use of org.alfresco.repo.security.authentication.identityservice.IdentityServiceRemoteUserMapper in project alfresco-remote-api by Alfresco.
the class InterceptingIdentityRemoteUserMapper method checkGetTicketViaBearerAuthHeader.
/**
* @param useIdentityService if not true we use "external" authentication in the chain,
* if it is true we use "identity-service"
*/
private void checkGetTicketViaBearerAuthHeader(boolean useIdentityService) throws Exception {
final String folderName = "F2_" + GUID.generate();
Paging paging = getPaging(0, 100);
LoginTicket loginRequest = null;
LoginTicketResponse validatedTicket = null;
HttpResponse response = null;
Map<String, String> header = new HashMap<>();
runPreCheckToEnsureBasicFunctionalityWorks(folderName, paging);
RemoteUserMapper remoteUserMapper = createRemoteUserMapperToUseForTheTest(useIdentityService);
setupAuthChainForTest(useIdentityService, remoteUserMapper);
if (!useIdentityService) {
// these tests run by default with multi tenancy enabled
header.put("X-Alfresco-Remote-User", buildUserNameMultiTenancyAware());
response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), paging, null, header, 200);
List<Document> nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class);
// this is "someUserName" user home, and it should be empty
assertEquals(0, nodes.size());
}
// check that without an Authorization header, we still can't get the ticket
getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 400);
Map<String, String> headersWtihBasicAuth = new HashMap<>(header);
headersWtihBasicAuth.put("Authorization", "basic " + encodeB64("someRandomString"));
// "someRandomString" will be considered the ticket, and that is not valid still
getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 404);
checkRemoteUserMapperWasCalled(useIdentityService);
reset(useIdentityService);
headersWtihBasicAuth = new HashMap<>(header);
headersWtihBasicAuth.put("Authorization", "basic " + encodeB64(user2 + ":user2password"));
// only "Ticket base authentication required." is accepted
getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 400);
checkRemoteUserMapperWasCalled(useIdentityService);
// now, for the big test. use "someOtherRandomString" as the ticket, because we override the IdentityServiceRemoteUserMapper in our test
reset(useIdentityService);
header.put("Authorization", "bearer " + "someOtherRandomString");
// NOTE: external authentication (using the DefaultRemoteUserMapper) could be used to login
// if you include some value in the "bearer" authorization header;
// We consider this not to be a big problem since we trust external uses with any api call
response = getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 200);
validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertNotNull("We should have gotten a valid ticket id", validatedTicket.getId());
checkRemoteUserMapperWasCalled(useIdentityService);
reset(useIdentityService);
}
Aggregations