Search in sources :

Example 6 with UserProfile

use of org.apache.wiki.auth.user.UserProfile in project jspwiki by apache.

the class UserManagerTest method testSetRenamedUserProfile.

@Test
public void testSetRenamedUserProfile() throws Exception {
    // First, count the number of users, groups, and pages
    int oldUserCount = m_db.getWikiNames().length;
    GroupManager groupManager = m_engine.getGroupManager();
    PageManager pageManager = m_engine.getPageManager();
    AuthorizationManager authManager = m_engine.getAuthorizationManager();
    int oldGroupCount = groupManager.getRoles().length;
    int oldPageCount = pageManager.getTotalPageCount();
    // Setup Step 1: create a new user with random name
    WikiSession session = m_engine.guestSession();
    long now = System.currentTimeMillis();
    String oldLogin = "TestLogin" + now;
    String oldName = "Test User " + now;
    String newLogin = "RenamedLogin" + now;
    String newName = "Renamed User " + now;
    UserProfile profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(oldLogin);
    profile.setFullname(oldName);
    profile.setPassword("password");
    m_mgr.setUserProfile(session, profile);
    // 1a. Make sure the profile saved successfully and that we're logged in
    profile = m_mgr.getUserProfile(session);
    Assert.assertEquals(oldLogin, profile.getLoginName());
    Assert.assertEquals(oldName, profile.getFullname());
    Assert.assertEquals(oldUserCount + 1, m_db.getWikiNames().length);
    Assert.assertTrue(session.isAuthenticated());
    // Setup Step 2: create a new group with our test user in it
    Group group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
    groupManager.setGroup(session, group);
    // 2a. Make sure the group is created with the user in it, and the role is added to the Subject
    Assert.assertEquals(oldGroupCount + 1, groupManager.getRoles().length);
    Assert.assertTrue(group.isMember(new WikiPrincipal(oldLogin)));
    Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
    Assert.assertTrue(groupManager.isUserInRole(session, group.getPrincipal()));
    // Setup Step 3: create a new page with our test user in the ACL
    String pageName = "TestPage" + now;
    m_engine.saveText(pageName, "Test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
    // 3a. Make sure the page got saved, and that ONLY our test user has permission to read it.
    WikiPage p = m_engine.getPage(pageName);
    Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    WikiSession bobSession = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Setup Step 4: change the user name in the profile and see what happens
    profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(oldLogin);
    profile.setFullname(newName);
    profile.setPassword("password");
    m_mgr.setUserProfile(session, profile);
    // Test 1: the wiki session should have the new wiki name in Subject
    Principal[] principals = session.getPrincipals();
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
    // Test 2: our group should not contain the old name OR login name any more
    // (the full name is always used)
    group = groupManager.getGroup(m_groupName);
    Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(oldName)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
    Assert.assertTrue(group.isMember(new WikiPrincipal(newName)));
    // Test 3: our page should not contain the old wiki name OR login name
    // in the ACL any more (the full name is always used)
    p = m_engine.getPage(pageName);
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Test 4: our page text should have been re-written
    // (The new full name should be in the ACL, but the login name should have been removed)
    String expectedText = "[{ALLOW view Alice," + newName + "}]\nTest text.  More text.\r\n";
    String actualText = m_engine.getText(pageName);
    Assert.assertEquals(expectedText, actualText);
    // Remove our test page
    m_engine.deletePage(pageName);
    // Setup Step 6: re-create the group with our old test user names in it
    group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
    groupManager.setGroup(session, group);
    // Setup Step 7: Save a new page with the old login/wiki names in the ACL again
    // The test user should still be able to see the page (because the login name matches...)
    pageName = "TestPage2" + now;
    m_engine.saveText(pageName, "More test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
    p = m_engine.getPage(pageName);
    Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Setup Step 8: re-save the profile with the new login name
    profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(newLogin);
    profile.setFullname(oldName);
    profile.setPassword("password");
    m_mgr.setUserProfile(session, profile);
    // Test 5: the wiki session should have the new login name in Subject
    principals = session.getPrincipals();
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
    // Test 6: our group should not contain the old name OR login name any more
    // (the full name is always used)
    group = groupManager.getGroup(m_groupName);
    Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
    Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
    // Test 7: our page should not contain the old wiki name OR login name
    // in the ACL any more (the full name is always used)
    p = m_engine.getPage(pageName);
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Test 8: our page text should have been re-written
    // (The new full name should be in the ACL, but the login name should have been removed)
    expectedText = "[{ALLOW view Alice," + oldName + "}]\nMore test text.  More text.\r\n";
    actualText = m_engine.getText(pageName);
    Assert.assertEquals(expectedText, actualText);
    // CLEANUP: delete the profile; user and page; should be back to old counts
    m_db.deleteByLoginName(newLogin);
    Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
    groupManager.removeGroup(group.getName());
    Assert.assertEquals(oldGroupCount, groupManager.getRoles().length);
    m_engine.deletePage(pageName);
    Assert.assertEquals(oldPageCount, pageManager.getTotalPageCount());
}
Also used : Group(org.apache.wiki.auth.authorize.Group) UserProfile(org.apache.wiki.auth.user.UserProfile) WikiPage(org.apache.wiki.WikiPage) GroupManager(org.apache.wiki.auth.authorize.GroupManager) WikiSession(org.apache.wiki.WikiSession) PageManager(org.apache.wiki.PageManager) Principal(java.security.Principal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 7 with UserProfile

