Search in sources :

Example 11 with UserService

use of org.graylog2.shared.users.UserService in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testSyncFromLdapEntry.

@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntry() {
    final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
    final LdapEntry userEntry = new LdapEntry();
    final LdapSettings ldapSettings = mock(LdapSettings.class);
    when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
    when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
    when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
    when(userService.create()).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), Maps.newHashMap()));
    final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
    assertThat(ldapUser).isNotNull();
    assertThat(ldapUser.isExternalUser()).isTrue();
    assertThat(ldapUser.getName()).isEqualTo("user");
    assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
    assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
    assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
    assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
    assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used : User(org.graylog2.plugin.database.users.User) UserImpl(org.graylog2.users.UserImpl) Permissions(org.graylog2.shared.security.Permissions) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings) UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet) Test(org.junit.Test)

Example 12 with UserService

use of org.graylog2.shared.users.UserService in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method setUp.

@Before
public void setUp() throws Exception {
    server = getLdapServer();
    final LdapConnectionConfig ldapConfig = new LdapConnectionConfig();
    ldapConfig.setLdapHost("localHost");
    ldapConfig.setLdapPort(server.getPort());
    ldapConfig.setName(ADMIN_DN);
    ldapConfig.setCredentials(ADMIN_PASSWORD);
    configuration = mock(Configuration.class);
    when(configuration.getPasswordSecret()).thenReturn(PASSWORD_SECRET);
    ldapConnector = new LdapConnector(10000);
    ldapSettingsService = mock(LdapSettingsService.class);
    userService = mock(UserService.class);
    ldapSettings = new LdapSettingsImpl(configuration, mock(RoleService.class));
    ldapSettings.setEnabled(true);
    ldapSettings.setUri(URI.create("ldap://localhost:" + server.getPort()));
    ldapSettings.setUseStartTls(false);
    ldapSettings.setSystemUsername(ADMIN_DN);
    ldapSettings.setSystemPassword(ADMIN_PASSWORD);
    ldapSettings.setSearchBase("ou=users,dc=example,dc=com");
    ldapSettings.setSearchPattern("(&(objectClass=posixAccount)(uid={0}))");
    ldapSettings.setDisplayNameAttribute("cn");
    ldapSettings.setActiveDirectory(false);
    ldapSettings.setGroupSearchBase("ou=groups,dc=example,dc=com");
    ldapSettings.setGroupIdAttribute("cn");
    ldapSettings.setGroupSearchPattern("(|(objectClass=groupOfNames)(objectClass=posixGroup))");
}
Also used : LdapSettingsService(org.graylog2.security.ldap.LdapSettingsService) Configuration(org.graylog2.Configuration) UserService(org.graylog2.shared.users.UserService) LdapSettingsImpl(org.graylog2.security.ldap.LdapSettingsImpl) LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig) LdapConnector(org.graylog2.security.ldap.LdapConnector) Before(org.junit.Before)

Example 13 with UserService

use of org.graylog2.shared.users.UserService in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testDoGetAuthenticationInfoDeniesEmptyPassword.

@Test
public void testDoGetAuthenticationInfoDeniesEmptyPassword() throws Exception {
    final LdapUserAuthenticator authenticator = new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC);
    when(ldapSettingsService.load()).thenReturn(ldapSettings);
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", (char[]) null))).isNull();
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", new char[0]))).isNull();
}
Also used : RoleService(org.graylog2.users.RoleService) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Example 14 with UserService

use of org.graylog2.shared.users.UserService in project graylog2-server by Graylog2.

the class DashboardV1FacadeTest method setUp.

