private static ExternalIdentity externalIdentityOf(UserDto userDto) { String externalId = userDto.getExternalId(); String externalLogin = userDto.getExternalLogin(); return new ExternalIdentity(externalId, externalLogin); }
private static boolean isSameExternalIdentity(UserDto dto, @Nullable ExternalIdentity externalIdentity) { return externalIdentity != null && !dto.isLocal() && Objects.equals(dto.getExternalId(), externalIdentity.getId()) && Objects.equals(dto.getExternalLogin(), externalIdentity.getLogin()) && Objects.equals(dto.getExternalIdentityProvider(), externalIdentity.getProvider()); }
private static boolean isSameUser(UserDto existingUser, UserRegistration authenticatorParameters) { // Check if same login return Objects.equals(existingUser.getLogin(), authenticatorParameters.getUserIdentity().getLogin()) || // Check if same identity provider and same provider id or provider login (Objects.equals(existingUser.getExternalIdentityProvider(), authenticatorParameters.getProvider().getKey()) && (Objects.equals(existingUser.getExternalId(), getProviderIdOrProviderLogin(authenticatorParameters.getUserIdentity())) || Objects.equals(existingUser.getExternalLogin(), authenticatorParameters.getUserIdentity().getProviderLogin()))); }
private void verifyUserInDb(String expectedLogin, String expectedName, @Nullable String expectedEmail, GroupDto... expectedGroups) { UserDto userDto = db.users().selectUserByLogin(expectedLogin).get(); assertThat(userDto.isActive()).isTrue(); assertThat(userDto.getName()).isEqualTo(expectedName); assertThat(userDto.getEmail()).isEqualTo(expectedEmail); assertThat(userDto.getExternalLogin()).isEqualTo(expectedLogin); assertThat(userDto.getExternalIdentityProvider()).isEqualTo("sonarqube"); verityUserGroups(expectedLogin, expectedGroups); }
@Test public void authenticate() { OAuth2IdentityProvider.CallbackContext callback = newCallbackContext(); callback.authenticate(USER_IDENTITY); assertThat(userIdentityAuthenticator.isAuthenticated()).isTrue(); verify(threadLocalUserSession).set(any(UserSession.class)); ArgumentCaptor<UserDto> userArgumentCaptor = ArgumentCaptor.forClass(UserDto.class); verify(jwtHttpHandler).generateToken(userArgumentCaptor.capture(), eq(request), eq(response)); assertThat(userArgumentCaptor.getValue().getLogin()).isEqualTo(USER_IDENTITY.getLogin()); assertThat(userArgumentCaptor.getValue().getExternalId()).isEqualTo(USER_IDENTITY.getProviderId()); assertThat(userArgumentCaptor.getValue().getExternalLogin()).isEqualTo(USER_IDENTITY.getProviderLogin()); assertThat(userArgumentCaptor.getValue().getExternalIdentityProvider()).isEqualTo(PROVIDER_KEY); }
@Test public void authenticate() { BaseIdentityProvider.Context context = underTest.newContext(request, response, identityProvider); ArgumentCaptor<UserDto> userArgumentCaptor = ArgumentCaptor.forClass(UserDto.class); context.authenticate(USER_IDENTITY); assertThat(userIdentityAuthenticator.isAuthenticated()).isTrue(); verify(threadLocalUserSession).set(any(UserSession.class)); verify(jwtHttpHandler).generateToken(userArgumentCaptor.capture(), eq(request), eq(response)); assertThat(userArgumentCaptor.getValue().getLogin()).isEqualTo(USER_IDENTITY.getLogin()); assertThat(userArgumentCaptor.getValue().getExternalId()).isEqualTo(USER_IDENTITY.getProviderId()); assertThat(userArgumentCaptor.getValue().getExternalLogin()).isEqualTo(USER_IDENTITY.getProviderLogin()); assertThat(userArgumentCaptor.getValue().getExternalIdentityProvider()).isEqualTo("github"); }
@Override public String getPath(String contextPath) { return contextPath + format(PATH, encodeMessage(email), encodeMessage(userIdentity.getProviderLogin()), encodeMessage(provider.getKey()), encodeMessage(existingUser.getExternalLogin()), encodeMessage(existingUser.getExternalIdentityProvider())); } }
@Test public void select_by_external_login_and_identity_provider() { UserDto activeUser = db.users().insertUser(); UserDto disableUser = db.users().insertUser(u -> u.setActive(false)); assertThat(underTest.selectByExternalLoginAndIdentityProvider(session, activeUser.getExternalLogin(), activeUser.getExternalIdentityProvider())).isNotNull(); assertThat(underTest.selectByExternalLoginAndIdentityProvider(session, disableUser.getExternalLogin(), disableUser.getExternalIdentityProvider())).isNotNull(); assertThat(underTest.selectByExternalLoginAndIdentityProvider(session, "unknown", "unknown")).isNull(); }
@Test public void create_user_with_sq_authority_when_no_authority_set() { createDefaultGroup(); underTest.createAndCommit(db.getSession(), NewUser.builder() .setLogin("user") .setName("User") .setPassword("password") .build(), u -> { }); UserDto dto = dbClient.userDao().selectByLogin(session, "user"); assertThat(dto.getExternalLogin()).isEqualTo("user"); assertThat(dto.getExternalIdentityProvider()).isEqualTo("sonarqube"); assertThat(dto.isLocal()).isTrue(); }
@Test public void create_user_with_sonarqube_external_identity() { createDefaultGroup(); underTest.createAndCommit(db.getSession(), NewUser.builder() .setLogin("user") .setName("User") .setExternalIdentity(new ExternalIdentity(SQ_AUTHORITY, "user", "user")) .build(), u -> { }); UserDto dto = dbClient.userDao().selectByLogin(session, "user"); assertThat(dto.isLocal()).isFalse(); assertThat(dto.getExternalId()).isEqualTo("user"); assertThat(dto.getExternalLogin()).isEqualTo("user"); assertThat(dto.getExternalIdentityProvider()).isEqualTo("sonarqube"); assertThat(dto.getCryptedPassword()).isNull(); assertThat(dto.getSalt()).isNull(); }
@Test public void create_user_with_identity_provider() { createDefaultGroup(); underTest.createAndCommit(db.getSession(), NewUser.builder() .setLogin("user") .setName("User") .setExternalIdentity(new ExternalIdentity("github", "github-user", "ABCD")) .build(), u -> { }); UserDto dto = dbClient.userDao().selectByLogin(session, "user"); assertThat(dto.isLocal()).isFalse(); assertThat(dto.getExternalId()).isEqualTo("ABCD"); assertThat(dto.getExternalLogin()).isEqualTo("github-user"); assertThat(dto.getExternalIdentityProvider()).isEqualTo("github"); assertThat(dto.getCryptedPassword()).isNull(); assertThat(dto.getSalt()).isNull(); }
@Test public void update_user_external_identity_when_user_was_not_local() { UserDto user = db.users().insertUser(newExternalUser(DEFAULT_LOGIN, "Marius", "marius@email.com")); createDefaultGroup(); underTest.updateAndCommit(session, user, new UpdateUser() .setName("Marius2") .setEmail("marius2@email.com") .setExternalIdentity(new ExternalIdentity("github", "john", "ABCD")), u -> { }); UserDto dto = dbClient.userDao().selectByLogin(session, DEFAULT_LOGIN); assertThat(dto.getExternalId()).isEqualTo("ABCD"); assertThat(dto.getExternalLogin()).isEqualTo("john"); assertThat(dto.getExternalIdentityProvider()).isEqualTo("github"); assertThat(dto.getUpdatedAt()).isGreaterThan(user.getCreatedAt()); }
@Test public void reactivate_user_with_external_provider() { UserDto user = db.users().insertDisabledUser(u -> u.setLocal(true)); createDefaultGroup(); underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder() .setLogin(user.getLogin()) .setName(user.getName()) .setExternalIdentity(new ExternalIdentity("github", "john", "ABCD")) .build(), u -> { }); session.commit(); UserDto dto = dbClient.userDao().selectByUuid(session, user.getUuid()); assertThat(dto.isLocal()).isFalse(); assertThat(dto.getExternalId()).isEqualTo("ABCD"); assertThat(dto.getExternalLogin()).isEqualTo("john"); assertThat(dto.getExternalIdentityProvider()).isEqualTo("github"); }
@Test public void does_not_update_user_when_no_change_and_scm_account_reordered() { UserDto user = newExternalUser(DEFAULT_LOGIN, "Marius", "marius@email.com") .setScmAccounts(asList("ma1", "ma2")); db.users().insertUser(user); createDefaultGroup(); underTest.updateAndCommit(session, user, new UpdateUser() .setName(user.getName()) .setEmail(user.getEmail()) .setScmAccounts(asList("ma2", "ma1")) .setExternalIdentity(new ExternalIdentity(user.getExternalIdentityProvider(), user.getExternalLogin(), user.getExternalId())), u -> { }); assertThat(dbClient.userDao().selectByLogin(session, DEFAULT_LOGIN).getUpdatedAt()).isEqualTo(user.getUpdatedAt()); }
@Test public void return_external_information() { UserDto user = db.users().insertUser(); userIndexer.indexOnStartup(null); userSession.logIn().setSystemAdministrator(); SearchWsResponse response = ws.newRequest() .executeProtobuf(SearchWsResponse.class); assertThat(response.getUsersList()) .extracting(User::getLogin, User::getExternalIdentity, User::getExternalProvider) .containsExactlyInAnyOrder(tuple(user.getLogin(), user.getExternalLogin(), user.getExternalIdentityProvider())); }
@Test public void does_not_update_user_when_no_change() { UserDto user = newExternalUser(DEFAULT_LOGIN, "Marius", "marius@email.com") .setScmAccounts(asList("ma1", "ma2")); db.users().insertUser(user); createDefaultGroup(); underTest.updateAndCommit(session, user, new UpdateUser() .setName(user.getName()) .setEmail(user.getEmail()) .setScmAccounts(user.getScmAccountsAsList()) .setExternalIdentity(new ExternalIdentity(user.getExternalIdentityProvider(), user.getExternalLogin(), user.getExternalId())), u -> { }); assertThat(dbClient.userDao().selectByLogin(session, DEFAULT_LOGIN).getUpdatedAt()).isEqualTo(user.getUpdatedAt()); }
@Test public void return_external_identity_only_when_system_administer() { UserDto user = db.users().insertUser(); userIndexer.indexOnStartup(null); userSession.logIn().setSystemAdministrator(); assertThat(ws.newRequest() .executeProtobuf(SearchWsResponse.class).getUsersList()) .extracting(User::getLogin, User::getExternalIdentity) .containsExactlyInAnyOrder(tuple(user.getLogin(), user.getExternalLogin())); userSession.logIn(); assertThat(ws.newRequest() .executeProtobuf(SearchWsResponse.class).getUsersList()) .extracting(User::getLogin, User::hasExternalIdentity) .containsExactlyInAnyOrder(tuple(user.getLogin(), false)); }
@Test public void fail_to_update_user_when_external_id_and_external_provider_already_exists() { createDefaultGroup(); UserDto user = db.users().insertUser(u -> u.setActive(false)); UserDto existingUser = db.users().insertUser(u -> u.setExternalId("existing_external_id").setExternalIdentityProvider("existing_external_provider")); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("A user with provider id 'existing_external_id' and identity provider 'existing_external_provider' already exists"); underTest.updateAndCommit(session, user, new UpdateUser() .setExternalIdentity(new ExternalIdentity(existingUser.getExternalIdentityProvider(), existingUser.getExternalLogin(), existingUser.getExternalId())), u -> { }); }
@Test public void fail_to_create_user_when_external_id_and_external_provider_already_exists() { createDefaultGroup(); UserDto existingUser = db.users().insertUser(u -> u.setExternalId("existing_external_id").setExternalIdentityProvider("existing_external_provider")); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("A user with provider id 'existing_external_id' and identity provider 'existing_external_provider' already exists"); underTest.createAndCommit(db.getSession(), NewUser.builder() .setLogin("new_login") .setName("User") .setExternalIdentity(new ExternalIdentity(existingUser.getExternalIdentityProvider(), existingUser.getExternalLogin(), existingUser.getExternalId())) .build(), u -> { }); }
@Test public void fail_to_reactivate_user_when_external_id_and_external_provider_already_exists() { createDefaultGroup(); UserDto user = db.users().insertUser(u -> u.setActive(false)); UserDto existingUser = db.users().insertUser(u -> u.setExternalId("existing_external_id").setExternalIdentityProvider("existing_external_provider")); expectedException.expect(IllegalArgumentException.class); expectedException.expectMessage("A user with provider id 'existing_external_id' and identity provider 'existing_external_provider' already exists"); underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder() .setLogin(user.getLogin()) .setName("Marius2") .setExternalIdentity(new ExternalIdentity(existingUser.getExternalIdentityProvider(), existingUser.getExternalLogin(), existingUser.getExternalId())) .build(), u -> { }); }