Example 6 with NoAuthPrincipal
use of org.candlepin.auth.NoAuthPrincipal in project candlepin by candlepin.
the class ConsumerResourceCreationTest method registerFailsWithKeyWhenAutobindOnKeyAndDisabledOnOwner.
@Test
public void registerFailsWithKeyWhenAutobindOnKeyAndDisabledOnOwner() {
ConsumerType ctype = new ConsumerType(ConsumerTypeEnum.SYSTEM);
ConsumerTypeDTO ctypeDTO = this.modelTranslator.translate(ctype, ConsumerTypeDTO.class);
this.mockConsumerType(ctype);
// Disable autobind for the owner.
owner.setAutobindDisabled(true);
// Create a key that has autobind disabled.
ActivationKey key = new ActivationKey("autobind-disabled-key", owner);
key.setAutoAttach(true);
when(activationKeyCurator.lookupForOwner(key.getName(), owner)).thenReturn(key);
// No auth should be required for registering with keys:
Principal p = new NoAuthPrincipal();
ConsumerDTO consumer = TestUtil.createConsumerDTO("sys.example.com", null, null, ctypeDTO);
resource.create(consumer, p, null, owner.getKey(), key.getName(), true);
}
Also used :
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
ConsumerDTO(org.candlepin.dto.api.v1.ConsumerDTO)
ConsumerType(org.candlepin.model.ConsumerType)
ActivationKey(org.candlepin.model.activationkeys.ActivationKey)
ConsumerTypeDTO(org.candlepin.dto.api.v1.ConsumerTypeDTO)
TrustedUserPrincipal(org.candlepin.auth.TrustedUserPrincipal)
UserPrincipal(org.candlepin.auth.UserPrincipal)
Principal(org.candlepin.auth.Principal)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
Test(org.junit.Test)
Example 7 with NoAuthPrincipal
use of org.candlepin.auth.NoAuthPrincipal in project candlepin by candlepin.
the class ConsumerResourceTest method testCreatePersonConsumerWithActivationKey.
@Test(expected = BadRequestException.class)
public void testCreatePersonConsumerWithActivationKey() {
ConsumerType ctype = this.mockConsumerType(new ConsumerType(ConsumerTypeEnum.PERSON));
ConsumerTypeDTO ctypeDto = this.translator.translate(ctype, ConsumerTypeDTO.class);
Owner owner = this.createOwner();
Consumer consumer = this.createConsumer(owner, ctype);
ConsumerDTO consumerDto = this.translator.translate(consumer, ConsumerDTO.class);
ActivationKey ak = mock(ActivationKey.class);
NoAuthPrincipal nap = mock(NoAuthPrincipal.class);
ActivationKeyCurator akc = mock(ActivationKeyCurator.class);
ConsumerContentOverrideCurator ccoc = mock(ConsumerContentOverrideCurator.class);
when(ak.getId()).thenReturn("testKey");
when(akc.lookupForOwner(eq(owner.getKey()), eq(owner))).thenReturn(ak);
ConsumerResource cr = new ConsumerResource(null, mockConsumerTypeCurator, null, null, null, null, null, null, i18n, null, null, null, null, null, null, null, mockOwnerCurator, akc, null, null, null, null, null, this.config, null, null, null, consumerBindUtil, null, null, this.factValidator, null, consumerEnricher, migrationProvider, translator);
cr.create(consumerDto, nap, null, owner.getKey(), "testKey", true);
}
Also used :
Owner(org.candlepin.model.Owner)
Consumer(org.candlepin.model.Consumer)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
ActivationKeyCurator(org.candlepin.model.activationkeys.ActivationKeyCurator)
ConsumerDTO(org.candlepin.dto.api.v1.ConsumerDTO)
ConsumerContentOverrideCurator(org.candlepin.model.ConsumerContentOverrideCurator)
ConsumerType(org.candlepin.model.ConsumerType)
ActivationKey(org.candlepin.model.activationkeys.ActivationKey)
ConsumerTypeDTO(org.candlepin.dto.api.v1.ConsumerTypeDTO)
Test(org.junit.Test)
Example 8 with NoAuthPrincipal
use of org.candlepin.auth.NoAuthPrincipal in project candlepin by candlepin.
the class AuthenticationFilterTest method securityHoleWithAnonAndPrincipalProvided.
