Skip to content

Commit

Permalink
Fixed test security config
Browse files Browse the repository at this point in the history
  • Loading branch information
@cjmalloy
cjmalloy committed Aug 22, 2023
1 parent 2511b63 commit 7a46551
Show file tree
Hide file tree
Showing 9 changed files with 48 additions and 34 deletions.
9 changes: 7 additions & 2 deletions src/main/java/jasper/security/Auth.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@
import static jasper.security.AuthoritiesConstants.ROLE_PREFIX;
import static jasper.security.AuthoritiesConstants.SA;
import static jasper.security.AuthoritiesConstants.USER;
import static org.apache.commons.lang3.ArrayUtils.isNotEmpty;
import static org.apache.commons.lang3.StringUtils.isBlank;
import static org.apache.commons.lang3.StringUtils.isNotBlank;
import static org.springframework.data.jpa.domain.Specification.where;
Expand Down Expand Up @@ -585,7 +584,10 @@ public String getOrigin() {
origin = props.getLocalOrigin();
if (props.isAllowLocalOriginHeader() && getOriginHeader() != null) {
origin = getOriginHeader().toLowerCase();
} else if (isLoggedIn() && props.getSecurity().getClient(origin).isAllowUsernameClaimOrigin() && getPrincipal().contains("@")) {
} else if (isLoggedIn() &&
props.getSecurity().hasClient(origin) &&
props.getSecurity().getClient(origin).isAllowUsernameClaimOrigin() &&
getPrincipal().contains("@")) {
try {
origin = qt(getPrincipal()).origin;
} catch (UnsupportedOperationException ignored) {}
Expand All @@ -597,6 +599,9 @@ public String getOrigin() {
public Client getClient() {
if (client == null) {
client = props.getSecurity().getClient(getOrigin());
if (client == null) {
client = props.getSecurity().getClient(props.getLocalOrigin());
}
}
return client;
}
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/jasper/security/jwt/AbstractJwtTokenProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import java.util.List;
import java.util.Map;

import static jasper.repository.spec.QualifiedTag.originSelector;
import static jasper.repository.spec.QualifiedTag.qt;
import static jasper.security.Auth.USER_TAG_HEADER;
import static jasper.security.Auth.getHeader;
Expand Down Expand Up @@ -91,7 +92,7 @@ String getUsername(Claims claims) {
origin = getOriginHeader().toLowerCase();
} else if (!isBlank(principal) && client.isAllowUsernameClaimOrigin() && principal.contains("@")) {
try {
var qt = qt(principal);
var qt = originSelector(principal);
if (qt.origin.matches(HasOrigin.REGEX)) {
origin = qt.origin;
principal = qt.tag;
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/jasper/security/jwt/TokenProviderImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import java.util.Map;
import java.util.stream.Collectors;

import static org.apache.commons.lang3.StringUtils.isBlank;

public class TokenProviderImpl extends AbstractJwtTokenProvider {
private final Logger logger = LoggerFactory.getLogger(TokenProviderImpl.class);

Expand Down Expand Up @@ -56,7 +58,7 @@ public String createToken(Authentication authentication, boolean rememberMe) {
.setSubject(authentication.getName())
.setAudience(props.getSecurity().getClient(getPartialOrigin()).getAuthentication().getJwt().getClientId())
.claim(props.getSecurity().getClient(getPartialOrigin()).getAuthoritiesClaim(), authorities)
.signWith(keys.get(getPartialOrigin()), SignatureAlgorithm.HS512)
.signWith(keys.get(isBlank(getPartialOrigin()) ? "default" : getPartialOrigin()), SignatureAlgorithm.HS512)
.setExpiration(validity)
.compact();
}
Expand Down
3 changes: 2 additions & 1 deletion src/test/java/jasper/security/jwt/AbstractJwtTokenProviderUnitTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import java.util.Optional;

