Search in sources :

Example 1 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProviderTest method shouldAddUserIfDoesNotExistOnSuccessfulAuthenticationUsingTheAuthorizationPlugin.

@Test
public void shouldAddUserIfDoesNotExistOnSuccessfulAuthenticationUsingTheAuthorizationPlugin() {
    String pluginId = "plugin-id-1";
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", pluginId));
    when(authenticationPluginRegistry.getPluginsThatSupportsPasswordBasedAuthentication()).thenReturn(new HashSet<>(Arrays.asList()));
    when(store.getPluginsThatSupportsPasswordBasedAuthentication()).thenReturn(new HashSet<>(Arrays.asList(pluginId)));
    AuthenticationResponse response = new AuthenticationResponse(new User("username", "display-name", "username@example.com"), Collections.emptyList());
    when(authorizationExtension.authenticateUser(pluginId, "username", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId), securityConfig.getPluginRoles(pluginId))).thenReturn(response);
    provider.retrieveUser("username", authenticationToken);
    verify(userService).addUserIfDoesNotExist(new com.thoughtworks.go.domain.User("username", "display-name", "username@example.com"));
}
Also used : SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) User(com.thoughtworks.go.plugin.access.authentication.models.User) CaseInsensitiveString(com.thoughtworks.go.config.CaseInsensitiveString) AuthenticationResponse(com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse) Test(org.junit.Test)

Example 2 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProviderTest method shouldUpdatePluginRolesForAUserPostAuthentication.

@Test
public void shouldUpdatePluginRolesForAUserPostAuthentication() {
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap"));
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", "cd.go.github"));
    String pluginId1 = "cd.go.ldap";
    String pluginId2 = "cd.go.github";
    addPluginSupportingPasswordBasedAuthentication(pluginId1);
    addPluginSupportingPasswordBasedAuthentication(pluginId2);
    when(authorizationExtension.authenticateUser(pluginId1, "username", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId1), securityConfig.getPluginRoles(pluginId1))).thenReturn(new AuthenticationResponse(new User("username", "bob", "bob@example.com"), Arrays.asList("blackbird", "admins")));
    when(authorizationExtension.authenticateUser(pluginId2, "username", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId2), securityConfig.getPluginRoles(pluginId2))).thenReturn(NULL_AUTH_RESPONSE);
    UserDetails userDetails = provider.retrieveUser("username", new UsernamePasswordAuthenticationToken(null, "password"));
    assertNotNull(userDetails);
    verify(pluginRoleService).updatePluginRoles("cd.go.ldap", "username", CaseInsensitiveString.caseInsensitiveStrings(Arrays.asList("blackbird", "admins")));
}
Also used : SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) User(com.thoughtworks.go.plugin.access.authorization.models.User) UserDetails(org.springframework.security.userdetails.UserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) CaseInsensitiveString(com.thoughtworks.go.config.CaseInsensitiveString) AuthenticationResponse(com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse) Test(org.junit.Test)

Example 3 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProviderTest method reuthenticationUsingAuthorizationPlugins_shouldFallbackOnUserNameInAbsenceOfGoUserPrinciple.

@Test
public void reuthenticationUsingAuthorizationPlugins_shouldFallbackOnUserNameInAbsenceOfGoUserPrinciple() throws Exception {
    String pluginId1 = "cd.go.ldap";
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap"));
    addPluginSupportingPasswordBasedAuthentication(pluginId1);
    when(authorizationExtension.authenticateUser(pluginId1, "username", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId1), securityConfig.getPluginRoles(pluginId1))).thenReturn(new AuthenticationResponse(new User("username", "bob", "bob@example.com"), Arrays.asList("blackbird", "admins")));
    UserDetails userDetails = provider.retrieveUser("username", new UsernamePasswordAuthenticationToken(null, "password"));
    assertNotNull(userDetails);
    verify(pluginRoleService).updatePluginRoles("cd.go.ldap", "username", CaseInsensitiveString.caseInsensitiveStrings(Arrays.asList("blackbird", "admins")));
}
Also used : SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) User(com.thoughtworks.go.plugin.access.authorization.models.User) UserDetails(org.springframework.security.userdetails.UserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) CaseInsensitiveString(com.thoughtworks.go.config.CaseInsensitiveString) AuthenticationResponse(com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse) Test(org.junit.Test)

Example 4 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProviderTest method shouldTryAuthenticatingAgainstEachAuthorizationPluginInCaseOfErrors.

