From e0c255dbfaeedf9036dc493837e15f2e2cdb8e8c Mon Sep 17 00:00:00 2001 From: GDLMadushanka Date: Tue, 26 Sep 2017 11:30:27 +0530 Subject: [PATCH 1/7] Add test class --- .../DeviceAccessAuthorizationServiceTest.java | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java new file mode 100644 index 0000000000..e45bd80a1f --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.core.authorization; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.mockito.Mock; +import org.testng.Assert; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.Test; +import org.wso2.carbon.device.mgt.common.Device; +import org.wso2.carbon.device.mgt.common.DeviceIdentifier; +import org.wso2.carbon.device.mgt.common.EnrolmentInfo; +import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest; +import org.wso2.carbon.device.mgt.core.dao.*; +import org.wso2.carbon.device.mgt.core.dto.DeviceType; +import org.wso2.carbon.user.api.UserStoreManager; + +import static org.mockito.Matchers.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + + +public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest { + private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class); + DeviceDAO deviceDAO; + DeviceTypeDAO deviceTypeDAO; + DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl(); + + // UserStoreManager userStoreManager = mock(UserStoreManager.class); + + @BeforeClass + @Override + public void init() throws Exception { + this.initDataSource(); + deviceDAO = DeviceManagementDAOFactory.getDeviceDAO(); + deviceTypeDAO = DeviceManagementDAOFactory.getDeviceTypeDAO(); + } + + @Test(groups = "device.mgt.test", description = "Testing the first test case with testng.") + public void setUp() throws Exception { + log.info("test start"); + + DeviceManagementDAOFactory.beginTransaction(); + DeviceType deviceType = new DeviceType(); + deviceType.setName("Sample"); + + deviceTypeDAO.addDeviceType(deviceType, -1234, true); + deviceType = deviceTypeDAO.getDeviceType("Sample", -1234); + log.info(deviceType.getId()); + Assert.assertEquals(deviceType.getName(), "Sample"); + + Device device = new Device(); + device.setId(1); + device.setDeviceIdentifier("device1"); + device.setName("sample device"); + device.setType("Sample"); + + EnrolmentInfo enrolmentInfo = new EnrolmentInfo(); + enrolmentInfo.setOwner("Lahiru"); + device.setEnrolmentInfo(enrolmentInfo); + deviceDAO.addDevice(1,device,-1234); + + DeviceManagementDAOFactory.closeConnection(); + DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); + deviceIdentifier.setId("1"); + deviceIdentifier.setType("Sample"); + + // Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIdentifier,"Lahiru")); + + } + + +} From 83a9ed533ebf25cba1c4600087aa6d445e24acea Mon Sep 17 00:00:00 2001 From: GDLMadushanka Date: Wed, 27 Sep 2017 17:14:37 +0530 Subject: [PATCH 2/7] Test cases for DeviceAccessAuthorizationService --- .../org.wso2.carbon.device.mgt.core/pom.xml | 6 + .../DeviceAccessAuthorizationServiceImpl.java | 5 + .../DeviceAccessAuthorizationServiceTest.java | 154 +++++++++++++----- 3 files changed, 120 insertions(+), 45 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml index 40f3ab5f85..7695f8b0bb 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml @@ -346,6 +346,12 @@ javassist javassist + + org.powermock + powermock-api-mockito + ${power.mock.version} + test + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index f5f209d61f..ac006cd571 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -89,6 +89,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori } } + //done @Override public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username) throws DeviceAccessAuthorizationException { @@ -101,11 +102,13 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return isUserAuthorized(deviceIdentifier, this.getUserName(), groupPermissions); } + //done @Override public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException { return isUserAuthorized(deviceIdentifier, this.getUserName(), null); } + //done @Override public boolean isDeviceAdminUser() throws DeviceAccessAuthorizationException { String username = this.getUserName(); @@ -165,12 +168,14 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return deviceAuthorizationResult; } + //done @Override public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String username) throws DeviceAccessAuthorizationException { return isUserAuthorized(deviceIdentifiers, username, null); } + //done @Override public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers) throws DeviceAccessAuthorizationException { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java index e45bd80a1f..9dfaa75224 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java @@ -18,73 +18,137 @@ package org.wso2.carbon.device.mgt.core.authorization; +import org.apache.commons.dbcp.BasicDataSource; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.mockito.Mock; +import org.mockito.Mockito; import org.testng.Assert; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; +import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; -import org.wso2.carbon.device.mgt.common.EnrolmentInfo; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; +import org.wso2.carbon.device.mgt.common.permission.mgt.*; +import org.wso2.carbon.device.mgt.core.TestDeviceManagementService; import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest; -import org.wso2.carbon.device.mgt.core.dao.*; -import org.wso2.carbon.device.mgt.core.dto.DeviceType; -import org.wso2.carbon.user.api.UserStoreManager; - -import static org.mockito.Matchers.anyString; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; +import org.wso2.carbon.device.mgt.core.common.TestDataHolder; +import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager; +import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; +import org.wso2.carbon.device.mgt.core.internal.DeviceManagementServiceComponent; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl; +import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderServiceImpl; +import org.wso2.carbon.registry.core.config.RegistryContext; +import org.wso2.carbon.registry.core.exceptions.RegistryException; +import org.wso2.carbon.registry.core.internal.RegistryDataHolder; +import org.wso2.carbon.registry.core.jdbc.realm.InMemoryRealmService; +import org.wso2.carbon.registry.core.service.RegistryService; +import org.wso2.carbon.user.api.