githubFork/gitblit.git - Solinfo Gitblit

Add repository and user/team lifecycle listener extension points

James Moger

2014-06-09 ca4d98678c20e4033fdaca09ecbbf0f5952e0b84

commit \| author \| age
f3b625	1	/*
JC	2	* Copyright 2012 John Crygier
	3	* Copyright 2012 gitblit.com
	4	*
	5	* Licensed under the Apache License, Version 2.0 (the "License");
	6	* you may not use this file except in compliance with the License.
	7	* You may obtain a copy of the License at
	8	*
	9	* http://www.apache.org/licenses/LICENSE-2.0
	10	*
	11	* Unless required by applicable law or agreed to in writing, software
	12	* distributed under the License is distributed on an "AS IS" BASIS,
	13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	14	* See the License for the specific language governing permissions and
	15	* limitations under the License.
	16	*/
	17	package com.gitblit.tests;
	18
afe3f1	19	import java.io.File;
04a985	20	import java.io.FileInputStream;
f3b625	21	import java.util.HashMap;
JC	22	import java.util.Map;
	23
afe3f1	24	import org.apache.commons.io.FileUtils;
f3b625	25	import org.junit.Before;
7e0ce4	26	import org.junit.BeforeClass;
afe3f1	27	import org.junit.Rule;
f3b625	28	import org.junit.Test;
afe3f1	29	import org.junit.rules.TemporaryFolder;
f3b625	30
eb1264	31	import com.gitblit.Constants.AccountType;
04a985	32	import com.gitblit.IStoredSettings;
4e8d63	33	import com.gitblit.Keys;
04a985	34	import com.gitblit.auth.LdapAuthProvider;
b4a63a	35	import com.gitblit.manager.AuthenticationManager;
eb1264	36	import com.gitblit.manager.IUserManager;
04a985	37	import com.gitblit.manager.RuntimeManager;
JM	38	import com.gitblit.manager.UserManager;
f6d7de	39	import com.gitblit.models.TeamModel;
f3b625	40	import com.gitblit.models.UserModel;
JC	41	import com.gitblit.tests.mock.MemorySettings;
	42	import com.unboundid.ldap.listener.InMemoryDirectoryServer;
	43	import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
	44	import com.unboundid.ldap.listener.InMemoryListenerConfig;
eb1264	45	import com.unboundid.ldap.sdk.SearchResult;
AS	46	import com.unboundid.ldap.sdk.SearchScope;
f3b625	47	import com.unboundid.ldif.LDIFReader;
JC	48
	49	/**
	50	* An Integration test for LDAP that tests going against an in-memory UnboundID
	51	* LDAP server.
c00577	52	*
f3b625	53	* @author jcrygier
JC	54	*
	55	*/
04a985	56	public class LdapAuthenticationTest extends GitblitUnitTest {
afe3f1	57	@Rule
AS	58	public TemporaryFolder folder = new TemporaryFolder();
c00577	59
04a985	60	private static final String RESOURCE_DIR = "src/test/resources/ldap/";
JM	61
afe3f1	62	private File usersConf;
6659fa	63
afe3f1	64	private LdapAuthProvider ldap;
c00577	65
d2426e	66	static int ldapPort = 1389;
c00577	67
eb1264	68	private static InMemoryDirectoryServer ds;
AS	69
	70	private IUserManager userManager;
ca4d98	71
b4a63a	72	private AuthenticationManager auth;
afe3f1	73
AS	74	private MemorySettings settings;
eb1264	75
7e0ce4	76	@BeforeClass
JC	77	public static void createInMemoryLdapServer() throws Exception {
f3b625	78	InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=MyDomain");
JC	79	config.addAdditionalBindCredentials("cn=Directory Manager", "password");
98b4b9	80	config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", ldapPort));
f3b625	81	config.setSchema(null);
c00577	82
eb1264	83	ds = new InMemoryDirectoryServer(config);
f3b625	84	ds.startListening();
JC	85	}
c00577	86
f3b625	87	@Before
afe3f1	88	public void init() throws Exception {
AS	89	ds.clear();
	90	ds.importFromLDIF(true, new LDIFReader(new FileInputStream(RESOURCE_DIR + "sampledata.ldif")));
	91	usersConf = folder.newFile("users.conf");
	92	FileUtils.copyFile(new File(RESOURCE_DIR + "users.conf"), usersConf);
	93	settings = getSettings();
	94	ldap = newLdapAuthentication(settings);
b4a63a	95	auth = newAuthenticationManager(settings);
04a985	96	}
JM	97
4e8d63	98	private LdapAuthProvider newLdapAuthentication(IStoredSettings settings) {
04a985	99	RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start();
ca4d98	100	userManager = new UserManager(runtime, null).start();
04a985	101	LdapAuthProvider ldap = new LdapAuthProvider();
eb1264	102	ldap.setup(runtime, userManager);
04a985	103	return ldap;
b4a63a	104	}
ca4d98	105
b4a63a	106	private AuthenticationManager newAuthenticationManager(IStoredSettings settings) {