@Test
public void securityHoleWithAnonAndPrincipalProvided() throws Exception {
Method method = FakeResource.class.getMethod("anonMethod", String.class);
mockResourceMethod(method);
mockReq.header("Authorization", "BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
interceptor.filter(getContext());
Principal p = ResteasyProviderFactory.getContextData(Principal.class);
assertTrue(p instanceof NoAuthPrincipal);
// Anon should not even bother attempting to create a real principal
verify(usa, times(0)).validateUser(anyString(), anyString());
}
Also used :
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
Method(java.lang.reflect.Method)
UserPrincipal(org.candlepin.auth.UserPrincipal)
Principal(org.candlepin.auth.Principal)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
Test(org.junit.Test)
Example 9 with NoAuthPrincipal
use of org.candlepin.auth.NoAuthPrincipal in project candlepin by candlepin.
the class AuthenticationFilterTest method securityHoleWithAnonAndNoPrincipal.
@Test
public void securityHoleWithAnonAndNoPrincipal() throws Exception {
Method method = FakeResource.class.getMethod("anonMethod", String.class);
mockResourceMethod(method);
interceptor.filter(getContext());
Principal p = ResteasyProviderFactory.getContextData(Principal.class);
assertTrue(p instanceof NoAuthPrincipal);
// Anon should not even bother attempting to create a real principal
verify(usa, times(0)).validateUser(anyString(), anyString());
}
Also used :
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
Method(java.lang.reflect.Method)
UserPrincipal(org.candlepin.auth.UserPrincipal)
Principal(org.candlepin.auth.Principal)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
Test(org.junit.Test)
Example 10 with NoAuthPrincipal
use of org.candlepin.auth.NoAuthPrincipal in project candlepin by candlepin.
the class ConsumerResource method createConsumerFromDTO.
public Consumer createConsumerFromDTO(ConsumerDTO consumer, ConsumerType type, Principal principal, String userName, String ownerKey, String activationKeys, boolean identityCertCreation) throws BadRequestException {
// API:registerConsumer
Set<String> keyStrings = splitKeys(activationKeys);
// Only let NoAuth principals through if there are activation keys to consider:
if ((principal instanceof NoAuthPrincipal) && keyStrings.isEmpty()) {
throw new ForbiddenException(i18n.tr("Insufficient permissions"));
}
validateOnKeyStrings(keyStrings, ownerKey, userName);
Owner owner = setupOwner(principal, ownerKey);
// Raise an exception if none of the keys specified exist for this owner.
List<ActivationKey> keys = checkActivationKeys(principal, owner, keyStrings);
userName = setUserName(consumer, principal, userName);
checkConsumerName(consumer);
validateViaConsumerType(consumer, type, keys, owner, userName, principal);
if (type.isType(ConsumerTypeEnum.SHARE)) {
// Share consumers do not need identity certificates so refuse to create them.
identityCertCreation = false;
validateShareConsumer(consumer, principal, keys);
// if there exists a share consumer between the two orgs, return it.
Consumer existingShareConsumer = consumerCurator.getSharingConsumer(owner, consumer.getRecipientOwnerKey());
if (existingShareConsumer != null) {
return existingShareConsumer;
}
consumer.setAutoheal(false);
} else {
// this is the default
consumer.setAutoheal(true);
if (StringUtils.isNotEmpty(consumer.getRecipientOwnerKey())) {
throw new BadRequestException(i18n.tr("Only share consumers can specify recipient owners"));
}
}
if (consumer.getServiceLevel() == null) {
consumer.setServiceLevel("");
}
// Sanitize the inbound facts
this.sanitizeConsumerFacts(consumer);
// If no service level was specified, and the owner has a default set, use it:
if (consumer.getServiceLevel().equals("") && owner.getDefaultServiceLevel() != null && !type.isType(ConsumerTypeEnum.SHARE)) {
consumer.setServiceLevel(owner.getDefaultServiceLevel());
}
Consumer consumerToCreate = new Consumer();
consumerToCreate.setOwner(owner);
populateEntity(consumerToCreate, consumer);
consumerToCreate.setType(type);
if (!type.isType(ConsumerTypeEnum.SHARE)) {
consumerToCreate.setCanActivate(subAdapter.canActivateSubscription(consumerToCreate));
}
HypervisorId hvsrId = consumerToCreate.getHypervisorId();
if (hvsrId != null && hvsrId.getHypervisorId() != null && !hvsrId.getHypervisorId().isEmpty()) {
// If a hypervisorId is supplied, make sure the consumer and owner are correct
hvsrId.setConsumer(consumerToCreate);
hvsrId.setOwner(owner);
}
updateCapabilities(consumerToCreate, null);
logNewConsumerDebugInfo(consumerToCreate, keys, type);
validateContentAccessMode(consumerToCreate, owner);
consumerBindUtil.validateServiceLevel(owner.getId(), consumerToCreate.getServiceLevel());
try {
Date createdDate = consumerToCreate.getCreated();
Date lastCheckIn = consumerToCreate.getLastCheckin();
// create sets created to current time.
