Examples with IdentityServiceRemoteUserMapper org.alfresco.repo.security.authentication.identityservice.IdentityServiceRemoteUserMapper used on opensource projects

Example 1 with IdentityServiceRemoteUserMapper

use of org.alfresco.repo.security.authentication.identityservice.IdentityServiceRemoteUserMapper in project alfresco-remote-api by Alfresco.

the class InterceptingIdentityRemoteUserMapper method checkGetTicketViaBearerAuthHeader.

/**
 * @param useIdentityService if not true we use "external" authentication in the chain,
 *                           if it is true we use "identity-service"
 */
private void checkGetTicketViaBearerAuthHeader(boolean useIdentityService) throws Exception {
    final String folderName = "F2_" + GUID.generate();
    Paging paging = getPaging(0, 100);
    LoginTicket loginRequest = null;
    LoginTicketResponse validatedTicket = null;
    HttpResponse response = null;
    Map<String, String> header = new HashMap<>();
    runPreCheckToEnsureBasicFunctionalityWorks(folderName, paging);
    RemoteUserMapper remoteUserMapper = createRemoteUserMapperToUseForTheTest(useIdentityService);
    setupAuthChainForTest(useIdentityService, remoteUserMapper);
    if (!useIdentityService) {
        // these tests run by default with multi tenancy enabled
        header.put("X-Alfresco-Remote-User", buildUserNameMultiTenancyAware());
        response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), paging, null, header, 200);
        List<Document> nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class);
        // this is "someUserName" user home, and it should be empty
        assertEquals(0, nodes.size());
    }
    // check that without an Authorization header, we still can't get the ticket
    getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 400);
    Map<String, String> headersWtihBasicAuth = new HashMap<>(header);
    headersWtihBasicAuth.put("Authorization", "basic " + encodeB64("someRandomString"));
    // "someRandomString" will be considered the ticket, and that is not valid still
    getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 404);
    checkRemoteUserMapperWasCalled(useIdentityService);
    reset(useIdentityService);
    headersWtihBasicAuth = new HashMap<>(header);
    headersWtihBasicAuth.put("Authorization", "basic " + encodeB64(user2 + ":user2password"));
    // only "Ticket base authentication required." is accepted
    getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 400);
    checkRemoteUserMapperWasCalled(useIdentityService);
    // now, for the big test. use "someOtherRandomString" as the ticket, because we override the IdentityServiceRemoteUserMapper in our test
    reset(useIdentityService);
    header.put("Authorization", "bearer " + "someOtherRandomString");
    // NOTE: external authentication (using the DefaultRemoteUserMapper) could be used to login
    // if you include some value in the "bearer" authorization header;
    // We consider this not to be a big problem since we trust external uses with any api call
    response = getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 200);
    validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
    assertNotNull("We should have gotten a valid ticket id", validatedTicket.getId());
    checkRemoteUserMapperWasCalled(useIdentityService);
    reset(useIdentityService);
}