JM	107	RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start();
	108	AuthenticationManager auth = new AuthenticationManager(runtime, userManager);
	109	auth.addAuthenticationProvider(newLdapAuthentication(settings));
	110	return auth;
7e0ce4	111	}
c00577	112
7e0ce4	113	private MemorySettings getSettings() {
874be0	114	Map<String, Object> backingMap = new HashMap<String, Object>();
4e8d63	115	backingMap.put(Keys.realm.userService, usersConf.getAbsolutePath());
AS	116	backingMap.put(Keys.realm.ldap.server, "ldap://localhost:" + ldapPort);
	117	// backingMap.put(Keys.realm.ldap.domain, "");
	118	backingMap.put(Keys.realm.ldap.username, "cn=Directory Manager");
	119	backingMap.put(Keys.realm.ldap.password, "password");
	120	// backingMap.put(Keys.realm.ldap.backingUserService, "users.conf");
	121	backingMap.put(Keys.realm.ldap.maintainTeams, "true");
	122	backingMap.put(Keys.realm.ldap.accountBase, "OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain");
	123	backingMap.put(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
	124	backingMap.put(Keys.realm.ldap.groupBase, "OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain");
	125	backingMap.put(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
	126	backingMap.put(Keys.realm.ldap.admins, "UserThree @Git_Admins \"@Git Admins\"");
	127	backingMap.put(Keys.realm.ldap.displayName, "displayName");
	128	backingMap.put(Keys.realm.ldap.email, "email");
	129	backingMap.put(Keys.realm.ldap.uid, "sAMAccountName");
c00577	130
f3b625	131	MemorySettings ms = new MemorySettings(backingMap);
7e0ce4	132	return ms;
f3b625	133	}
c00577	134
f3b625	135	@Test
c00577	136	public void testAuthenticate() {
04a985	137	UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
f3b625	138	assertNotNull(userOneModel);
JC	139	assertNotNull(userOneModel.getTeam("git_admins"));
	140	assertNotNull(userOneModel.getTeam("git_users"));
	141	assertTrue(userOneModel.canAdmin);
c00577	142
04a985	143	UserModel userOneModelFailedAuth = ldap.authenticate("UserOne", "userTwoPassword".toCharArray());
f3b625	144	assertNull(userOneModelFailedAuth);
c00577	145
04a985	146	UserModel userTwoModel = ldap.authenticate("UserTwo", "userTwoPassword".toCharArray());
f3b625	147	assertNotNull(userTwoModel);
JC	148	assertNotNull(userTwoModel.getTeam("git_users"));
	149	assertNull(userTwoModel.getTeam("git_admins"));
3d699c	150	assertNotNull(userTwoModel.getTeam("git admins"));
U	151	assertTrue(userTwoModel.canAdmin);
c00577	152
04a985	153	UserModel userThreeModel = ldap.authenticate("UserThree", "userThreePassword".toCharArray());
f3b625	154	assertNotNull(userThreeModel);
JC	155	assertNotNull(userThreeModel.getTeam("git_users"));
	156	assertNull(userThreeModel.getTeam("git_admins"));
	157	assertTrue(userThreeModel.canAdmin);
	158	}
c00577	159
7e0ce4	160	@Test
JC	161	public void testDisplayName() {
04a985	162	UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	163	assertNotNull(userOneModel);
JC	164	assertEquals("User One", userOneModel.displayName);
c00577	165
7e0ce4	166	// Test more complicated scenarios - concat
JC	167	MemorySettings ms = getSettings();
	168	ms.put("realm.ldap.displayName", "${personalTitle}. ${givenName} ${surname}");
04a985	169	ldap = newLdapAuthentication(ms);
c00577	170
04a985	171	userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	172	assertNotNull(userOneModel);
JC	173	assertEquals("Mr. User One", userOneModel.displayName);
	174	}
c00577	175
7e0ce4	176	@Test
JC	177	public void testEmail() {
04a985	178	UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	179	assertNotNull(userOneModel);
JC	180	assertEquals("userone@gitblit.com", userOneModel.emailAddress);
c00577	181
7e0ce4	182	// Test more complicated scenarios - concat
JC	183	MemorySettings ms = getSettings();
	184	ms.put("realm.ldap.email", "${givenName}.${surname}@gitblit.com");
04a985	185	ldap = newLdapAuthentication(ms);
c00577	186
04a985	187	userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	188	assertNotNull(userOneModel);
JC	189	assertEquals("User.One@gitblit.com", userOneModel.emailAddress);
	190	}
c00577	191
7e0ce4	192	@Test
JC	193	public void testLdapInjection() {
	194	// Inject so "(&(objectClass=person)(sAMAccountName=${username}))" becomes "(&(objectClass=person)(sAMAccountName=*)(userPassword=userOnePassword))"