*; +import org.wso2.carbon.user.api.Permission; +import org.wso2.carbon.user.core.service.RealmService; +import org.wso2.carbon.user.core.tenant.JDBCTenantManager; +import org.wso2.carbon.utils.multitenancy.MultitenantConstants; + +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest { private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class); - DeviceDAO deviceDAO; - DeviceTypeDAO deviceTypeDAO; - DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService = new DeviceAccessAuthorizationServiceImpl(); + private DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService; + private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE"; + private static final int NO_OF_DEVICES = 5; + private static final String ADMIN_USER = "admin"; + private static final String ADMIN_ROLE = "adminRole"; + private static final String DEVICE_ID_PREFIX = "AUTH-SERVICE-TEST-DEVICE-ID-"; + private List deviceIds = new ArrayList<>(); - // UserStoreManager userStoreManager = mock(UserStoreManager.class); @BeforeClass - @Override public void init() throws Exception { - this.initDataSource(); - deviceDAO = DeviceManagementDAOFactory.getDeviceDAO(); - deviceTypeDAO = DeviceManagementDAOFactory.getDeviceTypeDAO(); + DeviceConfigurationManager.getInstance().initConfig(); + log.info("Initializing"); + for (int i = 0; i < NO_OF_DEVICES; i++) { + deviceIds.add(new DeviceIdentifier(DEVICE_ID_PREFIX + i, DEVICE_TYPE)); + } + List devices = TestDataHolder.generateDummyDeviceData(this.deviceIds); + DeviceManagementProviderService deviceMgtService = new DeviceManagementProviderServiceImpl(); + DeviceManagementServiceComponent.notifyStartupListeners(); + DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService); + DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService()); + DeviceManagementDataHolder.getInstance().setDeviceAccessAuthorizationService(new DeviceAccessAuthorizationServiceImpl()); + DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new GroupManagementProviderServiceImpl()); + DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null); + deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE, + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)); + for (Device device : devices) { + deviceMgtService.enrollDevice(device); + } + List returnedDevices = deviceMgtService.getAllDevices(DEVICE_TYPE); + for (Device device : returnedDevices) { + if (!device.getDeviceIdentifier().startsWith(DEVICE_ID_PREFIX)) { + throw new Exception("Incorrect device with ID - " + device.getDeviceIdentifier() + " returned!"); + } + } + deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS); } - @Test(groups = "device.mgt.test", description = "Testing the first test case with testng.") - public void setUp() throws Exception { - log.info("test start"); - - DeviceManagementDAOFactory.beginTransaction(); - DeviceType deviceType = new DeviceType(); - deviceType.setName("Sample"); - - deviceTypeDAO.addDeviceType(deviceType, -1234, true); - deviceType = deviceTypeDAO.getDeviceType("Sample", -1234); - log.info(deviceType.getId()); - Assert.assertEquals(deviceType.getName(), "Sample"); - - Device device = new Device(); - device.setId(1); - device.setDeviceIdentifier("device1"); - device.setName("sample device"); - device.setType("Sample"); - - EnrolmentInfo enrolmentInfo = new EnrolmentInfo(); - enrolmentInfo.setOwner("Lahiru"); - device.setEnrolmentInfo(enrolmentInfo); - deviceDAO.addDevice(1,device,-1234); + private RegistryService getRegistryService() throws RegistryException, UserStoreException { + RealmService realmService = new InMemoryRealmService(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER); + BasicDataSource dataSource = new BasicDataSource(); + String connectionUrl = "jdbc:h2:./target/databasetest/CARBON_TEST"; + dataSource.setUrl(connectionUrl); + dataSource.setDriverClassName("org.h2.Driver"); + JDBCTenantManager jdbcTenantManager = new JDBCTenantManager(dataSource, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); + realmService.setTenantManager(jdbcTenantManager); + RegistryDataHolder.getInstance().setRealmService(realmService); + DeviceManagementDataHolder.getInstance().setRealmService(realmService); + InputStream is = this.getClass().getClassLoader().getResourceAsStream("carbon-home/repository/conf/registry.xml"); + RegistryContext context = RegistryContext.getBaseInstance(is, realmService); + context.setSetup(true); + return context.getEmbeddedRegistryService(); + } - DeviceManagementDAOFactory.closeConnection(); - DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); - deviceIdentifier.setId("1"); - deviceIdentifier.setType("Sample"); + @Test + public void isUserAuthenticated() throws Exception { + for (DeviceIdentifier deviceId : deviceIds) { + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER)); + } + } - // Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIdentifier,"Lahiru")); + @Test + public void isUserAuthenticatedList() throws Exception { + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(deviceIds, ADMIN_USER); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0); + } + @Test + public void isUserAuthenticatedListOnlyDevId() throws Exception { + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.isUserAuthorized(deviceIds); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0); } + @Test + public void isUserAuthenticatedOnlyDevId() throws Exception { + for (DeviceIdentifier deviceId : deviceIds) { + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId)); + } + } + @Test + public void isDeviceAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + Permission permission = new Permission("/permission/admin", CarbonConstants.UI_PERMISSION_ACTION); + DeviceManagementDataHolder.getInstance().getRealmService() + .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager() + .addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{permission}); + Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser()); + } } From 3d328285728374399391a59f32f18282e28e3e1a Mon Sep 17 00:00:00 2001 From: GDLMadushanka Date: Thu, 28 Sep 2017 16:24:37 +0530 Subject: [PATCH 3/7] bsic test cases finished --- .../DeviceAccessAuthorizationServiceImpl.java | 5 - .../DeviceAccessAuthorizationServiceTest.java | 143 +++++++++++++++++- 2 files changed, 136 insertions(+), 12 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index ac006cd571..f5f209d61f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -89,7 +89,6 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori } } - //done @Override public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier, String username) throws DeviceAccessAuthorizationException { @@ -102,13 +101,11 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return isUserAuthorized(deviceIdentifier, this.getUserName(), groupPermissions); } - //done @Override public boolean isUserAuthorized(DeviceIdentifier deviceIdentifier) throws DeviceAccessAuthorizationException { return isUserAuthorized(deviceIdentifier, this.getUserName(), null); } - //done @Override public boolean isDeviceAdminUser() throws DeviceAccessAuthorizationException { String username = this.getUserName(); @@ -168,14 +165,12 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return deviceAuthorizationResult; } - //done @Override public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers, String username) throws DeviceAccessAuthorizationException { return isUserAuthorized(deviceIdentifiers, username, null); } - //done @Override public DeviceAuthorizationResult isUserAuthorized(List deviceIdentifiers) throws DeviceAccessAuthorizationException { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java index 9dfaa75224..a5fad9bd67 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java @@ -23,14 +23,18 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.mockito.Mockito; import org.testng.Assert; +import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; +import org.wso2.carbon.device.mgt.common.DeviceNotFoundException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; +import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; +import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; import org.wso2.carbon.device.mgt.common.permission.mgt.