Examples with User com.thoughtworks.go.plugin.access.authorization.models.User used on opensource projects

Example 1 with User

use of com.thoughtworks.go.plugin.access.authorization.models.User in project gocd by gocd.

the class PluginAuthenticationProvider method getUserDetailsFromAuthorizationPlugins.

private User getUserDetailsFromAuthorizationPlugins(String username, UsernamePasswordAuthenticationToken authentication) {
    String loginName = loginName(username, authentication);
    String password = (String) authentication.getCredentials();
    for (SecurityAuthConfig authConfig : configService.security().securityAuthConfigs()) {
        String pluginId = authConfig.getPluginId();
        if (!store.doesPluginSupportPasswordBasedAuthentication(pluginId)) {
            continue;
        }
        final List<PluginRoleConfig> roleConfigs = configService.security().getRoles().pluginRoleConfigsFor(authConfig.getId());
        try {
            LOGGER.debug("[Authenticate] Authenticating user: `{}` using the authorization plugin: `{}`", loginName, pluginId);
            AuthenticationResponse response = authorizationExtension.authenticateUser(pluginId, loginName, password, Collections.singletonList(authConfig), roleConfigs);
            User user = ensureDisplayNamePresent(response.getUser());
            if (user != null) {
                pluginRoleService.updatePluginRoles(pluginId, user.getUsername(), CaseInsensitiveString.caseInsensitiveStrings(response.getRoles()));
                LOGGER.debug("[Authenticate] Successfully authenticated user: `{}` using the authorization plugin: `{}`", loginName, pluginId);
                return user;
            }
        } catch (Exception e) {
            LOGGER.error("[Authenticate] Error while authenticating user: `{}` using the authorization plugin: {} ", loginName, pluginId);
        }
        LOGGER.debug("[Authenticate] Authentication failed for user: `{}` using the authorization plugin: `{}`", loginName, pluginId);
    }
    return null;
}

Example 2 with User

use of com.thoughtworks.go.plugin.access.authorization.models.User in project gocd by gocd.

the class PluginAuthenticationProvider method retrieveUser.

@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
    assertPasswordNotBlank(authentication);
    User user = getUserDetailsFromAuthorizationPlugins(username, authentication);
    if (user == null) {
        removeAnyAssociatedPluginRolesFor(username);
        throw new UsernameNotFoundException("Unable to authenticate user: " + username);
    }
    userService.addUserIfDoesNotExist(toDomainUser(user));
    GoUserPrinciple goUserPrinciple = new GoUserPrinciple(user.getUsername(), user.getDisplayName(), "", authorityGranter.authorities(user.getUsername()), loginName(username, authentication));
    return goUserPrinciple;
}

Example 3 with User

use of com.thoughtworks.go.plugin.access.authorization.models.User in project gocd by gocd.

the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUserWithEmptyListIfRoleConfigsAreNotProvided.

@Test
public void shouldTalkToPlugin_To_AuthenticateUserWithEmptyListIfRoleConfigsAreNotProvided() throws Exception {
    String requestBody = "{\n" + "  \"credentials\": {\n" + "    \"username\": \"bob\",\n" + "    \"password\": \"secret\"\n" + "  },\n" + "  \"auth_configs\": [\n" + "    {\n" + "      \"id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"url\": \"some-url\"\n" + "      }\n" + "    }\n" + "  ],\n" + "  \"role_configs\": []\n" + "}";
    String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
    when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
    final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
    authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", ConfigurationPropertyMother.create("url", false, "some-url")));
    AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, null);
    assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
    assertThat(authenticationResponse.getUser(), is(new User("bob", "Bob", "bob@example.com")));
    assertThat(authenticationResponse.getRoles().get(0), is("blackbird"));
}

Example 4 with User

use of com.thoughtworks.go.plugin.access.authorization.models.User in project gocd by gocd.

the class AuthorizationExtensionTest method shouldTalkToPlugin_To_SearchUsers.

@Test
public void shouldTalkToPlugin_To_SearchUsers() throws Exception {
    String requestBody = "{\n" + "  \"search_term\": \"bob\",\n" + "  \"auth_configs\": [\n" + "    {\n" + "      \"id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"foo\": \"bar\"\n" + "      }\n" + "    }\n" + "  ]\n" + "}";
    String responseBody = "[{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"}]";
    when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
    List<User> users = authorizationExtension.searchUsers(PLUGIN_ID, "bob", Collections.singletonList(new SecurityAuthConfig("ldap", "cd.go.ldap", ConfigurationPropertyMother.create("foo", false, "bar"))));
    assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_SEARCH_USERS, requestBody);
    assertThat(users, hasSize(1));
    assertThat(users, hasItem(new User("bob", "Bob", "bob@example.com")));
}

Example 5 with User

use of com.thoughtworks.go.plugin.access.authorization.models.User in project gocd by gocd.

the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUser.

@Test
public void shouldTalkToPlugin_To_AuthenticateUser() throws Exception {
    String requestBody = "{\n" + "  \"credentials\": {\n" + "    \"username\": \"bob\",\n" + "    \"password\": \"secret\"\n" + "  },\n" + "  \"auth_configs\": [\n" + "    {\n" + "      \"id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"url\": \"some-url\"\n" + "      }\n" + "    }\n" + "  ],\n" + "  \"role_configs\": [\n" + "    {\n" + "      \"name\": \"foo\",\n" + "      \"auth_config_id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"memberOf\": \"ou=some-value\"\n" + "      }\n" + "    }\n" + "  ]\n" + "}";
    String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
    when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
    final PluginRoleConfig roleConfig = new PluginRoleConfig("foo", "ldap", ConfigurationPropertyMother.create("memberOf", false, "ou=some-value"));
    final List<PluginRoleConfig> pluginRoleConfigs = Collections.singletonList(roleConfig);
    final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
    authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", ConfigurationPropertyMother.create("url", false, "some-url")));
    AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, pluginRoleConfigs);
    assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
    assertThat(authenticationResponse.getUser(), is(new User("bob", "Bob", "bob@example.com")));
    assertThat(authenticationResponse.getRoles().get(0), is("blackbird"));
}