Search in sources :

Example 1 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class UserServiceTest method shouldCreate.

@Test
public void shouldCreate() throws TechnicalException {
    when(newUser.getUsername()).thenReturn(USER_NAME);
    when(newUser.getEmail()).thenReturn(EMAIL);
    when(newUser.getFirstname()).thenReturn(FIRST_NAME);
    when(newUser.getLastname()).thenReturn(LAST_NAME);
    when(userRepository.findById(USER_NAME)).thenReturn(Optional.empty());
    when(user.getId()).thenReturn(USER_NAME);
    when(user.getUsername()).thenReturn(USER_NAME);
    when(user.getEmail()).thenReturn(EMAIL);
    when(user.getFirstname()).thenReturn(FIRST_NAME);
    when(user.getLastname()).thenReturn(LAST_NAME);
    when(user.getPassword()).thenReturn(PASSWORD);
    when(user.getCreatedAt()).thenReturn(date);
    when(user.getUpdatedAt()).thenReturn(date);
    when(userRepository.create(any(User.class))).thenReturn(user);
    RoleEntity role = mock(RoleEntity.class);
    when(role.getScope()).thenReturn(io.gravitee.management.model.permissions.RoleScope.PORTAL);
    when(role.getName()).thenReturn("USER");
    when(roleService.findDefaultRoleByScopes(RoleScope.MANAGEMENT, RoleScope.PORTAL)).thenReturn(Collections.singletonList(role));
    when(membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name(), user.getId(), RoleScope.PORTAL)).thenReturn(role);
    final UserEntity createdUserEntity = userService.create(newUser, false);
    verify(userRepository).create(argThat(new ArgumentMatcher<User>() {

        public boolean matches(final Object argument) {
            final User userToCreate = (User) argument;
            return USER_NAME.equals(userToCreate.getUsername()) && EMAIL.equals(userToCreate.getEmail()) && FIRST_NAME.equals(userToCreate.getFirstname()) && LAST_NAME.equals(userToCreate.getLastname()) && userToCreate.getCreatedAt() != null && userToCreate.getUpdatedAt() != null && userToCreate.getCreatedAt().equals(userToCreate.getUpdatedAt());
        }
    }));
    assertEquals(USER_NAME, createdUserEntity.getUsername());
    assertEquals(FIRST_NAME, createdUserEntity.getFirstname());
    assertEquals(LAST_NAME, createdUserEntity.getLastname());
    assertEquals(EMAIL, createdUserEntity.getEmail());
    assertEquals(PASSWORD, createdUserEntity.getPassword());
    assertEquals(ROLES, createdUserEntity.getRoles());
    assertEquals(date, createdUserEntity.getCreatedAt());
    assertEquals(date, createdUserEntity.getUpdatedAt());
}
Also used : RoleEntity(io.gravitee.management.model.RoleEntity) UserRoleEntity(io.gravitee.management.model.UserRoleEntity) User(io.gravitee.repository.management.model.User) ArgumentMatcher(org.mockito.ArgumentMatcher) UserEntity(io.gravitee.management.model.UserEntity) NewExternalUserEntity(io.gravitee.management.model.NewExternalUserEntity) Test(org.junit.Test)

Example 2 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class MembershipService_GetMembersTest method shouldGetMembersWithMembership.

@Test
public void shouldGetMembersWithMembership() throws Exception {
    Membership membership = new Membership();
    membership.setReferenceId(API_ID);
    membership.setCreatedAt(new Date());
    membership.setUpdatedAt(membership.getCreatedAt());
    membership.setReferenceType(MembershipReferenceType.API);
    membership.setRoles(Collections.singletonMap(RoleScope.API.getId(), SystemRole.PRIMARY_OWNER.name()));
    membership.setUserId("user-id");
    UserEntity userEntity = new UserEntity();
    userEntity.setUsername(membership.getUserId());
    userEntity.setFirstname("John");
    userEntity.setLastname("Doe");
    RoleEntity po = mock(RoleEntity.class);
    po.setScope(io.gravitee.management.model.permissions.RoleScope.API);
    po.setName(SystemRole.PRIMARY_OWNER.name());
    when(membershipRepository.findByReferenceAndRole(MembershipReferenceType.API, API_ID, RoleScope.API, SystemRole.PRIMARY_OWNER.name())).thenReturn(Collections.singleton(membership));
    when(userService.findById(membership.getUserId())).thenReturn(userEntity);
    when(membershipRepository.findById(userEntity.getUsername(), MembershipReferenceType.API, API_ID)).thenReturn(of(membership));
    when(roleService.findById(RoleScope.API, SystemRole.PRIMARY_OWNER.name())).thenReturn(po);
    Set<MemberEntity> members = membershipService.getMembers(MembershipReferenceType.API, API_ID, RoleScope.API, SystemRole.PRIMARY_OWNER.name());
    Assert.assertNotNull(members);
    Assert.assertFalse("members must not be empty", members.isEmpty());
    verify(membershipRepository, times(1)).findByReferenceAndRole(MembershipReferenceType.API, API_ID, RoleScope.API, SystemRole.PRIMARY_OWNER.name());
    verify(userService, times(1)).findById(membership.getUserId());
}
Also used : RoleEntity(io.gravitee.management.model.RoleEntity) Membership(io.gravitee.repository.management.model.Membership) MemberEntity(io.gravitee.management.model.MemberEntity) Date(java.util.Date) UserEntity(io.gravitee.management.model.UserEntity) Test(org.junit.Test)

