Finalyzing unit tests for DeviceAccessAuthorizationServiceImpl

revert-70aa11f8
GDLMadushanka 7 years ago
parent 61286b667e
commit 8d8330a52c

@ -20,11 +20,10 @@ package org.wso2.carbon.device.mgt.core.authorization;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
@ -36,11 +35,9 @@ import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils;
import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map;
/** /**
* Implementation of DeviceAccessAuthorization service. * Implementation of DeviceAccessAuthorization service.
@ -233,7 +230,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
return userRealm.getAuthorizationManager() return userRealm.getAuthorizationManager()
.isUserAuthorized(removeTenantDomain(username), .isUserAuthorized(removeTenantDomain(username),
PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION), PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION),
PermissionMethod.UI_EXECUTE); CarbonConstants.UI_PERMISSION_ACTION);
} }
return false; return false;
} }
@ -265,22 +262,6 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
return PermissionUtils.putPermission(permission); return PermissionUtils.putPermission(permission);
} }
private Map<String, String> getOwnershipOfDevices(List<Device> devices) {
Map<String, String> ownershipData = new HashMap<>();
EnrolmentInfo enrolmentInfo;
String owner;
for (Device device : devices) {
enrolmentInfo = device.getEnrolmentInfo();
if (enrolmentInfo != null) {
owner = enrolmentInfo.getOwner();
if (owner != null && !owner.isEmpty()) {
ownershipData.put(device.getDeviceIdentifier(), owner);
}
}
}
return ownershipData;
}
public static final class PermissionMethod { public static final class PermissionMethod {
public static final String READ = "read"; public static final String READ = "read";
public static final String WRITE = "write"; public static final String WRITE = "write";

@ -23,18 +23,17 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.testng.Assert; import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass; import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test; import org.testng.annotations.Test;
import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.*;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceNotFoundException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException;
import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException;
import org.wso2.carbon.device.mgt.common.permission.mgt.*; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.core.TestDeviceManagementService; import org.wso2.carbon.device.mgt.core.TestDeviceManagementService;
import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest; import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest;
import org.wso2.carbon.device.mgt.core.common.TestDataHolder; import org.wso2.carbon.device.mgt.core.common.TestDataHolder;
@ -50,19 +49,21 @@ import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.internal.RegistryDataHolder; import org.wso2.carbon.registry.core.internal.RegistryDataHolder;
import org.wso2.carbon.registry.core.jdbc.realm.InMemoryRealmService; import org.wso2.carbon.registry.core.jdbc.realm.InMemoryRealmService;
import org.wso2.carbon.registry.core.service.RegistryService; import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.api.*; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.api.Permission; import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.tenant.JDBCTenantManager; import org.wso2.carbon.user.core.tenant.JDBCTenantManager;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import java.io.InputStream; import java.io.InputStream;
import java.util.*; import java.util.ArrayList;
import java.util.Map;
import java.util.List;
import java.util.HashMap;
import java.util.Arrays;
public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest { public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest {
private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class); private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class);
private DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService;
private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE"; private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE";
private static final int NO_OF_DEVICES = 5; private static final int NO_OF_DEVICES = 5;
private static final String ADMIN_USER = "admin"; private static final String ADMIN_USER = "admin";
@ -81,6 +82,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
private static final String LAST_NAME = "lastName"; private static final String LAST_NAME = "lastName";
private static final String EMAIL = "email"; private static final String EMAIL = "email";
private static final String PASSWORD = "password"; private static final String PASSWORD = "password";
private DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService;
private List<DeviceIdentifier> deviceIds = new ArrayList<>(); private List<DeviceIdentifier> deviceIds = new ArrayList<>();
private List<DeviceIdentifier> groupDeviceIds = new ArrayList<>(); private List<DeviceIdentifier> groupDeviceIds = new ArrayList<>();
private Map<String, String> defaultUserClaims; private Map<String, String> defaultUserClaims;
@ -88,7 +90,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
@BeforeClass @BeforeClass
public void init() throws Exception { public void init() throws Exception {
DeviceConfigurationManager.getInstance().initConfig(); DeviceConfigurationManager.getInstance().initConfig();
log.info("Initializing"); log.info("Initializing test environment to test DeviceAccessAuthorization Class");
for (int i = 0; i < NO_OF_DEVICES; i++) { for (int i = 0; i < NO_OF_DEVICES; i++) {
deviceIds.add(new DeviceIdentifier(DEVICE_ID_PREFIX + i, DEVICE_TYPE)); deviceIds.add(new DeviceIdentifier(DEVICE_ID_PREFIX + i, DEVICE_TYPE));
} }
@ -97,7 +99,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
DeviceManagementServiceComponent.notifyStartupListeners(); DeviceManagementServiceComponent.notifyStartupListeners();
DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService); DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService);
DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService()); DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService());
DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new GroupManagementProviderServiceImpl()); DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new
GroupManagementProviderServiceImpl());
DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null); DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null);
deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE, deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE,
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)); MultitenantConstants.SUPER_TENANT_DOMAIN_NAME));
@ -110,9 +113,13 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
throw new Exception("Incorrect device with ID - " + device.getDeviceIdentifier() + " returned!"); throw new Exception("Incorrect device with ID - " + device.getDeviceIdentifier() + " returned!");
} }
} }
deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS); deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class,
Mockito.CALLS_REAL_METHODS);
defaultUserClaims = buildDefaultUserClaims(FIRST_NAME, LAST_NAME, EMAIL); defaultUserClaims = buildDefaultUserClaims(FIRST_NAME, LAST_NAME, EMAIL);
initializeTestEnvironment(); initializeTestEnvironment();
//Starting tenant flow
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
} }
private RegistryService getRegistryService() throws RegistryException, UserStoreException { private RegistryService getRegistryService() throws RegistryException, UserStoreException {
@ -122,7 +129,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
String connectionUrl = "jdbc:h2:./target/databasetest/CARBON_TEST"; String connectionUrl = "jdbc:h2:./target/databasetest/CARBON_TEST";
dataSource.setUrl(connectionUrl); dataSource.setUrl(connectionUrl);
dataSource.setDriverClassName("org.h2.Driver"); dataSource.setDriverClassName("org.h2.Driver");
JDBCTenantManager jdbcTenantManager = new JDBCTenantManager(dataSource, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); JDBCTenantManager jdbcTenantManager = new JDBCTenantManager(dataSource,
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
realmService.setTenantManager(jdbcTenantManager); realmService.setTenantManager(jdbcTenantManager);
RegistryDataHolder.getInstance().setRealmService(realmService); RegistryDataHolder.getInstance().setRealmService(realmService);
DeviceManagementDataHolder.getInstance().setRealmService(realmService); DeviceManagementDataHolder.getInstance().setRealmService(realmService);
@ -132,16 +140,60 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
return context.getEmbeddedRegistryService(); return context.getEmbeddedRegistryService();
} }
@Test private void initializeTestEnvironment() throws UserStoreException, GroupManagementException,
RoleDoesNotExistException, DeviceNotFoundException {
//creating UI permission
Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService()
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager();
//Adding a non Admin User
userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null);
//Adding a normal user
userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null);
//Adding role with permission to Admin user
userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission});
//Adding role with permission to non Admin user
userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER},
new Permission[]{deviceViewPermission});
//Creating default group
GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance()
.getGroupManagementProviderService();
groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP);
int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId();
//Sharing group with admin and non admin roles
groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE,
NON_ADMIN_ROLE)));
//Adding first 2 devices to the group
groupDeviceIds.add(deviceIds.get(0));
groupDeviceIds.add(deviceIds.get(1));
groupManagementProviderService.addDevices(groupId, groupDeviceIds);
}
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) {
Map<String, String> defaultUserClaims = new HashMap<>();
defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName);
defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName);
defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress);
if (log.isDebugEnabled()) {
log.debug("Default claim map is created for new user: " + defaultUserClaims.toString());
}
return defaultUserClaims;
}
//Admin User test cases
@Test(description = "Check authorization giving a device identifier and username")
public void userAuthDevIdUserName() throws Exception { public void userAuthDevIdUserName() throws Exception {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
for (DeviceIdentifier deviceId : deviceIds) { for (DeviceIdentifier deviceId : deviceIds) {
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER), Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER),
"Device access authorization for admin user failed"); "Device access authorization for admin user failed");
} }
} }
@Test @Test(description = "Authorization for multiple device identifiers and username")
public void userAuthDevIdUserNameResult() throws Exception { public void userAuthDevIdUserNameResult() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
isUserAuthorized(deviceIds, ADMIN_USER); isUserAuthorized(deviceIds, ADMIN_USER);
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5, Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5,
@ -150,70 +202,69 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
"Expected 0 un-authorized devices for admin user"); "Expected 0 un-authorized devices for admin user");
} }
@Test @Test(description = "Authorization by device identifier")
public void userAuthDevId() throws Exception { public void userAuthDevId() throws Exception {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
for (DeviceIdentifier deviceId : deviceIds) { for (DeviceIdentifier deviceId : deviceIds) {
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId), Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId),
"Authorize user from device identifier failed"); "Authorize user from device identifier failed");
} }
} }
@Test @Test(description = "Authorization by multiple device identifiers")
public void userAuthDevIdResult() throws Exception { public void userAuthDevIdResult() throws Exception {
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.isUserAuthorized(deviceIds); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
isUserAuthorized(deviceIds);
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5, Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5,
"Expected 5 authorized devices for admin user"); "Expected 5 authorized devices for admin user");
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0, Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0,
"Expected 0 un-authorized devices for admin user"); "Expected 0 un-authorized devices for admin user");
} }
@Test @Test(description = "Check current user is a device administrator")
public void userAuthDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { public void isDevAdminAdminUser() throws DeviceAccessAuthorizationException, UserStoreException,
PrivilegedCarbonContext.startTenantFlow(); PermissionManagementException {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER);
Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser(),
"Admin user failed to authorize as admin");
}
//Non admin user tests
@Test(description = "Check authorization by device identifier and permission Allowed test case")
public void userAuthDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException,
PermissionManagementException {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), new String[]{NON_ADMIN_PERMISSION}), Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0),
"Non admin user with permissions attempt to access failed"); new String[]{NON_ADMIN_PERMISSION}), "Non admin user with permissions attempt to access failed");
PrivilegedCarbonContext.endTenantFlow();
} }
@Test @Test(description = "Check authorization by device identifier and permission Not-allowed test case")
public void userAuthFalseDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, public void userAuthFalseDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException,
PermissionManagementException { PermissionManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), new String[]{NON_ADMIN_PERMISSION}), Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3),
"Non admin user accessing not allowed device authorized"); new String[]{NON_ADMIN_PERMISSION}), "Non admin user accessing not allowed device authorized");
PrivilegedCarbonContext.endTenantFlow();
} }
@Test @Test(description = "Authorization by giving a device identifier, username and permission Allowed test case")
public void userAuthDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException, public void userAuthDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException,
PermissionManagementException { PermissionManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), NON_ADMIN_ALLOWED_USER, Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), NON_ADMIN_ALLOWED_USER,
new String[]{NON_ADMIN_PERMISSION}),"Non admin user with permissions attempt to access failed"); new String[]{NON_ADMIN_PERMISSION}), "Non admin user with permissions attempt to access failed");
PrivilegedCarbonContext.endTenantFlow();
} }
@Test @Test(description = "Authorization by giving a device identifier, username and permission Not-allowed test case")
public void userAuthFalseDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException, public void userAuthFalseDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException,
PermissionManagementException { PermissionManagementException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), NON_ADMIN_ALLOWED_USER, Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), NON_ADMIN_ALLOWED_USER,
new String[]{NON_ADMIN_PERMISSION}),"Non admin user accessing not allowed device authorized"); new String[]{NON_ADMIN_PERMISSION}), "Non admin user accessing not allowed device authorized");
PrivilegedCarbonContext.endTenantFlow();
} }
@Test @Test(description = "Authorization by giving device identifiers and permission")
public void userAuthDevIdPermissionResult() throws DeviceAccessAuthorizationException { public void userAuthDevIdPermissionResult() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
isUserAuthorized(deviceIds, new String[]{NON_ADMIN_PERMISSION}); isUserAuthorized(deviceIds, new String[]{NON_ADMIN_PERMISSION});
@ -221,71 +272,79 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe
"Non admin user authentication to 2 devices in a shared group failed"); "Non admin user authentication to 2 devices in a shared group failed");
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3, Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3,
"Non admin user authentication to 3 devices in a non-shared group failed"); "Non admin user authentication to 3 devices in a non-shared group failed");
PrivilegedCarbonContext.endTenantFlow();
} }
@Test @Test(description = "Authorization by giving device identifiers, username and permission")
public void userAuthDevIdUserNamePermissionResult() throws DeviceAccessAuthorizationException { public void userAuthDevIdUserNamePermissionResult() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION}); isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION});
Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2); Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2,
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3); "Non admin user authentication to 2 devices in a shared group failed");
PrivilegedCarbonContext.endTenantFlow(); Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3,
} "Non admin user authentication to 3 devices in a non-shared group failed");
@Test
public void isDevAdminAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException {
Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser());
} }
@Test @Test(description = "Authorization for device admin called by normal user")
public void isDevAdminNormalUser() throws DeviceAccessAuthorizationException { public void isDevAdminNormalUser() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER);
Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser()); Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser(),"Normal user allowed as admin user");
PrivilegedCarbonContext.endTenantFlow();
} }
private void initializeTestEnvironment() throws UserStoreException, GroupManagementException, RoleDoesNotExistException, //Check branches of isUserAuthorized
DeviceNotFoundException { @Test(description = "Checking branch - user is device owner")
//creating UI permission public void nonAdminDeviceOwner() throws DeviceAccessAuthorizationException, DeviceManagementException {
Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); //Creating a temporary device
UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService() Device device = new Device();
.getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); EnrolmentInfo enrolmentInfo = new EnrolmentInfo(NON_ADMIN_ALLOWED_USER, EnrolmentInfo.OwnerShip.BYOD,null);
//Adding a non Admin User device.setEnrolmentInfo(enrolmentInfo);
userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null); device.setName("temp");
//Adding a normal user device.setType(DEVICE_TYPE);
userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null); device.setDeviceIdentifier("1234");
//Adding role with permission to Admin user DeviceManagementDataHolder.getInstance().getDeviceManagementProvider().enrollDevice(device);
userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission});
//Adding role with permission to non Admin user //temporary device identifier
userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER}, new Permission[]{deviceViewPermission}); DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
//Creating default group deviceIdentifier.setType(DEVICE_TYPE);
GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance() deviceIdentifier.setId("1234");
.getGroupManagementProviderService();
groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP); List<DeviceIdentifier> tempList = new ArrayList<>();
int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId(); tempList.add(deviceIdentifier);
//Sharing group with admin and non admin roles
groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE, NON_ADMIN_ROLE))); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
//Adding first 2 devices to the group DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
groupDeviceIds.add(deviceIds.get(0)); isUserAuthorized(tempList, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION});
groupDeviceIds.add(deviceIds.get(1)); Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 1,
groupManagementProviderService.addDevices(groupId, groupDeviceIds); "Non admin device owner failed to access device");
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0,
"Non admin device owner failed to access device");
} }
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) { @Test(description = "Check authorization without giving permissions")
Map<String, String> defaultUserClaims = new HashMap<>(); public void userAuthWithoutPermissions() throws DeviceAccessAuthorizationException {
defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName); DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress); isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, null);
if (log.isDebugEnabled()) { Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 0,
log.debug("Default claim map is created for new user: " + defaultUserClaims.toString()); "Non admin user try authentication without permission failed");
Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 5,
"Non admin user try authentication without permission failed");
} }
return defaultUserClaims;
//check Exception cases
@Test(description = "check a null username in isUserAuthorized method")
public void callUserAuthWithoutUsername() throws DeviceAccessAuthorizationException {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER);
DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.
isUserAuthorized(deviceIds, "", new String[]{NON_ADMIN_PERMISSION});
Assert.assertEquals(deviceAuthorizationResult,null,
"Not null result for empty username in isUserAuthorized method");
} }
@AfterClass
public void clearAll() {
PrivilegedCarbonContext.endTenantFlow();
}
} }

Loading…
Cancel
Save