@Before
public void setUp() throws IOException {
    objectMapper.registerSubtypes(new NamedType(AggregationConfigDTO.class, AggregationConfigDTO.NAME));
    objectMapper.registerSubtypes(new NamedType(MessageListConfigDTO.class, MessageListConfigDTO.NAME));
    objectMapper.registerSubtypes(new NamedType(LineVisualizationConfigDTO.class, LineVisualizationConfigDTO.NAME));
    objectMapper.registerSubtypes(new NamedType(BarVisualizationConfigDTO.class, BarVisualizationConfigDTO.NAME));
    objectMapper.registerSubtypes(new NamedType(NumberVisualizationConfigDTO.class, NumberVisualizationConfigDTO.NAME));
    objectMapper.registerSubtypes(new NamedType(TimeHistogramConfigDTO.class, TimeHistogramConfigDTO.NAME));
    objectMapper.registerSubtypes(new NamedType(ValueConfigDTO.class, ValueConfigDTO.NAME));
    objectMapper.registerSubtypes(new NamedType(PivotSortConfig.class, PivotSortConfig.Type));
    objectMapper.registerSubtypes(new NamedType(PivotEntity.class, PivotEntity.NAME));
    objectMapper.registerSubtypes(new NamedType(PivotSort.class, PivotSort.Type));
    objectMapper.registerSubtypes(new NamedType(OrFilter.class, OrFilter.NAME));
    objectMapper.registerSubtypes(new NamedType(StreamFilter.class, StreamFilter.NAME));
    objectMapper.registerSubtypes(new NamedType(QueryStringFilter.class, QueryStringFilter.NAME));
    objectMapper.registerSubtypes(new NamedType(AutoIntervalDTO.class, AutoIntervalDTO.type));
    final MongoConnection mongoConnection = mongodb.mongoConnection();
    final MongoJackObjectMapperProvider mapper = new MongoJackObjectMapperProvider(objectMapper);
    searchDbService = new ViewFacadeTest.TestSearchDBService(mongoConnection, mapper);
    viewService = new ViewFacadeTest.TestViewService(mongoConnection, mapper, null);
    viewSummaryService = new ViewFacadeTest.TestViewSummaryService(mongoConnection, mapper);
    userService = mock(UserService.class);
    final UserImpl fakeUser = new UserImpl(mock(PasswordAlgorithmFactory.class), new Permissions(ImmutableSet.of()), ImmutableMap.of("username", "testuser"));
    when(userService.load("testuser")).thenReturn(fakeUser);
    final DashboardWidgetConverter dashboardWidgetConverter = new DashboardWidgetConverter();
    final EntityConverter entityConverter = new EntityConverter(dashboardWidgetConverter);
    facade = new DashboardV1Facade(objectMapper, searchDbService, entityConverter, viewService, viewSummaryService, userService);
    final URL resourceUrl = Resources.getResource(DashboardV1Facade.class, "content-pack-dashboard-v1.json");
    final ContentPack contentPack = objectMapper.readValue(resourceUrl, ContentPack.class);
    assertThat(contentPack).isInstanceOf(ContentPackV1.class);
    final ContentPackV1 contentPackV1 = (ContentPackV1) contentPack;
    final Entity entity = contentPackV1.entities().iterator().next();
    final StreamImpl stream = new StreamImpl(Collections.emptyMap());
