/** * Verifies that the auth provider fails an authentication request with a 401 * {@code ClientErrorException} if the auth-id is unknown. * * @param ctx The vert.x test context. */ @Test public void testAuthenticateFailsWith401ForNonExistingAuthId(final TestContext ctx) { // WHEN trying to authenticate using an auth-id that is not known when(credentialsClient.get(anyString(), eq("user"), any(JsonObject.class), any())) .thenReturn(Future.failedFuture(new ClientErrorException(HttpURLConnection.HTTP_NOT_FOUND))); provider.authenticate(new JsonObject(), ctx.asyncAssertFailure(t -> { // THEN authentication fails with a 401 client error ctx.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, ((ClientErrorException) t).getErrorCode()); })); }
/** * Verifies that the provider fails to validate wrong credentials. * * @param ctx The vert.x test context. */ @Test public void testAuthenticateFailsForWrongCredentials(final TestContext ctx) { when(pwdEncoder.matches(eq("wrong_pwd"), any(JsonObject.class))).thenReturn(false); deviceCredentials = UsernamePasswordCredentials.create("device@DEFAULT_TENANT", "wrong_pwd", false); vertx.runOnContext(go -> { provider.authenticate(deviceCredentials, null, ctx.asyncAssertFailure(e -> { final ClientErrorException error = (ClientErrorException) e; ctx.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, error.getErrorCode()); })); }); }
/** * Verifies that credentials validation fails if the credentials on record are disabled. * * @param ctx The vert.x test context. */ @Test public void testValidateFailsIfCredentialsAreDisabled(final TestContext ctx) { // WHEN trying to authenticate a disabled device final AbstractDeviceCredentials creds = getDeviceCredentials("type", "tenant", "identity"); final CredentialsObject credentialsOnRecord = getCredentialsObject("type", "identity", "device", false) .addSecret(CredentialsObject.emptySecret(Instant.now().minusSeconds(120), null)); when(credentialsClient.get(eq("type"), eq("identity"), any(JsonObject.class), any())) .thenReturn(Future.succeededFuture(credentialsOnRecord)); provider.authenticate(creds, null, ctx.asyncAssertFailure(t -> { // THEN authentication fails with a 401 client error ctx.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, ((ClientErrorException) t).getErrorCode()); })); }
/** * Verifies that the auth provider fails an authentication request with a 401 * {@code ClientErrorException} if the credentials cannot be parsed. * * @param ctx The vert.x test context. */ @Test public void testAuthenticateFailsWith401ForMalformedCredentials(final TestContext ctx) { // WHEN trying to authenticate using malformed credentials // that do not contain a tenant provider = getProvider(null, NoopTracerFactory.create()); provider.authenticate(new JsonObject(), ctx.asyncAssertFailure(t -> { // THEN authentication fails with a 401 client error ctx.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, ((ClientErrorException) t).getErrorCode()); })); }
/** * Verifies that the adapter fails a request to retrieve a token for a gateway that does not * belong to the same tenant as the device it wants to act on behalf of. * * @param ctx The vert.x test context. */ @Test public void testGetRegistrationAssertionFailsWith403ForNonMatchingTenant(final TestContext ctx) { // GIVEN an adapter adapter = newProtocolAdapter(properties, null); // WHEN a gateway tries to get an assertion for a device from another tenant adapter.getRegistrationAssertion( "tenant A", "device", new Device("tenant B", "gateway"), mock(SpanContext.class)).setHandler(ctx.asyncAssertFailure(t -> { // THEN the request fails with a 403 Forbidden error ctx.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, ((ClientErrorException) t).getErrorCode()); })); }
/** * Verifies that credentials validation fails if none of the secrets on record are * valid any more. * * @param ctx The vert.x test context. */ @Test public void testAuthenticateFailsIfNoSecretsAreValidAnymore(final TestContext ctx) { credentialsOnRecord.addSecret(CredentialsObject.emptySecret(null, Instant.now().minusSeconds(120))); vertx.runOnContext(go -> { provider.authenticate(deviceCredentials, null, ctx.asyncAssertFailure(t -> { // THEN authentication fails with a 401 client error ctx.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, ((ClientErrorException) t).getErrorCode()); })); }); }
/** * Verifies that credentials validation fails if none of the secrets on record are * valid yet. * * @param ctx The vert.x test context. */ @Test public void testAuthenticateFailsIfNoSecretsAreValidYet(final TestContext ctx) { credentialsOnRecord.addSecret(CredentialsObject.emptySecret(Instant.now().plusSeconds(120), null)); vertx.runOnContext(go -> { provider.authenticate(deviceCredentials, null, ctx.asyncAssertFailure(t -> { // THEN authentication fails with a 401 client error ctx.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, ((ClientErrorException) t).getErrorCode()); })); }); } }
final ClientErrorException e = (ClientErrorException) t; LOG.debug("cannot process message [endpoint: {}] from device [tenantId: {}, deviceId: {}]: {} - {}", endpointName, tenant, deviceId, e.getErrorCode(), e.getMessage()); } else { LOG.debug("cannot process message [endpoint: {}] from device [tenantId: {}, deviceId: {}]",
final ClientErrorException e = (ClientErrorException) t; LOG.debug("cannot process message [endpoint: {}] from device [tenantId: {}, deviceId: {}]: {} - {}", endpointName, tenant, deviceId, e.getErrorCode(), e.getMessage()); } else { LOG.debug("cannot process message [endpoint: {}] from device [tenantId: {}, deviceId: {}]",