basichttpdecoding
Change-Id: I94e7619ee623257911c035cbe0a911338803aeec
diff --git a/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java b/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
index c77184c..ac7cc25 100644
--- a/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
+++ b/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
@@ -1,9 +1,15 @@
package de.ids_mannheim.korap.config;
+import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
import de.ids_mannheim.korap.utils.StringUtils;
+import org.apache.commons.codec.binary.Base64;
import org.junit.Test;
+import java.util.Arrays;
+
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
/**
* Created by hanl on 29.05.16.
@@ -20,7 +26,17 @@
@Test
- public void testSQLRegexBuild () {
-
+ public void testBasicHttpSplit() {
+ String s1 = "basic " + new String(Base64.encodeBase64("test:testPass".getBytes()));
+ String s2 = new String(Base64.encodeBase64("test:testPass".getBytes()));
+ String[] f1 = BasicHttpAuth.decode(s1);
+ String[] f2 = BasicHttpAuth.decode(s2);
+ assertNotNull(f1);
+ assertNotNull(f2);
+ assertEquals("test", f1[0]);
+ assertEquals("testPass", f1[1]);
+ assertEquals("test", f2[0]);
+ assertEquals("testPass", f2[1]);
}
+
}
diff --git a/src/test/java/de/ids_mannheim/korap/config/TestHelper.java b/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
index 0a9131e..9788eeb 100644
--- a/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
+++ b/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
@@ -10,9 +10,7 @@
import de.ids_mannheim.korap.interfaces.defaults.KustvaktEncryption;
import de.ids_mannheim.korap.resources.KustvaktResource;
import de.ids_mannheim.korap.security.ac.PolicyDao;
-import de.ids_mannheim.korap.security.auth.APIAuthentication;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
-import de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager;
+import de.ids_mannheim.korap.security.auth.*;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.TimeUtils;
import de.ids_mannheim.korap.web.service.BootableBeanInterface;
@@ -475,6 +473,8 @@
Set<AuthenticationIface> pro = new HashSet<>();
pro.add(new BasicHttpAuth());
pro.add(new APIAuthentication(getConfig()));
+ pro.add(new SessionAuthentication(getConfig(), getCrypto()));
+ pro.add(new OpenIDconnectAuthentication(getConfig(), getDataSource()));
manager.setProviders(pro);
return manager;
}
diff --git a/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java b/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
index 6da2bb5..fd648d6 100644
--- a/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
@@ -1,23 +1,39 @@
package de.ids_mannheim.korap.web.service.full;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.json.JSONUnmarshaller;
+import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.TestHelper;
import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
import de.ids_mannheim.korap.user.User;
+import de.ids_mannheim.korap.utils.JsonUtils;
+import de.ids_mannheim.korap.utils.TimeUtils;
import de.ids_mannheim.korap.web.service.FastJerseyTest;
+import org.joda.time.DateTime;
import org.junit.BeforeClass;
import org.junit.Test;
+import static org.junit.Assert.*;
+
/**
* @author hanl
* @date 24/09/2015
*/
public class AuthServiceTest extends FastJerseyTest {
+ private static String[] credentials;
+
@BeforeClass
public static void configure () throws Exception {
- FastJerseyTest.setPackages("de.ids_mannheim.korap.web.service",
+ FastJerseyTest.setPackages("de.ids_mannheim.korap.web.service.full",
"de.ids_mannheim.korap.web.filter",
"de.ids_mannheim.korap.web.utils");
+ credentials = new String[2];
+ credentials[0] = (String) TestHelper.getUserCredentials().get(Attributes.USERNAME);
+ credentials[1] = (String) TestHelper.getUserCredentials().get(Attributes.PASSWORD);
}
@@ -30,10 +46,74 @@
@Test
public void testBasicHttp () {
User user = helper().getUser();
-
}
@Test
+ public void testSessionToken() {
+ String auth = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ ClientResponse response = resource().path(getAPIVersion()).path("auth")
+ .path("sessionToken").header(Attributes.AUTHORIZATION, auth)
+ .get(ClientResponse.class);
+ assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ response.getStatus());
+ String en = response.getEntity(String.class);
+ JsonNode node = JsonUtils.readTree(en);
+ assertNotNull(node);
+
+ String token = node.path("token").asText();
+ String token_type = node.path("token_type").asText();
+ String expiration = node.path("expires").asText();
+ DateTime ex = TimeUtils.getTime(expiration);
+ assertNotEquals("", token);
+ assertNotEquals("", token_type);
+ assertFalse(TimeUtils.isExpired(ex.getMillis()));
+
+ response = resource().path(getAPIVersion()).path("user")
+ .path("info").header(Attributes.AUTHORIZATION, token_type + " "+ token)
+ .get(ClientResponse.class);
+ en = response.getEntity(String.class);
+
+ assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ response.getStatus());
+ }
+
+ @Test
+ public void testSessionTokenExpire() {
+ String auth = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ ClientResponse response = resource().path(getAPIVersion()).path("auth")
+ .path("sessionToken").header(Attributes.AUTHORIZATION, auth)
+ .get(ClientResponse.class);
+ assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ response.getStatus());
+ String en = response.getEntity(String.class);
+ JsonNode node = JsonUtils.readTree(en);
+ assertNotNull(node);
+
+ String token = node.path("token").asText();
+ String token_type = node.path("token_type").asText();
+ String expiration = node.path("expires").asText();
+ DateTime ex = TimeUtils.getTime(expiration);
+ assertNotEquals("", token);
+ assertNotEquals("", token_type);
+
+ while (true) {
+ if (TimeUtils.isExpired(ex.getMillis()))
+ break;
+ }
+ response = resource().path(getAPIVersion()).path("user")
+ .path("info").header(Attributes.AUTHORIZATION, token_type + " "+ token)
+ .get(ClientResponse.class);
+ en = response.getEntity(String.class);
+ node = JsonUtils.readTree(en);
+ assertNotNull(node);
+
+ assertEquals(StatusCodes.BAD_CREDENTIALS, node.at("/errors/0/0").asInt());
+ assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
+ response.getStatus());
+ }
+
+
+ @Test
public void testBlockingFilterFail() {
}