|
|
|
@ -63,7 +63,8 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
public void setup() throws Exception {
|
|
|
|
|
this.server = new MockWebServer();
|
|
|
|
|
this.builder = WebClient.builder().baseUrl(this.server.url("/").toString());
|
|
|
|
|
this.securityService = new ReactiveCloudFoundrySecurityService(this.builder, CLOUD_CONTROLLER);
|
|
|
|
|
this.securityService = new ReactiveCloudFoundrySecurityService(this.builder,
|
|
|
|
|
CLOUD_CONTROLLER);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@After
|
|
|
|
@ -76,12 +77,15 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
String responseBody = "{\"read_sensitive_data\": true,\"read_basic_data\": true}";
|
|
|
|
|
prepareResponse(response -> response.setBody(responseBody)
|
|
|
|
|
.setHeader("Content-Type", "application/json"));
|
|
|
|
|
StepVerifier.create(this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeNextWith(
|
|
|
|
|
accessLevel -> assertThat(accessLevel).isEqualTo(AccessLevel.FULL))
|
|
|
|
|
StepVerifier
|
|
|
|
|
.create(this.securityService.getAccessLevel("my-access-token",
|
|
|
|
|
"my-app-id"))
|
|
|
|
|
.consumeNextWith(accessLevel -> assertThat(accessLevel)
|
|
|
|
|
.isEqualTo(AccessLevel.FULL))
|
|
|
|
|
.expectComplete().verify();
|
|
|
|
|
expectRequest(request -> {
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
|
|
|
|
|
.isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
@ -92,12 +96,15 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
String responseBody = "{\"read_sensitive_data\": false,\"read_basic_data\": true}";
|
|
|
|
|
prepareResponse(response -> response.setBody(responseBody)
|
|
|
|
|
.setHeader("Content-Type", "application/json"));
|
|
|
|
|
StepVerifier.create(this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeNextWith(
|
|
|
|
|
accessLevel -> assertThat(accessLevel).isEqualTo(AccessLevel.RESTRICTED))
|
|
|
|
|
StepVerifier
|
|
|
|
|
.create(this.securityService.getAccessLevel("my-access-token",
|
|
|
|
|
"my-app-id"))
|
|
|
|
|
.consumeNextWith(accessLevel -> assertThat(accessLevel)
|
|
|
|
|
.isEqualTo(AccessLevel.RESTRICTED))
|
|
|
|
|
.expectComplete().verify();
|
|
|
|
|
expectRequest(request -> {
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
|
|
|
|
|
.isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
@ -105,15 +112,18 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
@Test
|
|
|
|
|
public void getAccessLevelWhenTokenIsNotValidShouldThrowException() throws Exception {
|
|
|
|
|
prepareResponse(response -> response.setResponseCode(401));
|
|
|
|
|
StepVerifier.create(this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeErrorWith(
|
|
|
|
|
throwable -> {
|
|
|
|
|
assertThat(throwable).isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(((CloudFoundryAuthorizationException) throwable).getReason()).isEqualTo(Reason.INVALID_TOKEN);
|
|
|
|
|
})
|
|
|
|
|
.verify();
|
|
|
|
|
StepVerifier.create(
|
|
|
|
|
this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeErrorWith(throwable -> {
|
|
|
|
|
assertThat(throwable)
|
|
|
|
|
.isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(
|
|
|
|
|
((CloudFoundryAuthorizationException) throwable).getReason())
|
|
|
|
|
.isEqualTo(Reason.INVALID_TOKEN);
|
|
|
|
|
}).verify();
|
|
|
|
|
expectRequest(request -> {
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
|
|
|
|
|
.isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
@ -121,15 +131,18 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
@Test
|
|
|
|
|
public void getAccessLevelWhenForbiddenShouldThrowException() throws Exception {
|
|
|
|
|
prepareResponse(response -> response.setResponseCode(403));
|
|
|
|
|
StepVerifier.create(this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeErrorWith(
|
|
|
|
|
throwable -> {
|
|
|
|
|
assertThat(throwable).isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(((CloudFoundryAuthorizationException) throwable).getReason()).isEqualTo(Reason.ACCESS_DENIED);
|
|
|
|
|
})
|
|
|
|
|
.verify();
|
|
|
|
|
StepVerifier.create(
|
|
|
|
|
this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeErrorWith(throwable -> {
|
|
|
|
|
assertThat(throwable)
|
|
|
|
|
.isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(
|
|
|
|
|
((CloudFoundryAuthorizationException) throwable).getReason())
|
|
|
|
|
.isEqualTo(Reason.ACCESS_DENIED);
|
|
|
|
|
}).verify();
|
|
|
|
|
expectRequest(request -> {
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
|
|
|
|
|
.isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
@ -138,15 +151,18 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
public void getAccessLevelWhenCloudControllerIsNotReachableThrowsException()
|
|
|
|
|
throws Exception {
|
|
|
|
|
prepareResponse(response -> response.setResponseCode(500));
|
|
|
|
|
StepVerifier.create(this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeErrorWith(
|
|
|
|
|
throwable -> {
|
|
|
|
|
assertThat(throwable).isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(((CloudFoundryAuthorizationException) throwable).getReason()).isEqualTo(Reason.SERVICE_UNAVAILABLE);
|
|
|
|
|
})
|
|
|
|
|
.verify();
|
|
|
|
|
StepVerifier.create(
|
|
|
|
|
this.securityService.getAccessLevel("my-access-token", "my-app-id"))
|
|
|
|
|
.consumeErrorWith(throwable -> {
|
|
|
|
|
assertThat(throwable)
|
|
|
|
|
.isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(
|
|
|
|
|
