use of org.cloudfoundry.credhub.entity.AuthFailureAuditRecord in project credhub by cloudfoundry-incubator.
the class AuthFailureAuditRecordDataServiceTest method save_whenGivenARecord_savesTheRecord.
@Test
public void save_whenGivenARecord_savesTheRecord() {
assertNotNull(record);
List<AuthFailureAuditRecord> records = jdbcTemplate.query("select * from auth_failure_audit_record", (rs, rowCount) -> {
AuthFailureAuditRecord r = new AuthFailureAuditRecord();
r.setId(rs.getLong("id"));
r.setFailureDescription(rs.getString("failure_description"));
r.setHostName(rs.getString("host_name"));
r.setNow(Instant.ofEpochMilli(rs.getLong("now")));
r.setPath(rs.getString("path"));
r.setRequesterIp(rs.getString("requester_ip"));
r.setAuthValidUntil(rs.getLong("auth_valid_until"));
r.setAuthValidFrom(rs.getLong("auth_valid_from"));
r.setUaaUrl(rs.getString("uaa_url"));
r.setUserId(rs.getString("user_id"));
r.setUserName(rs.getString("user_name"));
r.setXForwardedFor(rs.getString("x_forwarded_for"));
r.setScope(rs.getString("scope"));
r.setGrantType(rs.getString("grant_type"));
r.setClientId(rs.getString("client_id"));
r.setMethod(rs.getString("method"));
r.setStatusCode(rs.getInt("status_code"));
r.setQueryParameters(rs.getString("query_parameters"));
return r;
});
assertThat(records.size(), equalTo(1));
AuthFailureAuditRecord expected = records.get(0);
AuthFailureAuditRecord actual = record;
assertThat(expected.getId(), equalTo(actual.getId()));
assertThat(expected.getFailureDescription(), equalTo(actual.getFailureDescription()));
assertThat(expected.getHostName(), equalTo(actual.getHostName()));
assertThat(expected.getNow(), equalTo(actual.getNow()));
assertThat(expected.getNow(), equalTo(frozenTime));
assertThat(expected.getPath(), equalTo(actual.getPath()));
assertThat(expected.getRequesterIp(), equalTo(actual.getRequesterIp()));
assertThat(expected.getAuthValidUntil(), equalTo(actual.getAuthValidUntil()));
assertThat(expected.getAuthValidUntil(), equalTo(authValidUntil));
assertThat(expected.getAuthValidFrom(), equalTo(actual.getAuthValidFrom()));
assertThat(expected.getAuthValidFrom(), equalTo(authValidFrom));
assertThat(expected.getUaaUrl(), equalTo(actual.getUaaUrl()));
assertThat(expected.getUserId(), equalTo(actual.getUserId()));
assertThat(expected.getUserName(), equalTo(actual.getUserName()));
assertThat(expected.getXForwardedFor(), equalTo(actual.getXForwardedFor()));
assertThat(expected.getScope(), equalTo(actual.getScope()));
assertThat(expected.getGrantType(), equalTo(actual.getGrantType()));
assertThat(expected.getClientId(), equalTo(actual.getClientId()));
assertThat(expected.getMethod(), equalTo(actual.getMethod()));
assertThat(expected.getStatusCode(), equalTo(actual.getStatusCode()));
assertThat(expected.getQueryParameters(), equalTo(actual.getQueryParameters()));
}
use of org.cloudfoundry.credhub.entity.AuthFailureAuditRecord in project credhub by cloudfoundry-incubator.
the class AuthFailureAuditRecordDataServiceTest method createAuthFailureAuditRecord.
AuthFailureAuditRecord createAuthFailureAuditRecord() {
AuthFailureAuditRecord record = new AuthFailureAuditRecord();
record.setAuthMethod(UserContext.AUTH_METHOD_UAA);
record.setFailureDescription("it failed");
record.setHostName("host.example.com");
record.setNow(frozenTime);
record.setPath("/api/some-path");
record.setRequesterIp("127.0.0.1");
record.setAuthValidUntil(authValidUntil);
record.setAuthValidFrom(authValidFrom);
record.setUaaUrl("https://uaa.example.com");
record.setUserId("test-user-id");
record.setUserName("test-user-name");
record.setXForwardedFor("test-x-forwarded-for");
record.setScope("test.scope");
record.setGrantType("test-grant-type");
record.setClientId("test-client-id");
record.setMethod("GET");
record.setStatusCode(HttpStatus.INTERNAL_SERVER_ERROR.value());
record.setQueryParameters("query=param");
return record;
}
use of org.cloudfoundry.credhub.entity.AuthFailureAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditOAuth2AuthenticationExceptionHandlerTest method whenTheTokenIsValid_logsTheCorrectExceptionToTheDatabase.
