There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact forum-support@opengroup.org

Commit 49e9840b authored by Alok Joshi's avatar Alok Joshi
Browse files

add unit test, update getGroups

parent 9abd05bc
......@@ -264,6 +264,9 @@ public class EntitlementsAzure
} else if (type == UserType.SERVICE_PRINCIPAL){
groups.setDesId(authenticationContext.getUid());
groups.setMemberEmail(authenticationContext.getUid());
} else if (type == UserType.OTHER){
groups.setDesId(authenticationContext.getUid());
groups.setMemberEmail(authenticationContext.getUid());
}
return groups;
}
......@@ -460,8 +463,9 @@ public class EntitlementsAzure
context.setOid(userPrincipal.getClaim("oid").toString());
} else if (type == UserType.OTHER){
// non-AAD tokens
String oId = userPrincipal.getClaim("email").toString();
context.setOid(oId);
context.setOid(userPrincipal.getClaim("email").toString());
context.setUid(userPrincipal.getClaim("email").toString());
}
return context;
}
......@@ -473,6 +477,7 @@ public class EntitlementsAzure
*/
public String getObjectIdForInputId(String inputId)
{
return graphService.getObjectIdForInputId(inputId);
}
......
......@@ -22,12 +22,10 @@ import com.nimbusds.jose.Payload;
import com.nimbusds.jwt.JWTClaimsSet;
import net.minidev.json.JSONArray;
import org.apache.http.HttpStatus;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.mockito.junit.MockitoJUnitRunner;
import org.opengroup.osdu.azure.entitlements.dto.CreateGroupRequest;
import org.opengroup.osdu.azure.entitlements.graph.IGraphService;
......@@ -48,7 +46,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
import static org.junit.Assert.assertEquals;
import static org.mockito.AdditionalMatchers.aryEq;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.*;
import static org.springframework.test.util.ReflectionTestUtils.setField;
......@@ -79,19 +76,7 @@ public class EntitlementsAzureTests {
@InjectMocks
private EntitlementsAzure sut;
private UserPrincipal createAADUserPrincipal(String claimName, String claimValue) {
final JSONArray claims = new JSONArray();
final JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder()
//.subject("subject")
.claim(claimName, claimValue)
.build();
final JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).build(),
new Payload(jwtClaimsSet.toString()));
return new UserPrincipal(jwsObject, jwtClaimsSet);
}
private UserPrincipal createAADUserPrincipal(String claimName1, String claimValue1, String claimName2, String claimValue2) {
final JSONArray claims = new JSONArray();
private UserPrincipal createUserPrincipal(String claimName1, String claimValue1, String claimName2, String claimValue2) {
final JWTClaimsSet jwtClaimsSet = new JWTClaimsSet.Builder()
.claim(claimName1, claimValue1)
.claim(claimName2, claimValue2)
......@@ -101,16 +86,8 @@ public class EntitlementsAzureTests {
return new UserPrincipal(jwsObject, jwtClaimsSet);
}
private UserPrincipal createAADUserPrincipalSetSecurityContext(String claimName1, String claimValue1, String claimName2, String claimValue2) {
UserPrincipal dummyAADPrincipal = createAADUserPrincipal(claimName1, claimValue1, claimName2, claimValue2);
SecurityContextHolder.setContext(securityContext);
when(securityContext.getAuthentication()).thenReturn(auth);
when(auth.getPrincipal()).thenReturn(dummyAADPrincipal);
return dummyAADPrincipal;
}
private UserPrincipal createAADUserPrincipalSetSecurityContext(String claimName, String claimValue) {
UserPrincipal dummyAADPrincipal = createAADUserPrincipal(claimName, claimValue);
private UserPrincipal createUserPrincipalSetSecurityContext(String claimName1, String claimValue1, String claimName2, String claimValue2) {
UserPrincipal dummyAADPrincipal = createUserPrincipal(claimName1, claimValue1, claimName2, claimValue2);
SecurityContextHolder.setContext(securityContext);
when(securityContext.getAuthentication()).thenReturn(auth);
when(auth.getPrincipal()).thenReturn(dummyAADPrincipal);
......@@ -120,7 +97,7 @@ public class EntitlementsAzureTests {
@Test
public void givenSameUpnInHeaderAndJwt_whenGetGroups_thenReturnGroups() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
when(userInfoRepository.getTenantGroups(TestUtils.getOid(), TestUtils.getTenantName())).thenReturn(new String[]{TestUtils.getGroup()});
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUpn());
......@@ -133,11 +110,26 @@ public class EntitlementsAzureTests {
assertEquals(groups.getGroup(TestUtils.getGroup()).getEmail(), String.format("%s@%s.%s", TestUtils.getGroup(), TestUtils.getTenantName(), TestUtils.getDomain()));
}
@Test
public void givenServicePrincipalInHeaderAndJwt_whenGetGroups_thenReturnGroups() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createUserPrincipalSetSecurityContext(TestUtils.USERID, TestUtils.getUserId(), TestUtils.EMAIL, TestUtils.getUserEmail());
when(userInfoRepository.getTenantGroups(TestUtils.getUserEmail(), TestUtils.getTenantName())).thenReturn(new String[]{TestUtils.getGroup()});
//upn in header
when(dpsHeaders.getPartitionId()).thenReturn(TestUtils.getTenantName());
Groups groups = sut.getGroups();
assertEquals(groups.getDesId(), TestUtils.getUserEmail());
assertEquals(groups.getGroups().size(), 1);
assertEquals(groups.getGroup(TestUtils.getGroup()).getName(), TestUtils.getGroup());
assertEquals(groups.getGroup(TestUtils.getGroup()).getEmail(), String.format("%s@%s.%s", TestUtils.getGroup(), TestUtils.getTenantName(), TestUtils.getDomain()));
}
@Test
public void givenNoUpnInHeader_whenGetGroups_thenReturnGroups() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
when(userInfoRepository.getTenantGroups(TestUtils.getOid(), TestUtils.getTenantName())).thenReturn(new String[]{TestUtils.getGroup()});
//upn in header
......@@ -154,7 +146,7 @@ public class EntitlementsAzureTests {
