Search in sources :

Example 1 with GitHubOAuth2AP

use of edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP in project dataverse by IQSS.

the class AuthUtilTest method testIsNonLocalLoginEnabled.

/**
 * Test of isNonLocalLoginEnabled method, of class AuthUtil.
 */
@Test
public void testIsNonLocalLoginEnabled() {
    System.out.println("isNonLocalLoginEnabled");
    AuthUtil authUtil = new AuthUtil();
    assertEquals(false, AuthUtil.isNonLocalLoginEnabled(null));
    Collection<AuthenticationProvider> shibOnly = new HashSet<>();
    shibOnly.add(new ShibAuthenticationProvider());
    assertEquals(true, AuthUtil.isNonLocalLoginEnabled(shibOnly));
    Collection<AuthenticationProvider> manyNonLocal = new HashSet<>();
    manyNonLocal.add(new ShibAuthenticationProvider());
    manyNonLocal.add(new GitHubOAuth2AP(null, null));
    manyNonLocal.add(new GoogleOAuth2AP(null, null));
    manyNonLocal.add(new OrcidOAuth2AP(null, null, null));
    assertEquals(true, AuthUtil.isNonLocalLoginEnabled(manyNonLocal));
    Collection<AuthenticationProvider> onlyBuiltin = new HashSet<>();
    onlyBuiltin.add(new BuiltinAuthenticationProvider(null, null));
    // only builtin provider
    assertEquals(false, AuthUtil.isNonLocalLoginEnabled(onlyBuiltin));
}
Also used : ShibAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider) GoogleOAuth2AP(edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GoogleOAuth2AP) OrcidOAuth2AP(edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.OrcidOAuth2AP) BuiltinAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider) ShibAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider) BuiltinAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider) GitHubOAuth2AP(edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 2 with GitHubOAuth2AP

use of edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP in project dataverse by IQSS.

the class AdminIT method testConvertOAuthUserToBuiltin.