*; import org.wso2.carbon.device.mgt.core.TestDeviceManagementService; import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest; @@ -40,6 +44,7 @@ import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; import org.wso2.carbon.device.mgt.core.internal.DeviceManagementServiceComponent; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderServiceImpl; +import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderServiceImpl; import org.wso2.carbon.registry.core.config.RegistryContext; import org.wso2.carbon.registry.core.exceptions.RegistryException; @@ -53,8 +58,7 @@ import org.wso2.carbon.user.core.tenant.JDBCTenantManager; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import java.io.InputStream; -import java.util.ArrayList; -import java.util.List; +import java.util.*; public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest { @@ -63,10 +67,24 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE"; private static final int NO_OF_DEVICES = 5; private static final String ADMIN_USER = "admin"; + private static final String NON_ADMIN_ALLOWED_USER = "nonAdmin"; + private static final String NORMAL_USER = "normal"; private static final String ADMIN_ROLE = "adminRole"; + private static final String NON_ADMIN_ROLE = "nonAdminRole"; + private static final String DEFAULT_GROUP = "defaultGroup"; private static final String DEVICE_ID_PREFIX = "AUTH-SERVICE-TEST-DEVICE-ID-"; + public static final String USER_CLAIM_EMAIL_ADDRESS = "http://wso2.org/claims/emailaddress"; + public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname"; + public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname"; + public static final String ADMIN_PERMISSION = "/permission/admin"; + public static final String NON_ADMIN_PERMISSION = "/permission/admin/manage/device-mgt/devices/owning-device/view"; + + private List deviceIds = new ArrayList<>(); + private List groupDeviceIds = new ArrayList<>(); + private List nonGroupDeviceIds = new ArrayList<>(); + Map defaultUserClaims; @BeforeClass public void init() throws Exception { @@ -80,7 +98,6 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe DeviceManagementServiceComponent.notifyStartupListeners(); DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService); DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService()); - DeviceManagementDataHolder.getInstance().setDeviceAccessAuthorizationService(new DeviceAccessAuthorizationServiceImpl()); DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new GroupManagementProviderServiceImpl()); DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null); deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE, @@ -95,6 +112,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe } } deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS); + defaultUserClaims = buildDefaultUserClaims("firstname", "lastname", "email"); + initializeTestEnvironment(); } private RegistryService getRegistryService() throws RegistryException, UserStoreException { @@ -145,10 +164,120 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe @Test public void isDeviceAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { - Permission permission = new Permission("/permission/admin", CarbonConstants.UI_PERMISSION_ACTION); - DeviceManagementDataHolder.getInstance().getRealmService() - .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager() - .addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{permission}); Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser()); + + } + + @Test + public void isUserAuthorizedAllowedDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), new String[]{NON_ADMIN_PERMISSION})); + PrivilegedCarbonContext.endTenantFlow(); + } + + @Test + public void isUserAuthorizedNotAllowedDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), new String[]{NON_ADMIN_PERMISSION})); + PrivilegedCarbonContext.endTenantFlow(); + } + + @Test + public void nonAdminUserTryIsAdmin() throws DeviceAccessAuthorizationException { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER); + Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser()); + PrivilegedCarbonContext.endTenantFlow(); + } + + @Test + public void isUserAuthorizedAllowedDeviceAllDetails() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0),NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION})); + PrivilegedCarbonContext.endTenantFlow(); + } + + @Test + public void isUserAuthorizedAllowedDeviceAllDetailsWrongDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3),NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION})); + PrivilegedCarbonContext.endTenantFlow(); + } + + @Test + public void deviceIdAndPermission() throws DeviceAccessAuthorizationException { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(deviceIds,new String[]{NON_ADMIN_PERMISSION}); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(),2); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(),3); + PrivilegedCarbonContext.endTenantFlow(); + } + + @Test + public void deviceIdUsernameAndPermission() throws DeviceAccessAuthorizationException { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(deviceIds,NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION}); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(),2); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(),3); + PrivilegedCarbonContext.endTenantFlow(); + } + + public void initializeTestEnvironment() throws UserStoreException, GroupManagementException, RoleDoesNotExistException, + DeviceNotFoundException { + //creating UI permission + Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); + Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); + UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService() + .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); + //Adding a non Admin User + userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, "password", null, defaultUserClaims, null); + //Adding a normal user + userStoreManager.addUser(NORMAL_USER, "password", null, defaultUserClaims, null); + //Adding role with permission to Admin user + userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission}); + //Adding role with permission to non Admin user + userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER}, new Permission[]{deviceViewPermission}); + //Creating default group + GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance() + .getGroupManagementProviderService(); + groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP); + int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId(); + //Sharing group with admin and non admin roles + groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE, NON_ADMIN_ROLE))); + //Adding first 2 devices to the group + groupDeviceIds.add(deviceIds.get(0)); + groupDeviceIds.add(deviceIds.get(1)); + groupManagementProviderService.addDevices(groupId, groupDeviceIds); + //Rest