((CloudFoundryAuthorizationException) throwable).getReason())
|
|
|
|
|
.isEqualTo(Reason.SERVICE_UNAVAILABLE);
|
|
|
|
|
}).verify();
|
|
|
|
|
expectRequest(request -> {
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
|
|
|
|
|
.isEqualTo("bearer my-access-token");
|
|
|
|
|
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
@ -173,11 +189,13 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
response.setHeader("Content-Type", "application/json");
|
|
|
|
|
});
|
|
|
|
|
StepVerifier.create(this.securityService.fetchTokenKeys())
|
|
|
|
|
.consumeNextWith(
|
|
|
|
|
tokenKeys -> assertThat(tokenKeys.get("test-key")).isEqualTo(tokenKeyValue))
|
|
|
|
|
.consumeNextWith(tokenKeys -> assertThat(tokenKeys.get("test-key"))
|
|
|
|
|
.isEqualTo(tokenKeyValue))
|
|
|
|
|
.expectComplete().verify();
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo("/my-cloud-controller.com/info"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo("/my-uaa.com/token_keys"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo("/my-cloud-controller.com/info"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo("/my-uaa.com/token_keys"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@ -192,11 +210,12 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
response.setHeader("Content-Type", "application/json");
|
|
|
|
|
});
|
|
|
|
|
StepVerifier.create(this.securityService.fetchTokenKeys())
|
|
|
|
|
.consumeNextWith(
|
|
|
|
|
tokenKeys -> assertThat(tokenKeys).hasSize(0))
|
|
|
|
|
.consumeNextWith(tokenKeys -> assertThat(tokenKeys).hasSize(0))
|
|
|
|
|
.expectComplete().verify();
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo("/my-cloud-controller.com/info"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo("/my-uaa.com/token_keys"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo("/my-cloud-controller.com/info"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo("/my-uaa.com/token_keys"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@ -209,12 +228,14 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
response.setResponseCode(500);
|
|
|
|
|
});
|
|
|
|
|
StepVerifier.create(this.securityService.fetchTokenKeys())
|
|
|
|
|
.consumeErrorWith(
|
|
|
|
|
throwable -> assertThat(((CloudFoundryAuthorizationException) throwable)
|
|
|
|
|
.getReason()).isEqualTo(Reason.SERVICE_UNAVAILABLE))
|
|
|
|
|
.consumeErrorWith(throwable -> assertThat(
|
|
|
|
|
((CloudFoundryAuthorizationException) throwable).getReason())
|
|
|
|
|
.isEqualTo(Reason.SERVICE_UNAVAILABLE))
|
|
|
|
|
.verify();
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo("/my-cloud-controller.com/info"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo("/my-uaa.com/token_keys"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo("/my-cloud-controller.com/info"));
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo("/my-uaa.com/token_keys"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@ -224,11 +245,12 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
response.setHeader("Content-Type", "application/json");
|
|
|
|
|
});
|
|
|
|
|
StepVerifier.create(this.securityService.getUaaUrl())
|
|
|
|
|
.consumeNextWith(
|
|
|
|
|
uaaUrl -> assertThat(uaaUrl).isEqualTo(UAA_URL))
|
|
|
|
|
.consumeNextWith(uaaUrl -> assertThat(uaaUrl).isEqualTo(UAA_URL))
|
|
|
|
|
.expectComplete().verify();
|
|
|
|
|
//this.securityService.getUaaUrl().block(); //FIXME subscribe again to check that it isn't called again
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER + "/info"));
|
|
|
|
|
// this.securityService.getUaaUrl().block(); //FIXME subscribe again to check that
|
|
|
|
|
// it isn't called again
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo(CLOUD_CONTROLLER + "/info"));
|
|
|
|
|
expectRequestCount(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -237,13 +259,15 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
throws Exception {
|
|
|
|
|
prepareResponse(response -> response.setResponseCode(500));
|
|
|
|
|
StepVerifier.create(this.securityService.getUaaUrl())
|
|
|
|
|
.consumeErrorWith(
|
|
|
|
|
throwable -> {
|
|
|
|
|
assertThat(throwable).isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(((CloudFoundryAuthorizationException) throwable).getReason()).isEqualTo(Reason.SERVICE_UNAVAILABLE);
|
|
|
|
|
})
|
|
|
|
|
.verify();
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER + "/info"));
|
|
|
|
|
.consumeErrorWith(throwable -> {
|
|
|
|
|
assertThat(throwable)
|
|
|
|
|
.isInstanceOf(CloudFoundryAuthorizationException.class);
|
|
|
|
|
assertThat(
|
|
|
|
|
((CloudFoundryAuthorizationException) throwable).getReason())
|
|
|
|
|
.isEqualTo(Reason.SERVICE_UNAVAILABLE);
|
|
|
|
|
}).verify();
|
|
|
|
|
expectRequest(request -> assertThat(request.getPath())
|
|
|
|
|
.isEqualTo(CLOUD_CONTROLLER + "/info"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void prepareResponse(Consumer<MockResponse> consumer) {
|
|
|
|
@ -252,7 +276,8 @@ public class ReactiveCloudFoundrySecurityServiceTests {
|
|
|
|
|
this.server.enqueue(response);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void expectRequest(Consumer<RecordedRequest> consumer) throws InterruptedException {
|
|
|
|
|
private void expectRequest(Consumer<RecordedRequest> consumer)
|
|
|
|
|
throws InterruptedException {
|
|
|
|
|
consumer.accept(this.server.takeRequest());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|