,17 @@ public class TokenInfoTest extends Abstr
Map<String,String> pubAttr = info.getPublicAttributes();
assertEquals("public attributes",publicAttributes.size(), pubAttr.size());
- for (String key : publicAttributes.keySet()) {
- assertTrue("public attribute "+key+" not contained",pubAttr.containsKey(key));
- assertEquals("public attribute " + key,publicAttributes.get(key), pubAttr.get(key));
- }
+ publicAttributes.forEach((key, value) -> {
+ assertTrue("public attribute " + key + " not contained", pubAttr.containsKey(key));
+ assertEquals("public attribute " + key, value, pubAttr.get(key));
+ });
Map<String,String> privAttr = info.getPrivateAttributes();
assertEquals("private attributes",privateAttributes.size(), privAttr.size());
- for (String key : privateAttributes.keySet()) {
- assertTrue("private attribute "+key+" not contained",privAttr.containsKey(key));
- assertEquals("private attribute" + key,privateAttributes.get(key), privAttr.get(key));
- }
+ privateAttributes.forEach((key, value) -> {
+ assertTrue("private attribute " + key + " not contained", privAttr.containsKey(key));
+ assertEquals("private attribute" + key, value, privAttr.get(key));
+ });
for (String key : reserved.keySet()) {
assertFalse("reserved attribute "+key,privAttr.containsKey(key));
@@ -156,16 +161,10 @@ public class TokenInfoTest extends Abstr
}
@Test
- public void testRemoveToken2() {
- TokenInfo info = createTokenInfo(tokenProvider, userId);
- assertTrue(info.remove());
- }
-
- @Test
public void testRemoveTokenRemovesNode() throws Exception {
TokenInfo info = createTokenInfo(tokenProvider, userId);
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree tokens = userTree.getChild(TOKENS_NODE_NAME);
String tokenNodePath = tokens.getChildren().iterator().next().getPath();
@@ -175,18 +174,42 @@ public class TokenInfoTest extends Abstr
@Test
public void testRemoveTokenTreeRemoved() {
- TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
+ TokenInfo info = tokenProvider.createToken(userId, Collections.emptyMap());
assertNotNull(info);
Tree tokenTree = getTokenTree(info);
assertNotNull(tokenTree);
tokenTree.remove();
- // resetting expiration on a token tree that no longer exists should not success
+ // removing a token tree that no longer exists should not succeed
assertFalse(info.remove());
}
@Test
+ public void testRemoveTokenTreeRemovalFails() {
+ TokenInfo info = tokenProvider.createToken(userId, Collections.emptyMap());
+ String path = getTokenTree(info).getPath();
+ String userPath = Text.getRelativeParent(path, 2);
+ String token = info.getToken();
+
+ Tree tokenTree = mock(Tree.class);
+ when(tokenTree.remove()).thenReturn(false);
+ when(tokenTree.exists()).thenReturn(true);
+ when(tokenTree.getPath()).thenReturn(path);
+
+ Tree realTree = root.getTree(path);
+ when(tokenTree.getParent()).thenReturn(realTree.getParent());
+ when(tokenTree.getProperty(JCR_PRIMARYTYPE)).thenReturn(realTree.getProperty(JCR_PRIMARYTYPE));
+
+ Root r = mock(Root.class);
+ when(r.getTree(path)).thenReturn(tokenTree);
+ when(r.getTree(userPath)).thenReturn(root.getTree(userPath));
+
+ TokenProviderImpl tp = createTokenProvider(r, getUserConfiguration());
+ assertFalse(tp.getTokenInfo(path).remove());
+ }
+
+ @Test
public void testResetTokenExpirationExpiredToken() {
TokenInfo info = createTokenInfo(tokenProvider, userId);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleCredentialsSupportTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleCredentialsSupportTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleCredentialsSupportTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleCredentialsSupportTest.java Wed Sep 23 14:24:05 2020
@@ -75,7 +75,7 @@ public class TokenLoginModuleCredentials
AppConfigurationEntry tokenEntry = new AppConfigurationEntry(
TokenLoginModule.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
- Collections.<String, Object>emptyMap());
+ Collections.emptyMap());
AppConfigurationEntry testEntry = new AppConfigurationEntry(
TestLoginModule.class.getName(),
@@ -85,7 +85,7 @@ public class TokenLoginModuleCredentials