use of org.apache.wiki.auth.user.UserProfile in project jspwiki by apache.

the class UserManagerTest method testSetUserProfile.

@Test
public void testSetUserProfile() throws Exception {
    // First, count the number of users in the db now.
    int oldUserCount = m_db.getWikiNames().length;
    // Create a new user with random name
    WikiSession session = m_engine.guestSession();
    String loginName = "TestUser" + String.valueOf(System.currentTimeMillis());
    UserProfile profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(loginName);
    profile.setFullname("FullName" + loginName);
    profile.setPassword("password");
    m_mgr.setUserProfile(session, profile);
    // Make sure the profile saved successfully
    profile = m_mgr.getUserProfile(session);
    Assert.assertEquals(loginName, profile.getLoginName());
    Assert.assertEquals(oldUserCount + 1, m_db.getWikiNames().length);
    // Now delete the profile; should be back to old count
    m_db.deleteByLoginName(loginName);
    Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
}
Also used : WikiSession(org.apache.wiki.WikiSession) UserProfile(org.apache.wiki.auth.user.UserProfile) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 8 with UserProfile

use of org.apache.wiki.auth.user.UserProfile in project jspwiki by apache.

the class UserManagerTest method testSetUserProfileWithDenial.

@Test
public void testSetUserProfileWithDenial() throws Exception {
    setUpWithWorkflow();
    // First, count the number of users in the db now.
    int oldUserCount = m_db.getWikiNames().length;
    // Create a new user with random name
    WikiSession session = m_engine.guestSession();
    String loginName = "TestUser" + String.valueOf(System.currentTimeMillis());
    UserProfile profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(loginName);
    profile.setFullname("FullName" + loginName);
    profile.setPassword("password");
    // Because user profile saves require approvals, we will catch a Redirect
    try {
        m_mgr.setUserProfile(session, profile);
        Assert.fail("We should have caught a DecisionRequiredException caused by approval!");
    } catch (DecisionRequiredException e) {
    }
    // The user should NOT be saved yet
    Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
    // Now, look in Admin's queue, and verify there's a pending Decision there
    DecisionQueue dq = m_engine.getWorkflowManager().getDecisionQueue();
    Collection decisions = dq.getActorDecisions(m_engine.adminSession());
    Assert.assertEquals(1, decisions.size());
    // Verify that the Decision has all the facts and attributes we need
    Decision d = (Decision) decisions.iterator().next();
    List facts = d.getFacts();
    Assert.assertEquals(new Fact(UserManager.PREFS_FULL_NAME, profile.getFullname()), facts.get(0));
    Assert.assertEquals(new Fact(UserManager.PREFS_LOGIN_NAME, profile.getLoginName()), facts.get(1));
    Assert.assertEquals(new Fact(UserManager.FACT_SUBMITTER, session.getUserPrincipal().getName()), facts.get(2));
    Assert.assertEquals(new Fact(UserManager.PREFS_EMAIL, profile.getEmail()), facts.get(3));
    Assert.assertEquals(profile, d.getWorkflow().getAttribute(UserManager.SAVED_PROFILE));
    // Approve the profile
    d.decide(Outcome.DECISION_DENY);
    // Make sure the profile did NOT save
    Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
