use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class CredentialsControllerAuditLogTest method whenARequestHasMultipleXForwardedForHeaders_logsAllXForwardedForValues.
@Test
public void whenARequestHasMultipleXForwardedForHeaders_logsAllXForwardedForValues() throws Exception {
when(credentialVersionDataService.save(any(CredentialVersion.class))).thenAnswer(invocation -> {
ValueCredentialVersion valueCredential = invocation.getArgumentAt(0, ValueCredentialVersion.class);
valueCredential.setUuid(UUID.randomUUID());
return valueCredential;
});
MockHttpServletRequestBuilder putRequest = MockMvcRequestBuilders.put(CredentialsController.API_V1_DATA).accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).header("X-Forwarded-For", "1.1.1.1,2.2.2.2").header("X-Forwarded-For", "3.3.3.3").content("{\"type\":\"value\",\"name\":\"foo\",\"value\":\"password\"}").with(request -> {
request.setRemoteAddr("12346");
return request;
});
mockMvc.perform(putRequest).andExpect(status().isOk());
ArgumentCaptor<RequestAuditRecord> recordCaptor = ArgumentCaptor.forClass(RequestAuditRecord.class);
verify(requestAuditRecordDataService, times(1)).save(recordCaptor.capture());
RequestAuditRecord auditRecord = recordCaptor.getValue();
assertThat(auditRecord.getXForwardedFor(), equalTo("1.1.1.1,2.2.2.2,3.3.3.3"));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditOAuth2AccessDeniedHandlerTest method logsTheFailureInTheRequestAuditRecordTable.
@Test
public void logsTheFailureInTheRequestAuditRecordTable() {
RequestAuditRecord auditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(auditRecord.getPath(), equalTo(CredentialsController.API_V1_DATA));
assertThat(auditRecord.getQueryParameters(), equalTo("name=foo&query=value"));
assertThat(auditRecord.getRequesterIp(), equalTo("12346"));
assertThat(auditRecord.getXForwardedFor(), equalTo("1.1.1.1,2.2.2.2"));
OAuth2AccessToken accessToken = tokenServices.readAccessToken(AuthConstants.INVALID_SCOPE_KEY_JWT);
Map<String, Object> additionalInformation = accessToken.getAdditionalInformation();
assertThat(auditRecord.getUserId(), equalTo(additionalInformation.get("user_id")));
assertThat(auditRecord.getUserName(), equalTo(additionalInformation.get("user_name")));
assertThat(auditRecord.getUaaUrl(), equalTo(additionalInformation.get("iss")));
assertThat(auditRecord.getAuthValidFrom(), equalTo(// 2737304753L (year 2056)
((Number) additionalInformation.get("iat")).longValue()));
assertThat(auditRecord.getAuthValidUntil(), equalTo(// 2737304773L (year 2056)
accessToken.getExpiration().toInstant().getEpochSecond()));
assertThat(auditRecord.getClientId(), equalTo("credhub_cli"));
assertThat(auditRecord.getScope(), equalTo("credhub.bad_scope"));
assertThat(auditRecord.getGrantType(), equalTo("password"));
assertThat(auditRecord.getMethod(), equalTo("GET"));
assertThat(auditRecord.getStatusCode(), equalTo(403));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class SecurityEventsLogServiceTest method log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS.
@Test
public void log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS() {
RequestAuditRecord requestAuditRecord = makeOperationAuditRecord("foo=bar", AUTH_METHOD_MUTUAL_TLS);
subject.log(new SecurityEventAuditRecord(requestAuditRecord, "actor-id"));
verify(securityEventsLogger).info("CEF:0|cloud_foundry|credhub|" + fakeVersion + "|GET /api/some-path|" + "GET /api/some-path|0|rt=" + String.valueOf(now.toEpochMilli()) + " suser=user-name " + "suid=actor-id " + "cs1Label=userAuthenticationMechanism " + "cs1=mutual-tls " + "request=/api/some-path?foo=bar " + "requestMethod=GET " + "cs3Label=result " + "cs3=success " + "cs4Label=httpStatusCode " + "cs4=200 " + "src=127.0.0.1 " + "dst=host.example.com");
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class SecurityEventsLogServiceTest method log_whenTheQueryParamStringIsEmpty_shouldSpecifyOnlyThePathInTheRequest.
@Test
public void log_whenTheQueryParamStringIsEmpty_shouldSpecifyOnlyThePathInTheRequest() {
RequestAuditRecord requestAuditRecord = makeOperationAuditRecord("", AUTH_METHOD_UAA);
subject.log(new SecurityEventAuditRecord(requestAuditRecord, "actor-id"));
assertThat(fakeVersion, notNullValue());
assertThat(fakeVersion.length(), greaterThan(0));
verify(securityEventsLogger).info(contains("request=/api/some-path requestMethod=GET"));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class SecurityEventsLogServiceTest method makeOperationAuditRecord.
private RequestAuditRecord makeOperationAuditRecord(String queryParameters, String authMethod) {
RequestAuditRecord requestAuditRecord = mock(RequestAuditRecord.class);
when(requestAuditRecord.getAuthMethod()).thenReturn(authMethod);
when(requestAuditRecord.getUserId()).thenReturn("user-id");
when(requestAuditRecord.getNow()).thenReturn(now);
when(requestAuditRecord.getMethod()).thenReturn("GET");
when(requestAuditRecord.getPath()).thenReturn("/api/some-path");
when(requestAuditRecord.getRequesterIp()).thenReturn("127.0.0.1");
when(requestAuditRecord.getHostName()).thenReturn("host.example.com");
when(requestAuditRecord.getClientId()).thenReturn("some-client-id");
when(requestAuditRecord.getUserName()).thenReturn("user-name");
when(requestAuditRecord.getQueryParameters()).thenReturn(queryParameters);
when(requestAuditRecord.getStatusCode()).thenReturn(200);
return requestAuditRecord;
}
Aggregations