AppConfigurationEntry defaultEntry = new AppConfigurationEntry(
LoginModuleImpl.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
- Collections.<String, Object>emptyMap());
+ Collections.emptyMap());
return new AppConfigurationEntry[] {tokenEntry, testEntry, defaultEntry};
}
@@ -95,7 +95,7 @@ public class TokenLoginModuleCredentials
@Test
public void testCustomCredentials() throws Exception {
TestCredentialsSupport.Creds credentials = new TestCredentialsSupport.Creds();
- String token = null;
+ String token;
try (ContentSession cs = login(credentials)) {
assertEquals(userId, cs.getAuthInfo().getUserID());
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java Wed Sep 23 14:24:05 2020
@@ -79,8 +79,7 @@ public class TokenLoginModuleTest extend
when(info.matches(any(TokenCredentials.class))).thenReturn(true);
when(info.getUserId()).thenReturn(userId);
- TokenProvider tp = when(mock(TokenProvider.class).getTokenInfo(anyString())).thenReturn(info).getMock();
- return tp;
+ return when(mock(TokenProvider.class).getTokenInfo(anyString())).thenReturn(info).getMock();
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenNoRefreshTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenNoRefreshTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenNoRefreshTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenNoRefreshTest.java Wed Sep 23 14:24:05 2020
@@ -46,7 +46,7 @@ public class TokenNoRefreshTest extends
@Test
public void testNotReset() {
- TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
+ TokenInfo info = tokenProvider.createToken(userId, Collections.emptyMap());
assertNotNull(info);
assertFalse(info.resetExpiration(new Date().getTime()));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplExceptionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplExceptionTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplExceptionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplExceptionTest.java Wed Sep 23 14:24:05 2020
@@ -19,19 +19,29 @@ package org.apache.jackrabbit.oak.securi
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.junit.Before;
import org.junit.Test;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
+import java.util.UUID;
+import static junit.framework.TestCase.assertNotNull;
+import static org.apache.jackrabbit.JcrConstants.JCR_UUID;
import static org.junit.Assert.assertNull;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
@@ -39,6 +49,7 @@ import static org.mockito.Mockito.when;
public class TokenProviderImplExceptionTest extends AbstractTokenTest {
+ private UserConfiguration uc;
private TokenProviderImpl tp;
private UserManager userManager;
@@ -48,7 +59,7 @@ public class TokenProviderImplExceptionT
super.before();
userManager = mock(UserManager.class);
- UserConfiguration uc = mock(UserConfiguration.class);
+ uc = mock(UserConfiguration.class);
when(uc.getUserManager(any(Root.class), any(NamePathMapper.class))).thenReturn(userManager);
tp = createTokenProvider(root, uc);
@@ -63,6 +74,94 @@ public class TokenProviderImplExceptionT
}
@Test
+ public void testCreateTokenAccessDenied() throws Exception {
+ User u = mock(User.class);
+ when(u.getPath()).thenReturn("/testuser");
+ when(userManager.getAuthorizable(anyString())).thenReturn(u);
+
+ Tree tokenTree = when(mock(Tree.class).exists()).thenReturn(false).getMock();
+ when(tokenTree.getProperty(JCR_UUID)).thenReturn(PropertyStates.createProperty(JCR_UUID, UUID.randomUUID().toString()));
+
+ Tree tokenParent = mock(Tree.class);
+ when(tokenParent.exists()).thenReturn(true);
+ when(tokenParent.addChild(anyString())).thenReturn(tokenTree);
+
+ String parentPath = "/testuser/" + TOKENS_NODE_NAME;
+ Tree userTree = mock(Tree.class);
+ when(userTree.exists()).thenReturn(true);
+ when(userTree.getChild(TOKENS_NODE_NAME)).thenReturn(tokenParent);
+
+ Root r = mock(Root.class);
+ when(r.getTree(parentPath)).thenReturn(tokenParent);
+ when(r.getTree("/testuser")).thenReturn(userTree);
+
+ TokenProviderImpl tokenProvider = createTokenProvider(r, uc);
+ assertNull(tokenProvider.createToken(new SimpleCredentials("uid", new char[0])));
