githubFork/gitblit.git - Solinfo Gitblit

Merge pull request #947 from paulsputer/LogUpdateForAllAuthentication

James Moger

2015-10-26 e69804d4001796a49476089bcbe8f67c3c700497

commit \| author \| age
f3b625	1	/*
JC	2	* Copyright 2012 John Crygier
	3	* Copyright 2012 gitblit.com
	4	*
	5	* Licensed under the Apache License, Version 2.0 (the "License");
	6	* you may not use this file except in compliance with the License.
	7	* You may obtain a copy of the License at
	8	*
	9	* http://www.apache.org/licenses/LICENSE-2.0
	10	*
	11	* Unless required by applicable law or agreed to in writing, software
	12	* distributed under the License is distributed on an "AS IS" BASIS,
	13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	14	* See the License for the specific language governing permissions and
	15	* limitations under the License.
	16	*/
	17	package com.gitblit.tests;
	18
afe3f1	19	import java.io.File;
04a985	20	import java.io.FileInputStream;
f3b625	21	import java.util.HashMap;
JC	22	import java.util.Map;
	23
afe3f1	24	import org.apache.commons.io.FileUtils;
f3b625	25	import org.junit.Before;
7e0ce4	26	import org.junit.BeforeClass;
afe3f1	27	import org.junit.Rule;
f3b625	28	import org.junit.Test;
afe3f1	29	import org.junit.rules.TemporaryFolder;
f3b625	30
eb1264	31	import com.gitblit.Constants.AccountType;
04a985	32	import com.gitblit.IStoredSettings;
4e8d63	33	import com.gitblit.Keys;
04a985	34	import com.gitblit.auth.LdapAuthProvider;
b4a63a	35	import com.gitblit.manager.AuthenticationManager;
eb1264	36	import com.gitblit.manager.IUserManager;
04a985	37	import com.gitblit.manager.RuntimeManager;
JM	38	import com.gitblit.manager.UserManager;
f6d7de	39	import com.gitblit.models.TeamModel;
f3b625	40	import com.gitblit.models.UserModel;
JC	41	import com.gitblit.tests.mock.MemorySettings;
fc3a39	42	import com.gitblit.utils.XssFilter;
JM	43	import com.gitblit.utils.XssFilter.AllowXssFilter;
f3b625	44	import com.unboundid.ldap.listener.InMemoryDirectoryServer;
JC	45	import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
	46	import com.unboundid.ldap.listener.InMemoryListenerConfig;
eb1264	47	import com.unboundid.ldap.sdk.SearchResult;
AS	48	import com.unboundid.ldap.sdk.SearchScope;
f3b625	49	import com.unboundid.ldif.LDIFReader;
JC	50
	51	/**
	52	* An Integration test for LDAP that tests going against an in-memory UnboundID
	53	* LDAP server.
c00577	54	*
f3b625	55	* @author jcrygier
JC	56	*
	57	*/
04a985	58	public class LdapAuthenticationTest extends GitblitUnitTest {
afe3f1	59	@Rule
AS	60	public TemporaryFolder folder = new TemporaryFolder();
c00577	61
04a985	62	private static final String RESOURCE_DIR = "src/test/resources/ldap/";
JM	63
afe3f1	64	private File usersConf;
6659fa	65
afe3f1	66	private LdapAuthProvider ldap;
c00577	67
d2426e	68	static int ldapPort = 1389;
c00577	69
eb1264	70	private static InMemoryDirectoryServer ds;
AS	71
	72	private IUserManager userManager;
ca4d98	73
b4a63a	74	private AuthenticationManager auth;
afe3f1	75
AS	76	private MemorySettings settings;
eb1264	77
7e0ce4	78	@BeforeClass
JC	79	public static void createInMemoryLdapServer() throws Exception {
f3b625	80	InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=MyDomain");
JC	81	config.addAdditionalBindCredentials("cn=Directory Manager", "password");
98b4b9	82	config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", ldapPort));
f3b625	83	config.setSchema(null);
c00577	84
eb1264	85	ds = new InMemoryDirectoryServer(config);
f3b625	86	ds.startListening();
JC	87	}
c00577	88
f3b625	89	@Before
afe3f1	90	public void init() throws Exception {
AS	91	ds.clear();
	92	ds.importFromLDIF(true, new LDIFReader(new FileInputStream(RESOURCE_DIR + "sampledata.ldif")));
	93	usersConf = folder.newFile("users.conf");
	94	FileUtils.copyFile(new File(RESOURCE_DIR + "users.conf"), usersConf);
	95	settings = getSettings();
	96	ldap = newLdapAuthentication(settings);
b4a63a	97	auth = newAuthenticationManager(settings);
04a985	98	}
JM	99
4e8d63	100	private LdapAuthProvider newLdapAuthentication(IStoredSettings settings) {
fc3a39	101	XssFilter xssFilter = new AllowXssFilter();
JM	102	RuntimeManager runtime = new RuntimeManager(settings, xssFilter, GitBlitSuite.BASEFOLDER).start();
ca4d98	103	userManager = new UserManager(runtime, null).start();
04a985	104	LdapAuthProvider ldap = new LdapAuthProvider();
eb1264	105	ldap.setup(runtime, userManager);
04a985	106	return ldap;
b4a63a	107	}
ca4d98	108
