Examples with User com.bakdata.conquery.models.auth.entities.User used on opensource projects

Search in sources :

Example 41 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class JwtPkceVerifyingRealmTest method verifyToken.

@Test
void verifyToken() {
    // Setup the expected user id
    User expected = new User("Test", "Test", STORAGE);
    STORAGE.updateUser(expected);
    Date issueDate = new Date();
    Date expDate = DateUtils.addMinutes(issueDate, 1);
    String token = JWT.create().withIssuer(HTTP_REALM_URL).withAudience(AUDIENCE).withSubject(expected.getName()).withIssuedAt(issueDate).withExpiresAt(expDate).withClaim("groups", "conquery").withIssuedAt(issueDate).withExpiresAt(expDate).sign(Algorithm.RSA256(PUBLIC_KEY, PRIVATE_KEY));
    BearerToken accessToken = new BearerToken(token);
    assertThat(REALM.doGetAuthenticationInfo(accessToken).getPrincipals().getPrimaryPrincipal()).isEqualTo(expected);
}
Also used : User(com.bakdata.conquery.models.auth.entities.User) BearerToken(org.apache.shiro.authc.BearerToken) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 42 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class PermissionCleanupTaskTest method doNotDeletePermissionValidReference.

@Test
void doNotDeletePermissionValidReference() {
    assertThat(STORAGE.getAllExecutions()).isEmpty();
    final ManagedQuery managedQuery = createManagedQuery();
    // Saving the Execution
    User user = new User("test", "test", STORAGE);
    STORAGE.updateUser(user);
    user.addPermission(ExecutionPermission.onInstance(AbilitySets.QUERY_CREATOR, managedQuery.getId()));
    deleteQueryPermissionsWithMissingRef(STORAGE, STORAGE.getAllUsers());
    assertThat(user.getPermissions()).containsOnly(ExecutionPermission.onInstance(AbilitySets.QUERY_CREATOR, managedQuery.getId()));
}
Also used : User(com.bakdata.conquery.models.auth.entities.User) ManagedQuery(com.bakdata.conquery.models.query.ManagedQuery) Test(org.junit.jupiter.api.Test)

Example 43 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class ProtoUser method createOrOverwriteUser.

public User createOrOverwriteUser(@NonNull MetaStorage storage) {
    if (label == null) {
        label = name;
    }
    User user = new User(name, label, storage);
    storage.updateUser(user);
    for (String sPermission : permissions) {
        user.addPermission(new WildcardPermission(sPermission));
    }
    return user;
}
Also used : User(com.bakdata.conquery.models.auth.entities.User) WildcardPermission(com.bakdata.conquery.models.auth.permissions.WildcardPermission)

Example 44 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class ApiTokenRealmTest method execute.

