| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.jackrabbit.oak.security.authentication.ldap.impl; |
| |
| import com.google.common.base.Function; |
| import com.google.common.collect.ImmutableSet; |
| import com.google.common.collect.Iterables; |
| import com.google.common.collect.Iterators; |
| import org.apache.directory.api.util.Strings; |
| import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup; |
| import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity; |
| import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException; |
| import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef; |
| import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser; |
| import org.hamcrest.Matchers; |
| import org.junit.Test; |
| |
| import javax.jcr.SimpleCredentials; |
| import javax.security.auth.login.LoginException; |
| import java.util.Collection; |
| import java.util.Iterator; |
| import java.util.Map; |
| import java.util.Set; |
| |
| import static org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig.PARAM_USER_EXTRA_FILTER_DEFAULT; |
| import static org.junit.Assert.assertArrayEquals; |
| import static org.junit.Assert.assertEquals; |
| import static org.junit.Assert.assertNotNull; |
| import static org.junit.Assert.assertNull; |
| import static org.junit.Assert.assertThat; |
| import static org.junit.Assert.assertTrue; |
| import static org.junit.Assert.fail; |
| |
| public class LdapIdentityProviderTest extends AbstractLdapIdentityProviderTest { |
| |
| private static final String ERRONEOUS_LDIF = "erroneous.ldif"; |
| |
| @Test |
| public void testGetUserByRef() throws Exception { |
| ExternalIdentityRef ref = new ExternalIdentityRef(TEST_USER1_DN, IDP_NAME); |
| ExternalIdentity id = idp.getIdentity(ref); |
| assertTrue("User instance", id instanceof ExternalUser); |
| assertEquals("User ID", TEST_USER1_UID, id.getId()); |
| } |
| |
| @Test |
| public void testListUsers() throws Exception { |
| Iterator<ExternalUser> users = idp.listUsers(); |
| Iterator<String> ids = Iterators.transform(users, externalUser -> externalUser.getId()); |
| |
| Set<String> expectedIds = ImmutableSet.of(TEST_USER0_UID, TEST_USER1_UID, TEST_USER5_UID, "hnelson", "thardy", "tquist", "fchristi", "wbush", "cbuckley", "jhallett", "mchrysta", "wbligh", "jfryer"); |
| assertEquals(expectedIds, ImmutableSet.copyOf(ids)); |
| } |
| |
| @Test |
| public void testListUsersWithExtraFilter() throws Exception { |
| providerConfig.getUserConfig().setExtraFilter(PARAM_USER_EXTRA_FILTER_DEFAULT); |
| Iterator<ExternalUser> users = idp.listUsers(); |
| Iterator<String> ids = Iterators.transform(users, externalUser -> externalUser.getId()); |
| |
| Set<String> expectedIds = ImmutableSet.of(TEST_USER0_UID, TEST_USER1_UID, TEST_USER5_UID, "hnelson", "thardy", "tquist", "fchristi", "wbush", "cbuckley", "jhallett", "mchrysta", "wbligh", "jfryer"); |
| assertEquals(expectedIds, ImmutableSet.copyOf(ids)); |
| } |
| |
| /** |
| * Test case to reproduce OAK-3396 where an ldap user entry |
| * without a uid caused a NullpointerException in LdapIdentityProvider.createUser |
| */ |
| @Test |
| public void testListUsersWithMissingUid() throws Exception { |
| // the ERRONEOUS_LDIF contains an entry without uid |
| proxy.loadLdif(getClass().getResourceAsStream(ERRONEOUS_LDIF)); |
| Iterator<ExternalUser> users = idp.listUsers(); |
| // make sure we got a result |
| assertTrue(users.hasNext()); |
| // without the LdapInvalidAttributeValueException a NPE would result here: |
| while(users.hasNext()) { |
| ExternalUser user = users.next(); |
| // the 'Faulty Entry' of the ERRONEOUS_LDIF should be filtered out |
| // (by LdapIdentityProvider.listUsers.getNext()) |
| assertTrue(!user.getPrincipalName().startsWith("cn=Faulty Entry")); |
| } |
| } |
| |
| @Test |
| public void testGetUserByUserId() throws Exception { |
| ExternalUser user = idp.getUser(TEST_USER1_UID); |
| assertNotNull("User 1 must exist", user); |
| assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName()); |
| } |
| |
| @Test |
| public void testGetUserProperties() throws Exception { |
| ExternalUser user = idp.getUser(TEST_USER1_UID); |
| assertNotNull("User 1 must exist", user); |
| |
| Map<String, ?> properties = user.getProperties(); |
