Search in sources :

Example 26 with AuthenticationInfo

use of com.enonic.xp.security.auth.AuthenticationInfo in project xp by enonic.

the class LoginHandlerTest method testSessionInvalidatedOnLogin.

@Test
public void testSessionInvalidatedOnLogin() {
    final AuthenticationInfo authInfo = TestDataFixtures.createAuthenticationInfo();
    final IdProviders idProviders = IdProviders.from(IdProvider.create().displayName("system").key(IdProviderKey.from("system")).build());
    Mockito.when(this.securityService.authenticate(Mockito.any())).thenReturn(authInfo);
    Mockito.when(this.securityService.getIdProviders()).thenReturn(idProviders);
    final SessionMock session = Mockito.spy(new SessionMock());
    ContextAccessor.current().getLocalScope().setSession(session);
    runScript("/lib/xp/examples/auth/login.js");
    verify(session, times(5)).invalidate();
}
Also used : IdProviders(com.enonic.xp.security.IdProviders) AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) SessionMock(com.enonic.xp.session.SessionMock) Test(org.junit.jupiter.api.Test)

Example 27 with AuthenticationInfo

use of com.enonic.xp.security.auth.AuthenticationInfo in project xp by enonic.

the class ChangePasswordHandlerTest method testExamples.

@Test
public void testExamples() {
    final AuthenticationInfo authInfo = AuthenticationInfo.create().user(TestDataFixtures.getTestUser()).principals(RoleKeys.ADMIN_LOGIN).build();
    this.session.setAttribute(authInfo);
    runScript("/lib/xp/examples/auth/changePassword.js");
    Mockito.verify(this.securityService).setPassword(eq(authInfo.getUser().getKey()), eq("new-secret-password"));
}
Also used : AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) Test(org.junit.jupiter.api.Test)

Example 28 with AuthenticationInfo

use of com.enonic.xp.security.auth.AuthenticationInfo in project xp by enonic.

the class NodePermissionsResolverTest method hasPermissionAll.

@Test
public void hasPermissionAll() throws Exception {
    final AuthenticationInfo authInfo = AuthenticationInfo.create().user(User.create().key(USER_A).login("usera").build()).principals(USER_A, GROUP_B, ROLE_C).build();
    final AccessControlList nodePermissions = AccessControlList.create().add(AccessControlEntry.create().principal(USER_A).allow(READ).build()).add(AccessControlEntry.create().principal(GROUP_B).allow(CREATE).build()).add(AccessControlEntry.create().principal(ROLE_C).allow(READ, MODIFY, CREATE).build()).build();
    assertTrue(NodePermissionsResolver.userHasPermission(authInfo, READ, nodePermissions));
    assertTrue(NodePermissionsResolver.userHasPermission(authInfo, CREATE, nodePermissions));
    assertTrue(NodePermissionsResolver.userHasPermission(authInfo, MODIFY, nodePermissions));
    assertFalse(NodePermissionsResolver.userHasPermission(authInfo, PUBLISH, nodePermissions));
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) Test(org.junit.jupiter.api.Test)

Example 29 with AuthenticationInfo

use of com.enonic.xp.security.auth.AuthenticationInfo in project xp by enonic.

the class NodePermissionsResolverTest method hasPermissionSome.

@Test
public void hasPermissionSome() throws Exception {
    final AuthenticationInfo authInfo = AuthenticationInfo.create().user(User.create().key(USER_A).login("usera").build()).principals(USER_A, ROLE_C).build();
    final AccessControlList nodePermissions = AccessControlList.create().add(AccessControlEntry.create().principal(USER_A).allow(READ).build()).add(AccessControlEntry.create().principal(GROUP_B).allow(CREATE).build()).add(AccessControlEntry.create().principal(ROLE_C).allow(MODIFY).build()).build();
    assertTrue(NodePermissionsResolver.userHasPermission(authInfo, READ, nodePermissions));
    assertFalse(NodePermissionsResolver.userHasPermission(authInfo, CREATE, nodePermissions));
    assertTrue(NodePermissionsResolver.userHasPermission(authInfo, MODIFY, nodePermissions));
    assertFalse(NodePermissionsResolver.userHasPermission(authInfo, PUBLISH, nodePermissions));
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) Test(org.junit.jupiter.api.Test)

Example 30 with AuthenticationInfo

use of com.enonic.xp.security.auth.AuthenticationInfo in project xp by enonic.

the class HasRoleHandlerTest method testDoesNotHaveRole.

@Test
public void testDoesNotHaveRole() {
    final AuthenticationInfo authInfo = AuthenticationInfo.create().user(TestDataFixtures.getTestUser()).principals(RoleKeys.ADMIN_LOGIN).build();
    this.session.setAttribute(authInfo);
    runFunction("/test/hasRole-test.js", "doesNotHaveRole");
}
Also used : AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) Test(org.junit.jupiter.api.Test)

Aggregations

AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)67 Test (org.junit.jupiter.api.Test)44 Context (com.enonic.xp.context.Context)17 User (com.enonic.xp.security.User)17 Session (com.enonic.xp.session.Session)9 CreateUserParams (com.enonic.xp.security.CreateUserParams)7 AbstractElasticsearchIntegrationTest (com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest)6 IdProviders (com.enonic.xp.security.IdProviders)6 EmailPasswordAuthToken (com.enonic.xp.security.auth.EmailPasswordAuthToken)6 VerifiedUsernameAuthToken (com.enonic.xp.security.auth.VerifiedUsernameAuthToken)6 PropertyTree (com.enonic.xp.data.PropertyTree)5 AccessControlList (com.enonic.xp.security.acl.AccessControlList)5 UsernamePasswordAuthToken (com.enonic.xp.security.auth.UsernamePasswordAuthToken)5 PrincipalKey (com.enonic.xp.security.PrincipalKey)4 SessionMock (com.enonic.xp.session.SessionMock)4 LogAuditLogParams (com.enonic.xp.audit.LogAuditLogParams)2 Content (com.enonic.xp.content.Content)2 ProjectName (com.enonic.xp.project.ProjectName)2 AbstractNodeTest (com.enonic.xp.repo.impl.node.AbstractNodeTest)2 IdProvider (com.enonic.xp.security.IdProvider)2