@Override
public void execute(StandaloneSupport conquery) throws Exception {
    final User testUser = conquery.getTestUser();
    final ApiTokenRealm realm = conquery.getAuthorizationController().getAuthenticationRealms().stream().filter(ApiTokenRealm.class::isInstance).map(ApiTokenRealm.class::cast).collect(MoreCollectors.onlyElement());
    final ConqueryTokenRealm conqueryTokenRealm = conquery.getAuthorizationController().getConqueryTokenRealm();
    final String userToken = conqueryTokenRealm.createTokenForUser(testUser.getId());
    // Request ApiToken
    final ApiTokenDataRepresentation.Request tokenRequest1 = new ApiTokenDataRepresentation.Request();
    tokenRequest1.setName("test-token");
    tokenRequest1.setScopes(EnumSet.of(Scopes.DATASET));
    tokenRequest1.setExpirationDate(LocalDate.now().plus(1, ChronoUnit.DAYS));
    ApiToken apiToken1 = requestApiToken(conquery, userToken, tokenRequest1);
    assertThat(apiToken1.getToken()).isNotBlank();
    // List ApiToken
    List<ApiTokenDataRepresentation.Response> apiTokens = conquery.getClient().target(HierarchyHelper.hierarchicalPath(conquery.defaultApiURIBuilder(), ApiTokenResource.class, "listUserTokens")).request(MediaType.APPLICATION_JSON_TYPE).header("Authorization", "Bearer " + userToken).get(new GenericType<List<ApiTokenDataRepresentation.Response>>() {
    });
    final ApiTokenDataRepresentation.Response expected = new ApiTokenDataRepresentation.Response();
    expected.setLastUsed(null);
    expected.setCreationDate(LocalDate.now());
    expected.setExpirationDate(LocalDate.now().plus(1, ChronoUnit.DAYS));
    expected.setScopes(EnumSet.of(Scopes.DATASET));
    expected.setName("test-token");
    assertThat(apiTokens).hasSize(1);
    assertThat(apiTokens.get(0)).usingRecursiveComparison().ignoringFields("id").isEqualTo(expected);
    // Request ApiToken 2
    final ApiTokenDataRepresentation.Request tokenRequest2 = new ApiTokenDataRepresentation.Request();
    tokenRequest2.setName("test-token");
    tokenRequest2.setScopes(EnumSet.of(Scopes.ADMIN));
    tokenRequest2.setExpirationDate(LocalDate.now().plus(1, ChronoUnit.DAYS));
    ApiToken apiToken2 = requestApiToken(conquery, userToken, tokenRequest2);
    assertThat(apiToken2.getToken()).isNotBlank();
    // List ApiToken 2
    apiTokens = requestTokenList(conquery, userToken);
    assertThat(apiTokens).hasSize(2);
    // Use ApiToken1 to get Datasets
    List<IdLabel<DatasetId>> datasets = requestDatasets(conquery, apiToken1);
    assertThat(datasets).isNotEmpty();
    // Use ApiToken2 to get Datasets
    datasets = requestDatasets(conquery, apiToken2);
    assertThat(datasets).as("The second token has no scope for dataset").isEmpty();
    // Use ApiToken2 to access Admin
    List<DatasetId> adminDatasets = conquery.getClient().target(HierarchyHelper.hierarchicalPath(conquery.defaultAdminURIBuilder(), AdminDatasetsResource.class, "listDatasets")).request(MediaType.APPLICATION_JSON_TYPE).header("Authorization", "Bearer " + apiToken2.getToken()).get(new GenericType<>() {
    });
    assertThat(adminDatasets).as("The second token has scope for admin").isNotEmpty();
    // Try to delete ApiToken2 with ApiToken (should fail)
    final UUID id2 = apiTokens.stream().filter(t -> t.getScopes().contains(Scopes.ADMIN)).map(ApiTokenDataRepresentation.Response::getId).collect(MoreCollectors.onlyElement());
    Response response = conquery.getClient().target(HierarchyHelper.hierarchicalPath(conquery.defaultApiURIBuilder(), ApiTokenResource.class, "deleteToken")).resolveTemplate(ApiTokenResource.TOKEN, id2).request(MediaType.APPLICATION_JSON_TYPE).header("Authorization", "Bearer " + apiToken2.getToken()).delete(Response.class);
    assertThat(response.getStatus()).as("It is forbidden to act on ApiTokens with ApiTokens").isEqualTo(403);
    // Delete ApiToken2 with user token
    response = conquery.getClient().target(HierarchyHelper.hierarchicalPath(conquery.defaultApiURIBuilder(), ApiTokenResource.class, "deleteToken")).resolveTemplate(ApiTokenResource.TOKEN, id2).request(MediaType.APPLICATION_JSON_TYPE).header("Authorization", "Bearer " + userToken).delete(Response.class);
    assertThat(response.getStatus()).as("It is okay to act on ApiTokens with UserTokens").isEqualTo(200);
    assertThat(realm.listUserToken(testUser)).hasSize(1);
    // Try to use the deleted token to access Admin
    response = conquery.getClient().target(HierarchyHelper.hierarchicalPath(conquery.defaultAdminURIBuilder(), AdminDatasetsResource.class, "listDatasets")).request(MediaType.APPLICATION_JSON_TYPE).header("Authorization", "Bearer " + apiToken2.getToken()).get(Response.class);
    assertThat(response.getStatus()).as("Cannot use deleted token").isEqualTo(401);
    // Try to act on tokens from another user
    final MetaStorage metaStorage = conquery.getMetaStorage();
    final User user2 = new User("TestUser2", "TestUser2", metaStorage);
    metaStorage.addUser(user2);
    final String user2Token = conqueryTokenRealm.createTokenForUser(user2.getId());
    // Try to delete ApiToken2 with ApiToken (should fail)
    final UUID id1 = apiTokens.stream().filter(t -> t.getScopes().contains(Scopes.DATASET)).map(ApiTokenDataRepresentation.Response::getId).collect(MoreCollectors.onlyElement());
    response = conquery.getClient().target(HierarchyHelper.hierarchicalPath(conquery.defaultApiURIBuilder(), ApiTokenResource.class, "deleteToken")).resolveTemplate(ApiTokenResource.TOKEN, id1).request(MediaType.APPLICATION_JSON_TYPE).header("Authorization", "Bearer " + user2Token).delete(Response.class);
    assertThat(response.getStatus()).as("It is forbidden to act on someone else ApiTokens").isEqualTo(403);
    // Request ApiToken 3 (expired)
    final ApiTokenDataRepresentation.Request tokenRequest3 = new ApiTokenDataRepresentation.Request();
    tokenRequest3.setName("test-token");
    tokenRequest3.setScopes(EnumSet.of(Scopes.DATASET));
    tokenRequest3.setExpirationDate(LocalDate.now().minus(1, ChronoUnit.DAYS));
    assertThatThrownBy(() -> requestApiToken(conquery, userToken, tokenRequest3)).as("Expiration date is in the past").isExactlyInstanceOf(ClientErrorException.class).hasMessageContaining("HTTP 422");
    // Craft expired token behind validation to simulate the use of an expired token
    ApiToken apiToken3 = realm.createApiToken(user2, tokenRequest3);
    assertThatThrownBy(() -> requestDatasets(conquery, apiToken3)).as("Expired token").isExactlyInstanceOf(NotAuthorizedException.class);
}
Also used : User(com.bakdata.conquery.models.auth.entities.User) ConqueryTokenRealm(com.bakdata.conquery.models.auth.conquerytoken.ConqueryTokenRealm) ApiTokenDataRepresentation(com.bakdata.conquery.apiv1.auth.ApiTokenDataRepresentation) DatasetId(com.bakdata.conquery.models.identifiable.ids.specific.DatasetId) ApiTokenResource(com.bakdata.conquery.resources.api.ApiTokenResource) Response(javax.ws.rs.core.Response) IdLabel(com.bakdata.conquery.apiv1.IdLabel) MetaStorage(com.bakdata.conquery.io.storage.MetaStorage) ApiToken(com.bakdata.conquery.models.auth.apitoken.ApiToken) ClientErrorException(javax.ws.rs.ClientErrorException) ApiTokenRealm(com.bakdata.conquery.models.auth.apitoken.ApiTokenRealm) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) UUID(java.util.UUID) AdminDatasetsResource(com.bakdata.conquery.resources.admin.rest.AdminDatasetsResource)