    final Map<EntityDescriptor, Object> nativeEntities = new HashMap<>(1);
    nativeEntities.put(EntityDescriptor.create("58b3d55a-51ad-4b3e-865c-85776016a151", ModelTypes.STREAM_V1), stream);
    final NativeEntity<ViewDTO> nativeEntity = facade.createNativeEntity(entity, ImmutableMap.of(), nativeEntities, "testuser");
    assertThat(nativeEntity).isNotNull();
    viewDTO = nativeEntity.entity();
}
Also used : NumberVisualizationConfigDTO(org.graylog.plugins.views.search.views.widgets.aggregation.NumberVisualizationConfigDTO) EntityConverter(org.graylog2.contentpacks.facades.dashboardV1.EntityConverter) NativeEntity(org.graylog2.contentpacks.model.entities.NativeEntity) PivotEntity(org.graylog2.contentpacks.model.entities.PivotEntity) Entity(org.graylog2.contentpacks.model.entities.Entity) HashMap(java.util.HashMap) NamedType(com.fasterxml.jackson.databind.jsontype.NamedType) TimeHistogramConfigDTO(org.graylog.plugins.views.search.views.widgets.aggregation.TimeHistogramConfigDTO) AutoIntervalDTO(org.graylog.plugins.views.search.views.widgets.aggregation.AutoIntervalDTO) PivotSortConfig(org.graylog.plugins.views.search.views.widgets.aggregation.sort.PivotSortConfig) StreamFilter(org.graylog.plugins.views.search.filter.StreamFilter) QueryStringFilter(org.graylog.plugins.views.search.filter.QueryStringFilter) DashboardV1Facade(org.graylog2.contentpacks.facades.dashboardV1.DashboardV1Facade) URL(java.net.URL) AggregationConfigDTO(org.graylog.plugins.views.search.views.widgets.aggregation.AggregationConfigDTO) ViewDTO(org.graylog.plugins.views.search.views.ViewDTO) PasswordAlgorithmFactory(org.graylog2.security.PasswordAlgorithmFactory) MessageListConfigDTO(org.graylog.plugins.views.search.views.widgets.messagelist.MessageListConfigDTO) ContentPackV1(org.graylog2.contentpacks.model.ContentPackV1) UserImpl(org.graylog2.users.UserImpl) Permissions(org.graylog2.shared.security.Permissions) DashboardWidgetConverter(org.graylog2.contentpacks.facades.dashboardV1.DashboardWidgetConverter) BarVisualizationConfigDTO(org.graylog.plugins.views.search.views.widgets.aggregation.BarVisualizationConfigDTO) UserService(org.graylog2.shared.users.UserService) MongoJackObjectMapperProvider(org.graylog2.bindings.providers.MongoJackObjectMapperProvider) ContentPack(org.graylog2.contentpacks.model.ContentPack) OrFilter(org.graylog.plugins.views.search.filter.OrFilter) LineVisualizationConfigDTO(org.graylog.plugins.views.search.views.widgets.aggregation.LineVisualizationConfigDTO) PivotSort(org.graylog.plugins.views.search.searchtypes.pivot.PivotSort) EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor) StreamImpl(org.graylog2.streams.StreamImpl) ValueConfigDTO(org.graylog.plugins.views.search.views.widgets.aggregation.ValueConfigDTO) MongoConnection(org.graylog2.database.MongoConnection) PivotEntity(org.graylog2.contentpacks.model.entities.PivotEntity) Before(org.junit.Before)