consumerToCreate = consumerCurator.create(consumerToCreate);
// If we sent in a created date, we want it persisted at the update below
if (createdDate != null) {
consumerToCreate.setCreated(createdDate);
}
if (lastCheckIn != null) {
log.info("Creating with specific last check-in time: {}", lastCheckIn);
consumerToCreate.setLastCheckin(lastCheckIn);
}
if (identityCertCreation) {
IdentityCertificate idCert = generateIdCert(consumerToCreate, false);
consumerToCreate.setIdCert(idCert);
}
sink.emitConsumerCreated(consumerToCreate);
if (keys.size() > 0) {
consumerBindUtil.handleActivationKeys(consumerToCreate, keys, owner.isAutobindDisabled());
}
// Don't allow complianceRules to update entitlementStatus, because we're about to perform
// an update unconditionally.
complianceRules.getStatus(consumerToCreate, null, false, false);
consumerCurator.update(consumerToCreate);
log.info("Consumer {} created in org {}", consumerToCreate.getUuid(), consumerToCreate.getOwnerId());
return consumerToCreate;
} catch (CandlepinException ce) {
// If it is one of ours, rethrow it.
throw ce;
} catch (Exception e) {
log.error("Problem creating unit:", e);
throw new BadRequestException(i18n.tr("Problem creating unit {0}", consumer));
}
}
Also used :
CandlepinException(org.candlepin.common.exceptions.CandlepinException)
ForbiddenException(org.candlepin.common.exceptions.ForbiddenException)
Owner(org.candlepin.model.Owner)
NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal)
ActivationKey(org.candlepin.model.activationkeys.ActivationKey)
Date(java.util.Date)
GeneralSecurityException(java.security.GeneralSecurityException)
ForbiddenException(org.candlepin.common.exceptions.ForbiddenException)
IseException(org.candlepin.common.exceptions.IseException)
AutobindDisabledForOwnerException(org.candlepin.controller.AutobindDisabledForOwnerException)
CandlepinException(org.candlepin.common.exceptions.CandlepinException)
IOException(java.io.IOException)
NotFoundException(org.candlepin.common.exceptions.NotFoundException)
ExportCreationException(org.candlepin.sync.ExportCreationException)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
PropertyValidationException(org.candlepin.util.PropertyValidationException)
DeletedConsumer(org.candlepin.model.DeletedConsumer)
Consumer(org.candlepin.model.Consumer)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
HypervisorId(org.candlepin.model.HypervisorId)
IdentityCertificate(org.candlepin.model.IdentityCertificate)
Aggregations
NoAuthPrincipal (org.candlepin.auth.NoAuthPrincipal)15
Test (org.junit.Test)12
Principal (org.candlepin.auth.Principal)11
UserPrincipal (org.candlepin.auth.UserPrincipal)10
TrustedUserPrincipal (org.candlepin.auth.TrustedUserPrincipal)7
ConsumerDTO (org.candlepin.dto.api.v1.ConsumerDTO)7
Method (java.lang.reflect.Method)4
ActivationKey (org.candlepin.model.activationkeys.ActivationKey)4
BadRequestException (org.candlepin.common.exceptions.BadRequestException)3
ArrayList (java.util.ArrayList)2
NotFoundException (org.candlepin.common.exceptions.NotFoundException)2
ConsumerTypeDTO (org.candlepin.dto.api.v1.ConsumerTypeDTO)2
Consumer (org.candlepin.model.Consumer)2
ConsumerType (org.candlepin.model.ConsumerType)2
Owner (org.candlepin.model.Owner)2
ApiListingResource (io.swagger.jaxrs.listing.ApiListingResource)1
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
Date (java.util.Date)1
ResourceInfo (javax.ws.rs.container.ResourceInfo)1
