From 0bd198467b55ab89379654ca1d6b8bb29ebeafcf Mon Sep 17 00:00:00 2001 From: Pierre Mauduit Date: Thu, 14 Mar 2024 16:38:22 +0100 Subject: [PATCH] adding an IT for testing login via email instead of uid Should have been done in the context of PR #50, but better late than never. --- ...=> LdapAuthenticationProviderBuilder.java} | 46 ++++++++++--------- .../ExtendedLdapAuthenticationIT.java | 10 ++++ 2 files changed, 34 insertions(+), 22 deletions(-) rename gateway/src/main/java/org/georchestra/gateway/security/ldap/basic/{LdapAuthenticatorProviderBuilder.java => LdapAuthenticationProviderBuilder.java} (73%) diff --git a/gateway/src/main/java/org/georchestra/gateway/security/ldap/basic/LdapAuthenticatorProviderBuilder.java b/gateway/src/main/java/org/georchestra/gateway/security/ldap/basic/LdapAuthenticationProviderBuilder.java similarity index 73% rename from gateway/src/main/java/org/georchestra/gateway/security/ldap/basic/LdapAuthenticatorProviderBuilder.java rename to gateway/src/main/java/org/georchestra/gateway/security/ldap/basic/LdapAuthenticationProviderBuilder.java index aa33ecca..42e15ddf 100644 --- a/gateway/src/main/java/org/georchestra/gateway/security/ldap/basic/LdapAuthenticatorProviderBuilder.java +++ b/gateway/src/main/java/org/georchestra/gateway/security/ldap/basic/LdapAuthenticationProviderBuilder.java @@ -24,10 +24,13 @@ import org.georchestra.gateway.security.ldap.NoPasswordLdapUserDetailsMapper; import org.georchestra.gateway.security.ldap.extended.ExtendedLdapAuthenticationProvider; import org.georchestra.gateway.security.ldap.extended.ExtendedPasswordPolicyAwareContextSource; +import org.springframework.ldap.core.ContextSource; import org.springframework.ldap.core.support.BaseLdapPathContextSource; +import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; import org.springframework.security.ldap.authentication.BindAuthenticator; +import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper; @@ -40,24 +43,22 @@ @Accessors(chain = true, fluent = true) public class LdapAuthenticatorProviderBuilder { - private @Setter String url; - private @Setter String baseDn; + protected @Setter String url; + protected @Setter String baseDn; - private @Setter String userSearchBase; - private @Setter String userSearchFilter; + protected @Setter String userSearchBase; + protected @Setter String userSearchFilter; - private @Setter String rolesSearchBase; - private @Setter String rolesSearchFilter; + protected @Setter String rolesSearchBase; + protected @Setter String rolesSearchFilter; - private @Setter String adminDn; - private @Setter String adminPassword; - - private @Setter AccountDao accountDao; + protected @Setter String adminDn; + protected @Setter String adminPassword; // null = all atts, empty == none - private @Setter String[] returningAttributes = null; + protected @Setter String[] returningAttributes = null; - public ExtendedLdapAuthenticationProvider build() { + public LdapAuthenticationProvider build() { requireNonNull(url, "url is not set"); requireNonNull(baseDn, "baseDn is not set"); requireNonNull(userSearchBase, "userSearchBase is not set"); @@ -65,20 +66,19 @@ public ExtendedLdapAuthenticationProvider build() { requireNonNull(rolesSearchBase, "rolesSearchBase is not set"); requireNonNull(rolesSearchFilter, "rolesSearchFilter is not set"); - final ExtendedPasswordPolicyAwareContextSource source = contextSource(); + final BaseLdapPathContextSource source = contextSource(); final BindAuthenticator authenticator = ldapAuthenticator(source); final DefaultLdapAuthoritiesPopulator rolesPopulator = ldapAuthoritiesPopulator(source); - ExtendedLdapAuthenticationProvider provider = new ExtendedLdapAuthenticationProvider(authenticator, - rolesPopulator); + + LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator, rolesPopulator); final GrantedAuthoritiesMapper rolesMapper = ldapAuthoritiesMapper(); provider.setAuthoritiesMapper(rolesMapper); - provider.setUserDetailsContextMapper(new NoPasswordLdapUserDetailsMapper()); - provider.setAccountDao(accountDao); + provider.setUserDetailsContextMapper(new LdapUserDetailsMapper()); return provider; } - private BindAuthenticator ldapAuthenticator(BaseLdapPathContextSource contextSource) { + protected BindAuthenticator ldapAuthenticator(BaseLdapPathContextSource contextSource) { FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, contextSource); @@ -90,8 +90,9 @@ private BindAuthenticator ldapAuthenticator(BaseLdapPathContextSource contextSou return authenticator; } - private ExtendedPasswordPolicyAwareContextSource contextSource() { - ExtendedPasswordPolicyAwareContextSource context = new ExtendedPasswordPolicyAwareContextSource(url); + protected BaseLdapPathContextSource contextSource() { + LdapContextSource context = new LdapContextSource(); + context.setUrl(url); context.setBase(baseDn); if (adminDn != null) { context.setUserDn(adminDn); @@ -101,14 +102,15 @@ private ExtendedPasswordPolicyAwareContextSource contextSource() { return context; } - private GrantedAuthoritiesMapper ldapAuthoritiesMapper() { + protected GrantedAuthoritiesMapper ldapAuthoritiesMapper() { return new SimpleAuthorityMapper(); } - private DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator(BaseLdapPathContextSource contextSource) { + protected DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator(BaseLdapPathContextSource contextSource) { DefaultLdapAuthoritiesPopulator authoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource, rolesSearchBase); authoritiesPopulator.setGroupSearchFilter(rolesSearchFilter); return authoritiesPopulator; } + } diff --git a/gateway/src/test/java/org/georchestra/gateway/security/ldap/extended/ExtendedLdapAuthenticationIT.java b/gateway/src/test/java/org/georchestra/gateway/security/ldap/extended/ExtendedLdapAuthenticationIT.java index 417c69f0..cdd5615e 100644 --- a/gateway/src/test/java/org/georchestra/gateway/security/ldap/extended/ExtendedLdapAuthenticationIT.java +++ b/gateway/src/test/java/org/georchestra/gateway/security/ldap/extended/ExtendedLdapAuthenticationIT.java @@ -56,6 +56,16 @@ static void registerLdap(DynamicPropertyRegistry registry) { .jsonPath("$.GeorchestraUser.username").isEqualTo("testadmin"); } + public @Test void testWhoamiUsingEmail() { + testClient.get().uri("/whoami")// + .header("Authorization", "Basic cHNjK3Rlc3RhZG1pbkBnZW9yY2hlc3RyYS5vcmc6dGVzdGFkbWlu") // psc+testadmin@georchestra.org:testadmin + .exchange()// + .expectStatus()// + .is2xxSuccessful()// + .expectBody()// + .jsonPath("$.GeorchestraUser.username").isEqualTo("testadmin"); + } + public @Test void testWhoamiNoPasswordRevealed() { testClient.get().uri("/whoami")// .header("Authorization", "Basic dGVzdGFkbWluOnRlc3RhZG1pbg==") // testadmin:testadmin