Skip to content

Add FormAuth smoke test to Elytron package and Vert.x http package #5690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 23, 2019
Merged

Add FormAuth smoke test to Elytron package and Vert.x http package #5690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions ...y-properties-file/deployment/src/test/java/io/quarkus/security/test/FormAuthTestCase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
package io.quarkus.security.test;

import static io.restassured.RestAssured.given;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;
import io.restassured.RestAssured;
import io.restassured.authentication.FormAuthConfig;

/**
* Tests of FORM authentication mechanism
* <p>
* See @io.quarkus.vertx.http.security.FormAuthTestCase for functional coverage.
*/
public class FormAuthTestCase {
static Class[] testClasses = {
TestSecureServlet.class, TestApplication.class, RolesEndpointClassLevel.class
};

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest()
.setArchiveProducer(() -> ShrinkWrap.create(JavaArchive.class)
.addClasses(testClasses)
.addAsResource("application-form-auth.properties", "application.properties")
.addAsResource("test-users.properties")
.addAsResource("test-roles.properties"));

@Test()
public void testSecureAccessSuccess() {
RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
given().auth()
.form("stuart", "test",
new FormAuthConfig("j_security_check", "j_username", "j_password")
.withLoggingEnabled())
.when().get("/secure-test").then().statusCode(200);

given().auth()
.form("jdoe", "p4ssw0rd",
new FormAuthConfig("j_security_check", "j_username", "j_password")
.withLoggingEnabled())
.when().get("/secure-test").then().statusCode(403);

given().auth()
.form("scott", "jb0ss",
new FormAuthConfig("j_security_check", "j_username", "j_password")
.withLoggingEnabled())
.when().get("/jaxrs-secured/rolesClass").then().statusCode(200);
}

}
23 changes: 23 additions & 0 deletions ...n-security-properties-file/deployment/src/test/resources/application-form-auth.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Logging
quarkus.log.level=DEBUG
quarkus.log.console.enable=true
quarkus.log.console.level=DEBUG
quarkus.log.file.enable=true
quarkus.log.file.path=/tmp/trace.log
quarkus.log.file.level=TRACE
quarkus.log.file.format=%d{HH:mm:ss} %-5p [%c{2.}]] (%t) %s%e%n
quarkus.log.category."io.quarkus.arc".level=TRACE
quarkus.log.category."io.undertow.request.security".level=TRACE

# Identities
quarkus.security.users.file.enabled=true
quarkus.security.users.file.users=test-users.properties
quarkus.security.users.file.roles=test-roles.properties
quarkus.security.users.file.plain-text=true

# Auth method
quarkus.http.auth.form.enabled=true
quarkus.http.auth.basic=false
quarkus.http.auth.form.login-page=/
quarkus.http.auth.form.error-page=/
quarkus.http.auth.form.landing-page=/
91 changes: 91 additions & 0 deletions ...http/deployment/src/test/java/io/quarkus/vertx/http/security/FormAuthCookiesTestCase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
package io.quarkus.vertx.http.security;

import static org.hamcrest.Matchers.*;

import java.util.function.Supplier;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;
import io.restassured.RestAssured;
import io.restassured.filter.cookie.CookieFilter;

public class FormAuthCookiesTestCase {

private static final String APP_PROPS = "" +
"quarkus.http.auth.form.enabled=true\n" +
"quarkus.http.auth.form.login-page=login\n" +
"quarkus.http.auth.form.error-page=error\n" +
"quarkus.http.auth.form.landing-page=landing\n" +
"quarkus.http.auth.policy.r1.roles-allowed=admin\n" +
"quarkus.http.auth.permission.roles1.paths=/admin%E2%9D%A4\n" +
"quarkus.http.auth.permission.roles1.policy=r1\n" +
"quarkus.http.auth.form.timeout=PT6S\n" +
"quarkus.http.auth.form.new-cookie-interval=PT2S\n" +
"quarkus.http.auth.form.cookie-name=laitnederc-sukrauq\n" +
"quarkus.http.auth.session.encryption-key=CHANGEIT-CHANGEIT-CHANGEIT-CHANGEIT-CHANGEIT\n";

@RegisterExtension
static QuarkusUnitTest test = new QuarkusUnitTest().setArchiveProducer(new Supplier<JavaArchive>() {
@Override
public JavaArchive get() {
return ShrinkWrap.create(JavaArchive.class)
.addClasses(TestIdentityProvider.class, TestTrustedIdentityProvider.class, PathHandler.class)
.addAsResource(new StringAsset(APP_PROPS), "application.properties");
}
});

@BeforeAll
public static void setup() {
TestIdentityController.resetRoles()
.add("admin", "admin", "admin");
}

@Test
public void testFormBasedAuthSuccess() {
RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
CookieFilter cookies = new CookieFilter();
RestAssured
.given()
.filter(cookies)
.redirects().follow(false)
.when()
.get("/admin❤")
.then()
.assertThat()
.statusCode(302)
.header("location", containsString("/login"))
.cookie("quarkus-redirect-location", containsString("/admin%E2%9D%A4"));

RestAssured
.given()
.filter(cookies)
.redirects().follow(false)
.when()
.formParam("j_username", "admin")
.formParam("j_password", "admin")
.post("/j_security_check")
.then()
.assertThat()
.statusCode(302)
.header("location", containsString("/admin%E2%9D%A4"))
.cookie("laitnederc-sukrauq", notNullValue());

RestAssured
.given()
.filter(cookies)
.redirects().follow(false)
.when()
.get("/admin❤")
.then()
.assertThat()
.statusCode(200)
.body(equalTo("admin:/admin%E2%9D%A4"));

}
}
2 changes: 1 addition & 1 deletion ...ime/src/main/java/io/quarkus/vertx/http/runtime/security/FormAuthenticationMechanism.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public void init(HttpConfiguration httpConfiguration, HttpBuildTimeConfig buildT
key = httpConfiguration.encryptionKey;
}
FormAuthConfig form = buildTimeConfig.auth.form;
loginManager = new PersistentLoginManager(key, "quarkus-credential", form.timeout.toMillis(),
loginManager = new PersistentLoginManager(key, form.cookieName, form.timeout.toMillis(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

form.newCookieInterval.toMillis());
loginPage = form.loginPage.startsWith("/") ? form.loginPage : "/" + form.loginPage;
errorPage = form.errorPage.startsWith("/") ? form.errorPage : "/" + form.errorPage;
Expand Down