Example 3 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class MembershipService_GetMembersTest method shouldGetMembersWithoutMembership.

@Test
public void shouldGetMembersWithoutMembership() throws Exception {
    Membership membership = new Membership();
    membership.setReferenceId(API_ID);
    membership.setCreatedAt(new Date());
    membership.setUpdatedAt(membership.getCreatedAt());
    membership.setReferenceType(MembershipReferenceType.API);
    membership.setRoles(Collections.singletonMap(RoleScope.API.getId(), SystemRole.PRIMARY_OWNER.name()));
    membership.setUserId("user-id");
    UserEntity userEntity = new UserEntity();
    userEntity.setUsername(membership.getUserId());
    userEntity.setFirstname("John");
    userEntity.setLastname("Doe");
    RoleEntity po = mock(RoleEntity.class);
    po.setScope(io.gravitee.management.model.permissions.RoleScope.API);
    po.setName(SystemRole.PRIMARY_OWNER.name());
    when(membershipRepository.findByReferenceAndRole(MembershipReferenceType.API, API_ID, RoleScope.API, null)).thenReturn(Collections.singleton(membership));
    when(userService.findById(membership.getUserId())).thenReturn(userEntity);
    when(membershipRepository.findById(userEntity.getUsername(), MembershipReferenceType.API, API_ID)).thenReturn(of(membership));
    when(roleService.findById(RoleScope.API, SystemRole.PRIMARY_OWNER.name())).thenReturn(po);
    Set<MemberEntity> members = membershipService.getMembers(MembershipReferenceType.API, API_ID, RoleScope.API);
    Assert.assertNotNull(members);
    Assert.assertFalse("members must not be empty", members.isEmpty());
    verify(membershipRepository, times(1)).findByReferenceAndRole(MembershipReferenceType.API, API_ID, RoleScope.API, null);
    verify(userService, times(1)).findById(membership.getUserId());
}
Also used : RoleEntity(io.gravitee.management.model.RoleEntity) Membership(io.gravitee.repository.management.model.Membership) MemberEntity(io.gravitee.management.model.MemberEntity) Date(java.util.Date) UserEntity(io.gravitee.management.model.UserEntity) Test(org.junit.Test)

Example 4 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class RoleService_FindByIdTest method test_int_to_CRUD.

private void test_int_to_CRUD(int perm, RolePermissionAction... action) throws TechnicalException {
    Role roleMock = mock(Role.class);
    when(roleMock.getScope()).thenReturn(RoleScope.PORTAL);
    when(roleMock.getName()).thenReturn("name");
    when(roleMock.getPermissions()).thenReturn(new int[] { perm });
    when(mockRoleRepository.findById(RoleScope.PORTAL, "name")).thenReturn(Optional.of(roleMock));
    RoleEntity entity = roleService.findById(RoleScope.PORTAL, "name");
    assertNotNull("no entity found", entity);
    assertEquals("invalid scope", io.gravitee.management.model.permissions.RoleScope.PORTAL, entity.getScope());
    assertFalse("no permissions found", entity.getPermissions().isEmpty());
    assertTrue("invalid Permission name", entity.getPermissions().containsKey(DOCUMENTATION.getName()));
    char[] perms = entity.getPermissions().get(DOCUMENTATION.getName());
    assertEquals("not enough permissions", action.length, perms.length);
    for (RolePermissionAction rolePermissionAction : action) {
        assertTrue("not the good permission", Arrays.asList(ArrayUtils.toObject(perms)).contains(rolePermissionAction.getId()));
    }
}
Also used : Role(io.gravitee.repository.management.model.Role) RoleEntity(io.gravitee.management.model.RoleEntity) RolePermissionAction(io.gravitee.management.model.permissions.RolePermissionAction)