| assertThat((Map<String, Collection<String>>) properties, |
| Matchers.<String, Collection<String>>hasEntry( |
| Matchers.equalTo("objectclass"), |
| Matchers.containsInAnyOrder( "inetOrgPerson", "top", "person", "organizationalPerson"))); |
| assertThat(properties, Matchers.<String, Object>hasEntry("uid", "hhornblo")); |
| assertThat(properties, Matchers.<String, Object>hasEntry("givenname", "Horatio")); |
| assertThat(properties, Matchers.<String, Object>hasEntry("description", "Capt. Horatio Hornblower, R.N")); |
| assertThat(properties, Matchers.<String, Object>hasEntry("sn", "Hornblower")); |
| |
| assertThat(properties, Matchers.not(Matchers.<String, Object>hasEntry("mail", "hhornblo@royalnavy.mod.uk"))); |
| } |
| |
| @Test |
| public void testAuthenticate() throws Exception { |
| authenticateInternal(idp, TEST_USER1_DN); |
| } |
| |
| @Test |
| public void testAuthenticateCaseInsensitive() throws Exception { |
| SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID.toUpperCase(), "pass".toCharArray()); |
| ExternalUser user = idp.authenticate(creds); |
| assertNotNull("User 1 must authenticate", user); |
| assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName()); |
| assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId()); |
| } |
| |
| @Test |
| public void testAuthenticateFail() throws Exception { |
| SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "foobar".toCharArray()); |
| try { |
| idp.authenticate(creds); |
| fail("Authenticate must fail with LoginException for wrong password"); |
| } catch (LoginException e) { |
| // ok |
| } |
| } |
| |
| @Test |
| public void testAuthenticateMissing() throws Exception { |
| SimpleCredentials creds = new SimpleCredentials("foobar" + TEST_USER1_UID, "pass".toCharArray()); |
| ExternalUser user = idp.authenticate(creds); |
| assertNull("Authenticate must return NULL for unknown user", user); |
| } |
| |
| @Test |
| public void testGetUserByForeignRef() throws Exception { |
| ExternalIdentityRef ref = new ExternalIdentityRef(TEST_USER1_DN, "foobar"); |
| ExternalIdentity id = idp.getIdentity(ref); |
| assertNull("Foreign ref must be null", id); |
| } |
| |
| @Test |
| public void testGetUnknownUserByRef() throws Exception { |
| ExternalIdentityRef ref = new ExternalIdentityRef("bla=foo," + TEST_USER1_DN, IDP_NAME); |
| ExternalIdentity id = idp.getIdentity(ref); |
| assertNull("Unknown user must return null", id); |
| } |
| |
| @Test |
| public void testGetGroupByRef() throws Exception { |
| ExternalIdentityRef ref = new ExternalIdentityRef(TEST_GROUP1_DN, IDP_NAME); |
| ExternalIdentity id = idp.getIdentity(ref); |
| assertTrue("Group instance", id instanceof ExternalGroup); |
| assertEquals("Group Name", TEST_GROUP1_NAME, id.getId()); |
| } |
| |
| @Test |
| public void testGetGroupByName() throws Exception { |
| ExternalGroup group = idp.getGroup(TEST_GROUP1_NAME); |
| assertNotNull("Group 1 must exist", group); |
| assertEquals("Group Ref", TEST_GROUP1_DN, ((LdapIdentity)group).getEntry().getDn().getName()); |
| } |
| |
| @Test |
| public void testGetGroupByUnknownName() throws Exception { |
| ExternalGroup group = idp.getGroup("unknown"); |
| assertNull(group); |
| } |
| |
| @Test |
| public void testGetDeclaredMembersByRef() throws Exception { |
| ExternalIdentityRef ref = new ExternalIdentityRef(TEST_GROUP1_DN, IDP_NAME); |
| ExternalIdentity id = idp.getIdentity(ref); |
| assertTrue("Group instance", id instanceof ExternalGroup); |
| ExternalGroup grp = (ExternalGroup) id; |
| assertIfEquals("Group members", TEST_GROUP1_MEMBERS, grp.getDeclaredMembers()); |
| } |
| |
| |
| @Test |
| public void testGetDeclaredMembers() throws Exception { |
| ExternalGroup gr = idp.getGroup(TEST_GROUP1_NAME); |
| Iterable<ExternalIdentityRef> memberrefs = gr.getDeclaredMembers(); |
| Iterable<String> memberIds = Iterables.transform(memberrefs, externalIdentityRef -> externalIdentityRef.getId()); |
| |
| Set<String> expected = ImmutableSet.copyOf(TEST_GROUP1_MEMBERS); |
| assertEquals(expected, ImmutableSet.copyOf(memberIds)); |
| } |
| |
| @Test |
| public void testGetDeclaredMembersInvalidMemberAttribute() throws Exception { |
| providerConfig.setGroupMemberAttribute("invalid"); |
| |
| ExternalGroup gr = idp.getGroup(TEST_GROUP1_NAME); |