@Test
public void testConvertOAuthUserToBuiltin() throws Exception {
    System.out.println("BEGIN testConvertOAuthUserToBuiltin");
    Response createUserToConvert = UtilIT.createRandomUser();
    createUserToConvert.prettyPrint();
    long idOfUserToConvert = createUserToConvert.body().jsonPath().getLong("data.authenticatedUser.id");
    String emailOfUserToConvert = createUserToConvert.body().jsonPath().getString("data.user.email");
    String usernameOfUserToConvert = UtilIT.getUsernameFromResponse(createUserToConvert);
    String password = usernameOfUserToConvert;
    String newEmailAddressToUse = "builtin2shib." + UUID.randomUUID().toString().substring(0, 8) + "@mailinator.com";
    GitHubOAuth2AP github = new GitHubOAuth2AP(null, null);
    String providerIdToConvertTo = github.getId();
    String newPersistentUserIdInLookupTable = UUID.randomUUID().toString().substring(0, 8);
    String data = emailOfUserToConvert + ":" + password + ":" + newEmailAddressToUse + ":" + providerIdToConvertTo + ":" + newPersistentUserIdInLookupTable;
    System.out.println("data: " + data);
    Response builtinToOAuthAnon = UtilIT.migrateBuiltinToOAuth(data, "");
    builtinToOAuthAnon.prettyPrint();
    builtinToOAuthAnon.then().assertThat().statusCode(FORBIDDEN.getStatusCode());
    Response createSuperuser = UtilIT.createRandomUser();
    String superuserUsername = UtilIT.getUsernameFromResponse(createSuperuser);
    String superuserApiToken = UtilIT.getApiTokenFromResponse(createSuperuser);
    Response toggleSuperuser = UtilIT.makeSuperUser(superuserUsername);
    toggleSuperuser.then().assertThat().statusCode(OK.getStatusCode());
    Response getAuthProviders = UtilIT.getAuthProviders(superuserApiToken);
    getAuthProviders.prettyPrint();
    if (!getAuthProviders.body().asString().contains(BuiltinAuthenticationProvider.PROVIDER_ID)) {
        System.out.println("Can't proceed with test without builtin provider.");
        return;
    }
    Response makeOAuthUser = UtilIT.migrateBuiltinToOAuth(data, superuserApiToken);
    makeOAuthUser.prettyPrint();
    makeOAuthUser.then().assertThat().statusCode(OK.getStatusCode()).body("data.'changing to this provider'", equalTo("github")).body("data.'password supplied'", equalTo(password));
    /**
     * @todo Write more failing tests such as expecting a non-OK response if
     * the OAuth user has an invalid email address:
     * https://github.com/IQSS/dataverse/issues/2998
     */
    Response oauthToBuiltinAnon = UtilIT.migrateOAuthToBuiltin(Long.MAX_VALUE, "", "");
    oauthToBuiltinAnon.prettyPrint();
    oauthToBuiltinAnon.then().assertThat().statusCode(FORBIDDEN.getStatusCode());
    Response nonSuperuser = UtilIT.migrateOAuthToBuiltin(Long.MAX_VALUE, "", "");
    nonSuperuser.prettyPrint();
    nonSuperuser.then().assertThat().statusCode(FORBIDDEN.getStatusCode());
    Response infoOfUserToConvert = UtilIT.getAuthenticatedUser(usernameOfUserToConvert, superuserApiToken);
    infoOfUserToConvert.prettyPrint();
    infoOfUserToConvert.then().assertThat().body("data.id", equalTo(Long.valueOf(idOfUserToConvert).intValue())).body("data.identifier", equalTo("@" + usernameOfUserToConvert)).body("data.persistentUserId", equalTo(newPersistentUserIdInLookupTable)).body("data.authenticationProviderId", equalTo("github")).statusCode(OK.getStatusCode());
    String invalidEmailAddress = "invalidEmailAddress";
    Response invalidEmailFail = UtilIT.migrateOAuthToBuiltin(idOfUserToConvert, invalidEmailAddress, superuserApiToken);
    invalidEmailFail.prettyPrint();
    invalidEmailFail.then().assertThat().body("status", equalTo("ERROR")).statusCode(BAD_REQUEST.getStatusCode());
    String existingEmailAddress = "dataverse@mailinator.com";
    Response existingEmailFail = UtilIT.migrateOAuthToBuiltin(idOfUserToConvert, existingEmailAddress, superuserApiToken);
    existingEmailFail.prettyPrint();
    existingEmailFail.then().assertThat().body("status", equalTo("ERROR")).body("message", equalTo("User id " + idOfUserToConvert + " could not be converted from remote to BuiltIn. Details from Exception: java.lang.Exception: User id " + idOfUserToConvert + " (@" + usernameOfUserToConvert + ") cannot be converted from remote to BuiltIn because the email address dataverse@mailinator.com is already in use by user id 1 (@dataverseAdmin). ")).statusCode(BAD_REQUEST.getStatusCode());
    String newEmailAddress = UUID.randomUUID().toString().substring(0, 8) + "@mailinator.com";
    Response shouldWork = UtilIT.migrateOAuthToBuiltin(idOfUserToConvert, newEmailAddress, superuserApiToken);
    shouldWork.prettyPrint();
    shouldWork.then().assertThat().body("data.username", notNullValue()).body("data.email", equalTo(newEmailAddress)).statusCode(OK.getStatusCode());
    Response infoForUserConvertedToBuiltin = UtilIT.getAuthenticatedUser(usernameOfUserToConvert, superuserApiToken);
    infoForUserConvertedToBuiltin.prettyPrint();
    infoForUserConvertedToBuiltin.then().assertThat().body("data.id", equalTo(Long.valueOf(idOfUserToConvert).intValue())).body("data.identifier", equalTo("@" + usernameOfUserToConvert)).body("data.persistentUserId", equalTo(usernameOfUserToConvert)).body("data.authenticationProviderId", equalTo("builtin")).body("data.email", equalTo(newEmailAddress)).statusCode(OK.getStatusCode());
    Response deleteUserToConvert = UtilIT.deleteUser(usernameOfUserToConvert);
    assertEquals(200, deleteUserToConvert.getStatusCode());
    Response deleteSuperuser = UtilIT.deleteUser(superuserUsername);
    assertEquals(200, deleteSuperuser.getStatusCode());
}
Also used : Response(com.jayway.restassured.response.Response) UtilIT.getRandomString(edu.harvard.iq.dataverse.api.UtilIT.getRandomString) GitHubOAuth2AP(edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP) Test(org.junit.Test)

Example 3 with GitHubOAuth2AP

use of edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP in project dataverse by IQSS.

the class AuthenticationServiceBean method getAuthenticationProviderIdsSorted.

/**
 * @todo Consider making the sort order configurable by making it a colum on
 * AuthenticationProviderRow
 */
public List<String> getAuthenticationProviderIdsSorted() {
    GitHubOAuth2AP github = new GitHubOAuth2AP(null, null);
    GoogleOAuth2AP google = new GoogleOAuth2AP(null, null);
    return Arrays.asList(BuiltinAuthenticationProvider.PROVIDER_ID, ShibAuthenticationProvider.PROVIDER_ID, OrcidOAuth2AP.PROVIDER_ID_PRODUCTION, OrcidOAuth2AP.PROVIDER_ID_SANDBOX, github.getId(), google.getId());
}
Also used : GoogleOAuth2AP(edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GoogleOAuth2AP) GitHubOAuth2AP(edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP)

Aggregations

GitHubOAuth2AP (edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP)3 GoogleOAuth2AP (edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GoogleOAuth2AP)2 Test (org.junit.Test)2 Response (com.jayway.restassured.response.Response)1 UtilIT.getRandomString (edu.harvard.iq.dataverse.api.UtilIT.getRandomString)1 BuiltinAuthenticationProvider (edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider)1 OrcidOAuth2AP (edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.OrcidOAuth2AP)1 ShibAuthenticationProvider (edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider)1 HashSet (java.util.HashSet)1