import static jasper.repository.spec.QualifiedTag.qt;
import static org.apache.commons.lang3.StringUtils.isBlank;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.anyString;
import static org.mockito.Mockito.mock;
Expand Down Expand Up @@ -44,7 +45,7 @@ Claims getClaims(String sub, String auth) {
Props getProps(String localOrigin, boolean allowUsernameClaimOrigin) {
var props = new Props();
props.setLocalOrigin(localOrigin);
props.getSecurity().getClients().put(localOrigin, new Props.Security.Client());
props.getSecurity().getClients().put(isBlank(localOrigin) ? "default" : localOrigin.substring(1), new Props.Security.Client());
props.getSecurity().getClient(localOrigin).setAllowUsernameClaimOrigin(allowUsernameClaimOrigin);
props.getSecurity().getClient(localOrigin).setUsernameClaim("sub");
props.getSecurity().getClient(localOrigin).setAuthoritiesClaim("auth");
Expand Down
5 changes: 3 additions & 2 deletions src/test/java/jasper/security/jwt/JWTFilterTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import org.springframework.test.util.ReflectionTestUtils;

import java.util.Collections;
import java.util.Map;

import static org.assertj.core.api.Assertions.assertThat;

Expand All @@ -30,15 +31,15 @@ class JWTFilterTest {
@BeforeEach
public void setup() {
Props props = new Props();
props.getSecurity().getClients().put("", new Props.Security.Client());
props.getSecurity().getClients().put("default", new Props.Security.Client());
props.getSecurity().getClient("").getAuthentication().getJwt().setClientId("");
String base64Secret = "fd54a45s65fds737b9aafcb3412e07ed99b267f33413274720ddbb7f6c5e64e9f14075f2d7ed041592f0b7657baf8";
props.getSecurity().getClient("").getAuthentication().getJwt().setBase64Secret(base64Secret);

SecurityMetersService securityMetersService = new SecurityMetersService(new SimpleMeterRegistry());

tokenProvider = new TokenProviderImpl(props, null, securityMetersService);
ReflectionTestUtils.setField(tokenProvider, "key", Keys.hmacShaKeyFor(Decoders.BASE64.decode(base64Secret)));
ReflectionTestUtils.setField(tokenProvider, "keys", Map.of("default", Keys.hmacShaKeyFor(Decoders.BASE64.decode(base64Secret))));

ReflectionTestUtils.setField(tokenProvider, "tokenValidityInMilliseconds", 60000);
jwtFilter = new JWTFilter(tokenProvider);
Expand Down
9 changes: 5 additions & 4 deletions src/test/java/jasper/security/jwt/TokenProviderImplTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Map;

import static org.assertj.core.api.Assertions.assertThat;

Expand All @@ -35,7 +36,7 @@ class TokenProviderImplTest {
@BeforeEach
public void setup() {
Props props = new Props();
props.getSecurity().getClients().put("", new Props.Security.Client());
props.getSecurity().getClients().put("default", new Props.Security.Client());
props.getSecurity().getClient("").getAuthentication().getJwt().setClientId("");
String base64Secret = "fd54a45s65fds737b9aafcb3412e07ed99b267f33413274720ddbb7f6c5e64e9f14075f2d7ed041592f0b7657baf8";
props.getSecurity().getClient("").getAuthentication().getJwt().setBase64Secret(base64Secret);
Expand All @@ -45,7 +46,7 @@ public void setup() {
tokenProvider = new TokenProviderImpl(props, null, securityMetersService);
key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(base64Secret));

ReflectionTestUtils.setField(tokenProvider, "key", key);
ReflectionTestUtils.setField(tokenProvider, "keys", Map.of("default", key));
ReflectionTestUtils.setField(tokenProvider, "tokenValidityInMilliseconds", ONE_MINUTE);
}

Expand Down Expand Up @@ -98,7 +99,7 @@ void testReturnFalseWhenJWTisInvalid() {
void testKeyIsSetFromSecretWhenSecretIsNotEmpty() {
final String secret = "NwskoUmKHZtzGRKJKVjsJF7BtQMMxNWi";
Props props = new Props();
props.getSecurity().getClients().put("", new Props.Security.Client());
props.getSecurity().getClients().put("default", new Props.Security.Client());
props.getSecurity().getClient("").getAuthentication().getJwt().setClientId("");
props.getSecurity().getClient("").getAuthentication().getJwt().setBase64Secret(Encoders.BASE64.encode(secret.getBytes()));