Example 5 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class AuthenticationSuccessFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    final HttpServletRequest req = (HttpServletRequest) servletRequest;
    final Optional<Cookie> optionalStringToken;
    if (req.getCookies() == null) {
        optionalStringToken = Optional.empty();
    } else {
        optionalStringToken = Arrays.stream(req.getCookies()).filter(cookie -> HttpHeaders.AUTHORIZATION.equals(cookie.getName())).filter(cookie -> cookie.getValue() != null && !cookie.getValue().isEmpty()).findAny();
    }
    final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication != null && !optionalStringToken.isPresent()) {
        // JWT signer
        final Map<String, Object> claims = new HashMap<>();
        claims.put(Claims.ISSUER, jwtIssuer);
        final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
        // Manage authorities, initialize it with dynamic permissions from the IDP
        Set<GrantedAuthority> authorities = new HashSet<>(userDetails.getAuthorities());
        // We must also load permissions from repository for configured management or portal role
        RoleEntity role = membershipService.getRole(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.MANAGEMENT);
        if (role != null) {
            authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
        }
        role = membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.PORTAL);
        if (role != null) {
            authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
        }
        claims.put(Claims.PERMISSIONS, authorities);
        claims.put(Claims.SUBJECT, userDetails.getUsername());
        claims.put(Claims.EMAIL, userDetails.getEmail());
        claims.put(Claims.FIRSTNAME, userDetails.getFirstname());
        claims.put(Claims.LASTNAME, userDetails.getLastname());
        final JWTSigner.Options options = new JWTSigner.Options();
        options.setExpirySeconds(jwtExpireAfter);
        options.setIssuedAt(true);
        options.setJwtId(true);
        final Cookie bearerCookie = jwtCookieGenerator.generate("Bearer " + new JWTSigner(jwtSecret).sign(claims, options));
        ((HttpServletResponse) servletResponse).addCookie(bearerCookie);
    }
    filterChain.doFilter(servletRequest, servletResponse);
}
Also used : Cookie(javax.servlet.http.Cookie) JWTCookieGenerator(io.gravitee.management.security.cookies.JWTCookieGenerator) UserDetails(io.gravitee.management.idp.api.authentication.UserDetails) RoleScope(io.gravitee.repository.management.model.RoleScope) FilterChain(javax.servlet.FilterChain) ServletRequest(javax.servlet.ServletRequest) java.util(java.util) HttpHeaders(io.gravitee.common.http.HttpHeaders) RoleEntity(io.gravitee.management.model.RoleEntity) ServletException(javax.servlet.ServletException) MembershipDefaultReferenceId(io.gravitee.repository.management.model.MembershipDefaultReferenceId) HttpServletResponse(javax.servlet.http.HttpServletResponse) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) IOException(java.io.IOException) GrantedAuthority(org.springframework.security.core.GrantedAuthority) HttpServletRequest(javax.servlet.http.HttpServletRequest) MembershipService(io.gravitee.management.service.MembershipService) ServletResponse(javax.servlet.ServletResponse) GenericFilterBean(org.springframework.web.filter.GenericFilterBean) JWTSigner(com.auth0.jwt.JWTSigner) Claims(io.gravitee.management.service.common.JWTHelper.Claims) MembershipReferenceType(io.gravitee.repository.management.model.MembershipReferenceType) Authentication(org.springframework.security.core.Authentication) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Cookie(javax.servlet.http.Cookie) JWTSigner(com.auth0.jwt.JWTSigner) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) RoleEntity(io.gravitee.management.model.RoleEntity) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UserDetails(io.gravitee.management.idp.api.authentication.UserDetails) Authentication(org.springframework.security.core.Authentication)

Aggregations

RoleEntity (io.gravitee.management.model.RoleEntity)20 Test (org.junit.Test)10 UserEntity (io.gravitee.management.model.UserEntity)6 MemberEntity (io.gravitee.management.model.MemberEntity)4 NewExternalUserEntity (io.gravitee.management.model.NewExternalUserEntity)4 NewRoleEntity (io.gravitee.management.model.NewRoleEntity)4 UpdateRoleEntity (io.gravitee.management.model.UpdateRoleEntity)4 MembershipService (io.gravitee.management.service.MembershipService)4 Membership (io.gravitee.repository.management.model.Membership)4 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)4 TechnicalManagementException (io.gravitee.management.service.exceptions.TechnicalManagementException)3 TechnicalException (io.gravitee.repository.exceptions.TechnicalException)3 Role (io.gravitee.repository.management.model.Role)3 RoleScope (io.gravitee.repository.management.model.RoleScope)3 Collection (java.util.Collection)3 JWTSigner (com.auth0.jwt.JWTSigner)2 UserDetails (io.gravitee.management.idp.api.authentication.UserDetails)2 GroupEntity (io.gravitee.management.model.GroupEntity)2 MembershipReferenceType (io.gravitee.repository.management.model.MembershipReferenceType)2 Date (java.util.Date)2