AuthenticationRequestProcessorTest.java

/*
 * Copyright 2017 ThoughtWorks, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.thoughtworks.go.server.service.plugins.processor.authentication;

import com.thoughtworks.go.plugin.access.authentication.JsonMessageHandler1_0;
import com.thoughtworks.go.plugin.access.authentication.models.User;
import com.thoughtworks.go.plugin.api.GoPluginIdentifier;
import com.thoughtworks.go.plugin.api.request.GoApiRequest;
import com.thoughtworks.go.plugin.api.response.GoApiResponse;
import com.thoughtworks.go.plugin.infra.PluginRequestProcessorRegistry;
import com.thoughtworks.go.plugin.infra.plugininfo.GoPluginDescriptor;
import com.thoughtworks.go.server.security.AuthorityGranter;
import com.thoughtworks.go.server.security.GoAuthority;
import com.thoughtworks.go.server.security.userdetail.GoUserPrinciple;
import com.thoughtworks.go.server.service.UserService;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken;

import java.util.Map;

import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertThat;
import static org.mockito.Mockito.*;
import static org.mockito.MockitoAnnotations.initMocks;

public class AuthenticationRequestProcessorTest {
    @Mock
    private PluginRequestProcessorRegistry applicationAccessor;
    @Mock
    private AuthorityGranter authorityGranter;
    @Mock
    private UserService userService;
    @Mock
    private JsonMessageHandler1_0 jsonMessageHandler;
    @Mock
    private SecurityContext securityContext;

    private GrantedAuthority userAuthority;
    private AuthenticationRequestProcessor processor;
    @Mock
    private GoPluginDescriptor pluginDescriptor;

    @Before
    public void setUp() {
        initMocks(this);

        userAuthority = GoAuthority.ROLE_USER.asAuthority();
        when(authorityGranter.authorities("username")).thenReturn(new GrantedAuthority[]{userAuthority});

        processor = new AuthenticationRequestProcessor(applicationAccessor, authorityGranter, userService);
        processor.getMessageHandlerMap().put("1.0", jsonMessageHandler);
    }

    @Test
    public void shouldRegisterItselfForRequestProcessing() {
        verify(applicationAccessor).registerProcessorFor(AuthenticationRequestProcessor.AUTHENTICATE_USER_REQUEST, processor);
    }

    @Test
    public void shouldHandleIncorrectAPIVersion() {
        GoApiResponse response = processor.process(pluginDescriptor, getGoPluginApiRequest("1.1", null));
        assertThat(response.responseCode(), is(500));
    }

    @Test
    public void shouldAuthenticateUser() {
        String responseBody = "expected-response-body";
        User user = new User("username", "display name", "test@test.com");
        when(jsonMessageHandler.responseMessageForAuthenticateUser(responseBody)).thenReturn(user);

        AuthenticationRequestProcessor processorSpy = spy(processor);
        doReturn(securityContext).when(processorSpy).getSecurityContext();

        GoApiResponse response = processorSpy.process(pluginDescriptor, getGoPluginApiRequest("1.0", responseBody));

        assertThat(response.responseCode(), is(200));
        verify(userService).addUserIfDoesNotExist(new com.thoughtworks.go.domain.User("username", "", ""));
        GoUserPrinciple goUserPrincipal = processorSpy.getGoUserPrincipal(user);
        assertThat(goUserPrincipal.getUsername(), is("username"));
        assertThat(goUserPrincipal.getDisplayName(), is("display name"));
        verifyGrantAuthorities(goUserPrincipal.getAuthorities());
        PreAuthenticatedAuthenticationToken authenticationToken = processorSpy.getAuthenticationToken(goUserPrincipal);
        assertThat(authenticationToken.getPrincipal(), is(goUserPrincipal));
        verifyGrantAuthorities(authenticationToken.getAuthorities());
        verify(securityContext).setAuthentication(authenticationToken);
    }

    @Test
    public void shouldHandleEmptyRequestBody() {
        GoApiResponse response = processor.process(pluginDescriptor, getGoPluginApiRequest("1.0", "{}"));
        assertThat(response.responseCode(), is(500));
    }

    private void verifyGrantAuthorities(GrantedAuthority[] authorities) {
        assertThat(authorities.length, is(1));
        assertThat(authorities[0], is(userAuthority));
    }

    private GoApiRequest getGoPluginApiRequest(final String apiVersion, final String requestBody) {
        return new GoApiRequest() {
            @Override
            public String api() {
                return AuthenticationRequestProcessor.AUTHENTICATE_USER_REQUEST;
            }

            @Override
            public String apiVersion() {
                return apiVersion;
            }

            @Override
            public GoPluginIdentifier pluginIdentifier() {
                return null;
            }

            @Override
            public Map<String, String> requestParameters() {
                return null;
            }

            @Override
            public Map<String, String> requestHeaders() {
                return null;
            }

            @Override
            public String requestBody() {
                return requestBody;
            }
        };
    }
}