james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From adup...@apache.org
Subject [3/4] james-project git commit: JAMES-1784 Add QueryParameterAccessTokenAuthenticationStrategy
Date Fri, 08 Jul 2016 07:55:23 GMT
JAMES-1784 Add QueryParameterAccessTokenAuthenticationStrategy


Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/b6f6ac9a
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/b6f6ac9a
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/b6f6ac9a

Branch: refs/heads/master
Commit: b6f6ac9af0961f425395896773c2d4f1e82d328f
Parents: 6262735
Author: Antoine Duprat <aduprat@linagora.com>
Authored: Fri Jul 1 14:55:51 2016 +0200
Committer: Antoine Duprat <aduprat@linagora.com>
Committed: Fri Jul 8 09:54:06 2016 +0200

----------------------------------------------------------------------
 .../org/apache/james/jmap/JMAPCommonModule.java |  6 +-
 ...ameterAccessTokenAuthenticationStrategy.java | 85 ++++++++++++++++++
 ...erAccessTokenAuthenticationStrategyTest.java | 94 ++++++++++++++++++++
 3 files changed, 183 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/james-project/blob/b6f6ac9a/server/container/guice/guice-common/src/main/java/org/apache/james/jmap/JMAPCommonModule.java
----------------------------------------------------------------------
diff --git a/server/container/guice/guice-common/src/main/java/org/apache/james/jmap/JMAPCommonModule.java
b/server/container/guice/guice-common/src/main/java/org/apache/james/jmap/JMAPCommonModule.java
index 0d5362f..5a9b6a4 100644
--- a/server/container/guice/guice-common/src/main/java/org/apache/james/jmap/JMAPCommonModule.java
+++ b/server/container/guice/guice-common/src/main/java/org/apache/james/jmap/JMAPCommonModule.java
@@ -76,10 +76,12 @@ public class JMAPCommonModule extends AbstractModule {
     @Provides
     public List<AuthenticationStrategy> authStrategies(
             AccessTokenAuthenticationStrategy accessTokenAuthenticationStrategy,
-            JWTAuthenticationStrategy jwtAuthenticationStrategy) {
+            JWTAuthenticationStrategy jwtAuthenticationStrategy,
+            QueryParameterAccessTokenAuthenticationStrategy queryParameterAuthenticationStrategy)
{
 
         return ImmutableList.of(
                 jwtAuthenticationStrategy,
-                accessTokenAuthenticationStrategy);
+                accessTokenAuthenticationStrategy,
+                queryParameterAuthenticationStrategy);
     }
 }

