Search in sources :

Example 1 with PluginRoleConfig

use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.

the class AuthorizationMessageConverterV1 method getRoleConfigs.

private List<Map<String, Object>> getRoleConfigs(List<PluginRoleConfig> roleConfigs) {
    List<Map<String, Object>> configs = new ArrayList<>();
    if (roleConfigs == null) {
        return configs;
    }
    for (PluginRoleConfig roleConfig : roleConfigs) {
        Map<String, Object> config = new HashedMap();
        config.put("name", roleConfig.getName().toString());
        config.put("auth_config_id", roleConfig.getAuthConfigId());
        config.put("configuration", roleConfig.getConfigurationAsMap(true));
        configs.add(config);
    }
    return configs;
}
Also used : PluginRoleConfig(com.thoughtworks.go.config.PluginRoleConfig) HashedMap(org.apache.commons.collections.map.HashedMap) HashedMap(org.apache.commons.collections.map.HashedMap)

Example 2 with PluginRoleConfig

use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.

the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUser.

@Test
public void shouldTalkToPlugin_To_AuthenticateUser() throws Exception {
    String requestBody = "{\n" + "  \"credentials\": {\n" + "    \"username\": \"bob\",\n" + "    \"password\": \"secret\"\n" + "  },\n" + "  \"auth_configs\": [\n" + "    {\n" + "      \"id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"url\": \"some-url\"\n" + "      }\n" + "    }\n" + "  ],\n" + "  \"role_configs\": [\n" + "    {\n" + "      \"name\": \"foo\",\n" + "      \"auth_config_id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"memberOf\": \"ou=some-value\"\n" + "      }\n" + "    }\n" + "  ]\n" + "}";
    String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
    when(pluginManager.submitTo(eq(PLUGIN_ID), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
    final PluginRoleConfig roleConfig = new PluginRoleConfig("foo", "ldap", ConfigurationPropertyMother.create("memberOf", false, "ou=some-value"));
    final List<PluginRoleConfig> pluginRoleConfigs = Collections.singletonList(roleConfig);
    final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
    authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", ConfigurationPropertyMother.create("url", false, "some-url")));
    AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, pluginRoleConfigs);
    assertRequest(requestArgumentCaptor.getValue(), AuthorizationPluginConstants.EXTENSION_NAME, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
    assertThat(authenticationResponse.getUser(), is(new User("bob", "Bob", "bob@example.com")));
    assertThat(authenticationResponse.getRoles().get(0), is("blackbird"));
}
Also used : SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) User(com.thoughtworks.go.plugin.access.authentication.models.User) DefaultGoPluginApiResponse(com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse) SecurityAuthConfigs(com.thoughtworks.go.config.SecurityAuthConfigs) PluginRoleConfig(com.thoughtworks.go.config.PluginRoleConfig) AuthenticationResponse(com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse) Test(org.junit.Test)

Example 3 with PluginRoleConfig

use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.

the class PluginAuthenticationProvider method getUserDetailsFromAuthorizationPlugins.

private User getUserDetailsFromAuthorizationPlugins(String username, UsernamePasswordAuthenticationToken authentication) {
    Set<String> plugins = store.getPluginsThatSupportsPasswordBasedAuthentication();
    for (String pluginId : plugins) {
        String password = (String) authentication.getCredentials();
        List<SecurityAuthConfig> authConfigs = configService.security().securityAuthConfigs().findByPluginId(pluginId);
        final List<PluginRoleConfig> roleConfigs = configService.security().getPluginRoles(pluginId);
        if (authConfigs == null || authConfigs.isEmpty())
            continue;
        AuthenticationResponse response = authorizationExtension.authenticateUser(pluginId, username, password, authConfigs, roleConfigs);
        User user = ensureDisplayNamePresent(response.getUser());
        if (user != null) {
            pluginRoleService.updatePluginRoles(pluginId, username, CaseInsensitiveString.caseInsensitiveStrings(response.getRoles()));
            return user;
        }
    }
    return null;
}
Also used : SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) User(com.thoughtworks.go.plugin.access.authentication.models.User) CaseInsensitiveString(com.thoughtworks.go.config.CaseInsensitiveString) PluginRoleConfig(com.thoughtworks.go.config.PluginRoleConfig) AuthenticationResponse(com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse)

Example 4 with PluginRoleConfig

use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.

the class RemoveAdminPermissionFilterIntegrationTest method testShouldReAuthenticateOnlyOnceAfterConfigChange.