| Iterable<ExternalIdentityRef> memberrefs = gr.getDeclaredMembers(); |
| assertTrue(Iterables.isEmpty(memberrefs)); |
| } |
| |
| @Test |
| public void testGetDeclaredGroupsByRef() throws Exception { |
| ExternalIdentityRef ref = new ExternalIdentityRef(TEST_USER1_DN, IDP_NAME); |
| ExternalIdentity id = idp.getIdentity(ref); |
| assertTrue("User instance", id instanceof ExternalUser); |
| assertIfEquals("Groups", TEST_USER1_GROUPS, id.getDeclaredGroups()); |
| } |
| |
| @Test |
| public void testGetDeclaredGroupsByRef2() throws Exception { |
| ExternalIdentityRef ref = new ExternalIdentityRef(TEST_USER0_DN, IDP_NAME); |
| ExternalIdentity id = idp.getIdentity(ref); |
| assertTrue("User instance", id instanceof ExternalUser); |
| assertIfEquals("Groups", TEST_USER0_GROUPS, id.getDeclaredGroups()); |
| } |
| |
| @Test |
| public void testGetDeclaredGroupMissingIdAttribute() throws Exception { |
| providerConfig.getGroupConfig().setIdAttribute(null); |
| |
| ExternalUser user = idp.getUser(TEST_USER1_UID); |
| Iterable<ExternalIdentityRef> groupRefs = user.getDeclaredGroups(); |
| Iterable<String> groupIds = Iterables.transform(groupRefs, externalIdentityRef -> externalIdentityRef.getId()); |
| assertEquals(ImmutableSet.copyOf(TEST_USER1_GROUPS), ImmutableSet.copyOf(groupIds)); |
| } |
| |
| @Test |
| public void testNullIntermediatePath() throws Exception { |
| providerConfig.getUserConfig().setMakeDnPath(false); |
| ExternalUser user = idp.getUser(TEST_USER1_UID); |
| assertNotNull("User 1 must exist", user); |
| assertNull("Intermediate path must be null", user.getIntermediatePath()); |
| } |
| |
| @Test |
| public void testSplitDNIntermediatePath() throws Exception { |
| providerConfig.getUserConfig().setMakeDnPath(true); |
| ExternalUser user = idp.getUser(TEST_USER1_UID); |
| assertNotNull("User 1 must exist", user); |
| assertEquals("Intermediate path must be the split dn", TEST_USER1_PATH, user.getIntermediatePath()); |
| } |
| |
| @Test |
| public void testSplitDNIntermediatePath2() throws Exception { |
| providerConfig.getUserConfig().setMakeDnPath(true); |
| ExternalUser user = idp.getUser(TEST_USER5_UID); |
| assertNotNull("User 5 must exist", user); |
| assertEquals("Intermediate path must be the split dn", TEST_USER5_PATH, user.getIntermediatePath()); |
| } |
| |
| @Test |
| public void testRemoveEmptyString() throws Exception { |
| providerConfig.setCustomAttributes(new String[] {"a", Strings.EMPTY_STRING, "b" }); |
| assertArrayEquals("Array must not contain empty strings", new String[] {"a", "b" }, providerConfig.getCustomAttributes()); |
| } |
| |
| @Test |
| public void testResolvePrincipalNameUser() throws ExternalIdentityException { |
| ExternalUser user = idp.getUser(TEST_USER5_UID); |
| assertNotNull(user); |
| assertEquals(user.getPrincipalName(), idp.fromExternalIdentityRef(user.getExternalId())); |
| } |
| |
| @Test |
| public void testResolvePrincipalNameGroup() throws ExternalIdentityException { |
| ExternalGroup gr = idp.getGroup(TEST_GROUP1_NAME); |
| assertNotNull(gr); |
| |
| assertEquals(gr.getPrincipalName(), idp.fromExternalIdentityRef(gr.getExternalId())); |
| } |
| |
| @Test(expected = ExternalIdentityException.class) |
| public void testResolvePrincipalNameForeignExtId() throws Exception { |
| idp.fromExternalIdentityRef(new ExternalIdentityRef("anyId", "anotherProviderName")); |
| } |
| |
| @Test |
| public void testListGroups() throws Exception { |
| Iterator<ExternalGroup> groups = idp.listGroups(); |
| Iterator<String> ids = Iterators.transform(groups, externalGroup -> externalGroup.getId()); |
| |
| Set<String> expectedIds = ImmutableSet.of(TEST_GROUP1_NAME, TEST_GROUP2_NAME, TEST_GROUP3_NAME, "Administrators"); |
| assertEquals(expectedIds, ImmutableSet.copyOf(ids)); |
| } |
| |
| @Test |
| public void testListGroupsWithEmptyExtraFilter() throws Exception { |
| providerConfig.getGroupConfig().setExtraFilter(""); |
| |
| Iterator<ExternalGroup> groups = idp.listGroups(); |
| Iterator<String> ids = Iterators.transform(groups, externalGroup -> externalGroup.getId()); |
| |
| Set<String> expectedIds = ImmutableSet.of(TEST_GROUP1_NAME, TEST_GROUP2_NAME, TEST_GROUP3_NAME, "Administrators"); |
| assertEquals(expectedIds, ImmutableSet.copyOf(ids)); |
| } |
| } |