+ }
+
+ @Test
+ public void testCreateTokenRetry() throws Exception {
+ User u = mock(User.class);
+ when(u.getPath()).thenReturn("/testuser");
+ when(userManager.getAuthorizable(anyString())).thenReturn(u);
+
+ Tree tokenTree = when(mock(Tree.class).exists()).thenReturn(true).getMock();
+ when(tokenTree.getProperty(JCR_UUID)).thenReturn(PropertyStates.createProperty(JCR_UUID, UUID.randomUUID().toString()));
+
+ Tree tokenParent = when(mock(Tree.class).exists()).thenReturn(true).getMock();
+ when(tokenParent.addChild(anyString())).thenReturn(tokenTree);
+
+ String parentPath = "/testuser/" + TOKENS_NODE_NAME;
+ Tree userTree = mock(Tree.class);
+ when(userTree.exists()).thenReturn(true);
+ when(userTree.getChild(TOKENS_NODE_NAME)).thenReturn(tokenParent);
+
+ Root r = mock(Root.class);
+ doAnswer(new Answer() {
+ int cnt = 0;
+ @Override
+ public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
+ if (cnt++ == 0) {
+ throw new CommitFailedException(CommitFailedException.CONSTRAINT, 1, "conflict");
+ } else {
+ return null;
+ }
+ }
+ }).when(r).commit(CommitMarker.asCommitAttributes());
+ when(r.getTree(parentPath)).thenReturn(tokenParent);
+ when(r.getTree("/testuser")).thenReturn(userTree);
+
+ TokenProviderImpl tokenProvider = createTokenProvider(r, uc);
+ assertNotNull(tokenProvider.createToken(new SimpleCredentials("uid", new char[0])));
+ }
+
+ @Test
+ public void testCreateTokenCommitParentFails() throws Exception {
+ User u = mock(User.class);
+ when(u.getPath()).thenReturn("/testuser");
+ when(userManager.getAuthorizable(anyString())).thenReturn(u);
+
+ Tree tokenTree = when(mock(Tree.class).exists()).thenReturn(true).getMock();
+ when(tokenTree.getProperty(JCR_UUID)).thenReturn(PropertyStates.createProperty(JCR_UUID, UUID.randomUUID().toString()));
+
+ Tree tokenParent = when(mock(Tree.class).exists()).thenReturn(true).getMock();
+ when(tokenParent.addChild(anyString())).thenReturn(tokenTree);
+
+ String parentPath = "/testuser/" + TOKENS_NODE_NAME;
+ Tree userTree = mock(Tree.class);
+ when(userTree.exists()).thenReturn(true);
+ when(userTree.getChild(TOKENS_NODE_NAME)).thenReturn(tokenParent);
+
+ Root r = mock(Root.class);
+ doThrow(new CommitFailedException(CommitFailedException.CONSTRAINT, 1, "conflict")).when(r).commit();
+ when(r.getTree(parentPath)).thenReturn(tokenParent);
+ when(r.getTree("/testuser")).thenReturn(userTree);
+
+ TokenProviderImpl tokenProvider = createTokenProvider(r, uc);
+ assertNotNull(tokenProvider.createToken(new SimpleCredentials("uid", new char[0])));
+ }
+
+ @Test
public void testCreateTokenUserWithoutPath() throws Exception {
User u = when(mock(User.class).getPath()).thenThrow(new RepositoryException()).getMock();
when(userManager.getAuthorizable("uid")).thenReturn(u);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java Wed Sep 23 14:24:05 2020
@@ -210,20 +210,16 @@ public class TokenProviderImplTest exten
assertNotNull(prop);
assertEquals(Type.DATE, prop.getType());
- for (String key : reserved.keySet()) {
+ reserved.forEach((key, value) -> {
PropertyState p = tokenTree.getProperty(key);
if (p != null) {
- assertNotEquals(reserved.get(key), p.getValue(Type.STRING));
+ assertNotEquals(value, p.getValue(Type.STRING));
}
- }
+ });
- for (String key : privateAttributes.keySet()) {
- assertEquals(privateAttributes.get(key), tokenTree.getProperty(key).getValue(Type.STRING));
- }
+ privateAttributes.forEach((key, value) -> assertEquals(value, tokenTree.getProperty(key).getValue(Type.STRING)));
- for (String key : publicAttributes.keySet()) {
- assertEquals(publicAttributes.get(key), tokenTree.getProperty(key).getValue(Type.STRING));
- }
+ publicAttributes.forEach((key, value) -> assertEquals(value, tokenTree.getProperty(key).getValue(Type.STRING)));
}
@Test
@@ -299,7 +295,7 @@ public class TokenProviderImplTest exten
TokenInfo info = createTokenInfo(tokenProvider, userId);
assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree node = TreeUtil.addChild(userTree, "testNode", JcrConstants.NT_UNSTRUCTURED);
try {