@Test
public void whenTheTokenIsValid_logsTheCorrectExceptionToTheDatabase() throws Exception {
mockMvc.perform(get(CREDENTIAL_URL).header("Authorization", "Bearer " + AuthConstants.INVALID_JSON_JWT).header("X-Forwarded-For", "1.1.1.1,2.2.2.2").accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).with(request -> {
request.setRemoteAddr("99.99.99.99");
return request;
}));
AuthFailureAuditRecord auditRecord = authFailureAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(auditRecord.getPath(), equalTo(CREDENTIAL_URL_PATH));
assertThat(auditRecord.getAuthMethod(), equalTo(UserContext.AUTH_METHOD_UAA));
assertThat(auditRecord.getQueryParameters(), equalTo("my_name=my_value"));
assertThat(auditRecord.getRequesterIp(), equalTo("99.99.99.99"));
assertThat(auditRecord.getXForwardedFor(), equalTo("1.1.1.1,2.2.2.2"));
assertThat(auditRecord.getFailureDescription(), equalTo("Cannot convert access token to JSON"));
assertThat(auditRecord.getUserId(), equalTo(null));
assertThat(auditRecord.getUserName(), equalTo(null));
assertThat(auditRecord.getUaaUrl(), equalTo(null));
assertThat(auditRecord.getAuthValidFrom(), equalTo(-1L));
assertThat(auditRecord.getAuthValidUntil(), equalTo(-1L));
assertThat(auditRecord.getClientId(), equalTo(null));
assertThat(auditRecord.getScope(), equalTo(null));
assertThat(auditRecord.getGrantType(), equalTo(null));
assertThat(auditRecord.getMethod(), equalTo("GET"));
assertThat(auditRecord.getStatusCode(), equalTo(401));
}
use of org.cloudfoundry.credhub.entity.AuthFailureAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditOAuth2AuthenticationExceptionHandlerTest method whenThereIsNoToken_logsTheCorrectExceptionToTheDatabase.
@Test
public void whenThereIsNoToken_logsTheCorrectExceptionToTheDatabase() throws Exception {
mockMvc.perform(get(CREDENTIAL_URL).header("X-Forwarded-For", "1.1.1.1,2.2.2.2").accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).with(request -> {
request.setRemoteAddr("12346");
return request;
}));
AuthFailureAuditRecord auditRecord = authFailureAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(auditRecord.getNow(), equalTo(NOW));
assertThat(auditRecord.getPath(), equalTo(CREDENTIAL_URL_PATH));
assertThat(auditRecord.getAuthMethod(), equalTo(UserContext.AUTH_METHOD_UAA));
assertThat(auditRecord.getQueryParameters(), equalTo("my_name=my_value"));
assertThat(auditRecord.getRequesterIp(), equalTo("12346"));
assertThat(auditRecord.getXForwardedFor(), equalTo("1.1.1.1,2.2.2.2"));
assertThat(auditRecord.getFailureDescription(), equalTo("Full authentication is required to access this resource"));
assertThat(auditRecord.getUserId(), nullValue());
assertThat(auditRecord.getUserName(), nullValue());
assertThat(auditRecord.getUaaUrl(), nullValue());
assertThat(auditRecord.getAuthValidFrom(), equalTo(-1L));
assertThat(auditRecord.getAuthValidUntil(), equalTo(-1L));
assertThat(auditRecord.getClientId(), equalTo(null));
assertThat(auditRecord.getScope(), equalTo(null));
assertThat(auditRecord.getGrantType(), equalTo(null));
assertThat(auditRecord.getMethod(), equalTo("GET"));
assertThat(auditRecord.getStatusCode(), equalTo(401));
}
use of org.cloudfoundry.credhub.entity.AuthFailureAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditOAuth2AuthenticationExceptionHandlerTest method whenTheTokenHasExpired_savesTheCorrectExceptionToTheDatabase.
@Test
public void whenTheTokenHasExpired_savesTheCorrectExceptionToTheDatabase() throws Exception {
mockMvc.perform(get(CREDENTIAL_URL).header("Authorization", "Bearer " + AuthConstants.EXPIRED_KEY_JWT).header("X-Forwarded-For", "1.1.1.1,2.2.2.2").accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).with(request -> {
request.setRemoteAddr("99.99.99.99");
return request;
}));
AuthFailureAuditRecord auditRecord = authFailureAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(auditRecord.getNow(), equalTo(NOW));
assertThat(auditRecord.getPath(), equalTo(CREDENTIAL_URL_PATH));
assertThat(auditRecord.getQueryParameters(), equalTo("my_name=my_value"));
assertThat(auditRecord.getRequesterIp(), equalTo("99.99.99.99"));
assertThat(auditRecord.getXForwardedFor(), equalTo("1.1.1.1,2.2.2.2"));
assertThat(auditRecord.getFailureDescription(), equalTo("Access token expired"));
OAuth2AccessToken accessToken = tokenServices.readAccessToken(AuthConstants.EXPIRED_KEY_JWT);
Map<String, Object> additionalInformation = accessToken.getAdditionalInformation();
assertThat(auditRecord.getUserId(), equalTo(additionalInformation.get("user_id")));
assertThat(auditRecord.getUserName(), equalTo(additionalInformation.get("user_name")));
assertThat(auditRecord.getUaaUrl(), equalTo(additionalInformation.get("iss")));
assertThat(auditRecord.getAuthValidFrom(), // 1469051704L
equalTo(((Number) additionalInformation.get("iat")).longValue()));
assertThat(auditRecord.getAuthValidUntil(), // 1469051824L
equalTo(accessToken.getExpiration().toInstant().getEpochSecond()));
assertThat(auditRecord.getClientId(), equalTo("credhub_cli"));
assertThat(auditRecord.getScope(), equalTo("credhub.write,credhub.read"));
assertThat(auditRecord.getGrantType(), equalTo("password"));
assertThat(auditRecord.getMethod(), equalTo("GET"));
assertThat(auditRecord.getStatusCode(), equalTo(401));
}
Aggregations