Example 45 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class IntegrationUtils method importPermissionConstellation.

/**
 * Load the constellation of roles, users and permissions into the provided storage.
 */
public static void importPermissionConstellation(MetaStorage storage, Role[] roles, RequiredUser[] rUsers) {
    for (Role role : roles) {
        storage.addRole(role);
    }
    for (RequiredUser rUser : rUsers) {
        User user = rUser.getUser();
        storage.addUser(user);
        RoleId[] rolesInjected = rUser.getRolesInjected();
        for (RoleId mandatorId : rolesInjected) {
            user.addRole(storage.getRole(mandatorId));
        }
    }
}
Also used : Role(com.bakdata.conquery.models.auth.entities.Role) User(com.bakdata.conquery.models.auth.entities.User) RoleId(com.bakdata.conquery.models.identifiable.ids.specific.RoleId)

Aggregations

User (com.bakdata.conquery.models.auth.entities.User)49 Test (org.junit.jupiter.api.Test)17 MetaStorage (com.bakdata.conquery.io.storage.MetaStorage)14 ManagedQuery (com.bakdata.conquery.models.query.ManagedQuery)14 Dataset (com.bakdata.conquery.models.datasets.Dataset)11 UserId (com.bakdata.conquery.models.identifiable.ids.specific.UserId)10 Group (com.bakdata.conquery.models.auth.entities.Group)8 Role (com.bakdata.conquery.models.auth.entities.Role)8 DatasetId (com.bakdata.conquery.models.identifiable.ids.specific.DatasetId)8 ManagedExecutionId (com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId)7 ConceptQuery (com.bakdata.conquery.apiv1.query.ConceptQuery)5 QueryDescription (com.bakdata.conquery.apiv1.query.QueryDescription)5 ConqueryAuthenticationInfo (com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo)5 CentralRegistry (com.bakdata.conquery.models.identifiable.CentralRegistry)5 BeforeEach (org.junit.jupiter.api.BeforeEach)5 ConqueryPermission (com.bakdata.conquery.models.auth.permissions.ConqueryPermission)4 NonPersistentStoreFactory (com.bakdata.conquery.util.NonPersistentStoreFactory)4 Slf4j (lombok.extern.slf4j.Slf4j)4 Query (com.bakdata.conquery.apiv1.query.Query)3 CQReusedQuery (com.bakdata.conquery.apiv1.query.concept.specific.CQReusedQuery)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial