Skip to content
Snippets Groups Projects
Commit ec5770af authored by Jeff Burke's avatar Jeff Burke
Browse files

s1890: fixing UserDAO unit tests

parent 80013b44
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 356 additions and 400 deletions
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/TestUtil.java deleted 100644 → 0
+ 0
84
View file @ 80013b44
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server;
import java.lang.reflect.Field;
public class TestUtil
{
public static void setField(Object object, Object value, String name)
throws Exception
{
Field field = object.getClass().getDeclaredField(name);
field.setAccessible(true);
field.set(object, value);
}
}
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+ 40
21
View file @ ec5770af
......@@ -145,6 +145,10 @@ public class LdapUserDAO extends LdapDAO
// Map of identity type to LDAP attribute
private final Map<Class<?>, String> userLdapAttrib = new HashMap<Class<?>, String>();
// User cn and sn values for users without a HttpPrincipal
protected static final String EXTERNAL_USER_CN = "$EXTERNAL-CN";
protected static final String EXTERNAL_USER_SN = "$EXTERNAL-SN";
// LDAP User attributes
protected static final String LDAP_OBJECT_CLASS = "objectClass";
protected static final String LDAP_INET_USER = "inetuser";
......@@ -370,23 +374,30 @@ public class LdapUserDAO extends LdapDAO
addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON);
addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_USER);
addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT);
if (user.getHttpPrincipal() != null)
{
addAttribute(attributes, LDAP_COMMON_NAME, userID.getName());
}
addAttribute(attributes, LADP_USER_PASSWORD, new String(userRequest.getPassword()));
addAttribute(attributes, LDAP_UID, numericID);
for (Principal princ : user.getIdentities())
if (user.getHttpPrincipal() == null)
{
if (princ instanceof X500Principal)
{
addAttribute(attributes, LDAP_DISTINGUISHED_NAME, princ.getName());
}
addAttribute(attributes, LDAP_COMMON_NAME, EXTERNAL_USER_CN);
addAttribute(attributes, LDAP_LAST_NAME, EXTERNAL_USER_SN);
addAttribute(attributes, LADP_USER_PASSWORD, UUID.randomUUID().toString());
}
if (user.personalDetails != null)
else
{
if (user.personalDetails == null)
{
final String error = "User " + user.getHttpPrincipal().getName() +
" missing required PersonalDetails";
throw new IllegalArgumentException(error);
}
if (userID.getName().startsWith("$"))
{
final String error = "Username " + user.getHttpPrincipal().getName() +
" cannot start with a $";
throw new IllegalArgumentException(error);
}
addAttribute(attributes, LDAP_COMMON_NAME, userID.getName());
addAttribute(attributes, LADP_USER_PASSWORD, new String(userRequest.getPassword()));
addAttribute(attributes, LDAP_FIRST_NAME, user.personalDetails.getFirstName());
addAttribute(attributes, LDAP_LAST_NAME, user.personalDetails.getLastName());
addAttribute(attributes, LDAP_ADDRESS, user.personalDetails.address);
......@@ -396,6 +407,14 @@ public class LdapUserDAO extends LdapDAO
addAttribute(attributes, LDAP_INSTITUTE, user.personalDetails.institute);
}
for (Principal princ : user.getIdentities())
{
if (princ instanceof X500Principal)
{
addAttribute(attributes, LDAP_DISTINGUISHED_NAME, princ.getName());
}
}
if (user.posixDetails != null)
{
throw new UnsupportedOperationException("Support for users PosixDetails not available");
......@@ -403,9 +422,9 @@ public class LdapUserDAO extends LdapDAO
DN userDN = getUserDN(numericID, usersDN);
AddRequest addRequest = new AddRequest(userDN, attributes);
logger.info("adding " + userID.getName() + " to " + usersDN);
LDAPResult result = getReadWriteConnection().add(addRequest);
LdapDAO.checkLdapResult(result.getResultCode());
logger.info("added " + userID.getName() + " to " + usersDN);
}
catch (LDAPException e)
{
......@@ -493,7 +512,7 @@ public class LdapUserDAO extends LdapDAO
try
{
filter = Filter.createEqualityFilter(searchField, userID.getName());
logger.debug("search filter: " + filter);
logger.debug("getUser search filter: " + filter);
SearchRequest searchRequest =
new SearchRequest(usersDN, SearchScope.ONE, filter, userAttribs);
......@@ -1348,13 +1367,13 @@ public class LdapUserDAO extends LdapDAO
}
// Another supported Principal
for (Principal principal : user.getIdentities())
{
if (userLdapAttrib.get(principal.getClass()) != null)
{
return principal;
}
}
// for (Principal principal : user.getIdentities())
// {
// if (userLdapAttrib.get(principal.getClass()) != null)
// {
// return principal;
// }
// }
return null;
}
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/AbstractLdapDAOTest.java
+ 163
0
View file @ ec5770af
......@@ -67,6 +67,22 @@
package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.util.Log4jInit;
import org.apache.log4j.Level;
import org.junit.BeforeClass;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import java.lang.reflect.Field;
import java.util.UUID;
/**
* Created by jburke on 2014-11-03.
*/
......@@ -74,9 +90,156 @@ public class AbstractLdapDAOTest
{
static final String CONFIG = LdapConfig.class.getSimpleName() + ".test.properties";
protected static final String SERVOPS_PEM = System.getProperty("user.home") + "/.pub/proxy.pem";
static final String cadcDaoTest1_CN = "CadcDaoTest1";
static final String cadcDaoTest2_CN = "CadcDaoTest2";
static final String cadcDaoTest3_CN = "CadcDaoTest3";
static final String cadcDaoTest1_X500DN = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
static final String cadcDaoTest2_X500DN = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca";
static final String cadcDaoTest3_X500DN = "cn=cadcdaotest3,ou=cadc,o=hia,c=ca";
static User cadcDaoTest1_User;
static User cadcDaoTest2_User;
static User cadcDaoTest3_User;
static User cadcDaoTest1_HttpUser;
static User cadcDaoTest1_X500User;
static User cadcDaoTest1_AugmentedUser;
static User cadcDaoTest2_AugmentedUser;
static User testMember;
static String cadcDaoTest1_DN;
static String cadcDaoTest2_DN;
static HttpPrincipal cadcDaoTest1_HttpPrincipal;
static HttpPrincipal cadcDaoTest2_HttpPrincipal;
static HttpPrincipal cadcDaoTest3_HttpPrincipal;
static X500Principal cadcDaoTest1_X500Principal;
static X500Principal cadcDaoTest2_X500Principal;
static X500Principal cadcDaoTest3_X500Principal;
static DNPrincipal cadcDaoTest1_DNPrincipal;
static DNPrincipal cadcDaoTest2_DNPrincipal;
static Subject cadcDaoTest1_Subject;
static Subject cadcDaoTest2_Subject;
static LdapConfig config;
@BeforeClass
public static void setUpBeforeClass()
throws Exception
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG);
// get the configuration of the development server from and config files...
config = getLdapConfig();
cadcDaoTest1_HttpPrincipal = new HttpPrincipal(cadcDaoTest1_CN);
cadcDaoTest2_HttpPrincipal = new HttpPrincipal(cadcDaoTest2_CN);
cadcDaoTest3_HttpPrincipal = new HttpPrincipal(cadcDaoTest3_CN);
cadcDaoTest1_X500Principal = new X500Principal(cadcDaoTest1_X500DN);
cadcDaoTest2_X500Principal = new X500Principal(cadcDaoTest2_X500DN);
cadcDaoTest3_X500Principal = new X500Principal(cadcDaoTest3_X500DN);
try
{
cadcDaoTest1_User = getUserDAO().getUser(cadcDaoTest1_HttpPrincipal);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(cadcDaoTest1_HttpPrincipal);
user.getIdentities().add(cadcDaoTest1_X500Principal);
user.personalDetails = new PersonalDetails("CADC", "DAOTest1");
user.personalDetails.email = cadcDaoTest1_CN + "@canada.ca";
UserRequest request = new UserRequest(user, "password1".toCharArray());
getUserDAO().addUser(request);
cadcDaoTest1_User = getUserDAO().getUser(cadcDaoTest1_HttpPrincipal);
}
try
{
cadcDaoTest2_User = getUserDAO().getUser(cadcDaoTest2_HttpPrincipal);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(cadcDaoTest2_HttpPrincipal);
user.getIdentities().add(cadcDaoTest2_X500Principal);
user.personalDetails = new PersonalDetails("CADC", "DAOTest2");
user.personalDetails.email = cadcDaoTest2_CN + "@canada.ca";
UserRequest request = new UserRequest(user, "password2".toCharArray());
getUserDAO().addUser(request);
cadcDaoTest2_User = getUserDAO().getUser(cadcDaoTest2_HttpPrincipal);
}
try
{
cadcDaoTest3_User = getUserDAO().getUser(cadcDaoTest3_HttpPrincipal);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(cadcDaoTest3_HttpPrincipal);
user.getIdentities().add(cadcDaoTest3_X500Principal);
user.personalDetails = new PersonalDetails("CADC", "DAOTest3");
user.personalDetails.email = cadcDaoTest3_CN + "@canada.ca";
UserRequest request = new UserRequest(user, "password3".toCharArray());
getUserDAO().addUser(request);
cadcDaoTest3_User = getUserDAO().getUser(cadcDaoTest3_HttpPrincipal);
}
// cadcDaoTest1 User and Subject with all Principals
cadcDaoTest1_AugmentedUser = getUserDAO().getAugmentedUser(cadcDaoTest1_HttpPrincipal);
cadcDaoTest1_Subject = new Subject();
cadcDaoTest1_Subject.getPrincipals().addAll(cadcDaoTest1_AugmentedUser.getIdentities());
// cadcDaoTest2 User and Subject with all Principals
cadcDaoTest2_AugmentedUser = getUserDAO().getAugmentedUser(cadcDaoTest2_HttpPrincipal);
cadcDaoTest2_Subject = new Subject();
cadcDaoTest2_Subject.getPrincipals().addAll(cadcDaoTest2_AugmentedUser.getIdentities());
// A cadcDaoTest1 user with only a HttpPrincipal
// cadcDaoTest1_HttpUser = new User();
// cadcDaoTest1_HttpUser.personalDetails = new PersonalDetails("CADC", "DAOTest1");
// cadcDaoTest1_HttpUser.getIdentities().add(cadcDaoTest1_User.getHttpPrincipal());
//
// // A cadcDaoTest1 user with only a X500Principal
// cadcDaoTest1_X500User = new User();
// cadcDaoTest1_X500User.personalDetails = new PersonalDetails("CADC", "DAOTest1");
// cadcDaoTest1_X500User.getIdentities().add(cadcDaoTest1_X500Principal);
// member returned by getMember contains only the fields required by the GMS
testMember = new User();
testMember.personalDetails = new PersonalDetails("test", "member");
testMember.getIdentities().add(cadcDaoTest1_X500Principal);
testMember.getIdentities().add(cadcDaoTest1_HttpPrincipal);
// entryDN
cadcDaoTest1_DN = "uid=cadcdaotest1," + config.getUsersDN();
cadcDaoTest2_DN = "uid=cadcdaotest2," + config.getUsersDN();
cadcDaoTest1_DNPrincipal = new DNPrincipal(cadcDaoTest1_DN);
cadcDaoTest2_DNPrincipal = new DNPrincipal(cadcDaoTest2_DN);
}
static LdapUserDAO getUserDAO() throws Exception
{
LdapConnections connections = new LdapConnections(config);
return new LdapUserDAO(connections);
}
static protected LdapConfig getLdapConfig()
{
return LdapConfig.loadLdapConfig(CONFIG);
}
public static void setField(Object object, Object value, String name)
throws Exception
{
Field field = object.getClass().getDeclaredField(name);
field.setAccessible(true);
field.set(object, value);
}
}
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
+ 0
9
View file @ ec5770af
......@@ -96,15 +96,6 @@ import static org.junit.Assert.assertTrue;
public class LdapDAOTest extends AbstractLdapDAOTest
{
static LdapConfig config;
@BeforeClass
public static void setUpBeforeClass() throws Exception
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
// get the configuration of the development server from and config files...
config = getLdapConfig();
}
@Test
public void testLdapBindConnection() throws Exception
{
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+ 33
137
View file @ ec5770af
......@@ -67,132 +67,28 @@
package ca.nrc.cadc.ac.server.ldap;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.User;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.Test;
import javax.security.auth.Subject;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import javax.security.auth.Subject;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.server.TestUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.util.Log4jInit;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);
static User daoTestUser1;
static User daoTestUser2;
static User daoTestUser3;
static User unknownUser;
static User augmentedDaoTestUser1;
static User augmentedDaoTestUser2;
static Subject daoTestUser1Subject;
static Subject daoTestUser2Subject;
static Subject anonSubject;
static LdapConfig config;
@BeforeClass
public static void setUpBeforeClass()
throws Exception
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
// get the configuration of the development server from and config files...
config = getLdapConfig();
HttpPrincipal httpPrincipal1 = new HttpPrincipal("CadcDaoTest1");
HttpPrincipal httpPrincipal2 = new HttpPrincipal("CadcDaoTest2");
HttpPrincipal httpPrincipal3 = new HttpPrincipal("CadcDaoTest3");
try
{
daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(httpPrincipal1);
PersonalDetails pd = new PersonalDetails("CadcDaoTest1", "CadcDaoTest1");
user.personalDetails = pd;
UserRequest request = new UserRequest(user, "password".toCharArray());
getUserDAO().addUser(request);
daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
}
try
{
daoTestUser2 = getUserDAO().getUser(httpPrincipal2);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(httpPrincipal2);
PersonalDetails pd = new PersonalDetails("CadcDaoTest2", "CadcDaoTest2");
user.personalDetails = pd;
UserRequest request = new UserRequest(user, "password".toCharArray());
getUserDAO().addUser(request);
daoTestUser1 = getUserDAO().getUser(httpPrincipal2);
}
try
{
daoTestUser3 = getUserDAO().getUser(httpPrincipal3);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(httpPrincipal3);
PersonalDetails pd = new PersonalDetails("CadcDaoTest3", "CadcDaoTest3");
user.personalDetails = pd;
UserRequest request = new UserRequest(user, "password".toCharArray());
getUserDAO().addUser(request);
daoTestUser1 = getUserDAO().getUser(httpPrincipal3);
}
augmentedDaoTestUser1 = getUserDAO().getAugmentedUser(httpPrincipal1);
daoTestUser1Subject = new Subject();
daoTestUser1Subject.getPrincipals().addAll(augmentedDaoTestUser1.getIdentities());
augmentedDaoTestUser2 = getUserDAO().getAugmentedUser(httpPrincipal2);
daoTestUser2Subject = new Subject();
daoTestUser2Subject.getPrincipals().addAll(augmentedDaoTestUser2.getIdentities());
HttpPrincipal unknownPrincipal = new HttpPrincipal("foo");
unknownUser = new User();
unknownUser.getIdentities().add(unknownPrincipal);
anonSubject = new Subject();
anonSubject.getPrincipals().add(unknownPrincipal);
}
static LdapUserDAO getUserDAO() throws Exception
{
LdapConnections connections = new LdapConnections(config);
return new LdapUserDAO(connections);
}
LdapGroupDAO getGroupDAO() throws Exception
{
LdapConnections connections = new LdapConnections(config);
......@@ -209,14 +105,14 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
public void testOneGroup() throws Exception
{
// do everything as owner
Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
Subject.doAs(cadcDaoTest1_Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
Group expectGroup = new Group(getGroupID());
TestUtil.setField(expectGroup, augmentedDaoTestUser1, "owner");
setField(expectGroup, cadcDaoTest1_AugmentedUser, "owner");
getGroupDAO().addGroup(expectGroup);
Group actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
log.info("addGroup: " + expectGroup.getID());
......@@ -231,7 +127,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
assertGroupsEqual(expectGroup, actualGroup);
Group otherGroup = new Group(getGroupID());
TestUtil.setField(otherGroup, augmentedDaoTestUser1, "owner");
setField(otherGroup, cadcDaoTest1_AugmentedUser, "owner");
getGroupDAO().addGroup(otherGroup);
otherGroup = getGroupDAO().getGroup(otherGroup.getID(), true);
log.info("addGroup: " + otherGroup.getID());
......@@ -247,7 +143,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
assertGroupsEqual(expectGroup, actualGroup);
// userMembers
expectGroup.getUserMembers().add(daoTestUser2);
expectGroup.getUserMembers().add(cadcDaoTest2_User);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
......@@ -256,14 +152,14 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// the the returned result should contain only
// one entry (the dn one)
User duplicateIdentity = new User();
duplicateIdentity.getIdentities().add(daoTestUser2.getHttpPrincipal());
expectGroup.getUserMembers().add(daoTestUser2);
duplicateIdentity.getIdentities().add(cadcDaoTest2_User.getHttpPrincipal());
expectGroup.getUserMembers().add(cadcDaoTest2_User);
expectGroup.getUserMembers().add(duplicateIdentity);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
expectGroup.getUserMembers().remove(duplicateIdentity);
assertGroupsEqual(expectGroup, actualGroup);
expectGroup.getUserMembers().remove(daoTestUser2);
expectGroup.getUserMembers().remove(cadcDaoTest2_User);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
......@@ -277,21 +173,21 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
assertGroupsEqual(expectGroup, actualGroup);
expectGroup.description = "Happy testing";
expectGroup.getUserMembers().add(daoTestUser2);
expectGroup.getUserMembers().add(cadcDaoTest2_User);
expectGroup.getGroupMembers().add(otherGroup);
// userAdmins
expectGroup.getUserAdmins().add(daoTestUser3);
expectGroup.getUserAdmins().add(cadcDaoTest3_User);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
expectGroup.getUserAdmins().remove(daoTestUser3);
expectGroup.getUserAdmins().remove(cadcDaoTest3_User);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
// groupAdmins
Group adminGroup = new Group(getGroupID());
TestUtil.setField(adminGroup, augmentedDaoTestUser1, "owner");
setField(adminGroup, cadcDaoTest1_AugmentedUser, "owner");
getGroupDAO().addGroup(adminGroup);
adminGroup = getGroupDAO().getGroup(adminGroup.getID(), true);
expectGroup.getGroupAdmins().add(adminGroup);
......@@ -306,7 +202,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// Principals. The duplicate should be ignored
// the the returned result should contain only
// one entry (the dn one)
expectGroup.getUserAdmins().add(daoTestUser2);
expectGroup.getUserAdmins().add(cadcDaoTest2_User);
expectGroup.getUserAdmins().add(duplicateIdentity);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
expectGroup.getUserAdmins().remove(duplicateIdentity);
......@@ -324,7 +220,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// reactivate the group
Group reactGroup = new Group(expectGroup.getID());
TestUtil.setField(reactGroup, augmentedDaoTestUser1, "owner");
setField(reactGroup, cadcDaoTest1_AugmentedUser, "owner");
getGroupDAO().addGroup(reactGroup);
log.info("create (reactivate) group: " + expectGroup.getID());
actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
......@@ -337,7 +233,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// create another group and make expected group
// member of that group. Delete expected group after
Group expectGroup2 = new Group(getGroupID());
TestUtil.setField(expectGroup2, augmentedDaoTestUser1, "owner");
setField(expectGroup2, cadcDaoTest1_AugmentedUser, "owner");
expectGroup2.getGroupAdmins().add(actualGroup);
expectGroup2.getGroupMembers().add(actualGroup);
getGroupDAO().addGroup(expectGroup2);
......@@ -373,7 +269,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
final String testGroup1ID = groupID + ".1";
final String testGroup2ID = groupID + ".2";
Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
Subject.doAs(cadcDaoTest1_Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
......@@ -398,7 +294,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
}
});
Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
Subject.doAs(cadcDaoTest1_Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
......@@ -441,7 +337,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
}
});
Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
Subject.doAs(cadcDaoTest1_Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
......@@ -464,7 +360,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
final String groupID = getGroupID();
Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
Subject.doAs(cadcDaoTest1_Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
......@@ -495,11 +391,11 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
final String groupID = getGroupID();
Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
Subject.doAs(cadcDaoTest1_Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
//getGroupDAO().addGroup(new Group(groupID, daoTestUser1));
//getGroupDAO().addGroup(new Group(groupID, cadcDaoTest1_User));
try
{
getGroupDAO().modifyGroup(new Group("fooBOGUSASFgomsi"));
......@@ -518,7 +414,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
final String groupID = getGroupID();
Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
Subject.doAs(cadcDaoTest1_Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+ 120
149
View file @ ec5770af
......@@ -80,15 +80,12 @@ import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Random;
import java.util.UUID;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Level;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import org.apache.log4j.Logger;
import org.junit.BeforeClass;
import org.junit.Test;
import ca.nrc.cadc.ac.PersonalDetails;
......@@ -99,7 +96,6 @@ import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.SSLUtil;
import ca.nrc.cadc.util.Log4jInit;
import com.unboundid.ldap.sdk.DN;
......@@ -107,68 +103,34 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
private static final Logger log = Logger.getLogger(LdapUserDAOTest.class);
private static final String SERVOPS_PEM = System.getProperty("user.home") + "/.pub/proxy.pem";
static final String testUserX500DN = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
static final String cadcdaotest1DN = "uid=cadcdaotest1,ou=users,ou=ds,dc=testcanfar";
static final String cadcdaotest2DN = "uid=cadcdaotest2,ou=users,ou=ds,dc=testcanfar";
static int nextUserNumericID = 666;
static String testUserDN;
static User testX500User;
static User testMember;
static X500Principal testUserX500Principal;
static DNPrincipal cadcdaotest1Principal;
static DNPrincipal cadcdaotest2Principal;
static LdapConfig config;
static Random ran = new Random(); // source of randomness for numeric ids
@BeforeClass
public static void setUpBeforeClass()
throws Exception
String createUsername()
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
// get the configuration of the development server from and config files...
config = getLdapConfig();
testUserX500Principal = new X500Principal(testUserX500DN);
testX500User = new User();
testX500User.getIdentities().add(testUserX500Principal);
testX500User.personalDetails = new PersonalDetails("CADC", "DAOTest1");
testX500User.getIdentities().add(new HttpPrincipal("CadcDaoTest1"));
testX500User.getIdentities().add(testUserX500Principal);
testX500User.getIdentities().add(new NumericPrincipal(UUID.randomUUID()));
testUserDN = "uid=cadcdaotest1," + config.getUsersDN();
return "CadcDaoTestUser-" + System.currentTimeMillis();
}
@Test
public void testAddIllegalUsername() throws Exception
{
// add user using HttpPrincipal
final String username = "$" + createUsername();
final HttpPrincipal userID = new HttpPrincipal(username);
// member returned by getMember contains only the fields required by
// the GMS
testMember = new User();
testMember.personalDetails = new PersonalDetails("CADC", "DAOTest1");
testMember.getIdentities().add(testUserX500Principal);
testMember.getIdentities().add(new HttpPrincipal("CadcDaoTest1"));
final User httpExpected = new User();
httpExpected.getIdentities().add(userID);
cadcdaotest1Principal = new DNPrincipal(cadcdaotest1DN);
cadcdaotest2Principal = new DNPrincipal(cadcdaotest2DN);
}
PersonalDetails pd = new PersonalDetails("foo", "bar");
pd.email = username + "@canada.ca";
httpExpected.personalDetails = pd;
LdapUserDAO getUserDAO() throws Exception
{
LdapConnections connections = new LdapConnections(config);
return new LdapUserDAO(connections){
protected int genNextNumericId()
{
return nextUserNumericID;
}
};
}
UserRequest userRequest = new UserRequest(httpExpected, "123456".toCharArray());
String createUsername()
{
return "CadcDaoTestUser-" + System.currentTimeMillis();
try
{
final LdapUserDAO httpUserDAO = getUserDAO();
httpUserDAO.addPendingUser(userRequest);
fail("Illegal username " + username + " should've thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {}
}
/**
......@@ -178,7 +140,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
public void testAddUser() throws Exception
{
// add user using HttpPrincipal
final String username = createUsername();
String username = createUsername();
final HttpPrincipal userID = new HttpPrincipal(username);
final User httpExpected = new User();
......@@ -215,36 +177,39 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
});
// add user using X500Principal
// X500Principal x500Principal = new X500Principal("cn=" + username + ",ou=cadc,o=hia,c=ca");
//
// final User x500Expected = new User();
// x500Expected.getIdentities().add(x500Principal);
//
// x500Expected.personalDetails = new PersonalDetails("foo", "bar");
//
// final UserRequest x500UserRequest = new UserRequest(x500Expected, "123456".toCharArray());
//
// // do everything as owner
// Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
// {
// public Object run() throws Exception
// {
// try
// {
// final LdapUserDAO userDAO = getUserDAO();
// userDAO.addUser(x500UserRequest);
//
// final User actual = userDAO.getUser(x500UserRequest.getUser().getHttpPrincipal());
// check(x500Expected, actual);
//
// return null;
// }
// catch (Exception e)
// {
// throw new Exception("Problems", e);
// }
// }
// });
username = createUsername();
final X500Principal x500Principal = new X500Principal("cn=" + username + ",ou=cadc,o=hia,c=ca");
final User x500Expected = new User();
x500Expected.getIdentities().add(x500Principal);
final UserRequest x500UserRequest = new UserRequest(x500Expected, "123456".toCharArray());
dnPrincipal = new DNPrincipal("uid=" + username + "," + config.getUsersDN());
subject = new Subject();
subject.getPrincipals().add(dnPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
final LdapUserDAO userDAO = getUserDAO();
userDAO.addUser(x500UserRequest);
final User actual = userDAO.getUser(x500Principal);
check(x500Expected, actual);
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
// TODO should test passing in both Http and X500 Principals
}
......@@ -294,38 +259,6 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
}
}
});
// add user using X500Principal
// final X500Principal x500Principal = new X500Principal("cn=" + username + ",ou=cadc,o=hia,c=ca");
//
// final User x500Expected = new User();
// x500Expected.getIdentities().add(x500Principal);
// x500Expected.personalDetails = pd;
//
// userRequest = new UserRequest(x500Expected, "123456".toCharArray());
//
// final LdapUserDAO x500UserDAO = getUserDAO();
// x500UserDAO.addPendingUser(userRequest);
//
// // do everything as owner
// Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
// {
// public Object run()
// throws Exception
// {
// try
// {
// final User actual = x500UserDAO.getPendingUser(userID);
// check(x500Expected, actual);
//
// return null;
// }
// catch (Exception e)
// {
// throw new Exception("Problems", e);
// }
// }
// });
}
// TODO testAddUser for an existing user
......@@ -334,11 +267,11 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
* Test of getUser method, of class LdapUserDAO.
*/
@Test
public void testGetUser() throws Exception
public void testGetUserWithHttpPrincipal() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(testUserX500Principal);
subject.getPrincipals().add(cadcdaotest1Principal);
subject.getPrincipals().add(cadcDaoTest1_HttpPrincipal);
subject.getPrincipals().add(cadcDaoTest1_DNPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
......@@ -349,8 +282,37 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
try
{
final LdapUserDAO userDAO = getUserDAO();
final User actual = userDAO.getUser(testUserX500Principal);
check(testX500User, actual);
final User actual = userDAO.getUser(cadcDaoTest1_HttpPrincipal);
assertEquals(cadcDaoTest1_User.getHttpPrincipal(), actual.getHttpPrincipal());
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
}
@Test
public void testGetUserWithX500Principal() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(cadcDaoTest1_X500Principal);
subject.getPrincipals().add(cadcDaoTest1_DNPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run()
throws Exception
{
try
{
final LdapUserDAO userDAO = getUserDAO();
final User actual = userDAO.getUser(cadcDaoTest1_X500Principal);
assertEquals(cadcDaoTest1_User.getHttpPrincipal(), actual.getHttpPrincipal());
return null;
}
......@@ -489,20 +451,29 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
@Test
public void testGetPendingUser() throws Exception
{
final String userRequestDN = "uid=CADCtestRequest,ou=userrequests,ou=ds,dc=testcanfar";
final HttpPrincipal httpPrincipal = new HttpPrincipal("CADCtestRequest");
final X500Principal x500Principal = new X500Principal(userRequestDN);
final DNPrincipal dnPrincipal = new DNPrincipal(userRequestDN);
final String username = "CADCtestRequest";
final String x500DN = "cn=" + username + ",ou=cadc,o=hia,c=ca";
final HttpPrincipal httpPrincipal = new HttpPrincipal(username);
final X500Principal x500Principal = new X500Principal(x500DN);
final User pendingUser = new User();
pendingUser.personalDetails = new PersonalDetails("CADCtest", "Request");
pendingUser.getIdentities().add(httpPrincipal);
pendingUser.getIdentities().add(x500Principal);
UserRequest userRequest = new UserRequest(pendingUser, "123456".toCharArray());
try
{
final LdapUserDAO httpUserDAO = getUserDAO();
httpUserDAO.addPendingUser(userRequest);
}
catch (UserAlreadyExistsException expected) {}
final Subject subject = new Subject();
subject.getPrincipals().add(httpPrincipal);
subject.getPrincipals().add(dnPrincipal);
subject.getPrincipals().add(x500Principal);
subject.getPrincipals().add(new DNPrincipal(username + "," + config.getUsersDN()));
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
......@@ -600,7 +571,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
// add the user
Subject subject = new Subject();
subject.getPrincipals().add(httpPrincipal);
subject.getPrincipals().add(cadcdaotest2Principal);
subject.getPrincipals().add(cadcDaoTest2_DNPrincipal);
final User newUser = (User) Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public User run()
......@@ -628,11 +599,11 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
newUser.personalDetails.country = "country2";
// add a DN
// newUser.getIdentities().add(new X500Principal("cn=" + username + ",ou=cadc,o=hia,c=ca"));
newUser.getIdentities().add(new X500Principal("cn=" + username + ",ou=cadc,o=hia,c=ca"));
// update the userexpected
subject.getPrincipals().add(httpPrincipal);
subject.getPrincipals().add(cadcdaotest2Principal);
subject.getPrincipals().add(cadcDaoTest2_DNPrincipal);
User updatedUser = (User) Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run()
......@@ -755,8 +726,8 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
public void testGetX500User() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(testUserX500Principal);
subject.getPrincipals().add(cadcdaotest1Principal);
subject.getPrincipals().add(cadcDaoTest1_X500Principal);
subject.getPrincipals().add(cadcDaoTest1_DNPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
......@@ -765,7 +736,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
try
{
User actual = getUserDAO().getX500User(new DN(testUserDN));
User actual = getUserDAO().getX500User(new DN(cadcDaoTest1_DN));
check(testMember, actual);
return null;
}
......@@ -788,7 +759,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
try
{
User actual = getUserDAO().getX500User(new DN(testUserDN));
User actual = getUserDAO().getX500User(new DN(cadcDaoTest1_DN));
check(testMember, actual);
return null;
}
......@@ -805,8 +776,8 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
// authenticated access
Subject subject = new Subject();
subject.getPrincipals().add(testUserX500Principal);
subject.getPrincipals().add(cadcdaotest1Principal);
subject.getPrincipals().add(cadcDaoTest1_X500Principal);
subject.getPrincipals().add(cadcDaoTest1_DNPrincipal);
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
......@@ -834,8 +805,8 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
// authenticated access
Subject subject = new Subject();
subject.getPrincipals().add(testUserX500Principal);
subject.getPrincipals().add(cadcdaotest1Principal);
subject.getPrincipals().add(cadcDaoTest1_X500Principal);
subject.getPrincipals().add(cadcDaoTest1_DNPrincipal);
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
......@@ -1078,7 +1049,6 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
assertEquals(expected, actual);
}
for (Principal p : expected.getIdentities())
{
log.debug("expected P: " + p.getName());
......@@ -1089,7 +1059,6 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
}
expected.isConsistent(actual);
assertEquals(expected.personalDetails, actual.personalDetails);
for( Principal princ1 : expected.getIdentities())
{
boolean found = false;
......@@ -1107,11 +1076,13 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
}
assertTrue(princ1.getName(), found);
}
assertEquals(expected.personalDetails, actual.personalDetails);
PersonalDetails pd1 = expected.personalDetails;
PersonalDetails pd2 = actual.personalDetails;
assertEquals(pd1, pd2);
if (pd1 == null && pd2 == null)
if (pd1 != null && pd2 != null)
{
assertEquals(pd1.getFirstName(), pd2.getFirstName());
assertEquals(pd1.getLastName(), pd2.getLastName());
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment