001: package com.ecyrd.jspwiki;
002:
003: import java.security.Principal;
004: import java.util.HashSet;
005: import java.util.Properties;
006: import java.util.Set;
007:
008: import javax.servlet.http.Cookie;
009:
010: import junit.framework.Test;
011: import junit.framework.TestCase;
012: import junit.framework.TestSuite;
013:
014: import org.apache.commons.lang.ArrayUtils;
015:
016: import com.ecyrd.jspwiki.auth.AuthenticationManager;
017: import com.ecyrd.jspwiki.auth.Users;
018: import com.ecyrd.jspwiki.auth.WikiPrincipal;
019: import com.ecyrd.jspwiki.auth.authorize.Role;
020: import com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule;
021:
022: public class WikiSessionTest extends TestCase {
023:
024: private WikiEngine m_engine = null;
025:
026: protected void setUp() throws Exception {
027: super .setUp();
028: Properties props = new Properties();
029: props.load(TestEngine.findTestProperties());
030: m_engine = new TestEngine(props);
031: }
032:
033: protected void tearDown() throws Exception {
034: super .tearDown();
035: }
036:
037: public void testRoles() throws Exception {
038: WikiSession session;
039: Principal[] principals;
040:
041: // Test roles for guest session
042: session = WikiSession.guestSession(m_engine);
043: principals = session.getRoles();
044: assertTrue(session.isAnonymous());
045: assertFalse(session.isAuthenticated());
046: assertTrue(ArrayUtils.contains(principals, Role.ALL));
047: assertTrue(ArrayUtils.contains(principals, Role.ANONYMOUS));
048: assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
049: assertFalse(ArrayUtils.contains(principals, Role.AUTHENTICATED));
050:
051: // Test roles for anonymous session
052:
053: session = anonymousSession(m_engine);
054: principals = session.getRoles();
055: assertTrue(session.isAnonymous());
056: assertFalse(session.isAuthenticated());
057: assertTrue(ArrayUtils.contains(principals, Role.ALL));
058: assertTrue(ArrayUtils.contains(principals, Role.ANONYMOUS));
059: assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
060: assertFalse(ArrayUtils.contains(principals, Role.AUTHENTICATED));
061:
062: // Test roles for authenticated session
063: session = authenticatedSession(m_engine, Users.JANNE,
064: Users.JANNE_PASS);
065: principals = session.getRoles();
066: assertFalse(session.isAnonymous());
067: assertTrue(session.isAuthenticated());
068: assertTrue(ArrayUtils.contains(principals, Role.ALL));
069: assertFalse(ArrayUtils.contains(principals, Role.ANONYMOUS));
070: assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
071: assertTrue(ArrayUtils.contains(principals, Role.AUTHENTICATED));
072:
073: // Test roles for admin session
074: session = adminSession(m_engine);
075: principals = session.getRoles();
076: assertFalse(session.isAnonymous());
077: assertTrue(session.isAuthenticated());
078: assertTrue(ArrayUtils.contains(principals, Role.ALL));
079: assertFalse(ArrayUtils.contains(principals, Role.ANONYMOUS));
080: assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
081: assertTrue(ArrayUtils.contains(principals, Role.AUTHENTICATED));
082: }
083:
084: public void testIsIPAddress() {
085: assertFalse(WikiSession.isIPV4Address("Me"));
086: assertFalse(WikiSession.isIPV4Address("Guest"));
087: assertTrue(WikiSession.isIPV4Address("127.0.0.1"));
088: assertFalse(WikiSession.isIPV4Address("1207.0.0.1"));
089: assertFalse(WikiSession.isIPV4Address("127..0.1"));
090: assertFalse(WikiSession.isIPV4Address("1207.0.0."));
091: assertFalse(WikiSession.isIPV4Address(".0.0.1"));
092: assertFalse(WikiSession.isIPV4Address("..."));
093: }
094:
095: public void testIsContainerStatusChanged() {
096: TestHttpSession session = new TestHttpSession();
097: TestHttpServletRequest request;
098: WikiSession wikiSession;
099:
100: // A naked HTTP request without userPrincipal/remoteUser shouldn't count as changed
101: request = new TestHttpServletRequest();
102: request.setUserPrincipal(null);
103: request.setRemoteUser(null);
104: request.setRemoteAddr("127.0.0.1");
105: request.m_session = session;
106: wikiSession = WikiSession.getWikiSession(m_engine, request);
107: assertFalse(wikiSession.isContainerStatusChanged(request));
108:
109: // Let's send another request from a different IP address but
110: // associated with the same HTTP session (improbable, I know...).
111: // This request should also not count as changed...
112: TestHttpServletRequest request2;
113: WikiSession wikiSession2;
114: request2 = new TestHttpServletRequest();
115: request2.setUserPrincipal(null);
116: request2.setRemoteUser(null);
117: request2.setRemoteAddr("127.1.1.1");
118: request2.m_session = session;
119: wikiSession2 = WikiSession.getWikiSession(m_engine, request2);
120: assertFalse(wikiSession2.isContainerStatusChanged(request2));
121:
122: // ...and the WikiSessions should be the same
123: assertEquals(wikiSession, wikiSession2);
124:
125: // Changing the UserPrincipal value should trigger a change...
126: request = new TestHttpServletRequest();
127: request.setUserPrincipal(new WikiPrincipal("Fred Flintstone "));
128: request.setRemoteUser(null);
129: request.setRemoteAddr("127.0.0.1");
130: request.m_session = session;
131: wikiSession = WikiSession.getWikiSession(m_engine, request);
132: assertTrue(wikiSession.isContainerStatusChanged(request));
133:
134: // ...but if the next request has the same UserPrincipal, it shouldn't.
135: request = new TestHttpServletRequest();
136: request.setUserPrincipal(new WikiPrincipal("Fred Flintstone "));
137: request.setRemoteUser(null);
138: request.setRemoteAddr("127.0.0.1");
139: request.m_session = session;
140: wikiSession = WikiSession.getWikiSession(m_engine, request);
141: assertFalse(wikiSession.isContainerStatusChanged(request));
142:
143: // If we twiddle the remoteUser field, it should trigger a change again...
144: request = new TestHttpServletRequest();
145: request.setUserPrincipal(new WikiPrincipal("Fred Flintstone "));
146: request.setRemoteUser("fred");
147: request.setRemoteAddr("127.0.0.1");
148: request.m_session = session;
149: wikiSession = WikiSession.getWikiSession(m_engine, request);
150: assertTrue(wikiSession.isContainerStatusChanged(request));
151:
152: // ...but not if we follow up with a similar request again.
153: request = new TestHttpServletRequest();
154: request.setUserPrincipal(new WikiPrincipal("Fred Flintstone "));
155: request.setRemoteUser("fred");
156: request.setRemoteAddr("127.0.0.1");
157: request.m_session = session;
158: wikiSession = WikiSession.getWikiSession(m_engine, request);
159: assertFalse(wikiSession.isContainerStatusChanged(request));
160:
161: // And finally, if we null the UserPrincipal and remoteUser again,
162: // it should not trigger a change.
163: request = new TestHttpServletRequest();
164: request.setUserPrincipal(null);
165: request.setRemoteUser(null);
166: request.setRemoteAddr("127.0.0.1");
167: request.m_session = session;
168: wikiSession = WikiSession.getWikiSession(m_engine, request);
169: assertFalse(wikiSession.isContainerStatusChanged(request));
170:
171: // Adding the magic "assertion cookie" should trigger a change in status.
172: request = new TestHttpServletRequest();
173: request.setUserPrincipal(null);
174: request.setRemoteUser(null);
175: request.setRemoteAddr("127.0.0.1");
176: request.m_session = session;
177: String cookieName = CookieAssertionLoginModule.PREFS_COOKIE_NAME;
178: request.m_cookies = new Cookie[] { new Cookie(cookieName,
179: "FredFlintstone") };
180: wikiSession = WikiSession.getWikiSession(m_engine, request);
181: assertTrue(wikiSession.isContainerStatusChanged(request));
182: }
183:
184: public void testGetStatus() {
185: }
186:
187: /**
188: * Creates an anonymous user session.
189: * @param engine the wiki engine
190: * @return the new session
191: * @throws Exception
192: */
193: public static WikiSession anonymousSession(WikiEngine engine)
194: throws Exception {
195: // Build anon session
196: TestHttpServletRequest request = new TestHttpServletRequest();
197: request.setRemoteAddr("53.33.128.9");
198:
199: // Log in
200: boolean loggedIn = engine.getAuthenticationManager().login(
201: request);
202: if (!loggedIn) {
203: throw new IllegalStateException(
204: "Couldn't set up anonymous user.");
205: }
206:
207: WikiSession session = WikiSession.getWikiSession(engine,
208: request);
209:
210: // Make sure the user is actually anonymous
211: if (!session.isAnonymous()) {
212: throw new IllegalStateException("Session is not anonymous.");
213: }
214: return session;
215: }
216:
217: public static WikiSession assertedSession(WikiEngine engine,
218: String name) throws Exception {
219: return assertedSession(engine, name, new Principal[0]);
220: }
221:
222: public static WikiSession assertedSession(WikiEngine engine,
223: String name, Principal[] roles) throws Exception {
224: // We can use cookies right?
225: if (!AuthenticationManager.allowsCookieAssertions()) {
226: throw new IllegalStateException(
227: "Couldn't set up asserted user: login config doesn't allow cookies.");
228: }
229:
230: // Build anon session
231: TestHttpServletRequest request = new TestHttpServletRequest();
232: Set r = new HashSet();
233: for (int i = 0; i < roles.length; i++) {
234: r.add(roles[i].getName());
235: }
236: request.setRoles((String[]) r.toArray(new String[r.size()]));
237: request.setRemoteAddr("53.33.128.9");
238:
239: // Set cookie
240: Cookie cookie = new Cookie(
241: CookieAssertionLoginModule.PREFS_COOKIE_NAME, name);
242: request.setCookies(new Cookie[] { cookie });
243:
244: // Log in
245: boolean loggedIn = engine.getAuthenticationManager().login(
246: request);
247: if (!loggedIn) {
248: throw new IllegalStateException(
249: "Couldn't log in asserted user.");
250: }
251:
252: WikiSession session = WikiSession.getWikiSession(engine,
253: request);
254:
255: // Make sure the user is actually asserted
256: if (!session.hasPrincipal(Role.ASSERTED)) {
257: throw new IllegalStateException(
258: "Didn't find Role.ASSERTED in session.");
259: }
260: return session;
261: }
262:
263: public static WikiSession adminSession(WikiEngine engine)
264: throws Exception {
265: return authenticatedSession(engine, Users.ADMIN,
266: Users.ADMIN_PASS);
267: }
268:
269: public static WikiSession authenticatedSession(WikiEngine engine,
270: String id, String password) throws Exception {
271: // Build anon session
272: TestHttpServletRequest request = new TestHttpServletRequest();
273: request.setRemoteAddr("53.33.128.9");
274:
275: // Log in as anon
276: boolean loggedIn = engine.getAuthenticationManager().login(
277: request);
278: if (!loggedIn) {
279: throw new IllegalStateException(
280: "Couldn't log in anonymous user.");
281: }
282:
283: WikiSession session = WikiSession.getWikiSession(engine,
284: request);
285:
286: // Log in the user with credentials
287: engine.getAuthenticationManager().login(session, id, password);
288:
289: // Make sure the user is actually authenticated
290: if (!session.isAuthenticated()) {
291: throw new IllegalStateException(
292: "Could not log in authenticated user '" + id + "'");
293: }
294: return session;
295: }
296:
297: public static WikiSession containerAuthenticatedSession(
298: WikiEngine engine, String id, Principal[] roles)
299: throws Exception {
300: // Build container session
301: TestHttpServletRequest request = new TestHttpServletRequest();
302: Set r = new HashSet();
303: for (int i = 0; i < roles.length; i++) {
304: r.add(roles[i].getName());
305: }
306: request.setRoles((String[]) r.toArray(new String[r.size()]));
307: request.setRemoteAddr("53.33.128.9");
308: request.setUserPrincipal(new WikiPrincipal(id));
309:
310: // Log in as anon
311: boolean loggedIn = engine.getAuthenticationManager().login(
312: request);
313: if (!loggedIn) {
314: throw new IllegalStateException(
315: "Couldn't log in anonymous user.");
316: }
317:
318: WikiSession session = WikiSession.getWikiSession(engine,
319: request);
320:
321: // Log in the user with credentials
322: engine.getAuthenticationManager().login(request);
323:
324: // Make sure the user is actually authenticated
325: if (!session.isAuthenticated()) {
326: throw new IllegalStateException(
327: "Could not log in authenticated user '" + id + "'");
328: }
329: return session;
330: }
331:
332: public static Test suite() {
333: return new TestSuite(WikiSessionTest.class);
334: }
335:
336: }
|