Expand All @@ -114,7 +115,7 @@ void testKeyIsSetFromSecretWhenSecretIsNotEmpty() {
void testKeyIsSetFromBase64SecretWhenSecretIsEmpty() {
final String base64Secret = "fd54a45s65fds737b9aafcb3412e07ed99b267f33413274720ddbb7f6c5e64e9f14075f2d7ed041592f0b7657baf8";
Props props = new Props();
props.getSecurity().getClients().put("", new Props.Security.Client());
props.getSecurity().getClients().put("default", new Props.Security.Client());
props.getSecurity().getClient("").getAuthentication().getJwt().setClientId("");
props.getSecurity().getClient("").getAuthentication().getJwt().setBase64Secret(base64Secret);

Expand Down
5 changes: 3 additions & 2 deletions src/test/java/jasper/security/jwt/TokenProviderSecurityMetersTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Map;

import static org.assertj.core.api.Assertions.assertThat;

Expand All @@ -37,7 +38,7 @@ class TokenProviderSecurityMetersTests {
@BeforeEach
public void setup() {
Props props = new Props();
props.getSecurity().getClients().put("", new Props.Security.Client());
props.getSecurity().getClients().put("default", new Props.Security.Client());
props.getSecurity().getClient("").getAuthentication().getJwt().setClientId("");
String base64Secret = "fd54a45s65fds737b9aafcb3412e07ed99b267f33413274720ddbb7f6c5e64e9f14075f2d7ed041592f0b7657baf8";
props.getSecurity().getClient("").getAuthentication().getJwt().setBase64Secret(base64Secret);
Expand All @@ -49,7 +50,7 @@ public void setup() {
tokenProvider = new TokenProviderImpl(props, null, securityMetersService);
Key key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(base64Secret));

ReflectionTestUtils.setField(tokenProvider, "key", key);
ReflectionTestUtils.setField(tokenProvider, "keys", Map.of("default", key));
ReflectionTestUtils.setField(tokenProvider, "tokenValidityInMilliseconds", ONE_MINUTE);
}

Expand Down
13 changes: 7 additions & 6 deletions src/test/java/jasper/service/ExtServiceMTIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,12 @@ Template getTemplate() {

@BeforeEach
void clearDefaultPermissions() {
props.getSecurity().getClient("").setAllowUsernameClaimOrigin(true);
props.getSecurity().getClient("").setDefaultReadAccess(null);
props.getSecurity().getClient("").setDefaultWriteAccess(null);
props.getSecurity().getClient("").setDefaultTagReadAccess(null);
props.getSecurity().getClient("").setDefaultTagWriteAccess(null);
props.getSecurity().getClients().put("other", new Props.Security.Client());
props.getSecurity().getClient("@other").setAllowUsernameClaimOrigin(true);
props.getSecurity().getClient("@other").setDefaultReadAccess(null);
props.getSecurity().getClient("@other").setDefaultWriteAccess(null);
props.getSecurity().getClient("@other").setDefaultTagReadAccess(null);
props.getSecurity().getClient("@other").setDefaultTagWriteAccess(null);
}

@Test
Expand Down Expand Up @@ -364,7 +365,7 @@ void testPagePublicRemoteExtSysAdmin() {

@Test
void testPagePublicRemoteReadAccessExt() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@remote"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@remote"});
var ext = getExt();
ext.setTag("custom");
ext.setName("Custom");
Expand Down
31 changes: 16 additions & 15 deletions src/test/java/jasper/service/RefServiceMTIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,11 +77,12 @@ Plugin getPlugin() {

@BeforeEach
void clearDefaultPermissions() {
props.getSecurity().getClient("").setAllowUsernameClaimOrigin(true);
props.getSecurity().getClient("").setDefaultReadAccess(null);
props.getSecurity().getClient("").setDefaultWriteAccess(null);
props.getSecurity().getClient("").setDefaultTagReadAccess(null);
props.getSecurity().getClient("").setDefaultTagWriteAccess(null);
props.getSecurity().getClients().put("other", new Props.Security.Client());
props.getSecurity().getClient("@other").setAllowUsernameClaimOrigin(true);
props.getSecurity().getClient("@other").setDefaultReadAccess(null);
props.getSecurity().getClient("@other").setDefaultWriteAccess(null);
props.getSecurity().getClient("@other").setDefaultTagReadAccess(null);
props.getSecurity().getClient("@other").setDefaultTagWriteAccess(null);
}

@Test
Expand Down Expand Up @@ -474,7 +475,7 @@ Ref refWithOriginTags(String origin, String... tags) {

@Test
void testGetPageRemoteRefWithQuery() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@remote"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@remote"});
refWithOriginTags("@remote", "public");
refWithOriginTags("@remote", "public", "custom", "extra");

Expand All @@ -491,7 +492,7 @@ void testGetPageRemoteRefWithQuery() {

@Test
void testGetPageRemoteRefWithQueryFailed() {
props.getSecurity().getClient("").setDefaultTagReadAccess(new String[]{"@remote"});
props.getSecurity().getClient("@other").setDefaultTagReadAccess(new String[]{"@remote"});
refWithOriginTags("@remote", "public");
refWithOriginTags("@remote", "public", "custom", "extra");

Expand Down Expand Up @@ -539,7 +540,7 @@ void testGetPageRemoteRefWithQueryPublicEmpty() {

@Test
void testGetPageRefWithOriginQuery() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@a", "@b"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@a", "@b"});
refWithOriginTags("@a", "public", "custom");
refWithOriginTags("@b", "public", "custom", "extra");

Expand All @@ -556,7 +557,7 @@ void testGetPageRefWithOriginQuery() {

@Test
void testGetPageRefWithOriginQueryEmpty() {
props.getSecurity().getClient("").setDefaultTagReadAccess(new String[]{"@a", "@b"});
props.getSecurity().getClient("@other").setDefaultTagReadAccess(new String[]{"@a", "@b"});
refWithOriginTags("@a", "public", "custom");
refWithOriginTags("@b", "public", "custom", "extra");

Expand All @@ -573,7 +574,7 @@ void testGetPageRefWithOriginQueryEmpty() {

@Test
void testGetPageRefWithOriginOrQuery() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
refWithOriginTags("@a", "public", "custom");
refWithOriginTags("@b", "public", "custom", "extra");
refWithOriginTags("@c", "public", "custom", "extra");
Expand All @@ -591,7 +592,7 @@ void testGetPageRefWithOriginOrQuery() {

@Test
void testGetPageRefWithOriginOrQueryEmpty() {
props.getSecurity().getClient("").setDefaultTagReadAccess(new String[]{"@a", "@b", "@c"});
props.getSecurity().getClient("@other").setDefaultTagReadAccess(new String[]{"@a", "@b", "@c"});
refWithOriginTags("@a", "public", "custom");
refWithOriginTags("@b", "public", "custom", "extra");
refWithOriginTags("@c", "public", "custom", "extra");
Expand All @@ -609,7 +610,7 @@ void testGetPageRefWithOriginOrQueryEmpty() {

@Test
void testGetPageRefWithOriginOrExtraSpacesQuery() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
refWithOriginTags("@a", "public", "custom");
refWithOriginTags("@b", "public", "custom", "extra");
refWithOriginTags("@c", "public", "custom", "extra");
Expand All @@ -627,7 +628,7 @@ void testGetPageRefWithOriginOrExtraSpacesQuery() {

@Test
void testGetPageRefWithNotOriginQuery() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
refWithOriginTags("@a", "public", "custom");
refWithOriginTags("@b", "public", "custom", "extra");
refWithOriginTags("@c", "public", "custom", "extra");
Expand All @@ -645,7 +646,7 @@ void testGetPageRefWithNotOriginQuery() {

@Test
void testGetPageRefWithImpossibleOriginQuery() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@a", "@b", "@c"});
refWithOriginTags("@a", "public", "custom");
refWithOriginTags("@b", "public", "custom", "extra");
refWithOriginTags("@c", "public", "custom", "extra");
Expand Down Expand Up @@ -698,7 +699,7 @@ void testGetPageRefWithQueryMultiTenant() {

@Test
void testGetPageRefWithQueryMultiAuthTenant() {
props.getSecurity().getClient("").setDefaultReadAccess(new String[]{"@remote"});
props.getSecurity().getClient("@other").setDefaultReadAccess(new String[]{"@remote"});
refWithOriginTags("@other", "public", "custom");
refWithOriginTags("@other", "public", "custom", "extra");
refWithOriginTags("@remote", "public", "custom");
Expand Down

0 comments on commit 7a46551

Please sign in to comment.