@Test
public void testShouldReAuthenticateOnlyOnceAfterConfigChange() throws IOException, ServletException {
    goConfigService.security().securityAuthConfigs().add(new SecurityAuthConfig("github", "cd.go.authorization.github"));
    goConfigService.security().addRole(new PluginRoleConfig("spacetiger", "github"));
    Authentication authentication = setupAuthentication();
    when(session.getAttribute(RemoveAdminPermissionFilter.SECURITY_CONFIG_LAST_CHANGE)).thenReturn(0L).thenReturn(0L).thenReturn(100L);
    RemoveAdminPermissionFilter filter = new RemoveAdminPermissionFilter(goConfigService, timeProvider, pluginRoleService);
    filter.initialize();
    //good initial state
    assertThat(authentication.isAuthenticated(), is(true));
    filter.doFilterHttp(request, response, chain);
    pluginRoleService.invalidateRolesFor("cd.go.authorization.github");
    assertThat(authentication.isAuthenticated(), is(true));
    filter.doFilterHttp(request, response, chain);
    assertThat(authentication.isAuthenticated(), is(false));
    authentication.setAuthenticated(true);
    filter.doFilterHttp(request, response, chain);
    assertThat(authentication.isAuthenticated(), is(true));
}
Also used : SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) Authentication(org.springframework.security.Authentication) PluginRoleConfig(com.thoughtworks.go.config.PluginRoleConfig) Test(org.junit.Test)

Example 5 with PluginRoleConfig

use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.

the class RoleConfigCreateCommandTest method shouldInvokePluginValidationsBeforeSave.

@Test
public void shouldInvokePluginValidationsBeforeSave() throws Exception {
    ValidationResult validationResult = new ValidationResult();
    validationResult.addError(new ValidationError("key", "error"));
    when(extension.validateRoleConfiguration(eq("aws"), Matchers.any())).thenReturn(validationResult);
    PluginRoleConfig role = new PluginRoleConfig("blackbird", "ldap");
    RoleConfigCreateCommand command = new RoleConfigCreateCommand(mock(GoConfigService.class), role, extension, null, new HttpLocalizedOperationResult());
    BasicCruiseConfig cruiseConfig = new BasicCruiseConfig();
    thrown.expect(RoleNotFoundException.class);
    thrown.expectMessage("Plugin role config `blackbird` does not exist.");
    command.isValid(cruiseConfig);
    command.update(cruiseConfig);
    assertThat(role.first().errors().size(), is(1));
    assertThat(role.first().errors().asString(), is("error"));
}
Also used : HttpLocalizedOperationResult(com.thoughtworks.go.server.service.result.HttpLocalizedOperationResult) BasicCruiseConfig(com.thoughtworks.go.config.BasicCruiseConfig) ValidationError(com.thoughtworks.go.plugin.api.response.validation.ValidationError) ValidationResult(com.thoughtworks.go.plugin.api.response.validation.ValidationResult) PluginRoleConfig(com.thoughtworks.go.config.PluginRoleConfig) GoConfigService(com.thoughtworks.go.server.service.GoConfigService) Test(org.junit.Test)

Aggregations

PluginRoleConfig (com.thoughtworks.go.config.PluginRoleConfig)11 Test (org.junit.Test)8 SecurityAuthConfig (com.thoughtworks.go.config.SecurityAuthConfig)5 CaseInsensitiveString (com.thoughtworks.go.config.CaseInsensitiveString)4 User (com.thoughtworks.go.plugin.access.authentication.models.User)3 AuthenticationResponse (com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse)3 HttpLocalizedOperationResult (com.thoughtworks.go.server.service.result.HttpLocalizedOperationResult)3 BasicCruiseConfig (com.thoughtworks.go.config.BasicCruiseConfig)2 HashedMap (org.apache.commons.collections.map.HashedMap)2 SecurityAuthConfigs (com.thoughtworks.go.config.SecurityAuthConfigs)1 DefaultGoPluginApiResponse (com.thoughtworks.go.plugin.api.response.DefaultGoPluginApiResponse)1 ValidationError (com.thoughtworks.go.plugin.api.response.validation.ValidationError)1 ValidationResult (com.thoughtworks.go.plugin.api.response.validation.ValidationResult)1 GoUserPrinciple (com.thoughtworks.go.server.security.userdetail.GoUserPrinciple)1 EntityHashingService (com.thoughtworks.go.server.service.EntityHashingService)1 GoConfigService (com.thoughtworks.go.server.service.GoConfigService)1 Authentication (org.springframework.security.Authentication)1 UserDetails (org.springframework.security.userdetails.UserDetails)1