Example 15 with UserService

use of org.graylog2.shared.users.UserService in project graylog2-server by Graylog2.

the class UserServiceImplTest method testGetPermissionsForUser.

@Test
public void testGetPermissionsForUser() throws Exception {
    final InMemoryRolePermissionResolver permissionResolver = mock(InMemoryRolePermissionResolver.class);
    final GRNRegistry grnRegistry = GRNRegistry.createWithBuiltinTypes();
    final UserService userService = new UserServiceImpl(mongoConnection, configuration, roleService, accessTokenService, userFactory, permissionResolver, serverEventBus, grnRegistry, permissionAndRoleResolver);
    final UserImplFactory factory = new UserImplFactory(new Configuration(), permissions);
    final UserImpl user = factory.create(new HashMap<>());
    user.setName("user");
    final Role role = createRole("Foo");
    user.setRoleIds(Collections.singleton(role.getId()));
    user.setPermissions(Collections.singletonList("hello:world"));
    when(permissionResolver.resolveStringPermission(role.getId())).thenReturn(Collections.singleton("foo:bar"));
    final GRNPermission ownerShipPermission = GRNPermission.create(RestPermissions.ENTITY_OWN, grnRegistry.newGRN(GRNTypes.DASHBOARD, "1234"));
    final GRN userGRN = grnRegistry.ofUser(user);
    when(permissionAndRoleResolver.resolvePermissionsForPrincipal(userGRN)).thenReturn(ImmutableSet.of(new CaseSensitiveWildcardPermission("perm:from:grant"), ownerShipPermission));
    final String roleId = "12345";
    when(permissionAndRoleResolver.resolveRolesForPrincipal(userGRN)).thenReturn(ImmutableSet.of(roleId));
    when(permissionResolver.resolveStringPermission(roleId)).thenReturn(ImmutableSet.of("perm:from:role"));
    assertThat(userService.getPermissionsForUser(user).stream().map(p -> p instanceof CaseSensitiveWildcardPermission ? p.toString() : p).collect(Collectors.toSet())).containsExactlyInAnyOrder("users:passwordchange:user", "users:edit:user", "foo:bar", "hello:world", "users:tokenlist:user", "users:tokencreate:user", "users:tokenremove:user", "perm:from:grant", ownerShipPermission, "perm:from:role");
}
Also used : DateTimeZone(org.joda.time.DateTimeZone) InMemoryRolePermissionResolver(org.graylog2.security.InMemoryRolePermissionResolver) Mock(org.mockito.Mock) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) GRNRegistry(org.graylog.grn.GRNRegistry) EventBus(com.google.common.eventbus.EventBus) DBObject(com.mongodb.DBObject) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) AccessTokenService(org.graylog2.security.AccessTokenService) MongoDBInstance(org.graylog.testing.mongodb.MongoDBInstance) Map(java.util.Map) MockitoJUnit(org.mockito.junit.MockitoJUnit) Before(org.junit.Before) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) BasicDBObjectBuilder(com.mongodb.BasicDBObjectBuilder) PasswordAlgorithmFactory(org.graylog2.security.PasswordAlgorithmFactory) GRNTypes(org.graylog.grn.GRNTypes) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) GRN(org.graylog.grn.GRN) List(java.util.List) Rule(org.junit.Rule) Configuration(org.graylog2.Configuration) UserService(org.graylog2.shared.users.UserService) RestPermissions(org.graylog2.shared.security.RestPermissions) ObjectId(org.bson.types.ObjectId) PasswordAlgorithm(org.graylog2.plugin.security.PasswordAlgorithm) Optional(java.util.Optional) SHA1HashPasswordAlgorithm(org.graylog2.security.hashing.SHA1HashPasswordAlgorithm) MockitoRule(org.mockito.junit.MockitoRule) MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures) MongoConnection(org.graylog2.database.MongoConnection) User(org.graylog2.plugin.database.users.User) Role(org.graylog2.shared.users.Role) GRNPermission(org.graylog.security.permissions.GRNPermission) Permissions(org.graylog2.shared.security.Permissions) Collections(java.util.Collections) PermissionAndRoleResolver(org.graylog.security.PermissionAndRoleResolver) CaseSensitiveWildcardPermission(org.graylog.security.permissions.CaseSensitiveWildcardPermission) Mockito.mock(org.mockito.Mockito.mock) GRN(org.graylog.grn.GRN) GRNRegistry(org.graylog.grn.GRNRegistry) Configuration(org.graylog2.Configuration) UserService(org.graylog2.shared.users.UserService) InMemoryRolePermissionResolver(org.graylog2.security.InMemoryRolePermissionResolver) CaseSensitiveWildcardPermission(org.graylog.security.permissions.CaseSensitiveWildcardPermission) Role(org.graylog2.shared.users.Role) GRNPermission(org.graylog.security.permissions.GRNPermission) Test(org.junit.Test)

Aggregations

User (org.graylog2.plugin.database.users.User)11 Before (org.junit.Before)10 Permissions (org.graylog2.shared.security.Permissions)8 Test (org.junit.Test)8 MongoConnection (org.graylog2.database.MongoConnection)5 UserService (org.graylog2.shared.users.UserService)5 UserImpl (org.graylog2.users.UserImpl)4 NamedType (com.fasterxml.jackson.databind.jsontype.NamedType)3 HashMap (java.util.HashMap)3 GRN (org.graylog.grn.GRN)3 MongoJackObjectMapperProvider (org.graylog2.bindings.providers.MongoJackObjectMapperProvider)3 PasswordAlgorithmFactory (org.graylog2.security.PasswordAlgorithmFactory)3 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)2 DBNotificationService (org.graylog.events.notifications.DBNotificationService)2 NotificationResourceHandler (org.graylog.events.notifications.NotificationResourceHandler)2 DBEventDefinitionService (org.graylog.events.processor.DBEventDefinitionService)2 OrFilter (org.graylog.plugins.views.search.filter.OrFilter)2 QueryStringFilter (org.graylog.plugins.views.search.filter.QueryStringFilter)2 StreamFilter (org.graylog.plugins.views.search.filter.StreamFilter)2 AggregationConfigDTO (org.graylog.plugins.views.search.views.widgets.aggregation.AggregationConfigDTO)2