of the devices + nonGroupDeviceIds.add(deviceIds.get(2)); + nonGroupDeviceIds.add(deviceIds.get(3)); + nonGroupDeviceIds.add(deviceIds.get(4)); } + + private Map buildDefaultUserClaims(String firstName, String lastName, String emailAddress) { + Map defaultUserClaims = new HashMap<>(); + defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName); + defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName); + defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress); + if (log.isDebugEnabled()) { + log.debug("Default claim map is created for new user: " + defaultUserClaims.toString()); + } + return defaultUserClaims; + } + } From 61286b667ed844cc665a683031503a792ee35ff5 Mon Sep 17 00:00:00 2001 From: GDLMadushanka Date: Thu, 28 Sep 2017 17:15:45 +0530 Subject: [PATCH 4/7] refactoring test cases --- .../DeviceAccessAuthorizationServiceTest.java | 124 ++++++++++-------- .../src/test/resources/testng.xml | 1 + 2 files changed, 67 insertions(+), 58 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java index a5fad9bd67..1748078691 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java @@ -23,7 +23,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.mockito.Mockito; import org.testng.Assert; -import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; import org.wso2.carbon.CarbonConstants; @@ -73,18 +72,18 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe private static final String NON_ADMIN_ROLE = "nonAdminRole"; private static final String DEFAULT_GROUP = "defaultGroup"; private static final String DEVICE_ID_PREFIX = "AUTH-SERVICE-TEST-DEVICE-ID-"; - public static final String USER_CLAIM_EMAIL_ADDRESS = "http://wso2.org/claims/emailaddress"; - public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname"; - public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname"; - public static final String ADMIN_PERMISSION = "/permission/admin"; - public static final String NON_ADMIN_PERMISSION = "/permission/admin/manage/device-mgt/devices/owning-device/view"; - - + private static final String USER_CLAIM_EMAIL_ADDRESS = "http://wso2.org/claims/emailaddress"; + private static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname"; + private static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname"; + private static final String ADMIN_PERMISSION = "/permission/admin"; + private static final String NON_ADMIN_PERMISSION = "/permission/admin/manage/device-mgt/devices/owning-device/view"; + private static final String FIRST_NAME = "firstName"; + private static final String LAST_NAME = "lastName"; + private static final String EMAIL = "email"; + private static final String PASSWORD = "password"; private List deviceIds = new ArrayList<>(); private List groupDeviceIds = new ArrayList<>(); - private List nonGroupDeviceIds = new ArrayList<>(); - - Map defaultUserClaims; + private Map defaultUserClaims; @BeforeClass public void init() throws Exception { @@ -112,7 +111,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe } } deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS); - defaultUserClaims = buildDefaultUserClaims("firstname", "lastname", "email"); + defaultUserClaims = buildDefaultUserClaims(FIRST_NAME, LAST_NAME, EMAIL); initializeTestEnvironment(); } @@ -134,110 +133,124 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe } @Test - public void isUserAuthenticated() throws Exception { + public void userAuthDevIdUserName() throws Exception { for (DeviceIdentifier deviceId : deviceIds) { - Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER)); + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER), + "Device access authorization for admin user failed"); } } @Test - public void isUserAuthenticatedList() throws Exception { + public void userAuthDevIdUserNameResult() throws Exception { DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. isUserAuthorized(deviceIds, ADMIN_USER); - Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5); - Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0); - } - - @Test - public void isUserAuthenticatedListOnlyDevId() throws Exception { - DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.isUserAuthorized(deviceIds); - Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5); - Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5, + "Expected 5 authorized devices for admin user"); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0, + "Expected 0 un-authorized devices for admin user"); } @Test - public void isUserAuthenticatedOnlyDevId() throws Exception { + public void userAuthDevId() throws Exception { for (DeviceIdentifier deviceId : deviceIds) { - Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId)); + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId), + "Authorize user from device identifier failed"); } } @Test - public void isDeviceAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { - Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser()); - + public void userAuthDevIdResult() throws Exception { + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.isUserAuthorized(deviceIds); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5, + "Expected 5 authorized devices for admin user"); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0, + "Expected 0 un-authorized devices for admin user"); } @Test - public void isUserAuthorizedAllowedDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + public void userAuthDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); - Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), new String[]{NON_ADMIN_PERMISSION})); + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), new String[]{NON_ADMIN_PERMISSION}), + "Non admin user with permissions attempt to access failed"); PrivilegedCarbonContext.endTenantFlow(); } @Test - public void isUserAuthorizedNotAllowedDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + public void userAuthFalseDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, + PermissionManagementException { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); - Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), new String[]{NON_ADMIN_PERMISSION})); + Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), new String[]{NON_ADMIN_PERMISSION}), + "Non admin user accessing not allowed device authorized"); PrivilegedCarbonContext.endTenantFlow(); } @Test - public void nonAdminUserTryIsAdmin() throws DeviceAccessAuthorizationException { + public void userAuthDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException, + PermissionManagementException { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER); - Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser()); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), NON_ADMIN_ALLOWED_USER, + new String[]{NON_ADMIN_PERMISSION}),"Non admin user with permissions attempt to access failed"); PrivilegedCarbonContext.endTenantFlow(); } @Test - public void isUserAuthorizedAllowedDeviceAllDetails() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + public void userAuthFalseDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException, + PermissionManagementException { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); - Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0),NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION})); + Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), NON_ADMIN_ALLOWED_USER, + new String[]{NON_ADMIN_PERMISSION}),"Non admin user accessing not allowed device authorized"); PrivilegedCarbonContext.endTenantFlow(); } @Test - public void isUserAuthorizedAllowedDeviceAllDetailsWrongDevice() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + public void userAuthDevIdPermissionResult() throws DeviceAccessAuthorizationException { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); - Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3),NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION})); + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(deviceIds, new String[]{NON_ADMIN_PERMISSION}); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2, + "Non admin user authentication to 2 devices in a shared group failed"); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3, + "Non admin user authentication to 3 devices in a non-shared group failed"); PrivilegedCarbonContext.endTenantFlow(); } @Test - public void deviceIdAndPermission() throws DeviceAccessAuthorizationException { + public void userAuthDevIdUserNamePermissionResult() throws DeviceAccessAuthorizationException { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. - isUserAuthorized(deviceIds,new String[]{NON_ADMIN_PERMISSION}); - Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(),2); - Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(),3); + isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION}); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3); PrivilegedCarbonContext.endTenantFlow(); } @Test - public void deviceIdUsernameAndPermission() throws DeviceAccessAuthorizationException { + public void isDevAdminAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { + Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser()); + } + + @Test + public void isDevAdminNormalUser() throws DeviceAccessAuthorizationException { PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); - DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. - isUserAuthorized(deviceIds,NON_ADMIN_ALLOWED_USER,new String[]{NON_ADMIN_PERMISSION}); - Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(),2); - Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(),3); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER); + Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser()); PrivilegedCarbonContext.endTenantFlow(); } - public void initializeTestEnvironment() throws UserStoreException, GroupManagementException, RoleDoesNotExistException, + private void initializeTestEnvironment() throws UserStoreException, GroupManagementException, RoleDoesNotExistException, DeviceNotFoundException { //creating UI permission Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); @@ -245,9 +258,9 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService() .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); //Adding a non Admin User - userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, "password", null, defaultUserClaims, null); + userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null); //Adding a normal user - userStoreManager.addUser(NORMAL_USER, "password", null, defaultUserClaims, null); + userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null); //Adding role with permission to Admin user userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission}); //Adding role with permission to non Admin user @@ -263,10 +276,6 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe groupDeviceIds.add(deviceIds.get(0)); groupDeviceIds.add(deviceIds.get(1)); groupManagementProviderService.addDevices(groupId, groupDeviceIds); - //Rest of the devices - nonGroupDeviceIds.add(deviceIds.get(2)); - nonGroupDeviceIds.add(deviceIds.get(3)); - nonGroupDeviceIds.add(deviceIds.get(4)); } private Map buildDefaultUserClaims(String firstName, String lastName, String emailAddress) { @@ -279,5 +288,4 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe } return defaultUserClaims; } - } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/resources/testng.xml b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/resources/testng.xml index b77715ab91..1de255fed5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/resources/testng.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/resources/testng.xml @@ -45,6 +45,7 @@ + From 8d8330a52cd1385194816c0074375be84299bf82 Mon Sep 17 00:00:00 2001 From: GDLMadushanka Date: Fri, 29 Sep 2017 12:02:44 +0530 Subject: [PATCH 5/7] Finalyzing unit tests for DeviceAccessAuthorizationServiceImpl --- .../DeviceAccessAuthorizationServiceImpl.java | 25 +- .../DeviceAccessAuthorizationServiceTest.java | 253 +++++++++++------- 2 files changed, 159 insertions(+), 119 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java index f5f209d61f..10699b2f4d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java @@ -20,11 +20,10 @@ package org.wso2.carbon.device.mgt.core.authorization; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceManagementException; -import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; @@ -36,11 +35,9 @@ import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; import org.wso2.carbon.device.mgt.core.permission.mgt.PermissionUtils; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; - -import java.util.HashMap; import java.util.Iterator; import java.util.List; -import java.util.Map; + /** * Implementation of DeviceAccessAuthorization service. @@ -233,7 +230,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return userRealm.getAuthorizationManager() .isUserAuthorized(removeTenantDomain(username), PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION), - PermissionMethod.UI_EXECUTE); + CarbonConstants.UI_PERMISSION_ACTION); } return false; } @@ -265,22 +262,6 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori return PermissionUtils.putPermission(permission); } - private Map getOwnershipOfDevices(List devices) { - Map ownershipData = new HashMap<>(); - EnrolmentInfo enrolmentInfo; - String owner; - for (Device device : devices) { - enrolmentInfo = device.getEnrolmentInfo(); - if (enrolmentInfo != null) { - owner = enrolmentInfo.getOwner(); - if (owner != null && !owner.isEmpty()) { - ownershipData.put(device.getDeviceIdentifier(), owner); - } - } - } - return ownershipData; - } - public static final class PermissionMethod { public static final String READ = "read"; public static final String WRITE = "write"; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java index 1748078691..3c2501dc1b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java @@ -23,18 +23,17 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.mockito.Mockito; import org.testng.Assert; +import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.common.Device; -import org.wso2.carbon.device.mgt.common.DeviceIdentifier; -import org.wso2.carbon.device.mgt.common.DeviceNotFoundException; +import org.wso2.carbon.device.mgt.common.*; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; -import org.wso2.carbon.device.mgt.common.permission.mgt.*; +import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.core.TestDeviceManagementService; import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest; import org.wso2.carbon.device.mgt.core.common.TestDataHolder; @@ -50,19 +49,21 @@ import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.internal.RegistryDataHolder; import org.wso2.carbon.registry.core.jdbc.realm.InMemoryRealmService; import org.wso2.carbon.registry.core.service.RegistryService; -import org.wso2.carbon.user.api.*; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.Permission; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.tenant.JDBCTenantManager; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; - import java.io.InputStream; -import java.util.*; - +import java.util.ArrayList; +import java.util.Map; +import java.util.List; +import java.util.HashMap; +import java.util.Arrays; public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest { private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class); - private DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService; private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE"; private static final int NO_OF_DEVICES = 5; private static final String ADMIN_USER = "admin"; @@ -81,6 +82,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe private static final String LAST_NAME = "lastName"; private static final String EMAIL = "email"; private static final String PASSWORD = "password"; + private DeviceAccessAuthorizationServiceImpl deviceAccessAuthorizationService; private List deviceIds = new ArrayList<>(); private List groupDeviceIds = new ArrayList<>(); private Map defaultUserClaims; @@ -88,7 +90,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe @BeforeClass public void init() throws Exception { DeviceConfigurationManager.getInstance().initConfig(); - log.info("Initializing"); + log.info("Initializing test environment to test DeviceAccessAuthorization Class"); for (int i = 0; i < NO_OF_DEVICES; i++) { deviceIds.add(new DeviceIdentifier(DEVICE_ID_PREFIX + i, DEVICE_TYPE)); } @@ -97,7 +99,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe DeviceManagementServiceComponent.notifyStartupListeners(); DeviceManagementDataHolder.getInstance().setDeviceManagementProvider(deviceMgtService); DeviceManagementDataHolder.getInstance().setRegistryService(getRegistryService()); - DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new GroupManagementProviderServiceImpl()); + DeviceManagementDataHolder.getInstance().setGroupManagementProviderService(new + GroupManagementProviderServiceImpl()); DeviceManagementDataHolder.getInstance().setDeviceTaskManagerService(null); deviceMgtService.registerDeviceType(new TestDeviceManagementService(DEVICE_TYPE, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)); @@ -110,9 +113,13 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe throw new Exception("Incorrect device with ID - " + device.getDeviceIdentifier() + " returned!"); } } - deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, Mockito.CALLS_REAL_METHODS); + deviceAccessAuthorizationService = Mockito.mock(DeviceAccessAuthorizationServiceImpl.class, + Mockito.CALLS_REAL_METHODS); defaultUserClaims = buildDefaultUserClaims(FIRST_NAME, LAST_NAME, EMAIL); initializeTestEnvironment(); + //Starting tenant flow + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); } private RegistryService getRegistryService() throws RegistryException, UserStoreException { @@ -122,7 +129,8 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe String connectionUrl = "jdbc:h2:./target/databasetest/CARBON_TEST"; dataSource.setUrl(connectionUrl); dataSource.setDriverClassName("org.h2.Driver"); - JDBCTenantManager jdbcTenantManager = new JDBCTenantManager(dataSource, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); + JDBCTenantManager jdbcTenantManager = new JDBCTenantManager(dataSource, + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); realmService.setTenantManager(jdbcTenantManager); RegistryDataHolder.getInstance().setRealmService(realmService); DeviceManagementDataHolder.getInstance().setRealmService(realmService); @@ -132,16 +140,60 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe return context.getEmbeddedRegistryService(); } - @Test + private void initializeTestEnvironment() throws UserStoreException, GroupManagementException, + RoleDoesNotExistException, DeviceNotFoundException { + //creating UI permission + Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); + Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); + UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService() + .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); + //Adding a non Admin User + userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null); + //Adding a normal user + userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null); + //Adding role with permission to Admin user + userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission}); + //Adding role with permission to non Admin user + userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER}, + new Permission[]{deviceViewPermission}); + //Creating default group + GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance() + .getGroupManagementProviderService(); + groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP); + int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId(); + //Sharing group with admin and non admin roles + groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE, + NON_ADMIN_ROLE))); + //Adding first 2 devices to the group + groupDeviceIds.add(deviceIds.get(0)); + groupDeviceIds.add(deviceIds.get(1)); + groupManagementProviderService.addDevices(groupId, groupDeviceIds); + } + + private Map buildDefaultUserClaims(String firstName, String lastName, String emailAddress) { + Map defaultUserClaims = new HashMap<>(); + defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName); + defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName); + defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress); + if (log.isDebugEnabled()) { + log.debug("Default claim map is created for new user: " + defaultUserClaims.toString()); + } + return defaultUserClaims; + } + + //Admin User test cases + @Test(description = "Check authorization giving a device identifier and username") public void userAuthDevIdUserName() throws Exception { + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER); for (DeviceIdentifier deviceId : deviceIds) { Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId, ADMIN_USER), "Device access authorization for admin user failed"); } } - @Test - public void userAuthDevIdUserNameResult() throws Exception { + @Test(description = "Authorization for multiple device identifiers and username") + public void userAuthDevIdUserNameResult() throws DeviceAccessAuthorizationException { + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER); DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. isUserAuthorized(deviceIds, ADMIN_USER); Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5, @@ -150,70 +202,69 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe "Expected 0 un-authorized devices for admin user"); } - @Test + @Test(description = "Authorization by device identifier") public void userAuthDevId() throws Exception { + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER); for (DeviceIdentifier deviceId : deviceIds) { Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceId), "Authorize user from device identifier failed"); } } - @Test + @Test(description = "Authorization by multiple device identifiers") public void userAuthDevIdResult() throws Exception { - DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService.isUserAuthorized(deviceIds); + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER); + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(deviceIds); Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 5, "Expected 5 authorized devices for admin user"); Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0, "Expected 0 un-authorized devices for admin user"); } - @Test - public void userAuthDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); + @Test(description = "Check current user is a device administrator") + public void isDevAdminAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, + PermissionManagementException { + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(ADMIN_USER); + Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser(), + "Admin user failed to authorize as admin"); + } + + //Non admin user tests + @Test(description = "Check authorization by device identifier and permission Allowed test case") + public void userAuthDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, + PermissionManagementException { PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); - Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), new String[]{NON_ADMIN_PERMISSION}), - "Non admin user with permissions attempt to access failed"); - PrivilegedCarbonContext.endTenantFlow(); + Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), + new String[]{NON_ADMIN_PERMISSION}), "Non admin user with permissions attempt to access failed"); } - @Test + @Test(description = "Check authorization by device identifier and permission Not-allowed test case") public void userAuthFalseDevIdPermission() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); - Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), new String[]{NON_ADMIN_PERMISSION}), - "Non admin user accessing not allowed device authorized"); - PrivilegedCarbonContext.endTenantFlow(); + Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), + new String[]{NON_ADMIN_PERMISSION}), "Non admin user accessing not allowed device authorized"); } - @Test + @Test(description = "Authorization by giving a device identifier, username and permission Allowed test case") public void userAuthDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); Assert.assertTrue(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(0), NON_ADMIN_ALLOWED_USER, - new String[]{NON_ADMIN_PERMISSION}),"Non admin user with permissions attempt to access failed"); - PrivilegedCarbonContext.endTenantFlow(); + new String[]{NON_ADMIN_PERMISSION}), "Non admin user with permissions attempt to access failed"); } - @Test + @Test(description = "Authorization by giving a device identifier, username and permission Not-allowed test case") public void userAuthFalseDevIdUserNamePermission() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); Assert.assertFalse(deviceAccessAuthorizationService.isUserAuthorized(deviceIds.get(3), NON_ADMIN_ALLOWED_USER, - new String[]{NON_ADMIN_PERMISSION}),"Non admin user accessing not allowed device authorized"); - PrivilegedCarbonContext.endTenantFlow(); + new String[]{NON_ADMIN_PERMISSION}), "Non admin user accessing not allowed device authorized"); } - @Test + @Test(description = "Authorization by giving device identifiers and permission") public void userAuthDevIdPermissionResult() throws DeviceAccessAuthorizationException { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. isUserAuthorized(deviceIds, new String[]{NON_ADMIN_PERMISSION}); @@ -221,71 +272,79 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe "Non admin user authentication to 2 devices in a shared group failed"); Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3, "Non admin user authentication to 3 devices in a non-shared group failed"); - PrivilegedCarbonContext.endTenantFlow(); } - @Test + @Test(description = "Authorization by giving device identifiers, username and permission") public void userAuthDevIdUserNamePermissionResult() throws DeviceAccessAuthorizationException { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION}); - Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2); - Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3); - PrivilegedCarbonContext.endTenantFlow(); - } - - @Test - public void isDevAdminAdminUser() throws DeviceAccessAuthorizationException, UserStoreException, PermissionManagementException { - Assert.assertTrue(deviceAccessAuthorizationService.isDeviceAdminUser()); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 2, + "Non admin user authentication to 2 devices in a shared group failed"); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 3, + "Non admin user authentication to 3 devices in a non-shared group failed"); } - @Test + @Test(description = "Authorization for device admin called by normal user") public void isDevAdminNormalUser() throws DeviceAccessAuthorizationException { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID, true); PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER); - Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser()); - PrivilegedCarbonContext.endTenantFlow(); + Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser(),"Normal user allowed as admin user"); } - private void initializeTestEnvironment() throws UserStoreException, GroupManagementException, RoleDoesNotExistException, - DeviceNotFoundException { - //creating UI permission - Permission adminPermission = new Permission(ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); - Permission deviceViewPermission = new Permission(NON_ADMIN_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION); - UserStoreManager userStoreManager = DeviceManagementDataHolder.getInstance().getRealmService() - .getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getUserStoreManager(); - //Adding a non Admin User - userStoreManager.addUser(NON_ADMIN_ALLOWED_USER, PASSWORD, null, defaultUserClaims, null); - //Adding a normal user - userStoreManager.addUser(NORMAL_USER, PASSWORD, null, defaultUserClaims, null); - //Adding role with permission to Admin user - userStoreManager.addRole(ADMIN_ROLE, new String[]{ADMIN_USER}, new Permission[]{adminPermission}); - //Adding role with permission to non Admin user - userStoreManager.addRole(NON_ADMIN_ROLE, new String[]{NON_ADMIN_ALLOWED_USER}, new Permission[]{deviceViewPermission}); - //Creating default group - GroupManagementProviderService groupManagementProviderService = DeviceManagementDataHolder.getInstance() - .getGroupManagementProviderService(); - groupManagementProviderService.createDefaultGroup(DEFAULT_GROUP); - int groupId = groupManagementProviderService.getGroup(DEFAULT_GROUP).getGroupId(); - //Sharing group with admin and non admin roles - groupManagementProviderService.manageGroupSharing(groupId, new ArrayList<>(Arrays.asList(ADMIN_ROLE, NON_ADMIN_ROLE))); - //Adding first 2 devices to the group - groupDeviceIds.add(deviceIds.get(0)); - groupDeviceIds.add(deviceIds.get(1)); - groupManagementProviderService.addDevices(groupId, groupDeviceIds); + //Check branches of isUserAuthorized + @Test(description = "Checking branch - user is device owner") + public void nonAdminDeviceOwner() throws DeviceAccessAuthorizationException, DeviceManagementException { + + //Creating a temporary device + Device device = new Device(); + EnrolmentInfo enrolmentInfo = new EnrolmentInfo(NON_ADMIN_ALLOWED_USER, EnrolmentInfo.OwnerShip.BYOD,null); + device.setEnrolmentInfo(enrolmentInfo); + device.setName("temp"); + device.setType(DEVICE_TYPE); + device.setDeviceIdentifier("1234"); + DeviceManagementDataHolder.getInstance().getDeviceManagementProvider().enrollDevice(device); + + //temporary device identifier + DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); + deviceIdentifier.setType(DEVICE_TYPE); + deviceIdentifier.setId("1234"); + + List tempList = new ArrayList<>(); + tempList.add(deviceIdentifier); + + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(tempList, NON_ADMIN_ALLOWED_USER, new String[]{NON_ADMIN_PERMISSION}); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 1, + "Non admin device owner failed to access device"); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 0, + "Non admin device owner failed to access device"); } - private Map buildDefaultUserClaims(String firstName, String lastName, String emailAddress) { - Map defaultUserClaims = new HashMap<>(); - defaultUserClaims.put(USER_CLAIM_FIRST_NAME, firstName); - defaultUserClaims.put(USER_CLAIM_LAST_NAME, lastName); - defaultUserClaims.put(USER_CLAIM_EMAIL_ADDRESS, emailAddress); - if (log.isDebugEnabled()) { - log.debug("Default claim map is created for new user: " + defaultUserClaims.toString()); - } - return defaultUserClaims; + @Test(description = "Check authorization without giving permissions") + public void userAuthWithoutPermissions() throws DeviceAccessAuthorizationException { + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(deviceIds, NON_ADMIN_ALLOWED_USER, null); + Assert.assertEquals(deviceAuthorizationResult.getAuthorizedDevices().size(), 0, + "Non admin user try authentication without permission failed"); + Assert.assertEquals(deviceAuthorizationResult.getUnauthorizedDevices().size(), 5, + "Non admin user try authentication without permission failed"); } + + //check Exception cases + @Test(description = "check a null username in isUserAuthorized method") + public void callUserAuthWithoutUsername() throws DeviceAccessAuthorizationException { + PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); + DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. + isUserAuthorized(deviceIds, "", new String[]{NON_ADMIN_PERMISSION}); + Assert.assertEquals(deviceAuthorizationResult,null, + "Not null result for empty username in isUserAuthorized method"); + } + + @AfterClass + public void clearAll() { + PrivilegedCarbonContext.endTenantFlow(); + } + } From 953c9f961967b09eb8aa96f63ba2780d005b694a Mon Sep 17 00:00:00 2001 From: GDLMadushanka Date: Fri, 29 Sep 2017 12:08:53 +0530 Subject: [PATCH 6/7] Reving dependency --- .../device-mgt/org.wso2.carbon.device.mgt.core/pom.xml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml index cb8ea4839b..0ca691f2d4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml @@ -359,12 +359,6 @@ javassist javassist - - org.powermock - powermock-api-mockito - ${power.mock.version} - test - From 9f22dc6bc0ab3ecba4014bf1dd0616abba774cbe Mon Sep 17 00:00:00 2001 From: GDLMadushanka Date: Fri, 29 Sep 2017 12:26:43 +0530 Subject: [PATCH 7/7] Refactoring --- .../DeviceAccessAuthorizationServiceTest.java | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java index 3c2501dc1b..0d47d369cd 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceTest.java @@ -28,14 +28,17 @@ import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.common.*; +import org.wso2.carbon.device.mgt.common.Device; +import org.wso2.carbon.device.mgt.common.DeviceIdentifier; +import org.wso2.carbon.device.mgt.common.DeviceManagementException; +import org.wso2.carbon.device.mgt.common.DeviceNotFoundException; +import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult; import org.wso2.carbon.device.mgt.common.group.mgt.GroupManagementException; import org.wso2.carbon.device.mgt.common.group.mgt.RoleDoesNotExistException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.core.TestDeviceManagementService; -import org.wso2.carbon.device.mgt.core.common.BaseDeviceManagementTest; import org.wso2.carbon.device.mgt.core.common.TestDataHolder; import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager; import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; @@ -62,7 +65,10 @@ import java.util.List; import java.util.HashMap; import java.util.Arrays; -public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTest { +/** + * Unit tests for DeviceAccessAuthorizationServiceTest + */ +public class DeviceAccessAuthorizationServiceTest { private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceTest.class); private static final String DEVICE_TYPE = "AUTH_SERVICE_TEST_TYPE"; private static final int NO_OF_DEVICES = 5; @@ -288,7 +294,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe @Test(description = "Authorization for device admin called by normal user") public void isDevAdminNormalUser() throws DeviceAccessAuthorizationException { PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NORMAL_USER); - Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser(),"Normal user allowed as admin user"); + Assert.assertFalse(deviceAccessAuthorizationService.isDeviceAdminUser(), "Normal user allowed as admin user"); } //Check branches of isUserAuthorized @@ -297,7 +303,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe //Creating a temporary device Device device = new Device(); - EnrolmentInfo enrolmentInfo = new EnrolmentInfo(NON_ADMIN_ALLOWED_USER, EnrolmentInfo.OwnerShip.BYOD,null); + EnrolmentInfo enrolmentInfo = new EnrolmentInfo(NON_ADMIN_ALLOWED_USER, EnrolmentInfo.OwnerShip.BYOD, null); device.setEnrolmentInfo(enrolmentInfo); device.setName("temp"); device.setType(DEVICE_TYPE); @@ -338,7 +344,7 @@ public class DeviceAccessAuthorizationServiceTest extends BaseDeviceManagementTe PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(NON_ADMIN_ALLOWED_USER); DeviceAuthorizationResult deviceAuthorizationResult = deviceAccessAuthorizationService. isUserAuthorized(deviceIds, "", new String[]{NON_ADMIN_PERMISSION}); - Assert.assertEquals(deviceAuthorizationResult,null, + Assert.assertEquals(deviceAuthorizationResult, null, "Not null result for empty username in isUserAuthorized method"); }