b4a63a	109	private AuthenticationManager newAuthenticationManager(IStoredSettings settings) {
fc3a39	110	XssFilter xssFilter = new AllowXssFilter();
JM	111	RuntimeManager runtime = new RuntimeManager(settings, xssFilter, GitBlitSuite.BASEFOLDER).start();
b4a63a	112	AuthenticationManager auth = new AuthenticationManager(runtime, userManager);
JM	113	auth.addAuthenticationProvider(newLdapAuthentication(settings));
	114	return auth;
7e0ce4	115	}
c00577	116
7e0ce4	117	private MemorySettings getSettings() {
874be0	118	Map<String, Object> backingMap = new HashMap<String, Object>();
4e8d63	119	backingMap.put(Keys.realm.userService, usersConf.getAbsolutePath());
AS	120	backingMap.put(Keys.realm.ldap.server, "ldap://localhost:" + ldapPort);
	121	// backingMap.put(Keys.realm.ldap.domain, "");
	122	backingMap.put(Keys.realm.ldap.username, "cn=Directory Manager");
	123	backingMap.put(Keys.realm.ldap.password, "password");
	124	// backingMap.put(Keys.realm.ldap.backingUserService, "users.conf");
	125	backingMap.put(Keys.realm.ldap.maintainTeams, "true");
	126	backingMap.put(Keys.realm.ldap.accountBase, "OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain");
	127	backingMap.put(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
	128	backingMap.put(Keys.realm.ldap.groupBase, "OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain");
	129	backingMap.put(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
	130	backingMap.put(Keys.realm.ldap.admins, "UserThree @Git_Admins \"@Git Admins\"");
	131	backingMap.put(Keys.realm.ldap.displayName, "displayName");
	132	backingMap.put(Keys.realm.ldap.email, "email");
	133	backingMap.put(Keys.realm.ldap.uid, "sAMAccountName");
c00577	134
f3b625	135	MemorySettings ms = new MemorySettings(backingMap);
7e0ce4	136	return ms;
f3b625	137	}
c00577	138
f3b625	139	@Test
c00577	140	public void testAuthenticate() {
04a985	141	UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
f3b625	142	assertNotNull(userOneModel);
JC	143	assertNotNull(userOneModel.getTeam("git_admins"));
	144	assertNotNull(userOneModel.getTeam("git_users"));
	145	assertTrue(userOneModel.canAdmin);
c00577	146
04a985	147	UserModel userOneModelFailedAuth = ldap.authenticate("UserOne", "userTwoPassword".toCharArray());
f3b625	148	assertNull(userOneModelFailedAuth);
c00577	149
04a985	150	UserModel userTwoModel = ldap.authenticate("UserTwo", "userTwoPassword".toCharArray());
f3b625	151	assertNotNull(userTwoModel);
JC	152	assertNotNull(userTwoModel.getTeam("git_users"));
	153	assertNull(userTwoModel.getTeam("git_admins"));
3d699c	154	assertNotNull(userTwoModel.getTeam("git admins"));
U	155	assertTrue(userTwoModel.canAdmin);
c00577	156
04a985	157	UserModel userThreeModel = ldap.authenticate("UserThree", "userThreePassword".toCharArray());
f3b625	158	assertNotNull(userThreeModel);
JC	159	assertNotNull(userThreeModel.getTeam("git_users"));
	160	assertNull(userThreeModel.getTeam("git_admins"));
	161	assertTrue(userThreeModel.canAdmin);
	162	}
c00577	163
7e0ce4	164	@Test
JC	165	public void testDisplayName() {
04a985	166	UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	167	assertNotNull(userOneModel);
JC	168	assertEquals("User One", userOneModel.displayName);
c00577	169
7e0ce4	170	// Test more complicated scenarios - concat
JC	171	MemorySettings ms = getSettings();
	172	ms.put("realm.ldap.displayName", "${personalTitle}. ${givenName} ${surname}");
04a985	173	ldap = newLdapAuthentication(ms);
c00577	174
04a985	175	userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	176	assertNotNull(userOneModel);
JC	177	assertEquals("Mr. User One", userOneModel.displayName);
	178	}
c00577	179
7e0ce4	180	@Test
JC	181	public void testEmail() {
04a985	182	UserModel userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	183	assertNotNull(userOneModel);
JC	184	assertEquals("userone@gitblit.com", userOneModel.emailAddress);
c00577	185
7e0ce4	186	// Test more complicated scenarios - concat
JC	187	MemorySettings ms = getSettings();
	188	ms.put("realm.ldap.email", "${givenName}.${surname}@gitblit.com");
04a985	189	ldap = newLdapAuthentication(ms);
c00577	190
04a985	191	userOneModel = ldap.authenticate("UserOne", "userOnePassword".toCharArray());
7e0ce4	192	assertNotNull(userOneModel);
JC	193	assertEquals("User.One@gitblit.com", userOneModel.emailAddress);
	194	}
c00577	195
7e0ce4	196	@Test
JC	197	public void testLdapInjection() {
	198	// Inject so "(&(objectClass=person)(sAMAccountName=${username}))" becomes "(&(objectClass=person)(sAMAccountName=*)(userPassword=userOnePassword))"
