/**
* Copyright 2015 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS-IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.google.apphosting.vmruntime.jetty9;
import com.google.apphosting.api.ApiProxy;
import com.google.apphosting.api.UserServicePb.CreateLoginURLResponse;
import com.google.apphosting.vmruntime.VmApiProxyEnvironment;
import java.net.InetAddress;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
/**
* Testing Jetty9 auth handling.
*
*/
public class VmRuntimeJettyAuthTest extends VmRuntimeTestBase {
public void testAuth_UserNotRequired() throws Exception {
String[] lines = fetchUrl(createUrl("/test-auth"));
assertEquals(1, lines.length);
assertEquals("null: null", lines[0].trim());
}
public void testAuth_UserRequiredNoUser() throws Exception {
String loginUrl = "http://login-url?url=http://test-app.googleapp.com/user/test-auth";
CreateLoginURLResponse loginUrlResponse = new CreateLoginURLResponse();
loginUrlResponse.setLoginUrl(loginUrl);
// Fake the expected call to "user/CreateLoginUrl".
FakeableVmApiProxyDelegate fakeApiProxy = new FakeableVmApiProxyDelegate();
ApiProxy.setDelegate(fakeApiProxy);
fakeApiProxy.addApiResponse(loginUrlResponse);
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/user/test-auth").toString());
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(302, httpCode);
Header redirUrl = get.getResponseHeader("Location");
assertEquals(loginUrl, redirUrl.getValue());
}
public void testAuth_UserRequiredWithUser() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/user/test-auth").toString());
get.addRequestHeader(VmApiProxyEnvironment.EMAIL_HEADER, "isdal@google.com");
get.addRequestHeader(VmApiProxyEnvironment.AUTH_DOMAIN_HEADER, "google.com");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(200, httpCode);
assertEquals("isdal@google.com: isdal@google.com", get.getResponseBodyAsString());
}
public void testAuth_UserRequiredWithAdmin() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/user/test-auth").toString());
get.addRequestHeader(VmApiProxyEnvironment.EMAIL_HEADER, "isdal@google.com");
get.addRequestHeader(VmApiProxyEnvironment.AUTH_DOMAIN_HEADER, "google.com");
get.addRequestHeader(VmApiProxyEnvironment.IS_ADMIN_HEADER, "1");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(200, httpCode);
assertEquals("isdal@google.com: isdal@google.com", get.getResponseBodyAsString());
}
public void testAuth_AdminRequiredWithNonAdmin() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/admin/test-auth").toString());
get.addRequestHeader(VmApiProxyEnvironment.EMAIL_HEADER, "isdal@google.com");
get.addRequestHeader(VmApiProxyEnvironment.AUTH_DOMAIN_HEADER, "google.com");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(403, httpCode);
}
public void testAuth_AdminRequiredNoUser() throws Exception {
String loginUrl = "http://login-url?url=http://test-app.googleapp.com/user/test-auth";
CreateLoginURLResponse loginUrlResponse = new CreateLoginURLResponse();
loginUrlResponse.setLoginUrl(loginUrl);
// Fake the expected call to "user/CreateLoginUrl".
FakeableVmApiProxyDelegate fakeApiProxy = new FakeableVmApiProxyDelegate();
ApiProxy.setDelegate(fakeApiProxy);
fakeApiProxy.addApiResponse(loginUrlResponse);
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/admin/test-auth").toString());
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(302, httpCode);
Header redirUrl = get.getResponseHeader("Location");
assertEquals(loginUrl, redirUrl.getValue());
}
public void testAuth_AdminRequiredWithAdmin() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/admin/test-auth").toString());
get.addRequestHeader(VmApiProxyEnvironment.EMAIL_HEADER, "isdal@google.com");
get.addRequestHeader(VmApiProxyEnvironment.AUTH_DOMAIN_HEADER, "google.com");
get.addRequestHeader(VmApiProxyEnvironment.IS_ADMIN_HEADER, "1");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(200, httpCode);
assertEquals("isdal@google.com: isdal@google.com", get.getResponseBodyAsString());
}
public void testAuth_AdminRequiredNoUser_SkipAdminCheck() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/admin/test-auth").toString());
get.addRequestHeader("X-Google-Internal-SkipAdminCheck", "1");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(200, httpCode);
assertEquals("null: null", get.getResponseBodyAsString());
}
public void testAuth_AdminRequiredNoUser_TaskQueueHeader() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/admin/test-auth").toString());
get.addRequestHeader("X-AppEngine-QueueName", "default");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(200, httpCode);
assertEquals("null: null", get.getResponseBodyAsString());
}
public void testAuth_UntrustedInboundIp() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrlForHostIP("/admin/test-auth").toString());
get.addRequestHeader(VmApiProxyEnvironment.REAL_IP_HEADER, "127.0.0.2"); // Force untrusted dev IP
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(307, httpCode);
assertEquals("https://testversion-dot-testbackend-dot-testhostname/admin/test-auth",
get.getResponseHeader("Location").getValue());
}
public void testAuth_UntrustedInboundIpWithQuery() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrlForHostIP("/admin/test-auth?foo=bar").toString());
get.addRequestHeader(VmApiProxyEnvironment.REAL_IP_HEADER, "127.0.0.2"); // Force untrusted dev IP
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(307, httpCode);
assertEquals("https://testversion-dot-testbackend-dot-testhostname/admin/test-auth?foo=bar",
get.getResponseHeader("Location").getValue());
}
public void testAuth_TrustedRealIP() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrlForHostIP("/admin/test-auth").toString());
get.addRequestHeader(VmApiProxyEnvironment.REAL_IP_HEADER, "127.0.0.1");
get.addRequestHeader(VmApiProxyEnvironment.EMAIL_HEADER, "isdal@google.com");
get.addRequestHeader(VmApiProxyEnvironment.AUTH_DOMAIN_HEADER, "google.com");
get.addRequestHeader(VmApiProxyEnvironment.IS_ADMIN_HEADER, "1");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(200, httpCode);
assertEquals("isdal@google.com: isdal@google.com", get.getResponseBodyAsString());
}
public void testAuth_UntrustedRealIP() throws Exception {
HttpClient httpClient = new HttpClient();
httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
GetMethod get = new GetMethod(createUrl("/admin/test-auth").toString());
get.addRequestHeader(VmApiProxyEnvironment.REAL_IP_HEADER, "123.123.123.123");
get.setFollowRedirects(false);
int httpCode = httpClient.executeMethod(get);
assertEquals(307, httpCode);
assertEquals("https://testversion-dot-testbackend-dot-testhostname/admin/test-auth",
get.getResponseHeader("Location").getValue());
}
}