Add test case set up to assert PR georchestra#86

gateway/src/main/java/org/georchestra/gateway/accounts/admin/AccountManager.java

@@ -38,7 +38,8 @@ public interface AccountManager {
      * @param mappedUser the user {@link ResolveGeorchestraUserGlobalFilter}
      *                   resolved by calling
      *                   {@link GeorchestraUserMapper#resolve(Authentication)}
-     * @return the stored version of the user if it exists, otherwise an empty Optional
+     * @return the stored version of the user if it exists, otherwise an empty
+     *         Optional
      */
     Optional<GeorchestraUser> find(GeorchestraUser mappedUser);
 

gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java

@@ -36,7 +36,7 @@
 import org.georchestra.ds.users.AccountFactory;
 import org.georchestra.ds.users.DuplicatedEmailException;
 import org.georchestra.ds.users.DuplicatedUidException;
-import org.georchestra.gateway.accounts.admin.AbstractAccountsManager;;
+import org.georchestra.gateway.accounts.admin.AbstractAccountsManager;
 import org.georchestra.gateway.accounts.admin.AccountManager;
 import org.georchestra.security.api.UsersApi;
 import org.georchestra.security.model.GeorchestraUser;

gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java

@@ -38,16 +38,16 @@
 
 import reactor.core.publisher.Mono;
 
-class PreauthAuthenticationManager implements ReactiveAuthenticationManager, ServerAuthenticationConverter {
+public class PreauthAuthenticationManager implements ReactiveAuthenticationManager, ServerAuthenticationConverter {
 
-    static final String PREAUTH_HEADER_NAME = "sec-georchestra-preauthenticated";
+    public static final String PREAUTH_HEADER_NAME = "sec-georchestra-preauthenticated";
 
-    private static final String PREAUTH_USERNAME = "preauth-username";
-    private static final String PREAUTH_EMAIL = "preauth-email";
-    private static final String PREAUTH_FIRSTNAME = "preauth-firstname";
-    private static final String PREAUTH_LASTNAME = "preauth-lastname";
-    private static final String PREAUTH_ORG = "preauth-org";
-    private static final String PREAUTH_ROLES = "preauth-roles";
+    public static final String PREAUTH_USERNAME = "preauth-username";
+    public static final String PREAUTH_EMAIL = "preauth-email";
+    public static final String PREAUTH_FIRSTNAME = "preauth-firstname";
+    public static final String PREAUTH_LASTNAME = "preauth-lastname";
+    public static final String PREAUTH_ORG = "preauth-org";
+    public static final String PREAUTH_ROLES = "preauth-roles";
 
     /**
      * @return {@code Mono.empty()} if the pre-auth request headers are not

gateway/src/test/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilterIT.java

@@ -1,9 +1,11 @@
 package org.georchestra.gateway.security;
 
+import org.georchestra.gateway.accounts.admin.CreateAccountUserCustomizer;
 import org.georchestra.gateway.app.GeorchestraGatewayApplication;
 import org.georchestra.gateway.filter.headers.providers.JsonPayloadHeadersContributor;
 import org.georchestra.gateway.model.GatewayConfigProperties;
 import org.georchestra.gateway.model.HeaderMappings;
+import org.georchestra.gateway.security.preauth.PreauthAuthenticationManager;
 import org.georchestra.testcontainers.ldap.GeorchestraLdapContainer;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
@@ -12,6 +14,7 @@
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.ApplicationContext;
+import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.testcontainers.containers.GenericContainer;
@@ -23,7 +26,7 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 @SpringBootTest(classes = GeorchestraGatewayApplication.class)
-@AutoConfigureWebTestClient(timeout = "PT20S")
+@AutoConfigureWebTestClient(timeout = "PT200S")
 @ActiveProfiles("georheaders")
 public class ResolveGeorchestraUserGlobalFilterIT {
 
@@ -101,4 +104,33 @@ protected void doStart() {
                 .jsonPath(".request.headers.sec-organization").exists();
 
     }
+
+    /**
+     * Show error message to OAuth2 user when a matching local account already
+     * exists: i.e. it tries to create a user with an email address for which a user
+     * already exists.
+     * <p>
+     * {@link GeorchestraUserMapper} calls the
+     * {@link GeorchestraUserCustomizerExtension}s.
+     * {@link CreateAccountUserCustomizer} will try to create an account with email
+     * {@literal [email protected]}, which already exists (for user
+     * {@literal testadmin})
+     */
+    @Test
+    void testRedirectIfOauth2UserExists() {
+        final String email = "[email protected]";
+        // set up scenario: have a use
+        String expected = "";
+
+        testClient.get().uri("/echo/")//
+                .header(PreauthAuthenticationManager.PREAUTH_HEADER_NAME, "true")
+                .header(PreauthAuthenticationManager.PREAUTH_EMAIL, email)
+                .header(PreauthAuthenticationManager.PREAUTH_FIRSTNAME, "bob")
+                .header(PreauthAuthenticationManager.PREAUTH_LASTNAME, "sponge")
+                .header(PreauthAuthenticationManager.PREAUTH_USERNAME, "bobsponge").accept(MediaType.APPLICATION_JSON)
+                .exchange()//
+                .expectStatus()//
+                .is3xxRedirection().expectHeader().location(expected);
+    }
+
 }

gateway/src/test/resources/application-georheaders.yml

@@ -7,9 +7,11 @@ georchestra:
       roles: true
       org: true
       orgname: true
-      #jsonUser: true
       jsonOrganization: true
     security:
+      createNonExistingUsersInLDAP: true
+      header-authentication:
+        enabled: true
       ldap:
         default:
           enabled: true