replaceTokenTree(info, node, TOKEN_NT_NAME);
@@ -315,7 +311,7 @@ public class TokenProviderImplTest exten
TokenInfo info = createTokenInfo(tokenProvider, userId);
assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
try {
replaceTokenTree(info, userTree.getChild(TOKENS_NODE_NAME), JcrConstants.NT_UNSTRUCTURED);
@@ -334,7 +330,8 @@ public class TokenProviderImplTest exten
TokenInfo info2 = null;
try {
- Tree adminTree = root.getTree(getUserManager(root).getAuthorizable(adminSession.getAuthInfo().getUserID()).getPath());
+ String uid = adminSession.getAuthInfo().getUserID();
+ Tree adminTree = getUserTree(uid);
Tree node = TreeUtil.getOrAddChild(adminTree, TOKENS_NODE_NAME, JcrConstants.NT_UNSTRUCTURED);
assertTrue(root.move(tokenTree.getPath(), node.getPath() + '/' + tokenTree.getName()));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java?rev=1881956&r1=1881955&r2=1881956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java Wed Sep 23 14:24:05 2020
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.authentication.token;
import java.util.Calendar;
-import java.util.Collections;
import java.util.Date;
import java.util.UUID;
@@ -176,7 +175,7 @@ public class TokenValidatorTest extends
TokenInfo info = createTokenInfo(tokenProvider, userId);
assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree tree = TreeUtil.addChild(userTree, "testNode", JcrConstants.NT_UNSTRUCTURED);
try {
replaceTokenTree(info, tree, TOKEN_NT_NAME);
@@ -196,7 +195,7 @@ public class TokenValidatorTest extends
TokenInfo info = createTokenInfo(tokenProvider, userId);
assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree tree = TreeUtil.addChild(userTree, TOKENS_NODE_NAME, TOKENS_NT_NAME);
try {
tree = TreeUtil.addChild(tree, "invalid", JcrConstants.NT_UNSTRUCTURED);
@@ -217,7 +216,7 @@ public class TokenValidatorTest extends
TokenInfo info = createTokenInfo(tokenProvider, userId);
assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
try {
// create a valid token node using the test root
replaceTokenTree(info, userTree.getChild(TOKENS_NODE_NAME), TOKEN_NT_NAME);
@@ -237,7 +236,7 @@ public class TokenValidatorTest extends
TokenInfo info = createTokenInfo(tokenProvider, userId);
assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree t = null;
try {
t = replaceTokenTree(info, userTree.getChild(TOKENS_NODE_NAME), JcrConstants.NT_UNSTRUCTURED);
@@ -263,7 +262,7 @@ public class TokenValidatorTest extends
@Test
public void testInvalidTokenParentNode() throws Exception {
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree node = TreeUtil.addChild(userTree, "testNode", JcrConstants.NT_UNSTRUCTURED);
try {
// Invalid node type of '.tokens' node
@@ -281,14 +280,14 @@ public class TokenValidatorTest extends
@Test
public void testManuallyCreateTokenParent() throws Exception {
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
TreeUtil.addChild(userTree, TOKENS_NODE_NAME, TOKENS_NT_NAME);
root.commit();
}
@Test
public void testManuallyCreateTokenParentWithNtUnstructured() throws Exception {
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
TreeUtil.addChild(userTree, TOKENS_NODE_NAME, JcrConstants.NT_UNSTRUCTURED);
root.commit();
@@ -316,7 +315,7 @@ public class TokenValidatorTest extends
@Test
public void testTokensNodeAtInvalidPathBelowUser() throws Exception {
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree n = null;
try {
// Invalid node type of '.tokens' node
@@ -337,7 +336,7 @@ public class TokenValidatorTest extends
@Test
public void testChangeTokenParentPrimaryTypeToRepUnstructured() throws Exception {
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree node = TreeUtil.addChild(userTree, TOKENS_NODE_NAME, JcrConstants.NT_UNSTRUCTURED);
root.commit();
@@ -365,7 +364,7 @@ public class TokenValidatorTest extends
@Test
public void testChangeRegularRepUnstructuredPrimaryType() throws Exception {
- Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
+ Tree userTree = getUserTree(userId);
Tree n = TreeUtil.getOrAddChild(userTree,"test", NodeTypeConstants.NT_REP_UNSTRUCTURED);
root.commit();