}
Also used : WikiSession(org.apache.wiki.WikiSession) UserProfile(org.apache.wiki.auth.user.UserProfile) DecisionRequiredException(org.apache.wiki.workflow.DecisionRequiredException) DecisionQueue(org.apache.wiki.workflow.DecisionQueue) Collection(java.util.Collection) List(java.util.List) Fact(org.apache.wiki.workflow.Fact) Decision(org.apache.wiki.workflow.Decision) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 9 with UserProfile

use of org.apache.wiki.auth.user.UserProfile in project jspwiki by apache.

the class UserManagerTest method testSetUserProfileWithApproval.

@Test
public void testSetUserProfileWithApproval() throws Exception {
    setUpWithWorkflow();
    // First, count the number of users in the db now.
    int oldUserCount = m_db.getWikiNames().length;
    // Create a new user with random name
    WikiSession session = m_engine.guestSession();
    String loginName = "TestUser" + String.valueOf(System.currentTimeMillis());
    UserProfile profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(loginName);
    profile.setFullname("FullName" + loginName);
    profile.setPassword("password");
    // Because user profile saves require approvals, we will catch a Redirect
    try {
        m_mgr.setUserProfile(session, profile);
        Assert.fail("We should have caught a DecisionRequiredException caused by approval!");
    } catch (DecisionRequiredException e) {
    }
    // The user should NOT be saved yet
    Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
    // Now, look in Admin's queue, and verify there's a pending Decision there
    DecisionQueue dq = m_engine.getWorkflowManager().getDecisionQueue();
    Collection decisions = dq.getActorDecisions(m_engine.adminSession());
    Assert.assertEquals(1, decisions.size());
    // Verify that the Decision has all the facts and attributes we need
    Decision d = (Decision) decisions.iterator().next();
    List facts = d.getFacts();
    Assert.assertEquals(new Fact(UserManager.PREFS_FULL_NAME, profile.getFullname()), facts.get(0));
    Assert.assertEquals(new Fact(UserManager.PREFS_LOGIN_NAME, profile.getLoginName()), facts.get(1));
    Assert.assertEquals(new Fact(UserManager.FACT_SUBMITTER, session.getUserPrincipal().getName()), facts.get(2));
    Assert.assertEquals(new Fact(UserManager.PREFS_EMAIL, profile.getEmail()), facts.get(3));
    Assert.assertEquals(profile, d.getWorkflow().getAttribute(UserManager.SAVED_PROFILE));
    // Approve the profile
    d.decide(Outcome.DECISION_APPROVE);
    // Make sure the profile saved successfully
    Assert.assertEquals(oldUserCount + 1, m_db.getWikiNames().length);
    // Now delete the profile; should be back to old count
    m_db.deleteByLoginName(loginName);
    Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
}
Also used : WikiSession(org.apache.wiki.WikiSession) UserProfile(org.apache.wiki.auth.user.UserProfile) DecisionRequiredException(org.apache.wiki.workflow.DecisionRequiredException) DecisionQueue(org.apache.wiki.workflow.DecisionQueue) Collection(java.util.Collection) List(java.util.List) Fact(org.apache.wiki.workflow.Fact) Decision(org.apache.wiki.workflow.Decision) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 10 with UserProfile

use of org.apache.wiki.auth.user.UserProfile in project jspwiki by apache.

the class AuthorizationManagerTest method testResolveUsers.