@Test
public void shouldTryAuthenticatingAgainstEachAuthorizationPluginInCaseOfErrors() throws Exception {
    SecurityAuthConfig fileAuthConfig = new SecurityAuthConfig("file_based", "file");
    SecurityAuthConfig ldapAuthConfig = new SecurityAuthConfig("ldap_based", "ldap");
    addPluginSupportingPasswordBasedAuthentication("file");
    addPluginSupportingPasswordBasedAuthentication("ldap");
    securityConfig.securityAuthConfigs().add(fileAuthConfig);
    securityConfig.securityAuthConfigs().add(ldapAuthConfig);
    when(authorizationExtension.authenticateUser("file", "username", "password", Collections.singletonList(fileAuthConfig), Collections.emptyList())).thenThrow(new RuntimeException());
    when(authorizationExtension.authenticateUser("ldap", "username", "password", Collections.singletonList(ldapAuthConfig), Collections.emptyList())).thenReturn(new AuthenticationResponse(new User("username", null, null), Collections.emptyList()));
    UserDetails bob = provider.retrieveUser("username", authenticationToken);
    assertThat(bob.getUsername(), is("username"));
}
Also used : SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) User(com.thoughtworks.go.plugin.access.authorization.models.User) UserDetails(org.springframework.security.userdetails.UserDetails) AuthenticationResponse(com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse) Test(org.junit.Test)

Example 5 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProviderTest method authenticateUserShouldReceiveAuthConfigAndCorrespondingRoleConfigs.

@Test
public void authenticateUserShouldReceiveAuthConfigAndCorrespondingRoleConfigs() throws Exception {
    SecurityAuthConfig corporateLDAP = new SecurityAuthConfig("corporateLDAP", "ldap");
    SecurityAuthConfig internalLDAP = new SecurityAuthConfig("internalLDAP", "ldap");
    PluginRoleConfig admin = new PluginRoleConfig("admin", "corporateLDAP", new ConfigurationProperty());
    PluginRoleConfig operator = new PluginRoleConfig("operator", "internalLDAP", new ConfigurationProperty());
    addPluginSupportingPasswordBasedAuthentication("ldap");
    securityConfig.securityAuthConfigs().add(corporateLDAP);
    securityConfig.securityAuthConfigs().add(internalLDAP);
    securityConfig.addRole(admin);
    securityConfig.addRole(operator);
    InOrder inOrder = inOrder(authorizationExtension);
    when(authorizationExtension.authenticateUser("ldap", "username", "password", Collections.singletonList(internalLDAP), Collections.singletonList(operator))).thenReturn(new AuthenticationResponse(new User("username", null, null), Collections.emptyList()));
    provider.retrieveUser("username", authenticationToken);
    inOrder.verify(authorizationExtension).authenticateUser("ldap", "username", "password", Collections.singletonList(corporateLDAP), Collections.singletonList(admin));
    inOrder.verify(authorizationExtension).authenticateUser("ldap", "username", "password", Collections.singletonList(internalLDAP), Collections.singletonList(operator));
}
Also used : ConfigurationProperty(com.thoughtworks.go.domain.config.ConfigurationProperty) SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig) InOrder(org.mockito.InOrder) User(com.thoughtworks.go.plugin.access.authorization.models.User) PluginRoleConfig(com.thoughtworks.go.config.PluginRoleConfig) AuthenticationResponse(com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse) Test(org.junit.Test)

Aggregations

AuthenticationResponse (com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse)18 Test (org.junit.Test)15 CaseInsensitiveString (com.thoughtworks.go.config.CaseInsensitiveString)14 SecurityAuthConfig (com.thoughtworks.go.config.SecurityAuthConfig)14 User (com.thoughtworks.go.plugin.access.authorization.models.User)13 UserDetails (org.springframework.security.userdetails.UserDetails)9 PluginRoleConfig (com.thoughtworks.go.config.PluginRoleConfig)5 GoUserPrinciple (com.thoughtworks.go.server.security.userdetail.GoUserPrinciple)5 UsernamePasswordAuthenticationToken (org.springframework.security.providers.UsernamePasswordAuthenticationToken)5 PreAuthenticatedAuthenticationToken (com.thoughtworks.go.server.security.tokens.PreAuthenticatedAuthenticationToken)4 Arrays.asList (java.util.Arrays.asList)3 List (java.util.List)3 Map (java.util.Map)3 ConfigurationProperty (com.thoughtworks.go.domain.config.ConfigurationProperty)2 User (com.thoughtworks.go.plugin.access.authentication.models.User)2 InOrder (org.mockito.InOrder)2 AuthenticationException (org.springframework.security.AuthenticationException)2 BadCredentialsException (org.springframework.security.BadCredentialsException)2 SecurityConfig (com.thoughtworks.go.config.SecurityConfig)1 AuthorizationExtension (com.thoughtworks.go.plugin.access.authorization.AuthorizationExtension)1