madawalagama
/
device-mgt-core
forked from community/device-mgt-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bsic test cases finished

Browse Source
revert-70aa11f8
GDLMadushanka 7 years ago
parent cd3bb2a5aa
commit 3d32828572
2 changed files with 136 additions and 12 deletions
Show Stats Download Patch File Download Diff File

5
components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java
Unescape View File

@ -89,7 +89,6 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
} }
} }
//done
@Override @Override
public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username) public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username)
throws DeviceAccessAuthorizationException { throws DeviceAccessAuthorizationException {
@ -102,13 +101,11 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
return isUserAuthorized(deviceIdentifier, this.getUserName(), groupPermissions); return isUserAuthorized(deviceIdentifier, this.getUserName(), groupPermissions);
} }
//done
@Override @Override
public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException { public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException {
return isUserAuthorized(deviceIdentifier, this.getUserName(), null); return isUserAuthorized(deviceIdentifier, this.getUserName(), null);
} }
//done
@Override @Override
public boolean isDeviceAdminUser() throws DeviceAccessAuthorizationException { public boolean isDeviceAdminUser() throws DeviceAccessAuthorizationException {
String username = this.getUserName(); String username = this.getUserName();
@ -168,14 +165,12 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
return deviceAuthorizationResult; return deviceAuthorizationResult;
} }
//done
@Override @Override
public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username) public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers, String username)
throws DeviceAccessAuthorizationException { throws DeviceAccessAuthorizationException {
return isUserAuthorized(deviceIdentifiers, username, null); return isUserAuthorized(deviceIdentifiers, username, null);
} }
//done
@Override @Override
public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers) public DeviceAuthorizationResult isUserAuthorized(List<DeviceIdentifier> deviceIdentifiers)
throws DeviceAccessAuthorizationException { throws DeviceAccessAuthorizationException {

143
components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java
Unescape View File