@Test
public void testResolveUsers() throws WikiException {
    // We should be able to resolve a user by login, user, or wiki name
    UserProfile profile = m_engine.getUserManager().getUserDatabase().newProfile();
    profile.setEmail("authmanagertest@tester.net");
    profile.setFullname("AuthorizationManagerTest User");
    profile.setLoginName("authmanagertest");
    try {
        m_engine.getUserManager().getUserDatabase().save(profile);
    } catch (WikiSecurityException e) {
        Assert.fail("Failed save: " + e.getLocalizedMessage());
    }
    Assert.assertEquals(new WikiPrincipal("authmanagertest", WikiPrincipal.LOGIN_NAME), m_auth.resolvePrincipal("authmanagertest"));
    Assert.assertEquals(new WikiPrincipal("AuthorizationManagerTest User", WikiPrincipal.FULL_NAME), m_auth.resolvePrincipal("AuthorizationManagerTest User"));
    Assert.assertEquals(new WikiPrincipal("AuthorizationManagerTestUser", WikiPrincipal.WIKI_NAME), m_auth.resolvePrincipal("AuthorizationManagerTestUser"));
    try {
        m_engine.getUserManager().getUserDatabase().deleteByLoginName("authmanagertest");
    } catch (WikiSecurityException e) {
        Assert.fail("Failed delete: " + e.getLocalizedMessage());
    }
    // A wiki group should resolve to itself
    Group group1 = m_groupMgr.parseGroup("SampleGroup", "", true);
    m_groupMgr.setGroup(m_session, group1);
    Assert.assertEquals(group1.getPrincipal(), m_auth.resolvePrincipal("SampleGroup"));
    m_groupMgr.removeGroup("SampleGroup");
    // A built-in role should resolve to itself
    Assert.assertEquals(Role.AUTHENTICATED, m_auth.resolvePrincipal("Authenticated"));
    // We shouldn't be able to spoof a built-in role
    Assert.assertNotSame(new WikiPrincipal("Authenticated"), m_auth.resolvePrincipal("Authenticated"));
    // An unknown user should resolve to a generic UnresolvedPrincipal
    Principal principal = new UnresolvedPrincipal("Bart Simpson");
    Assert.assertEquals(principal, m_auth.resolvePrincipal("Bart Simpson"));
}
Also used : Group(org.apache.wiki.auth.authorize.Group) UserProfile(org.apache.wiki.auth.user.UserProfile) Principal(java.security.Principal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Aggregations

UserProfile (org.apache.wiki.auth.user.UserProfile)19 Principal (java.security.Principal)10 WikiSession (org.apache.wiki.WikiSession)9 WikiSessionTest (org.apache.wiki.WikiSessionTest)6 Test (org.junit.Test)6 UserDatabase (org.apache.wiki.auth.user.UserDatabase)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 WikiPrincipal (org.apache.wiki.auth.WikiPrincipal)4 Collection (java.util.Collection)3 NoSuchPrincipalException (org.apache.wiki.auth.NoSuchPrincipalException)3 UserManager (org.apache.wiki.auth.UserManager)3 WikiSecurityException (org.apache.wiki.auth.WikiSecurityException)3 Group (org.apache.wiki.auth.authorize.Group)3 Decision (org.apache.wiki.workflow.Decision)3 DecisionRequiredException (org.apache.wiki.workflow.DecisionRequiredException)3 Fact (org.apache.wiki.workflow.Fact)3 List (java.util.List)2 WikiException (org.apache.wiki.api.exceptions.WikiException)2 GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)2 UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)2