package net.unicon.cas.mfa.authentication;
import net.unicon.cas.mfa.web.support.DefaultMultiFactorAuthenticationSupportingWebApplicationService;
import net.unicon.cas.mfa.web.support.MultiFactorAuthenticationSupportingWebApplicationService;
import net.unicon.cas.mfa.web.support.MultiFactorWebApplicationServiceFactory;
import org.jasig.cas.TestUtils;
import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.Response;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.services.DefaultRegisteredServiceProperty;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
/**
* Created by jgasper on 5/25/15.
*/
@RunWith(MockitoJUnitRunner.class)
public class DefaultRegisteredServiceMfaRoleProcessorImplTest {
private static final String CAS_SERVICE = "https://mfa.cas.edu";
private static final String CAS_AUTHN_METHOD = "two-factor";
public static final String MEMBER_OF = "memberOf";
public static final String MEMBER_OF_VALUE = "cn=test";
@Test
public void testResolveWithoutAnyServiceMfaAttributes() throws Exception {
final WebApplicationService was = getTargetService();
final Authentication auth = getAuthentication(true);
final RegisteredService rswa = TestUtils.getRegisteredService("test1");
final DefaultRegisteredServiceMfaRoleProcessorImpl resolver = new DefaultRegisteredServiceMfaRoleProcessorImpl(
getMFWASF(was), getAMCP(), getServicesManager(rswa));
final List<MultiFactorAuthenticationRequestContext> result = resolver.resolve(auth, was);
assertNotNull(result);
assertEquals(0, result.size());
}
@Test
public void testResolveWithoutIncompleteServiceMfaAttributes() throws Exception {
final WebApplicationService was = getTargetService();
final Authentication auth = getAuthentication(true);
final RegisteredService rswa = TestUtils.getRegisteredService("test1");
DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
prop.setValues(Collections.singleton(CAS_AUTHN_METHOD));
rswa.getProperties().put(MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD, prop);
prop = new DefaultRegisteredServiceProperty();
prop.setValues(Collections.singleton(MEMBER_OF_VALUE));
rswa.getProperties().put(RegisteredServiceMfaRoleProcessor.MFA_ATTRIBUTE_PATTERN, prop);
final DefaultRegisteredServiceMfaRoleProcessorImpl resolver = new DefaultRegisteredServiceMfaRoleProcessorImpl(
getMFWASF(was), getAMCP(), getServicesManager(rswa));
final List<MultiFactorAuthenticationRequestContext> result = resolver.resolve(auth, was);
assertNotNull(result);
assertEquals(0, result.size());
}
private static Authentication getAuthentication(final boolean inRole) {
final Map<String, Object> attributes = new HashMap<>();
if (inRole) {
attributes.put(MEMBER_OF, MEMBER_OF_VALUE);
}
final Principal principal = TestUtils.getPrincipal("jdoe", attributes);
final Authentication auth = TestUtils.getAuthentication(principal);
return auth;
}
@Test
public void testResolveServiceWithMfaAttributesUserInRole() throws Exception {
final WebApplicationService was = getTargetService();
final Authentication auth = getAuthentication(true);
final RegisteredService rswa = TestUtils.getRegisteredService("test1");
DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
prop.setValues(Collections.singleton(CAS_AUTHN_METHOD));
rswa.getProperties().put(MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD, prop);
prop = new DefaultRegisteredServiceProperty();
prop.setValues(Collections.singleton(MEMBER_OF));
rswa.getProperties().put(RegisteredServiceMfaRoleProcessor.MFA_ATTRIBUTE_NAME, prop);
prop = new DefaultRegisteredServiceProperty();
prop.setValues(Collections.singleton(MEMBER_OF_VALUE));
rswa.getProperties().put(RegisteredServiceMfaRoleProcessor.MFA_ATTRIBUTE_PATTERN, prop);
final DefaultRegisteredServiceMfaRoleProcessorImpl resolver = new DefaultRegisteredServiceMfaRoleProcessorImpl(
getMFWASF(was), getAMCP(), getServicesManager(rswa));
final List<MultiFactorAuthenticationRequestContext> result = resolver.resolve(auth, was);
assertNotNull(result);
assertEquals(CAS_AUTHN_METHOD, result.get(0).getMfaService().getAuthenticationMethod());
}
@Test
public void testResolveServiceWithOnlyAuthnMethodAttribute() throws Exception {
final WebApplicationService was = getTargetService();
final Authentication auth = getAuthentication(true);
final RegisteredService rswa = TestUtils.getRegisteredService("test1");
final DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
prop.setValues(Collections.singleton(CAS_AUTHN_METHOD));
rswa.getProperties().put(MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD, prop);
final DefaultRegisteredServiceMfaRoleProcessorImpl resolver = new DefaultRegisteredServiceMfaRoleProcessorImpl(
getMFWASF(was), getAMCP(), getServicesManager(rswa));
final List<MultiFactorAuthenticationRequestContext> result = resolver.resolve(auth, was);
assertNotNull(result);
assertEquals(0, result.size());
}
private static AuthenticationMethodConfigurationProvider getAMCP() {
return new AuthenticationMethodConfigurationProvider() {
@Override
public boolean containsAuthenticationMethod(final String name) {
return name.equalsIgnoreCase(CAS_AUTHN_METHOD);
}
@Override
public AuthenticationMethod getAuthenticationMethod(final String name) {
return new AuthenticationMethod(name, 10);
}
};
}
private static ServicesManager getServicesManager(final RegisteredService rswa) {
final ServicesManager testSM = Mockito.mock(ServicesManager.class);
when(testSM.findServiceBy(any(Service.class))).thenReturn(rswa);
return testSM;
}
private static MultiFactorAuthenticationSupportingWebApplicationService getMfaService() {
return new DefaultMultiFactorAuthenticationSupportingWebApplicationService(CAS_SERVICE, CAS_SERVICE, null,
Response.ResponseType.REDIRECT, CAS_AUTHN_METHOD);
}
private static MultiFactorWebApplicationServiceFactory getMFWASF(final WebApplicationService was) {
final MultiFactorWebApplicationServiceFactory factory = mock(MultiFactorWebApplicationServiceFactory.class);
when(factory.create(anyString(), anyString(), anyString(), any(Response.ResponseType.class), anyString(),
any(MultiFactorAuthenticationSupportingWebApplicationService.AuthenticationMethodSource.class)))
.thenReturn(getMfaService());
return factory;
}
private static WebApplicationService getTargetService() {
final WebApplicationService was = Mockito.mock(WebApplicationService.class);
when(was.getId()).thenReturn(CAS_SERVICE);
when(was.getArtifactId()).thenReturn("test");
return was;
}
}