use of com.thoughtworks.go.plugin.domain.authorization.User in project gocd by gocd.
the class AuthorizationExtensionTest method shouldTalkToPlugin_To_SearchUsers.
@Test
void shouldTalkToPlugin_To_SearchUsers() {
String requestBody = "{\n" + " \"search_term\": \"bob\",\n" + " \"auth_configs\": [\n" + " {\n" + " \"id\": \"ldap\",\n" + " \"configuration\": {\n" + " \"foo\": \"bar\"\n" + " }\n" + " }\n" + " ]\n" + "}";
String responseBody = "[{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"}]";
when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
List<User> users = authorizationExtension.searchUsers(PLUGIN_ID, "bob", Collections.singletonList(new SecurityAuthConfig("ldap", "cd.go.ldap", create("foo", false, "bar"))));
assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_SEARCH_USERS, requestBody);
assertThat(users).hasSize(1).contains(new User("bob", "Bob", "bob@example.com"));
}
use of com.thoughtworks.go.plugin.domain.authorization.User in project gocd by gocd.
the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUser.
@Test
void shouldTalkToPlugin_To_AuthenticateUser() {
String requestBody = "{\n" + " \"credentials\": {\n" + " \"username\": \"bob\",\n" + " \"password\": \"secret\"\n" + " },\n" + " \"auth_configs\": [\n" + " {\n" + " \"id\": \"ldap\",\n" + " \"configuration\": {\n" + " \"url\": \"some-url\"\n" + " }\n" + " }\n" + " ],\n" + " \"role_configs\": [\n" + " {\n" + " \"name\": \"foo\",\n" + " \"auth_config_id\": \"ldap\",\n" + " \"configuration\": {\n" + " \"memberOf\": \"ou=some-value\"\n" + " }\n" + " }\n" + " ]\n" + "}";
String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
final PluginRoleConfig roleConfig = new PluginRoleConfig("foo", "ldap", create("memberOf", false, "ou=some-value"));
final List<PluginRoleConfig> pluginRoleConfigs = Collections.singletonList(roleConfig);
final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", create("url", false, "some-url")));
AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, pluginRoleConfigs);
assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
assertThat(authenticationResponse.getUser()).isEqualTo(new User("bob", "Bob", "bob@example.com"));
assertThat(authenticationResponse.getRoles().get(0)).isEqualTo("blackbird");
}
use of com.thoughtworks.go.plugin.domain.authorization.User in project gocd by gocd.
the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUserWithEmptyListIfRoleConfigsAreNotProvided.
@Test
void shouldTalkToPlugin_To_AuthenticateUserWithEmptyListIfRoleConfigsAreNotProvided() {
String requestBody = "{\n" + " \"credentials\": {\n" + " \"username\": \"bob\",\n" + " \"password\": \"secret\"\n" + " },\n" + " \"auth_configs\": [\n" + " {\n" + " \"id\": \"ldap\",\n" + " \"configuration\": {\n" + " \"url\": \"some-url\"\n" + " }\n" + " }\n" + " ],\n" + " \"role_configs\": []\n" + "}";
String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
when(pluginManager.submitTo(eq(PLUGIN_ID), eq(AUTHORIZATION_EXTENSION), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", create("url", false, "some-url")));
AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, null);
assertRequest(requestArgumentCaptor.getValue(), AUTHORIZATION_EXTENSION, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
assertThat(authenticationResponse.getUser()).isEqualTo(new User("bob", "Bob", "bob@example.com"));
assertThat(authenticationResponse.getRoles().get(0)).isEqualTo("blackbird");
}
use of com.thoughtworks.go.plugin.domain.authorization.User in project gocd by gocd.
the class AccessTokenBasedPluginAuthenticationProvider method authenticateWithExtension.
@Override
protected AuthenticationResponse authenticateWithExtension(String pluginId, AccessTokenCredential credentials, SecurityAuthConfig authConfig, List<PluginRoleConfig> pluginRoleConfigs) {
String username = credentials.getAccessToken().getUsername();
if (authorizationExtensionCacheService.isValidUser(pluginId, username, authConfig)) {
List<String> roles = new ArrayList<>();
if (store.doesPluginSupportGetUserRolesCall(pluginId)) {
roles.addAll(authorizationExtensionCacheService.getUserRoles(pluginId, username, authConfig, pluginRoleConfigs));
}
com.thoughtworks.go.domain.User fetched = userService.findUserByName(username);
User user = new User(fetched.getUsername().getUsername().toString(), fetched.getDisplayName(), fetched.getEmail());
return new AuthenticationResponse(user, roles);
} else {
String msg = String.format("Access Token belonging to the user has either been disabled, removed or expired. ", username, pluginId, authConfig.getId());
throw new InvalidAccessTokenException(msg);
}
}
use of com.thoughtworks.go.plugin.domain.authorization.User in project gocd by gocd.
the class AbstractPluginAuthenticationProvider method authenticateUser.
public AuthenticationToken<T> authenticateUser(T credentials, SecurityAuthConfig authConfig) {
String pluginId = authConfig.getPluginId();
try {
if (!doesPluginSupportAuthentication(pluginId)) {
return null;
}
final List<PluginRoleConfig> roleConfigs = goConfigService.security().getRoles().pluginRoleConfigsFor(authConfig.getId());
LOGGER.debug("Authenticating user using the authorization plugin: `{}`", pluginId);
AuthenticationResponse response = authenticateWithExtension(pluginId, credentials, authConfig, roleConfigs);
User user = ensureDisplayNamePresent(response.getUser());
if (user != null) {
userService.addOrUpdateUser(toDomainUser(user), authConfig);
pluginRoleService.updatePluginRoles(pluginId, user.getUsername(), CaseInsensitiveString.list(response.getRoles()));
LOGGER.debug("Successfully authenticated user: `{}` using the authorization plugin: `{}`", user.getUsername(), pluginId);
final GoUserPrinciple goUserPrinciple = new GoUserPrinciple(user.getUsername(), user.getDisplayName(), authorityGranter.authorities(user.getUsername()));
return createAuthenticationToken(goUserPrinciple, credentials, pluginId, authConfig.getId());
}
} catch (OnlyKnownUsersAllowedException e) {
LOGGER.info("User {} is successfully authenticated. Auto register new user is disabled. Please refer {}", e.getUsername(), CurrentGoCDVersion.docsUrl("configuration/dev_authentication.html#controlling-user-access"));
throw e;
} catch (InvalidAccessTokenException e) {
LOGGER.error("Error while authenticating user using auth_config: {} with the authorization plugin: {} ", authConfig.getId(), pluginId);
throw e;
} catch (Exception e) {
LOGGER.error("Error while authenticating user using auth_config: {} with the authorization plugin: {} ", authConfig.getId(), pluginId);
}
LOGGER.debug("Authentication failed using the authorization plugin: `{}`", pluginId);
return null;
}
Aggregations