package org.molgenis.security.core.utils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import static org.mockito.Mockito.*;
import static org.molgenis.security.core.runas.SystemSecurityToken.USER_SYSTEM;
import static org.molgenis.security.core.utils.SecurityUtils.*;
import static org.testng.Assert.*;
public class SecurityUtilsTest
{
private static Authentication AUTHENTICATION_PREVIOUS;
private Authentication authentication;
private UserDetails userDetails;
@BeforeClass
public void setUpBeforeClass()
{
AUTHENTICATION_PREVIOUS = SecurityContextHolder.getContext().getAuthentication();
authentication = mock(Authentication.class);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
@SuppressWarnings("unchecked")
@BeforeMethod
public void setUpBeforeMethod()
{
reset(authentication);
GrantedAuthority authority1 = when(mock(GrantedAuthority.class).getAuthority()).thenReturn("authority1")
.getMock();
GrantedAuthority authority2 = when(mock(GrantedAuthority.class).getAuthority()).thenReturn("authority2")
.getMock();
userDetails = mock(UserDetails.class);
when(userDetails.getUsername()).thenReturn("username");
when(userDetails.getPassword()).thenReturn("encoded-password");
when((Collection<GrantedAuthority>) userDetails.getAuthorities())
.thenReturn(Arrays.<GrantedAuthority>asList(authority1, authority2));
when(authentication.getPrincipal()).thenReturn(userDetails);
when((Collection<GrantedAuthority>) authentication.getAuthorities())
.thenReturn(Arrays.<GrantedAuthority>asList(authority1, authority2));
}
@AfterClass
public static void tearDownAfterClass()
{
SecurityContextHolder.getContext().setAuthentication(AUTHENTICATION_PREVIOUS);
}
@Test
public void currentUserIsAuthenticated_true()
{
when(authentication.isAuthenticated()).thenReturn(true);
assertTrue(SecurityUtils.currentUserIsAuthenticated());
}
@Test
public void currentUserIsAuthenticated_false()
{
when(authentication.isAuthenticated()).thenReturn(false);
assertFalse(SecurityUtils.currentUserIsAuthenticated());
}
@Test
public void currentUserIsAuthenticated_falseAnonymous()
{
when(userDetails.getUsername()).thenReturn(ANONYMOUS_USERNAME);
when(authentication.isAuthenticated()).thenReturn(true);
assertFalse(SecurityUtils.currentUserIsAuthenticated());
}
@Test
public void currentUserIsSu_false()
{
assertFalse(SecurityUtils.currentUserIsSu());
}
@SuppressWarnings("unchecked")
@Test
public void currentUserIsSu_true()
{
GrantedAuthority authoritySu = when(mock(GrantedAuthority.class).getAuthority()).thenReturn(AUTHORITY_SU)
.getMock();
when((Collection<GrantedAuthority>) authentication.getAuthorities())
.thenReturn(Arrays.<GrantedAuthority>asList(authoritySu));
assertTrue(SecurityUtils.currentUserIsSu());
}
@Test
public void currentUserIsSystemTrue() throws Exception
{
when(userDetails.getUsername()).thenReturn(USER_SYSTEM);
assertTrue(SecurityUtils.currentUserisSystem());
}
@Test
public void currentUserIsSystemFalse() throws Exception
{
when(userDetails.getUsername()).thenReturn("user");
assertFalse(SecurityUtils.currentUserisSystem());
}
@Test
public void defaultPluginAuthorities()
{
String pluginId = "plugin1";
String[] defaultPluginAuthorities = SecurityUtils.defaultPluginAuthorities(pluginId);
assertEquals(defaultPluginAuthorities, new String[] { AUTHORITY_SU, AUTHORITY_PLUGIN_READ_PREFIX + pluginId,
AUTHORITY_PLUGIN_WRITE_PREFIX + pluginId });
}
@Test
public void getCurrentUsername()
{
assertEquals(SecurityUtils.getCurrentUsername(), userDetails.getUsername());
}
@Test
public void isUserInRole()
{
assertTrue(SecurityUtils.currentUserHasRole("authority1"));
assertTrue(SecurityUtils.currentUserHasRole("authority2"));
assertTrue(SecurityUtils.currentUserHasRole("authority1", "authority2"));
assertTrue(SecurityUtils.currentUserHasRole("authority2", "authority1"));
assertTrue(SecurityUtils.currentUserHasRole("authority1", "authority3"));
}
@Test
public void getEntityAuthorities()
{
List<String> authorities = SecurityUtils.getEntityAuthorities("test");
List<String> expected = Arrays
.asList("ROLE_ENTITY_READ_test", "ROLE_ENTITY_WRITE_test", "ROLE_ENTITY_COUNT_test",
"ROLE_ENTITY_NONE_test", "ROLE_ENTITY_WRITEMETA_test");
Assert.assertEqualsNoOrder(authorities.toArray(), expected.toArray());
}
}