/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.cloudstack; import com.cloud.user.DomainManager; import com.cloud.user.User; import com.cloud.user.UserVO; import com.cloud.user.dao.UserDao; import junit.framework.TestCase; import org.apache.cloudstack.framework.security.keystore.KeystoreDao; import org.apache.cloudstack.saml.SAML2AuthManagerImpl; import org.apache.cloudstack.saml.SAMLTokenDao; import org.apache.cloudstack.saml.SAMLTokenVO; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; import java.lang.reflect.Field; @RunWith(MockitoJUnitRunner.class) public class SAML2AuthManagerImplTest extends TestCase { @Mock private KeystoreDao ksDao; @Mock private SAMLTokenDao samlTokenDao; @Mock private UserDao userDao; @Mock DomainManager domainMgr; SAML2AuthManagerImpl saml2AuthManager; @Override @Before public void setUp() throws NoSuchFieldException, IllegalAccessException { saml2AuthManager = Mockito.spy(new SAML2AuthManagerImpl()); Field ksDaoField = SAML2AuthManagerImpl.class.getDeclaredField("_ksDao"); ksDaoField.setAccessible(true); ksDaoField.set(saml2AuthManager, ksDao); Field samlTokenDaoField = SAML2AuthManagerImpl.class.getDeclaredField("_samlTokenDao"); samlTokenDaoField.setAccessible(true); samlTokenDaoField.set(saml2AuthManager, samlTokenDao); Field userDaoField = SAML2AuthManagerImpl.class.getDeclaredField("_userDao"); userDaoField.setAccessible(true); userDaoField.set(saml2AuthManager, userDao); Field domainMgrField = SAML2AuthManagerImpl.class.getDeclaredField("_domainMgr"); domainMgrField.setAccessible(true); domainMgrField.set(saml2AuthManager, domainMgr); // enable the plugin Mockito.doReturn(true).when(saml2AuthManager).isSAMLPluginEnabled(); } @Test public void testIsUserAuthorized() { final String entityID = "some IDP ID"; // Test unauthorized user UserVO user = new UserVO(200L); user.setUsername("someuser"); user.setSource(User.Source.UNKNOWN); user.setExternalEntity(entityID); Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user); assertFalse(saml2AuthManager.isUserAuthorized(user.getId(), "someID")); // Test authorized user with wrong IDP user.setSource(User.Source.SAML2); Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user); assertFalse(saml2AuthManager.isUserAuthorized(user.getId(), "someID")); // Test authorized user with wrong IDP user.setSource(User.Source.SAML2); Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user); assertTrue(saml2AuthManager.isUserAuthorized(user.getId(), entityID)); } @Test public void testAuthorizeUser() { // Test invalid user Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(null); assertFalse(saml2AuthManager.authorizeUser(1L, "someID", true)); // Test valid user UserVO user = new UserVO(200L); user.setUsername("someuser"); Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user); assertTrue(saml2AuthManager.authorizeUser(1L, "someID", true)); Mockito.verify(userDao, Mockito.atLeastOnce()).update(Mockito.anyLong(), Mockito.any(user.getClass())); } @Test public void testSaveToken() { // duplicate token test Mockito.when(samlTokenDao.findByUuid(Mockito.anyString())).thenReturn(new SAMLTokenVO()); saml2AuthManager.saveToken("someAuthnID", null, "https://idp.bhaisaab.org/profile/shibboleth"); Mockito.verify(samlTokenDao, Mockito.times(0)).persist(Mockito.any(SAMLTokenVO.class)); // valid test Mockito.when(samlTokenDao.findByUuid(Mockito.anyString())).thenReturn(null); saml2AuthManager.saveToken("someAuthnID", null, "https://idp.bhaisaab.org/profile/shibboleth"); Mockito.verify(samlTokenDao, Mockito.times(1)).persist(Mockito.any(SAMLTokenVO.class)); } @Test public void testGetToken() { SAMLTokenVO randomToken = new SAMLTokenVO("uuid", 1L, "someIDPDI"); Mockito.when(samlTokenDao.findByUuid(Mockito.anyString())).thenReturn(randomToken); assertEquals(saml2AuthManager.getToken("someAuthnID"), randomToken); } @Test public void testExpireToken() { saml2AuthManager.expireTokens(); Mockito.verify(samlTokenDao, Mockito.atLeast(1)).expireTokens(); } @Test public void testPluginEnabled() { assertTrue(saml2AuthManager.isSAMLPluginEnabled()); } @Test public void testPluginComponentName() { assertEquals(saml2AuthManager.getConfigComponentName(), "SAML2-PLUGIN"); } @Test public void testGetCommands() { // Plugin enabled assertTrue(saml2AuthManager.getCommands().size() > 0); assertTrue(saml2AuthManager.getAuthCommands().size() > 0); // Plugin disabled Mockito.doReturn(false).when(saml2AuthManager).isSAMLPluginEnabled(); assertTrue(saml2AuthManager.getCommands().size() == 0); assertTrue(saml2AuthManager.getAuthCommands().size() == 0); // Re-enable the plugin Mockito.doReturn(true).when(saml2AuthManager).isSAMLPluginEnabled(); } @Test public void testConfigKeys() { assertTrue(saml2AuthManager.getConfigKeys().length > 0); } }