	195	// Thus searching by password
c00577	196
04a985	197	UserModel userOneModel = ldap.authenticate("*)(userPassword=userOnePassword", "userOnePassword".toCharArray());
7e0ce4	198	assertNull(userOneModel);
4e3c15	199	}
f3b625	200
eb1264	201	@Test
afe3f1	202	public void checkIfUsersConfContainsAllUsersFromSampleDataLdif() throws Exception {
eb1264	203	SearchResult searchResult = ds.search("OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain", SearchScope.SUB, "objectClass=person");
AS	204	assertEquals("Number of ldap users in gitblit user model", searchResult.getEntryCount(), countLdapUsersInUserManager());
	205	}
	206
	207	@Test
afe3f1	208	public void addingUserInLdapShouldNotUpdateGitBlitUsersAndGroups() throws Exception {
eb1264	209	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "adduser.ldif"));
6659fa	210	ldap.sync();
eb1264	211	assertEquals("Number of ldap users in gitblit user model", 5, countLdapUsersInUserManager());
AS	212	}
	213
afe3f1	214	@Test
AS	215	public void addingUserInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception {
4e8d63	216	settings.put(Keys.realm.ldap.synchronize, "true");
afe3f1	217	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "adduser.ldif"));
6659fa	218	ldap.sync();
afe3f1	219	assertEquals("Number of ldap users in gitblit user model", 6, countLdapUsersInUserManager());
AS	220	}
	221
f6d7de	222	@Test
AS	223	public void addingGroupsInLdapShouldNotUpdateGitBlitUsersAndGroups() throws Exception {
	224	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif"));
6659fa	225	ldap.sync();
f6d7de	226	assertEquals("Number of ldap groups in gitblit team model", 0, countLdapTeamsInUserManager());
AS	227	}
	228
	229	@Test
	230	public void addingGroupsInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception {
4e8d63	231	settings.put(Keys.realm.ldap.synchronize, "true");
f6d7de	232	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif"));
6659fa	233	ldap.sync();
f6d7de	234	assertEquals("Number of ldap groups in gitblit team model", 1, countLdapTeamsInUserManager());
AS	235	}
	236
b4a63a	237	@Test
JM	238	public void testAuthenticationManager() {
	239	UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray());
	240	assertNotNull(userOneModel);
	241	assertNotNull(userOneModel.getTeam("git_admins"));
	242	assertNotNull(userOneModel.getTeam("git_users"));
	243	assertTrue(userOneModel.canAdmin);
	244
	245	UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray());
	246	assertNull(userOneModelFailedAuth);
	247
	248	UserModel userTwoModel = auth.authenticate("UserTwo", "userTwoPassword".toCharArray());
	249	assertNotNull(userTwoModel);
	250	assertNotNull(userTwoModel.getTeam("git_users"));
	251	assertNull(userTwoModel.getTeam("git_admins"));
	252	assertNotNull(userTwoModel.getTeam("git admins"));
	253	assertTrue(userTwoModel.canAdmin);
	254
	255	UserModel userThreeModel = auth.authenticate("UserThree", "userThreePassword".toCharArray());
	256	assertNotNull(userThreeModel);
	257	assertNotNull(userThreeModel.getTeam("git_users"));
	258	assertNull(userThreeModel.getTeam("git_admins"));
	259	assertTrue(userThreeModel.canAdmin);
	260	}
ca4d98	261
a74d67	262	@Test
JA	263	public void testBindWithUser() {
	264	settings.put(Keys.realm.ldap.bindpattern, "CN=${username},OU=US,OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain");
	265	settings.put(Keys.realm.ldap.username, "");
	266	settings.put(Keys.realm.ldap.password, "");
	267
	268	UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray());
	269	assertNotNull(userOneModel);
ca4d98	270
a74d67	271	UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray());
JA	272	assertNull(userOneModelFailedAuth);
	273	}
b4a63a	274
eb1264	275	private int countLdapUsersInUserManager() {
AS	276	int ldapAccountCount = 0;
	277	for (UserModel userModel : userManager.getAllUsers()) {
	278	if (AccountType.LDAP.equals(userModel.accountType)) {
	279	ldapAccountCount++;
	280	}
	281	}
	282	return ldapAccountCount;
	283	}
	284
f6d7de	285	private int countLdapTeamsInUserManager() {
AS	286	int ldapAccountCount = 0;
	287	for (TeamModel teamModel : userManager.getAllTeams()) {
	288	if (AccountType.LDAP.equals(teamModel.accountType)) {
	289	ldapAccountCount++;
	290	}
	291	}
	292	return ldapAccountCount;
	293	}
	294
f3b625	295	}