From f83aee33a5d2bef823fdec0ec985814a604809ae Mon Sep 17 00:00:00 2001
From: Gabriel Roldan <gabriel.roldan@camptocamp.com>
Date: Wed, 13 Mar 2024 12:29:34 -0300
Subject: [PATCH] Add test case set up to assert PR #86

---
 .../accounts/admin/AccountManager.java        |  3 +-
 .../admin/ldap/LdapAccountsManager.java       |  2 +-
 .../preauth/PreauthAuthenticationManager.java | 16 ++++-----
 .../ResolveGeorchestraUserGlobalFilterIT.java | 34 ++++++++++++++++++-
 .../resources/application-georheaders.yml     |  4 ++-
 5 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AccountManager.java b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AccountManager.java
index 6074c642..dee2e77a 100644
--- a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AccountManager.java
+++ b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/AccountManager.java
@@ -38,7 +38,8 @@ public interface AccountManager {
      * @param mappedUser the user {@link ResolveGeorchestraUserGlobalFilter}
      *                   resolved by calling
      *                   {@link GeorchestraUserMapper#resolve(Authentication)}
-     * @return the stored version of the user if it exists, otherwise an empty Optional
+     * @return the stored version of the user if it exists, otherwise an empty
+     *         Optional
      */
     Optional<GeorchestraUser> find(GeorchestraUser mappedUser);
 
diff --git a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java
index 787e1f8e..122521e3 100644
--- a/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java
+++ b/gateway/src/main/java/org/georchestra/gateway/accounts/admin/ldap/LdapAccountsManager.java
@@ -36,7 +36,7 @@
 import org.georchestra.ds.users.AccountFactory;
 import org.georchestra.ds.users.DuplicatedEmailException;
 import org.georchestra.ds.users.DuplicatedUidException;
-import org.georchestra.gateway.accounts.admin.AbstractAccountsManager;;
+import org.georchestra.gateway.accounts.admin.AbstractAccountsManager;
 import org.georchestra.gateway.accounts.admin.AccountManager;
 import org.georchestra.security.api.UsersApi;
 import org.georchestra.security.model.GeorchestraUser;
diff --git a/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java b/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java
index 290ba097..da15e861 100644
--- a/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java
+++ b/gateway/src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java
@@ -38,16 +38,16 @@
 
 import reactor.core.publisher.Mono;
 
-class PreauthAuthenticationManager implements ReactiveAuthenticationManager, ServerAuthenticationConverter {
+public class PreauthAuthenticationManager implements ReactiveAuthenticationManager, ServerAuthenticationConverter {
 
-    static final String PREAUTH_HEADER_NAME = "sec-georchestra-preauthenticated";
+    public static final String PREAUTH_HEADER_NAME = "sec-georchestra-preauthenticated";
 
-    private static final String PREAUTH_USERNAME = "preauth-username";
-    private static final String PREAUTH_EMAIL = "preauth-email";
-    private static final String PREAUTH_FIRSTNAME = "preauth-firstname";
-    private static final String PREAUTH_LASTNAME = "preauth-lastname";
-    private static final String PREAUTH_ORG = "preauth-org";
-    private static final String PREAUTH_ROLES = "preauth-roles";
+    public static final String PREAUTH_USERNAME = "preauth-username";
+    public static final String PREAUTH_EMAIL = "preauth-email";
+    public static final String PREAUTH_FIRSTNAME = "preauth-firstname";
+    public static final String PREAUTH_LASTNAME = "preauth-lastname";
+    public static final String PREAUTH_ORG = "preauth-org";
+    public static final String PREAUTH_ROLES = "preauth-roles";
 
     /**
      * @return {@code Mono.empty()} if the pre-auth request headers are not
diff --git a/gateway/src/test/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilterIT.java b/gateway/src/test/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilterIT.java
index f7803287..9621a5b5 100644
--- a/gateway/src/test/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilterIT.java
+++ b/gateway/src/test/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilterIT.java
@@ -1,9 +1,11 @@
 package org.georchestra.gateway.security;
 
+import org.georchestra.gateway.accounts.admin.CreateAccountUserCustomizer;
 import org.georchestra.gateway.app.GeorchestraGatewayApplication;
 import org.georchestra.gateway.filter.headers.providers.JsonPayloadHeadersContributor;
 import org.georchestra.gateway.model.GatewayConfigProperties;
 import org.georchestra.gateway.model.HeaderMappings;
+import org.georchestra.gateway.security.preauth.PreauthAuthenticationManager;
 import org.georchestra.testcontainers.ldap.GeorchestraLdapContainer;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
@@ -12,6 +14,7 @@
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.ApplicationContext;
+import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.testcontainers.containers.GenericContainer;
@@ -23,7 +26,7 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 @SpringBootTest(classes = GeorchestraGatewayApplication.class)
-@AutoConfigureWebTestClient(timeout = "PT20S")
+@AutoConfigureWebTestClient(timeout = "PT200S")
 @ActiveProfiles("georheaders")
 public class ResolveGeorchestraUserGlobalFilterIT {
 
@@ -101,4 +104,33 @@ protected void doStart() {
                 .jsonPath(".request.headers.sec-organization").exists();
 
     }
+
+    /**
+     * Show error message to OAuth2 user when a matching local account already
+     * exists: i.e. it tries to create a user with an email address for which a user
+     * already exists.
+     * <p>
+     * {@link GeorchestraUserMapper} calls the
+     * {@link GeorchestraUserCustomizerExtension}s.
+     * {@link CreateAccountUserCustomizer} will try to create an account with email
+     * {@literal psc+testadmin@georchestra.org}, which already exists (for user
+     * {@literal testadmin})
+     */
+    @Test
+    void testRedirectIfOauth2UserExists() {
+        final String email = "psc+testadmin@georchestra.org";
+        // set up scenario: have a use
+        String expected = "";
+
+        testClient.get().uri("/echo/")//
+                .header(PreauthAuthenticationManager.PREAUTH_HEADER_NAME, "true")
+                .header(PreauthAuthenticationManager.PREAUTH_EMAIL, email)
+                .header(PreauthAuthenticationManager.PREAUTH_FIRSTNAME, "bob")
+                .header(PreauthAuthenticationManager.PREAUTH_LASTNAME, "sponge")
+                .header(PreauthAuthenticationManager.PREAUTH_USERNAME, "bobsponge").accept(MediaType.APPLICATION_JSON)
+                .exchange()//
+                .expectStatus()//
+                .is3xxRedirection().expectHeader().location(expected);
+    }
+
 }
diff --git a/gateway/src/test/resources/application-georheaders.yml b/gateway/src/test/resources/application-georheaders.yml
index 2069611a..4fbf0f24 100644
--- a/gateway/src/test/resources/application-georheaders.yml
+++ b/gateway/src/test/resources/application-georheaders.yml
@@ -7,9 +7,11 @@ georchestra:
       roles: true
       org: true
       orgname: true
-      #jsonUser: true
       jsonOrganization: true
     security:
+      createNonExistingUsersInLDAP: true
+      header-authentication:
+        enabled: true
       ldap:
         default:
           enabled: true