RemoteAuthenticationEndpointTests.java example

Explorer
uaa-master
/*******************************************************************************
 *     Cloud Foundry 
 *     Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
 *
 *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
 *     You may not use this product except in compliance with the License.
 *
 *     This product includes a number of subcomponents with
 *     separate copyright notices and license terms. Your use of these
 *     subcomponents is subject to the terms and conditions of the
 *     subcomponent's license, as noted in the LICENSE file.
 *******************************************************************************/
package org.cloudfoundry.identity.uaa.authentication.login;

import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException;
import org.cloudfoundry.identity.uaa.authentication.RemoteAuthenticationEndpoint;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.junit.Before;
import org.junit.Test;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;

/**
 * @author Luke Taylor
 */
public class RemoteAuthenticationEndpointTests {
    private Authentication success;
    private RemoteAuthenticationEndpoint endpoint;
    private AuthenticationManager am;
    private AuthenticationManager loginAuthMgr;
    private OAuth2Authentication loginAuthentication;

    @Before
    public void setUp() throws Exception {
        UaaPrincipal principal = new UaaPrincipal("user-id-001", "joe", "joe@example.com", OriginKeys.UAA, null, null);
        success = new UsernamePasswordAuthenticationToken(principal, null);

        loginAuthMgr = mock(AuthenticationManager.class);
        am = mock(AuthenticationManager.class);
        endpoint = new RemoteAuthenticationEndpoint(am);
        endpoint.setLoginAuthenticationManager(loginAuthMgr);
        loginAuthentication = mock(OAuth2Authentication.class);
    }

    @Test
    public void successfulAuthenticationGives200Status() throws Exception {

        when(am.authenticate(any(Authentication.class))).thenReturn(success);
        @SuppressWarnings("rawtypes")
        ResponseEntity response = (ResponseEntity) endpoint.authenticate(new MockHttpServletRequest(), "joe","joespassword");
        assertEquals(HttpStatus.OK, response.getStatusCode());
    }

    @Test
    public void accountNotVerifiedExceptionGives403Status() throws Exception {
        when(am.authenticate(any(Authentication.class))).thenThrow(new AccountNotVerifiedException("failed"));
        @SuppressWarnings("rawtypes")
        ResponseEntity response = (ResponseEntity) endpoint.authenticate(new MockHttpServletRequest(), "joe","joespassword");
        assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode());
    }

    @Test
    public void authenticationExceptionGives401Status() throws Exception {
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("failed"));
        @SuppressWarnings("rawtypes")
        ResponseEntity response = (ResponseEntity) endpoint.authenticate(new MockHttpServletRequest(), "joe","joespassword");
        assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
    }

    @Test
    public void otherExceptionGives500Status() throws Exception {
        when(am.authenticate(any(Authentication.class))).thenThrow(new RuntimeException("error"));
        @SuppressWarnings("rawtypes")
        ResponseEntity response = (ResponseEntity) endpoint.authenticate(new MockHttpServletRequest(), "joe","joespassword");
        assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, response.getStatusCode());
    }

    @Test
    public void successfulLoginAuthenticationInvokesLoginAuthManager() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(loginAuthentication);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("Invalid authentication manager invoked"));
        when(loginAuthMgr.authenticate(any(Authentication.class))).thenReturn(new UsernamePasswordAuthenticationToken("joe", null));
        when(loginAuthentication.isClientOnly()).thenReturn(Boolean.TRUE);
        @SuppressWarnings("rawtypes")
        ResponseEntity response = (ResponseEntity) endpoint.authenticate(new MockHttpServletRequest(), "joe","origin", null);
        assertEquals(HttpStatus.OK, response.getStatusCode());
    }

}