	199	// Thus searching by password
c00577	200
04a985	201	UserModel userOneModel = ldap.authenticate("*)(userPassword=userOnePassword", "userOnePassword".toCharArray());
7e0ce4	202	assertNull(userOneModel);
4e3c15	203	}
f3b625	204
eb1264	205	@Test
afe3f1	206	public void checkIfUsersConfContainsAllUsersFromSampleDataLdif() throws Exception {
eb1264	207	SearchResult searchResult = ds.search("OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain", SearchScope.SUB, "objectClass=person");
AS	208	assertEquals("Number of ldap users in gitblit user model", searchResult.getEntryCount(), countLdapUsersInUserManager());
	209	}
	210
	211	@Test
afe3f1	212	public void addingUserInLdapShouldNotUpdateGitBlitUsersAndGroups() throws Exception {
eb1264	213	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "adduser.ldif"));
6659fa	214	ldap.sync();
eb1264	215	assertEquals("Number of ldap users in gitblit user model", 5, countLdapUsersInUserManager());
AS	216	}
	217
afe3f1	218	@Test
AS	219	public void addingUserInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception {
4e8d63	220	settings.put(Keys.realm.ldap.synchronize, "true");
afe3f1	221	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "adduser.ldif"));
6659fa	222	ldap.sync();
afe3f1	223	assertEquals("Number of ldap users in gitblit user model", 6, countLdapUsersInUserManager());
AS	224	}
	225
f6d7de	226	@Test
AS	227	public void addingGroupsInLdapShouldNotUpdateGitBlitUsersAndGroups() throws Exception {
	228	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif"));
6659fa	229	ldap.sync();
f6d7de	230	assertEquals("Number of ldap groups in gitblit team model", 0, countLdapTeamsInUserManager());
AS	231	}
	232
	233	@Test
	234	public void addingGroupsInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception {
4e8d63	235	settings.put(Keys.realm.ldap.synchronize, "true");
f6d7de	236	ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif"));
6659fa	237	ldap.sync();
f6d7de	238	assertEquals("Number of ldap groups in gitblit team model", 1, countLdapTeamsInUserManager());
AS	239	}
	240
b4a63a	241	@Test
JM	242	public void testAuthenticationManager() {
0d7c65	243	UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray(), null);
b4a63a	244	assertNotNull(userOneModel);
JM	245	assertNotNull(userOneModel.getTeam("git_admins"));
	246	assertNotNull(userOneModel.getTeam("git_users"));
	247	assertTrue(userOneModel.canAdmin);
	248
0d7c65	249	UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray(), null);
b4a63a	250	assertNull(userOneModelFailedAuth);
JM	251
0d7c65	252	UserModel userTwoModel = auth.authenticate("UserTwo", "userTwoPassword".toCharArray(), null);
b4a63a	253	assertNotNull(userTwoModel);
JM	254	assertNotNull(userTwoModel.getTeam("git_users"));
	255	assertNull(userTwoModel.getTeam("git_admins"));
	256	assertNotNull(userTwoModel.getTeam("git admins"));
	257	assertTrue(userTwoModel.canAdmin);
	258
0d7c65	259	UserModel userThreeModel = auth.authenticate("UserThree", "userThreePassword".toCharArray(), null);
b4a63a	260	assertNotNull(userThreeModel);
JM	261	assertNotNull(userThreeModel.getTeam("git_users"));
	262	assertNull(userThreeModel.getTeam("git_admins"));
	263	assertTrue(userThreeModel.canAdmin);
	264	}
ca4d98	265
a74d67	266	@Test
JA	267	public void testBindWithUser() {
	268	settings.put(Keys.realm.ldap.bindpattern, "CN=${username},OU=US,OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain");
	269	settings.put(Keys.realm.ldap.username, "");
	270	settings.put(Keys.realm.ldap.password, "");
	271
0d7c65	272	UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray(), null);
a74d67	273	assertNotNull(userOneModel);
ca4d98	274
0d7c65	275	UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray(), null);
a74d67	276	assertNull(userOneModelFailedAuth);
JA	277	}
b4a63a	278
eb1264	279	private int countLdapUsersInUserManager() {
AS	280	int ldapAccountCount = 0;
	281	for (UserModel userModel : userManager.getAllUsers()) {
	282	if (AccountType.LDAP.equals(userModel.accountType)) {
	283	ldapAccountCount++;
	284	}
	285	}
	286	return ldapAccountCount;
	287	}
	288
f6d7de	289	private int countLdapTeamsInUserManager() {
AS	290	int ldapAccountCount = 0;
	291	for (TeamModel teamModel : userManager.getAllTeams()) {
	292	if (AccountType.LDAP.equals(teamModel.accountType)) {
	293	ldapAccountCount++;
	294	}
	295	}
	296	return ldapAccountCount;
	297	}
	298
f3b625	299	}