public void givenMismatchUpnInHeaderAndJwt_whenGetGroups_thenError() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUserEmail());
......@@ -172,7 +164,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
when(userInfoRepository.getTenantGroups(TestUtils.getOid(), TestUtils.getTenantName())).thenReturn(new String[]{TestUtils.getGroup()});
//no email in header
......@@ -190,7 +182,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//upn and oid in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUserEmail());
......@@ -209,7 +201,7 @@ public class EntitlementsAzureTests {
public void givenServicePrincipalInJwtAndProfileExists_whenCreateProfile_thenConflict() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
UserInfoDoc userInfoDoc = new UserInfoDoc();
userInfoDoc.setUid(TestUtils.getAppId());
......@@ -230,7 +222,7 @@ public class EntitlementsAzureTests {
public void givenServicePrincipalInJwtAndGetObjectIdException_whenCreateProfile_thenInternalServerError() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
UserInfoDoc userInfoDoc = new UserInfoDoc();
......@@ -250,7 +242,7 @@ public class EntitlementsAzureTests {
@Test
public void givenSameUpnInHeaderAndJwt_whenCreateProfile_thenReturnProfile() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUpn());
......@@ -267,7 +259,7 @@ public class EntitlementsAzureTests {
@Test
public void givenNoUpnInHeader_whenCreateProfile_thenReturnProfile() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
UserInfoDoc userInfoDoc = new UserInfoDoc();
userInfoDoc.setUid(TestUtils.getAppId());
......@@ -284,7 +276,7 @@ public class EntitlementsAzureTests {
public void givenServicePrincipalInJwt_whenCreateProfile_thenReturnProfile() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
UserInfoDoc userInfoDoc = new UserInfoDoc();
......@@ -420,7 +412,7 @@ public class EntitlementsAzureTests {
public void givenAdminUser_whenCreateGroups_thenGroupCreated() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
when(userInfoRepository.getTenantGroups(TestUtils.getOid(), TestUtils.getTenantName())).thenReturn(new String[]{TestUtils.getGroup()});
//upn in header
when(dpsHeaders.getPartitionId()).thenReturn(TestUtils.getTenantName());
......@@ -442,7 +434,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//upn and oid in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUserEmail());
......@@ -460,7 +452,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//upn and oid in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUpn());
......@@ -475,7 +467,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//upn and oid in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//no upn in header
......@@ -491,7 +483,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
......@@ -506,7 +498,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
......@@ -527,7 +519,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
......@@ -547,7 +539,7 @@ public class EntitlementsAzureTests {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//upn and oid in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUserEmail());
......@@ -568,7 +560,7 @@ public class EntitlementsAzureTests {
public void givenServicePrincipalInJwtAndProfileDoesNotExist_whenUpdateProfile_thenNotFound() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
UserInfoDoc userInfoDoc = new UserInfoDoc();
......@@ -590,7 +582,7 @@ public class EntitlementsAzureTests {
public void givenServicePrincipalInJwtAndGetObjectIdException_whenUpdateProfile_thenInternalServerError() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
UserInfoDoc userInfoDoc = new UserInfoDoc();
......@@ -609,7 +601,7 @@ public class EntitlementsAzureTests {
@Test
public void givenSameUpnInHeaderAndJwt_whenUpdateProfile_thenReturnProfile() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
//upn in header
when(dpsHeaders.getUserEmail()).thenReturn(TestUtils.getUpn());
......@@ -628,7 +620,7 @@ public class EntitlementsAzureTests {
@Test
public void givenNoUpnInHeader_whenUpdateProfile_thenReturnProfile() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
createAADUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.UPN, TestUtils.getUpn(), TestUtils.OID, TestUtils.getOid());
UserInfoDoc userInfoDoc = new UserInfoDoc();
userInfoDoc.setUid(TestUtils.getAppId());
......@@ -646,7 +638,7 @@ public class EntitlementsAzureTests {
public void givenServicePrincipalInJwt_whenUpdateProfile_thenReturnProfile() {
setField(sut, TestUtils.SERVICE_DOMAIN_NAME, TestUtils.getDomain());
//serviceprincipal in JWT
createAADUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
createUserPrincipalSetSecurityContext(TestUtils.APPID, TestUtils.getAppId(), TestUtils.OID, TestUtils.getOid());
//no email in header
UserInfoDoc userInfoDoc = new UserInfoDoc();
......
......@@ -27,11 +27,14 @@ public class TestUtils {
private static final String appId = "18e7cc2c-5dde-4f01-801a-16eb54b04217";
private static final String oid = "18e7cc2c-5dde-4f01-801a-16eb54b04218";
private static final String description = "Some description";
private static final String userId = "user123";
public static final String SERVICE_DOMAIN_NAME = "serviceDomainName";
public static final String APPID = "appid";
public static final String UPN = "upn";
public static final String OID = "oid";
public static final String EMAIL = "email";
public static final String USERID = "userid";
public static String getDomain() { return domain; }
public static String getTenantName() { return tenantName;}
......@@ -41,4 +44,6 @@ public class TestUtils {
public static String getAppId() {return appId; }
public static String getOid() {return oid; }
public static String getDescription() { return description; }
public static String getUserId() { return userId; }
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment