Examples with AuthenticationResponse com.thoughtworks.go.plugin.domain.authorization.AuthenticationResponse used on opensource projects

Example 1 with AuthenticationResponse

use of com.thoughtworks.go.plugin.domain.authorization.AuthenticationResponse in project gocd by gocd.

the class AccessTokenBasedPluginAuthenticationProviderTest method shouldReturnAuthenticationResponseFetchingUsersFromTheDBWhenPluginDoesNotSupportGetRolesCapability.

@Test
void shouldReturnAuthenticationResponseFetchingUsersFromTheDBWhenPluginDoesNotSupportGetRolesCapability() {
    String username = credentials.getAccessToken().getUsername();
    User userToOperate = new User(username);
    AuthenticationResponse responseToSend = new AuthenticationResponse(new com.thoughtworks.go.plugin.domain.authorization.User(userToOperate.getUsername().getUsername().toString(), userToOperate.getDisplayName(), userToOperate.getEmail()), Collections.emptyList());
    when(authorizationService.isValidUser(pluginId, username, authConfig)).thenReturn(true);
    when(store.doesPluginSupportGetUserRolesCall(pluginId)).thenReturn(false);
    when(userService.findUserByName(username)).thenReturn(userToOperate);
    AuthenticationResponse actual = provider.authenticateWithExtension(pluginId, credentials, authConfig, null);
    assertThat(actual).isEqualTo(responseToSend);
}

Example 2 with AuthenticationResponse

use of com.thoughtworks.go.plugin.domain.authorization.AuthenticationResponse in project gocd by gocd.

the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUser.

@Test
void shouldTalkToPlugin_To_AuthenticateUser() {
    String requestBody = "{\n" + "  \"credentials\": {\n" + "    \"username\": \"bob\",\n" + "    \"password\": \"secret\"\n" + "  },\n" + "  \"auth_configs\": [\n" + "    {\n" + "      \"id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"url\": \"some-url\"\n" + "      }\n" + "    }\n" + "  ],\n" + "  \"role_configs\": [\n" + "    {\n" + "      \"name\": \"foo\",\n" + "      \"auth_config_id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"memberOf\": \"ou=some-value\"\n" + "      }\n" + "    }\n" + "  ]\n" + "}";
    String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
    when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
    final PluginRoleConfig roleConfig = new PluginRoleConfig("foo", "ldap", create("memberOf", false, "ou=some-value"));
    final List<PluginRoleConfig> pluginRoleConfigs = Collections.singletonList(roleConfig);
    final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
    authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", create("url", false, "some-url")));
    AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, pluginRoleConfigs);
    assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
    assertThat(authenticationResponse.getUser()).isEqualTo(new User("bob", "Bob", "bob@example.com"));
    assertThat(authenticationResponse.getRoles().get(0)).isEqualTo("blackbird");
}

Example 3 with AuthenticationResponse

use of com.thoughtworks.go.plugin.domain.authorization.AuthenticationResponse in project gocd by gocd.

the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUserWithEmptyListIfRoleConfigsAreNotProvided.

@Test
void shouldTalkToPlugin_To_AuthenticateUserWithEmptyListIfRoleConfigsAreNotProvided() {
    String requestBody = "{\n" + "  \"credentials\": {\n" + "    \"username\": \"bob\",\n" + "    \"password\": \"secret\"\n" + "  },\n" + "  \"auth_configs\": [\n" + "    {\n" + "      \"id\": \"ldap\",\n" + "      \"configuration\": {\n" + "        \"url\": \"some-url\"\n" + "      }\n" + "    }\n" + "  ],\n" + "  \"role_configs\": []\n" + "}";
    String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
    when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
    final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
    authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", create("url", false, "some-url")));
    AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, null);
    assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
    assertThat(authenticationResponse.getUser()).isEqualTo(new User("bob", "Bob", "bob@example.com"));
    assertThat(authenticationResponse.getRoles().get(0)).isEqualTo("blackbird");
}

Example 4 with AuthenticationResponse

use of com.thoughtworks.go.plugin.domain.authorization.AuthenticationResponse in project gocd by gocd.

the class AccessTokenBasedPluginAuthenticationProvider method authenticateWithExtension.

@Override
protected AuthenticationResponse authenticateWithExtension(String pluginId, AccessTokenCredential credentials, SecurityAuthConfig authConfig, List<PluginRoleConfig> pluginRoleConfigs) {
    String username = credentials.getAccessToken().getUsername();
    if (authorizationExtensionCacheService.isValidUser(pluginId, username, authConfig)) {
        List<String> roles = new ArrayList<>();
        if (store.doesPluginSupportGetUserRolesCall(pluginId)) {
            roles.addAll(authorizationExtensionCacheService.getUserRoles(pluginId, username, authConfig, pluginRoleConfigs));
        }
        com.thoughtworks.go.domain.User fetched = userService.findUserByName(username);
        User user = new User(fetched.getUsername().getUsername().toString(), fetched.getDisplayName(), fetched.getEmail());
        return new AuthenticationResponse(user, roles);
    } else {
        String msg = String.format("Access Token belonging to the user has either been disabled, removed or expired. ", username, pluginId, authConfig.getId());
        throw new InvalidAccessTokenException(msg);
    }
}

Example 5 with AuthenticationResponse

use of com.thoughtworks.go.plugin.domain.authorization.AuthenticationResponse in project gocd by gocd.

the class AccessTokenBasedPluginAuthenticationProviderTest method shouldReturnRolesFetchedForTheUserFromThePluginForTheProvidedAuthConfig.

@Test
void shouldReturnRolesFetchedForTheUserFromThePluginForTheProvidedAuthConfig() {
    String username = credentials.getAccessToken().getUsername();
    User userToOperate = new User(username);
    AuthenticationResponse responseToSend = new AuthenticationResponse(new com.thoughtworks.go.plugin.domain.authorization.User(userToOperate.getUsername().getUsername().toString(), userToOperate.getDisplayName(), userToOperate.getEmail()), Collections.emptyList());
    when(authorizationService.isValidUser(pluginId, username, authConfig)).thenReturn(true);
    when(store.doesPluginSupportGetUserRolesCall(pluginId)).thenReturn(true);
    when(authorizationService.getUserRoles(pluginId, username, authConfig, null)).thenReturn(Collections.emptyList());
    when(userService.findUserByName(username)).thenReturn(userToOperate);
    AuthenticationResponse actual = provider.authenticateWithExtension(pluginId, credentials, authConfig, null);
    assertThat(actual).isEqualTo(responseToSend);
}