ActiveDirectoryLoginModuleTest.java

/*
 * Copyright 2013-2017 Simba Open Source
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

package org.simbasecurity.core.jaas.loginmodule;

import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;
import org.simbasecurity.core.config.ConfigurationService;
import org.simbasecurity.core.config.SimbaConfigurationParameter;
import org.simbasecurity.core.locator.GlobalContext;
import org.simbasecurity.core.locator.Locator;
import org.simbasecurity.test.LocatorTestCase;

import javax.naming.NamingEnumeration;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;

public class ActiveDirectoryLoginModuleTest extends LocatorTestCase {
    @Rule public MockitoRule rule = MockitoJUnit.rule();

    @Mock private ConfigurationService configurationService;

    @Before
    public void setUp() {
        Locator locator = mock(Locator.class);
        GlobalContext.initialize(locator);
        when(locator.locate(ConfigurationService.class)).thenReturn(configurationService);
    }

    @Test
    @SuppressWarnings("unchecked")
    public void injection() throws Exception {

        when(configurationService.getValue(SimbaConfigurationParameter.ENABLE_AD_GROUPS)).thenReturn(Boolean.FALSE);

        Map<String, String> options = new HashMap<>();
        options.put("primaryServer", "localhost:389");
        options.put("baseDN", "'dc=rsvzinasti,dc=be'");
        options.put("filter", "(&(objectClass=person)(sAMAccountName=%USERNAME%))");
        options.put("searchScope", "subtree");
        options.put("authDomain", "rsvzinasti.be");
        options.put("authAttr", "sAMAccountName");
        options.put("securityLevel", "simple");

        NamingEnumeration attrsNamingEnumeration = mock(NamingEnumeration.class);
        when(attrsNamingEnumeration.hasMore()).thenReturn(true);

        Attributes attrs = mock(Attributes.class);
        when(attrs.getAll()).thenReturn(attrsNamingEnumeration);

        SearchResult searchResult = mock(SearchResult.class);
        when(searchResult.getName()).thenReturn(null);
        when(searchResult.getAttributes()).thenReturn(attrs);

        NamingEnumeration<SearchResult> searchResultNamingEnumeration = mock(NamingEnumeration.class);

        when(searchResultNamingEnumeration.hasMoreElements()).thenReturn(true).thenReturn(false);
        when(searchResultNamingEnumeration.next()).thenReturn(searchResult);

        ArgumentCaptor<String> searchFilter = ArgumentCaptor.forClass(String.class);

        final LdapContext ldapContext = mock(LdapContext.class);

        when(ldapContext.search(eq("'dc=rsvzinasti,dc=be'"), searchFilter.capture(), any(SearchControls.class)))
                .thenReturn(searchResultNamingEnumeration);

        ActiveDirectoryLoginModule loginModule = new ActiveDirectoryLoginModule() {
            @Override
            protected LdapContext tryPrimaryContext(Hashtable<String, String> env) {
                return ldapContext;
            }
        };

        loginModule.setUsername(" u\\*()\u0000 ");
        loginModule.setPassword(" p\\*()\u0000 ");
        loginModule.initialize(new Subject(), mock(CallbackHandler.class), Collections.emptyMap(), options);

        boolean result = loginModule.verifyLoginData();

        assertThat(result).isTrue();
        assertThat(searchFilter.getValue()).isEqualTo("(&(objectClass=person)(sAMAccountName= u5c2a282900 ))");
    }

}