Test errors -> 0, Test failures -> ~12%

sam-glendenning · Nov 9, 2021 · 922b464 · 922b464
1 parent f7f8513
commit 922b464
Show file tree

Hide file tree

Showing 53 changed files with 329 additions and 234 deletions.
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/api/common/OffsetPageable.java b/iam-login-service/src/main/java/it/infn/mw/iam/api/common/OffsetPageable.java
@@ -17,6 +17,8 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 
+import java.util.Objects;
+
 import javax.annotation.Generated;
 
 import org.apache.commons.lang3.NotImplementedException;
@@ -31,7 +33,7 @@ public class OffsetPageable implements Pageable {
 
   public OffsetPageable(int count) {
 
-    this(0, count, null);
+    this(0, count, Sort.unsorted());
   }
 
   public OffsetPageable(int count, Sort sort) {
@@ -51,7 +53,14 @@ public OffsetPageable(int offset, int count, Sort sort) {
 
     this.offset = offset;
     this.count = count;
-    this.sort = sort;
+
+    if (Objects.isNull(sort)) {
+      this.sort = Sort.unsorted();
+    } else {
+      this.sort = sort;
+    }
+
+
   }
 
   @Override

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/MitreServicesConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/MitreServicesConfig.java
@@ -75,7 +75,6 @@
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
 import org.springframework.security.oauth2.provider.token.TokenEnhancer;
 import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
-import org.springframework.web.servlet.AsyncHandlerInterceptor;
 
 import com.google.common.collect.Sets;
 
@@ -190,13 +189,13 @@ OAuth2TokenEntityService tokenServices() {
 
 
   @Bean(name = "mitreUserInfoInterceptor")
-  public AsyncHandlerInterceptor userInfoInterceptor(UserInfoService service) {
+  public IamUserInfoInterceptor userInfoInterceptor(UserInfoService service) {
 
     return new IamUserInfoInterceptor(service);
   }
 
   @Bean(name = "mitreServerConfigInterceptor")
-  public AsyncHandlerInterceptor serverConfigInterceptor() {
+  public ServerConfigInterceptor serverConfigInterceptor() {
 
     return new ServerConfigInterceptor();
   }

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/MvcConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/MvcConfig.java
@@ -20,6 +20,7 @@
 import java.util.Locale;
 import java.util.concurrent.TimeUnit;
 
+import org.mitre.openid.connect.web.ServerConfigInterceptor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -30,7 +31,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.DefaultResourceLoader;
 import org.springframework.http.CacheControl;
-import org.springframework.web.servlet.AsyncHandlerInterceptor;
 import org.springframework.web.servlet.LocaleResolver;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -44,7 +44,9 @@
 import org.springframework.web.servlet.view.InternalResourceViewResolver;
 import org.springframework.web.servlet.view.JstlView;
 
+import it.infn.mw.iam.core.userinfo.IamUserInfoInterceptor;
 import it.infn.mw.iam.core.util.PoliteJsonMessageSource;
+import it.infn.mw.iam.core.web.IamViewInfoInterceptor;
 
 @Configuration
 public class MvcConfig implements WebMvcConfigurer {
@@ -53,14 +55,14 @@ public class MvcConfig implements WebMvcConfigurer {
 
   @Autowired
   @Qualifier("mitreUserInfoInterceptor")
-  AsyncHandlerInterceptor userInfoInterceptor;
+  IamUserInfoInterceptor userInfoInterceptor;
 
   @Autowired
   @Qualifier("mitreServerConfigInterceptor")
-  AsyncHandlerInterceptor serverConfigInterceptor;
+  ServerConfigInterceptor serverConfigInterceptor;
 
   @Autowired
-  AsyncHandlerInterceptor iamViewInfoInterceptor;
+  IamViewInfoInterceptor iamViewInfoInterceptor;
 
   @Autowired
   IamProperties iamProperties;

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/security/SpringHttpFirewallConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/security/SpringHttpFirewallConfig.java
@@ -0,0 +1,39 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.infn.mw.iam.config.security;
+
+import java.util.function.Predicate;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+
+@Configuration
+public class SpringHttpFirewallConfig {
+
+  public static final Predicate<String> ANY_VALUE = (s) -> true;
+
+  @Bean
+  HttpFirewall iamHttpFirewall() {
+
+    StrictHttpFirewall httpFirewall = new StrictHttpFirewall();
+    httpFirewall.setAllowedHeaderValues(ANY_VALUE);
+
+    return httpFirewall;
+  }
+
+}
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/userinfo/IamUserInfoInterceptor.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/userinfo/IamUserInfoInterceptor.java
@@ -29,7 +29,8 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+import org.springframework.web.servlet.AsyncHandlerInterceptor;
+import org.springframework.web.servlet.HandlerInterceptor;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
@@ -39,7 +40,7 @@
 import com.google.gson.JsonSerializer;
 
 @SuppressWarnings("deprecation")
-public class IamUserInfoInterceptor extends HandlerInterceptorAdapter {
+public class IamUserInfoInterceptor implements HandlerInterceptor, AsyncHandlerInterceptor {
 
   public static final String USERINFO_ATTR_NAME = "userInfo";
   public static final String USERINFO_JSON_ATTR_NAME = "userInfoJson";

diff --git a/...ogin-service/src/test/java/it/infn/mw/iam/test/api/account/labels/AccountLabelsTests.java b/...ogin-service/src/test/java/it/infn/mw/iam/test/api/account/labels/AccountLabelsTests.java
@@ -21,9 +21,9 @@
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.hasItem;
 import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.MatcherAssert.assertThat;
-import static org.springframework.http.MediaType.APPLICATION_JSON_UTF8;
+import static org.hamcrest.Matchers.hasSize;
+import static org.springframework.http.MediaType.APPLICATION_JSON;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
@@ -95,7 +95,7 @@ public void managingLabelsRequiresAuthenticatedUser() throws Exception {
     mvc.perform(get(RESOURCE, TEST_100_USER_UUID)).andExpect(UNAUTHORIZED);
 
     mvc
-      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(TEST_LABEL)))
       .andExpect(UNAUTHORIZED);
 
@@ -116,7 +116,7 @@ public void managingLabelsRequiresPrivilegedUser() throws Exception {
     mvc.perform(get(RESOURCE, TEST_100_USER_UUID)).andExpect(FORBIDDEN);
 
     mvc
-      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(TEST_LABEL)))
       .andExpect(FORBIDDEN);
 
@@ -139,7 +139,7 @@ public void gettingLabelsWorksForAdminUser() throws Exception {
   public void setLabelWorks() throws Exception {
 
     mvc
-      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(TEST_LABEL)))
       .andExpect(OK);
 
@@ -154,7 +154,7 @@ public void setLabelWorks() throws Exception {
     LabelDTO label = LabelDTO.builder().prefix(LABEL_PREFIX).name(LABEL_NAME).build();
 
     mvc
-      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(label)))
       .andExpect(OK);
 
@@ -173,12 +173,12 @@ public void deleteLabelWorks() throws Exception {
     LabelDTO unqualified = LabelDTO.builder().name(LABEL_NAME).build();
 
     mvc
-      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(TEST_LABEL)))
       .andExpect(OK);
 
     mvc
-      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(unqualified)))
       .andExpect(OK);
 
@@ -224,7 +224,7 @@ public void nonExistingResourceHandledCorrectly() throws Exception {
       .andExpect(ACCOUNT_NOT_FOUND_ERROR_MESSAGE);
 
     mvc
-      .perform(put(RESOURCE, RANDOM_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, RANDOM_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(TEST_LABEL)))
       .andExpect(NOT_FOUND)
       .andExpect(ACCOUNT_NOT_FOUND_ERROR_MESSAGE);
@@ -247,12 +247,12 @@ public void multipleLabelsHandledCorrectly() throws Exception {
 
     for (LabelDTO l : labels) {
       mvc
-        .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+        .perform(put(RESOURCE, TEST_100_USER_UUID).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(l)))
         .andExpect(OK);
 
       mvc
-        .perform(put(RESOURCE, TEST_USER_UUID).contentType(APPLICATION_JSON_UTF8)
+        .perform(put(RESOURCE, TEST_USER_UUID).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(l)))
         .andExpect(OK);
     }
@@ -299,7 +299,7 @@ public void labelValidationTests() throws Exception {
     for (String p : SOME_INVALID_PREFIXES) {
       LabelDTO l = LabelDTO.builder().prefix(p).value(LABEL_VALUE).name(LABEL_NAME).build();
       mvc
-        .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON_UTF8)
+        .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(l)))
         .andExpect(BAD_REQUEST)
         .andExpect(INVALID_PREFIX_ERROR_MESSAGE);
@@ -308,7 +308,7 @@ public void labelValidationTests() throws Exception {
     LabelDTO noNameLabel = LabelDTO.builder().prefix(LABEL_PREFIX).build();
 
     mvc
-      .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(noNameLabel)))
       .andExpect(BAD_REQUEST)
       .andExpect(NAME_REQUIRED_ERROR_MESSAGE);
@@ -318,7 +318,7 @@ public void labelValidationTests() throws Exception {
     for (String in : SOME_INVALID_NAMES) {
       LabelDTO invalidNameLabel = LabelDTO.builder().prefix(LABEL_PREFIX).name(in).build();
       mvc
-        .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON_UTF8)
+        .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(invalidNameLabel)))
         .andExpect(BAD_REQUEST)
         .andExpect(INVALID_NAME_ERROR_MESSAGE);
@@ -328,7 +328,7 @@ public void labelValidationTests() throws Exception {
         LabelDTO.builder().prefix(LABEL_PREFIX).name(randomAlphabetic(65)).build();
 
     mvc
-      .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(longNameLabel)))
       .andExpect(BAD_REQUEST)
       .andExpect(NAME_TOO_LONG_ERROR_MESSAGE);
@@ -341,7 +341,7 @@ public void labelValidationTests() throws Exception {
       .build();
 
     mvc
-      .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON_UTF8)
+      .perform(put(RESOURCE, TEST_001_GROUP_UUID).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(longValueLabel)))
       .andExpect(BAD_REQUEST)
       .andExpect(VALUE_TOO_LONG_ERROR_MESSAGE);

diff --git a/...ice/src/test/java/it/infn/mw/iam/test/api/aup/EnforceAupSignatureSuccessHandlerTests.java b/...ice/src/test/java/it/infn/mw/iam/test/api/aup/EnforceAupSignatureSuccessHandlerTests.java
@@ -91,7 +91,7 @@ public void before() {
 
   @Test
   public void userIsRedirectedToSignAupPageWhenNeeded() throws IOException, ServletException {
-    when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.of(account));
+    // when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.of(account));
     when(accountUtils.getAuthenticatedUserAccount(Mockito.any())).thenReturn(Optional.of(account));
     when(signatureCheckService.needsAupSignature(Mockito.any())).thenReturn(true);
 
@@ -104,7 +104,7 @@ public void userIsRedirectedToSignAupPageWhenNeeded() throws IOException, Servle
 
   @Test
   public void delegateIsCalledIfNoSignatureIsNeeded()throws IOException, ServletException {
-    when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.of(account));
+    // when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.of(account));
     when(accountUtils.getAuthenticatedUserAccount(Mockito.any())).thenReturn(Optional.of(account));
     when(signatureCheckService.needsAupSignature(Mockito.any())).thenReturn(false); 
 
@@ -121,7 +121,7 @@ public void testOAuthAuthenticationIsUnderstood() throws IOException, ServletExc
     when(oauth.getName()).thenReturn("oauth-client-for-test");
     when(oauth.getUserAuthentication()).thenReturn(auth);
 
-    when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.of(account));
+    // when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.of(account));
     when(accountUtils.getAuthenticatedUserAccount(Mockito.any())).thenReturn(Optional.of(account));
     when(signatureCheckService.needsAupSignature(Mockito.any())).thenReturn(false);
 
@@ -136,10 +136,10 @@ public void testOAuthClientAuthenticationDoesNotResultInUserLoginTimeUpdate() th
     OAuth2Authentication oauth = Mockito.mock(OAuth2Authentication.class);
     when(oauth.getName()).thenReturn("oauth-client-for-test");
     when(oauth.getUserAuthentication()).thenReturn(null);
-    when(signatureCheckService.needsAupSignature(Mockito.any())).thenReturn(false); 
+    // when(signatureCheckService.needsAupSignature(Mockito.any())).thenReturn(false);
 
-    when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.empty());
-    when(accountUtils.getAuthenticatedUserAccount(Mockito.any())).thenReturn(Optional.empty());
+    // when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.empty());
+    // when(accountUtils.getAuthenticatedUserAccount(Mockito.any())).thenReturn(Optional.empty());
 
     handler.onAuthenticationSuccess(request, response, oauth);
     verify(session).setAttribute(Mockito.eq(AuthenticationTimeStamper.AUTH_TIMESTAMP), Mockito.any());

diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/api/group/GroupAttributeTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/api/group/GroupAttributeTests.java
@@ -19,7 +19,7 @@
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.Matchers.hasSize;
-import static org.springframework.http.MediaType.APPLICATION_JSON_UTF8;
+import static org.springframework.http.MediaType.APPLICATION_JSON;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
@@ -105,7 +105,7 @@ public void managingAttributesRequiresAuthenticatedUser() throws Exception {
     attr.setValue(ATTR_VALUE);
 
     mvc.perform(
-        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON_UTF8)
+        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(attr)))
       .andExpect(UNAUTHORIZED);
 
@@ -128,7 +128,7 @@ public void managingAttributesRequiresPrivilegedUser() throws Exception {
     attr.setValue(ATTR_VALUE);
 
     mvc.perform(
-        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON_UTF8)
+        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(attr)))
       .andExpect(FORBIDDEN);
 
@@ -161,7 +161,7 @@ public void setAttributeWorks() throws Exception {
     attr.setValue(ATTR_VALUE);
 
     mvc.perform(
-        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON_UTF8)
+        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(attr)))
       .andExpect(status().isOk());
 
@@ -174,7 +174,7 @@ public void setAttributeWorks() throws Exception {
     attr.setValue(null);
 
     mvc.perform(
-        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON_UTF8)
+        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(attr)))
       .andExpect(status().isOk());
 
@@ -198,7 +198,7 @@ public void deleteAttributeWorks() throws Exception {
     attr.setValue(ATTR_VALUE);
 
     mvc.perform(
-        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON_UTF8)
+        put("/iam/group/{id}/attributes", testGroup.getUuid()).contentType(APPLICATION_JSON)
           .content(mapper.writeValueAsString(attr)))
       .andExpect(status().isOk());
 
@@ -224,7 +224,7 @@ public void nonExistingGroupIsHandledCorrectly() throws Exception {
       .andExpect(jsonPath("$.error", containsString("Group not found")));
 
     mvc
-      .perform(put("/iam/group/{id}/attributes", randomUuid).contentType(APPLICATION_JSON_UTF8)
+      .perform(put("/iam/group/{id}/attributes", randomUuid).contentType(APPLICATION_JSON)
         .content(mapper.writeValueAsString(attr)))
       .andExpect(NOT_FOUND)
       .andExpect(jsonPath("$.error", containsString("Group not found")));