oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplTest.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.security.user;

 import java.security.Principal;
 import java.util.Set;
 import java.util.UUID;
 import javax.jcr.RepositoryException;
 import javax.security.auth.Subject;

 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.junit.Test;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.when;

 public class ImpersonationImplTest extends ImpersonationImplEmptyTest {

     private User impersonator;

     @Override
     public void before() throws Exception {
         super.before();

         impersonator = getUserManager(root).createUser("impersonator" + UUID.randomUUID().toString(), null);
         impersonation.grantImpersonation(impersonator.getPrincipal());
         root.commit();
     }

     @Override
     public void after() throws Exception {
         try {
             root.refresh();
             impersonator.remove();
             root.commit();
         } finally {
             super.after();
         }
     }

     @Test
     public void testGetImpersonators() throws Exception {
         PrincipalIterator it = impersonation.getImpersonators();
         assertTrue(it.hasNext());
         assertTrue(Iterators.contains(it, impersonator.getPrincipal()));
     }

     @Test
     public void testGetImpersonatorsImpersonatorRemoved() throws Exception {
         Principal p = impersonator.getPrincipal();
         impersonator.remove();

         PrincipalIterator it = impersonation.getImpersonators();
         assertTrue(it.hasNext());
         assertTrue(Iterators.contains(it, p));
     }

     @Test
     public void testContentRepresentation() throws Exception {
         Tree tree = root.getTree(user.getPath());

         PropertyState property = tree.getProperty(UserConstants.REP_IMPERSONATORS);
         assertNotNull(property);
         assertEquals(ImmutableList.of(impersonator.getPrincipal().getName()), property.getValue(Type.STRINGS));
     }

     @Test
     public void testAllows() throws Exception {
         assertTrue(impersonation.allows(createSubject(impersonator.getPrincipal())));
     }

     @Test
     public void testAllowsIncludingGroup() throws Exception {
         Group gr = getUserManager(root).createGroup("gId");
         assertTrue(impersonation.allows(createSubject(impersonator.getPrincipal(), gr.getPrincipal())));
     }

     @Test
     public void testAllowsExistingGroup() throws Exception {
         Group gr = getUserManager(root).createGroup("gId");
         try {
             root.commit();
             assertFalse(impersonation.allows(createSubject(new PrincipalImpl(gr.getPrincipal().getName()))));
         } finally {
             gr.remove();
             root.commit();
         }
     }

     @Test
     public void testAllowsIncludingNonExistingGroup() throws Exception {
         assertTrue(impersonation.allows(createSubject(impersonator.getPrincipal(), groupPrincipal)));
     }

     @Test
     public void testAllowsImpersonatorRemoved() throws Exception {
         Subject s = createSubject(impersonator.getPrincipal());
         impersonator.remove();
         assertTrue(impersonation.allows(s));
     }

     @Test
     public void testAllowsNonExistingUser() {
         assertFalse(impersonation.allows(createSubject(new PrincipalImpl("nonExisting"))));
     }

     @Test
     public void testAllowsUserLookupFails() throws Exception {
         Principal nonExisting = new PrincipalImpl("nonExisting");
         UserManagerImpl uMgr = spy((UserManagerImpl) getUserManager(root));
         when(uMgr.getAuthorizable(nonExisting)).thenThrow(new RepositoryException());

         ImpersonationImpl imp = new ImpersonationImpl(new UserImpl(user.getID(), user.getTree(), uMgr));
         assertFalse(imp.allows(createSubject(nonExisting)));
     }

     @Test
     public void testGrantImpersonationUserLookupFails() throws Exception {
         Principal nonExisting = new TreeBasedPrincipal("nonExisting", user.getTree(), getNamePathMapper());
         UserManagerImpl uMgr = spy((UserManagerImpl) getUserManager(root));
         when(uMgr.getAuthorizable(nonExisting)).thenThrow(new RepositoryException());

         ImpersonationImpl imp = new ImpersonationImpl(new UserImpl(user.getID(), user.getTree(), uMgr));
         assertFalse(imp.grantImpersonation(nonExisting));
     }

     @Test
     public void testRevoke() throws Exception {
         assertTrue(impersonation.revokeImpersonation(impersonator.getPrincipal()));
     }

     @Test
     public void testContentRepresentationAfterModification() throws Exception {
         Principal principal2 = getTestUser().getPrincipal();
         impersonation.grantImpersonation(principal2);

         Tree tree = root.getTree(user.getPath());

         PropertyState property = tree.getProperty(UserConstants.REP_IMPERSONATORS);
         assertNotNull(property);

         Set<String> expected = ImmutableSet.of(impersonator.getPrincipal().getName(), principal2.getName());
         assertEquals(expected, ImmutableSet.copyOf(property.getValue(Type.STRINGS)));

         impersonation.revokeImpersonation(impersonator.getPrincipal());

         property = tree.getProperty(UserConstants.REP_IMPERSONATORS);
         assertNotNull(property);

         expected = ImmutableSet.of(principal2.getName());
         assertEquals(expected, ImmutableSet.copyOf(property.getValue(Type.STRINGS)));

         impersonation.revokeImpersonation(principal2);
         assertNull(tree.getProperty(UserConstants.REP_IMPERSONATORS));
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.security.user;

	import java.security.Principal;
	import java.util.Set;
	import java.util.UUID;
	import javax.jcr.RepositoryException;
	import javax.security.auth.Subject;

	import com.google.common.collect.ImmutableList;
	import com.google.common.collect.ImmutableSet;
	import com.google.common.collect.Iterators;
	import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
	import org.apache.jackrabbit.api.security.user.Group;
	import org.apache.jackrabbit.api.security.user.User;
	import org.apache.jackrabbit.oak.api.PropertyState;
	import org.apache.jackrabbit.oak.api.Tree;
	import org.apache.jackrabbit.oak.api.Type;
	import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
	import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
	import org.junit.Test;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertNotNull;
	import static org.junit.Assert.assertNull;
	import static org.junit.Assert.assertTrue;
	import static org.mockito.Mockito.spy;
	import static org.mockito.Mockito.when;

	public class ImpersonationImplTest extends ImpersonationImplEmptyTest {

	private User impersonator;