@ -23,14 +23,18 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.testng.Assert; import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass; import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test; import org.testng.annotations.Test;
import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceNotFoundException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
import org.wso2.carbon.device.mgt.common.permission.mgt.*; import org.wso2.carbon.device.mgt.common.permission.mgt.*;
import org.wso2.carbon.device.mgt.core.TestDeviceManagementService; import org.wso2.carbon.device.mgt.core.TestDeviceManagementService;
import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest; import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest;
@ -40,6 +44,7 @@ import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
import org.wso2.carbon.device.mgt.core.internal.DeviceManagementServiceComponent; import org.wso2.carbon.device.mgt.core.internal.DeviceManagementServiceComponent;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderServiceImpl; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderServiceImpl;
import org.wso2.carbon.registry.core.config.RegistryContext; import org.wso2.carbon.registry.core.config.RegistryContext;
import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.exceptions.RegistryException;
@ -53,8 +58,7 @@ import org.wso2.carbon.user.core.tenant.JDBCTenantManager;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import java.io.InputStream; import java.io.InputStream;
import java.util.ArrayList; import java.util.*;
import java.util.List;
public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest { public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest {
@ -63,10 +67,24 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE"; private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE";
private static final int NO_OF_DEVICES = 5; private static final int NO_OF_DEVICES = 5;
private static final String ADMIN_USER = "admin"; private static final String ADMIN_USER = "admin";
private static final String NON_ADMIN_ALLOWED_USER = "nonAdmin";
private static final String NORMAL_USER = "normal";
private static final String ADMIN_ROLE = "adminRole"; private static final String ADMIN_ROLE = "adminRole";
private static final String NON_ADMIN_ROLE = "nonAdminRole";
private static final String DEFAULT_GROUP = "defaultGroup";
private static final String DEVICE_ID_PREFIX = "AUTH-SERVICE-TEST-DEVICE-ID-"; private static final String DEVICE_ID_PREFIX = "AUTH-SERVICE-TEST-DEVICE-ID-";
public static final String USER_CLAIM_EMAIL_ADDRESS = "http://wso2.org/claims/emailaddress";
public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname";
public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname";
public static final String ADMIN_PERMISSION = "/permission/admin";
public static final String NON_ADMIN_PERMISSION = "/permission/admin/manage/device-mgt/devices/owning-device/view";
private List<DeviceIdentifier> deviceIds = new ArrayList<>(); private List<DeviceIdentifier> deviceIds = new ArrayList<>();
private List<DeviceIdentifier> groupDeviceIds = new ArrayList<>();
private List<DeviceIdentifier> nonGroupDeviceIds = new ArrayList<>();
Map<String, String> defaultUserClaims;
@BeforeClass @BeforeClass
public void init() throws Exception { public void init() throws Exception {
@ -80,7 +98,6 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
DeviceManagementServiceComponent.notifyStartupListeners(); DeviceManagementServiceComponent.notifyStartupListeners();
DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService); DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService);
DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService()); DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService());
DeviceManagementDataHolder.getInstance().setDeviceAccessAuthorizationService(new DeviceAccessAuthorizationServiceImpl());
DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new GroupManagementProviderServiceImpl()); DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new GroupManagementProviderServiceImpl());
DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null); DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null);
deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE, deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE,
@ -95,6 +112,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
} }
} }
deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS); deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS);
defaultUserClaims = buildDefaultUserClaims("firstname", "lastname", "email");
initializeTestEnvironment();
} }
private RegistryService getRegistryService() throws RegistryException, UserStoreException { private RegistryService getRegistryService() throws RegistryException, UserStoreException {
@ -145,10 +164,120 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
@Test @Test
public void isDeviceAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { public void isDeviceAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
Permission permission = new Permission("/permission/admin", CarbonConstants.UI_PERMISSION_ACTION);
DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager()
.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{permission});
Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser()); Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser());
}
@Test
public void isUserAuthorizedAllowedDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), new String[]{NON_ADMIN_PERMISSION}));
PrivilegedCarbonContext.endTenantFlow();
}
@Test
public void isUserAuthorizedNotAllowedDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), new String[]{NON_ADMIN_PERMISSION}));
PrivilegedCarbonContext.endTenantFlow();
}
@Test
public void nonAdminUserTryIsAdmin() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER);
Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser());
PrivilegedCarbonContext.endTenantFlow();
}
@Test
public void isUserAuthorizedAllowedDeviceAllDetails() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0),NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION}));
PrivilegedCarbonContext.endTenantFlow();
}
@Test
public void isUserAuthorizedAllowedDeviceAllDetailsWrongDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3),NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION}));
PrivilegedCarbonContext.endTenantFlow();
}
@Test
public void deviceIdAndPermission() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
isUserAuthorized(deviceIds,new String[]{NON_ADMIN_PERMISSION});
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(),2);
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(),3);
PrivilegedCarbonContext.endTenantFlow();
}
@Test
public void deviceIdUsernameAndPermission() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
isUserAuthorized(deviceIds,NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION});
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(),2);
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(),3);
PrivilegedCarbonContext.endTenantFlow();
}
public void initializeTestEnvironment() throws UserStoreException, GroupManagementException, RoleDoesNotExistException,
DeviceNotFoundException {
//creating UI permission
Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
//Adding a non Admin User
userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, "password", null, defaultUserClaims, null);
//Adding a normal user
userStoreManager.addUser(NORMAL_USER, "password", null, defaultUserClaims, null);
//Adding role with permission to Admin user
userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission});
//Adding role with permission to non Admin user
userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER}, new Permission[]{deviceViewPermission});
//Creating default group
GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance()
.getGroupManagementProviderService();
groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP);
int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId();
//Sharing group with admin and non admin roles
groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE, NON_ADMIN_ROLE)));
//Adding first 2 devices to the group
groupDeviceIds.add(deviceIds.get(0));
groupDeviceIds.add(deviceIds.get(1));
groupManagementProviderService.addDevices(groupId, groupDeviceIds);
//Rest of the devices
nonGroupDeviceIds.add(deviceIds.get(2));
nonGroupDeviceIds.add(deviceIds.get(3));
nonGroupDeviceIds.add(deviceIds.get(4));
} }
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) {
Map<String, String> defaultUserClaims = new HashMap<>();
defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName);
defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName);
defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress);
if (log.isDebugEnabled()) {
log.debug("Default claim map is created for new user: " + defaultUserClaims.toString());
}
return defaultUserClaims;
}
} }

Write Preview
Loading…
Cancel
Save