Examples with AuthenticationResponse com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse used on opensource projects

Example 6 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProviderTest method authenticatedUsersUsernameShouldBeUsedToAssignRoles.

@Test
public void authenticatedUsersUsernameShouldBeUsedToAssignRoles() throws Exception {
    String pluginId1 = "cd.go.ldap";
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap"));
    addPluginSupportingPasswordBasedAuthentication(pluginId1);
    when(authorizationExtension.authenticateUser(pluginId1, "foo@bar.com", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId1), securityConfig.getPluginRoles(pluginId1))).thenReturn(new AuthenticationResponse(new User("username", "bob", "bob@example.com"), Arrays.asList("blackbird", "admins")));
    UserDetails userDetails = provider.retrieveUser("foo@bar.com", new UsernamePasswordAuthenticationToken(null, "password"));
    assertNotNull(userDetails);
    verify(pluginRoleService).updatePluginRoles("cd.go.ldap", "username", CaseInsensitiveString.caseInsensitiveStrings(Arrays.asList("blackbird", "admins")));
}

Example 7 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PreAuthenticatedAuthenticationProviderTest method setUp.

@Before
public void setUp() throws Exception {
    pluginId = "github.oauth";
    user = new User("username", "displayname", "emailId");
    authorities = new GrantedAuthority[] { GoAuthority.ROLE_USER.asAuthority() };
    authorizationExtension = mock(AuthorizationExtension.class);
    authorityGranter = mock(AuthorityGranter.class);
    userService = mock(UserService.class);
    pluginRoleService = mock(PluginRoleService.class);
    goConfigService = mock(GoConfigService.class);
    authenticationProvider = new PreAuthenticatedAuthenticationProvider(authorizationExtension, pluginRoleService, userService, authorityGranter, goConfigService);
    AuthenticationResponse authenticationResponse = new AuthenticationResponse(user, asList("admin"));
    securityConfig = new SecurityConfig();
    stub(goConfigService.security()).toReturn(securityConfig);
    stub(authorizationExtension.authenticateUser(any(String.class), any(Map.class), any(List.class), any(List.class))).toReturn(authenticationResponse);
    stub(authorityGranter.authorities(anyString())).toReturn(authorities);
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", pluginId));
}

Example 8 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PreAuthenticatedAuthenticationProviderTest method authenticate_shouldHandleFailedAuthentication.

@Test
public void authenticate_shouldHandleFailedAuthentication() {
    PreAuthenticatedAuthenticationToken authenticationToken = new PreAuthenticatedAuthenticationToken(null, Collections.singletonMap("access_token", "invalid_token"), pluginId);
    AuthenticationResponse authenticationResponse = new AuthenticationResponse(null, null);
    when(authorizationExtension.authenticateUser(any(String.class), any(Map.class), any(List.class), any(List.class))).thenReturn(authenticationResponse);
    thrown.expect(BadCredentialsException.class);
    thrown.expectMessage("Unable to authenticate user using the external access token.");
    authenticationProvider.authenticate(authenticationToken);
}

Example 9 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProvider method getUserDetailsFromAuthorizationPlugins.

private User getUserDetailsFromAuthorizationPlugins(String username, UsernamePasswordAuthenticationToken authentication) {
    String loginName = loginName(username, authentication);
    String password = (String) authentication.getCredentials();
    for (SecurityAuthConfig authConfig : configService.security().securityAuthConfigs()) {
        String pluginId = authConfig.getPluginId();
        if (!store.doesPluginSupportPasswordBasedAuthentication(pluginId)) {
            continue;
        }
        final List<PluginRoleConfig> roleConfigs = configService.security().getRoles().pluginRoleConfigsFor(authConfig.getId());
        try {
            LOGGER.debug("[Authenticate] Authenticating user: `{}` using the authorization plugin: `{}`", loginName, pluginId);
            AuthenticationResponse response = authorizationExtension.authenticateUser(pluginId, loginName, password, Collections.singletonList(authConfig), roleConfigs);
            User user = ensureDisplayNamePresent(response.getUser());
            if (user != null) {
                pluginRoleService.updatePluginRoles(pluginId, user.getUsername(), CaseInsensitiveString.caseInsensitiveStrings(response.getRoles()));
                LOGGER.debug("[Authenticate] Successfully authenticated user: `{}` using the authorization plugin: `{}`", loginName, pluginId);
                return user;
            }
        } catch (Exception e) {
            LOGGER.error("[Authenticate] Error while authenticating user: `{}` using the authorization plugin: {} ", loginName, pluginId);
        }
        LOGGER.debug("[Authenticate] Authentication failed for user: `{}` using the authorization plugin: `{}`", loginName, pluginId);
    }
    return null;
}

Example 10 with AuthenticationResponse

use of com.thoughtworks.go.plugin.access.authorization.models.AuthenticationResponse in project gocd by gocd.

the class PluginAuthenticationProviderTest method shouldCreateGoUserPrincipalWhenAnAuthorizationPluginIsAbleToAuthenticateUser.

@Test
public void shouldCreateGoUserPrincipalWhenAnAuthorizationPluginIsAbleToAuthenticateUser() {
    String pluginId1 = "plugin-id-1";
    String pluginId2 = "plugin-id-2";
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", pluginId2));
    securityConfig.addRole(new PluginRoleConfig("admin", "github", ConfigurationPropertyMother.create("foo")));
    when(store.getPluginsThatSupportsPasswordBasedAuthentication()).thenReturn(new HashSet<>(Arrays.asList(pluginId1, pluginId2)));
    when(authorizationExtension.authenticateUser(pluginId1, "username", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId1), null)).thenReturn(NULL_AUTH_RESPONSE);
    AuthenticationResponse response = new AuthenticationResponse(new User("username", "display-name", "test@test.com"), Collections.emptyList());
    when(authorizationExtension.authenticateUser(pluginId2, "username", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId2), securityConfig.getPluginRoles(pluginId2))).thenReturn(response);
    UserDetails userDetails = provider.retrieveUser("username", authenticationToken);
    assertThat(userDetails, is(instanceOf(GoUserPrinciple.class)));
    GoUserPrinciple goUserPrincipal = (GoUserPrinciple) userDetails;
    assertThat(goUserPrincipal.getUsername(), is("username"));
    assertThat(goUserPrincipal.getDisplayName(), is("display-name"));
    assertThat(goUserPrincipal.getAuthorities().length, is(1));
    assertThat(goUserPrincipal.getAuthorities()[0], is(userAuthority));
}