	@Override
	public void before() throws Exception {
	super.before();

	impersonator = getUserManager(root).createUser("impersonator" + UUID.randomUUID().toString(), null);
	impersonation.grantImpersonation(impersonator.getPrincipal());
	root.commit();
	}

	@Override
	public void after() throws Exception {
	try {
	root.refresh();
	impersonator.remove();
	root.commit();
	} finally {
	super.after();
	}
	}

	@Test
	public void testGetImpersonators() throws Exception {
	PrincipalIterator it = impersonation.getImpersonators();
	assertTrue(it.hasNext());
	assertTrue(Iterators.contains(it, impersonator.getPrincipal()));
	}

	@Test
	public void testGetImpersonatorsImpersonatorRemoved() throws Exception {
	Principal p = impersonator.getPrincipal();
	impersonator.remove();

	PrincipalIterator it = impersonation.getImpersonators();
	assertTrue(it.hasNext());
	assertTrue(Iterators.contains(it, p));
	}

	@Test
	public void testContentRepresentation() throws Exception {
	Tree tree = root.getTree(user.getPath());

	PropertyState property = tree.getProperty(UserConstants.REP_IMPERSONATORS);
	assertNotNull(property);
	assertEquals(ImmutableList.of(impersonator.getPrincipal().getName()), property.getValue(Type.STRINGS));
	}

	@Test
	public void testAllows() throws Exception {
	assertTrue(impersonation.allows(createSubject(impersonator.getPrincipal())));
	}

	@Test
	public void testAllowsIncludingGroup() throws Exception {
	Group gr = getUserManager(root).createGroup("gId");
	assertTrue(impersonation.allows(createSubject(impersonator.getPrincipal(), gr.getPrincipal())));
	}

	@Test
	public void testAllowsExistingGroup() throws Exception {
	Group gr = getUserManager(root).createGroup("gId");
	try {
	root.commit();
	assertFalse(impersonation.allows(createSubject(new PrincipalImpl(gr.getPrincipal().getName()))));
	} finally {
	gr.remove();
	root.commit();
	}
	}

	@Test
	public void testAllowsIncludingNonExistingGroup() throws Exception {
	assertTrue(impersonation.allows(createSubject(impersonator.getPrincipal(), groupPrincipal)));
	}

	@Test
	public void testAllowsImpersonatorRemoved() throws Exception {
	Subject s = createSubject(impersonator.getPrincipal());
	impersonator.remove();
	assertTrue(impersonation.allows(s));
	}

	@Test
	public void testAllowsNonExistingUser() {
	assertFalse(impersonation.allows(createSubject(new PrincipalImpl("nonExisting"))));
	}

	@Test
	public void testAllowsUserLookupFails() throws Exception {
	Principal nonExisting = new PrincipalImpl("nonExisting");
	UserManagerImpl uMgr = spy((UserManagerImpl) getUserManager(root));
	when(uMgr.getAuthorizable(nonExisting)).thenThrow(new RepositoryException());

	ImpersonationImpl imp = new ImpersonationImpl(new UserImpl(user.getID(), user.getTree(), uMgr));
	assertFalse(imp.allows(createSubject(nonExisting)));
	}

	@Test
	public void testGrantImpersonationUserLookupFails() throws Exception {
	Principal nonExisting = new TreeBasedPrincipal("nonExisting", user.getTree(), getNamePathMapper());
	UserManagerImpl uMgr = spy((UserManagerImpl) getUserManager(root));
	when(uMgr.getAuthorizable(nonExisting)).thenThrow(new RepositoryException());

	ImpersonationImpl imp = new ImpersonationImpl(new UserImpl(user.getID(), user.getTree(), uMgr));
	assertFalse(imp.grantImpersonation(nonExisting));
	}

	@Test
	public void testRevoke() throws Exception {
	assertTrue(impersonation.revokeImpersonation(impersonator.getPrincipal()));
	}

	@Test
	public void testContentRepresentationAfterModification() throws Exception {
	Principal principal2 = getTestUser().getPrincipal();
	impersonation.grantImpersonation(principal2);

	Tree tree = root.getTree(user.getPath());

	PropertyState property = tree.getProperty(UserConstants.REP_IMPERSONATORS);
	assertNotNull(property);

	Set<String> expected = ImmutableSet.of(impersonator.getPrincipal().getName(), principal2.getName());
	assertEquals(expected, ImmutableSet.copyOf(property.getValue(Type.STRINGS)));

	impersonation.revokeImpersonation(impersonator.getPrincipal());

	property = tree.getProperty(UserConstants.REP_IMPERSONATORS);
	assertNotNull(property);

	expected = ImmutableSet.of(principal2.getName());
	assertEquals(expected, ImmutableSet.copyOf(property.getValue(Type.STRINGS)));

	impersonation.revokeImpersonation(principal2);
	assertNull(tree.getProperty(UserConstants.REP_IMPERSONATORS));
	}

	}