http://git-wip-us.apache.org/repos/asf/james-project/blob/b6f6ac9a/server/protocols/jmap/src/main/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategy.java
b/server/protocols/jmap/src/main/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategy.java
new file mode 100644
index 0000000..498ba91
--- /dev/null
+++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategy.java
@@ -0,0 +1,85 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one   *
+ * or more contributor license agreements.  See the NOTICE file *
+ * distributed with this work for additional information        *
+ * regarding copyright ownership.  The ASF licenses this file   *
+ * to you under the Apache License, Version 2.0 (the            *
+ * "License"); you may not use this file except in compliance   *
+ * with the License.  You may obtain a copy of the License at   *
+ *                                                              *
+ *   http://www.apache.org/licenses/LICENSE-2.0                 *
+ *                                                              *
+ * Unless required by applicable law or agreed to in writing,   *
+ * software distributed under the License is distributed on an  *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
+ * KIND, either express or implied.  See the License for the    *
+ * specific language governing permissions and limitations      *
+ * under the License.                                           *
+ ****************************************************************/
+package org.apache.james.jmap;
+
+import java.util.Optional;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.james.jmap.api.SimpleTokenManager;
+import org.apache.james.jmap.exceptions.MailboxSessionCreationException;
+import org.apache.james.jmap.exceptions.NoValidAuthHeaderException;
+import org.apache.james.jmap.exceptions.UnauthorizedException;
+import org.apache.james.jmap.model.AttachmentAccessToken;
+import org.apache.james.jmap.utils.DownloadPath;
+import org.apache.james.mailbox.MailboxManager;
+import org.apache.james.mailbox.MailboxSession;
+import org.apache.james.mailbox.exception.MailboxException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+
+public class QueryParameterAccessTokenAuthenticationStrategy implements AuthenticationStrategy
{
+
+    private static final Logger LOG = LoggerFactory.getLogger(QueryParameterAccessTokenAuthenticationStrategy.class);
+    private static final String AUTHENTICATION_PARAMETER = "access_token";
+
+    private final SimpleTokenManager tokenManager;
+    private final MailboxManager mailboxManager;
+
+    @Inject
+    @VisibleForTesting
+    QueryParameterAccessTokenAuthenticationStrategy(SimpleTokenManager tokenManager, MailboxManager
mailboxManager) {
+        this.tokenManager = tokenManager;
+        this.mailboxManager = mailboxManager;
+    }
+
+    @Override
+    public MailboxSession createMailboxSession(HttpServletRequest httpRequest) throws MailboxSessionCreationException,
NoValidAuthHeaderException {
+
+        return getAccessToken(httpRequest)
+            .filter(tokenManager::isValid)
+            .map(AttachmentAccessToken::getUsername)
+            .map(this::createSystemSession)
+            .orElseThrow(() -> new UnauthorizedException());
+    }
+
+    private MailboxSession createSystemSession(String username) {
+        try {
+            return mailboxManager.createSystemSession(username, LOG);
+        } catch (MailboxException e) {
+            throw new MailboxSessionCreationException(e);
+        }
+    }
+
+    private Optional<AttachmentAccessToken> getAccessToken(HttpServletRequest httpRequest)
{
+        try {
+            return Optional.of(AttachmentAccessToken.from(httpRequest.getParameter(AUTHENTICATION_PARAMETER),
getBlobId(httpRequest)));
+        } catch (IllegalArgumentException e) {
+            return Optional.empty();
+        }
+    }
+
+    private String getBlobId(HttpServletRequest httpRequest) {
+        String pathInfo = httpRequest.getPathInfo();
+        return DownloadPath.from(pathInfo).getBlobId();
+    }
+}

http://git-wip-us.apache.org/repos/asf/james-project/blob/b6f6ac9a/server/protocols/jmap/src/test/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategyTest.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategyTest.java
b/server/protocols/jmap/src/test/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategyTest.java
new file mode 100644
index 0000000..a04d75d
--- /dev/null
+++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/QueryParameterAccessTokenAuthenticationStrategyTest.java
@@ -0,0 +1,94 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one   *
+ * or more contributor license agreements.  See the NOTICE file *
+ * distributed with this work for additional information        *
+ * regarding copyright ownership.  The ASF licenses this file   *
+ * to you under the Apache License, Version 2.0 (the            *
+ * "License"); you may not use this file except in compliance   *
+ * with the License.  You may obtain a copy of the License at   *
+ *                                                              *
+ *   http://www.apache.org/licenses/LICENSE-2.0                 *
+ *                                                              *
+ * Unless required by applicable law or agreed to in writing,   *
+ * software distributed under the License is distributed on an  *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
+ * KIND, either express or implied.  See the License for the    *
+ * specific language governing permissions and limitations      *
+ * under the License.                                           *
+ ****************************************************************/
+package org.apache.james.jmap;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.james.jmap.api.SimpleTokenManager;
+import org.apache.james.jmap.exceptions.MailboxSessionCreationException;
+import org.apache.james.jmap.exceptions.UnauthorizedException;
+import org.apache.james.jmap.model.AttachmentAccessToken;
+import org.apache.james.mailbox.MailboxManager;
+import org.apache.james.mailbox.exception.MailboxException;
+import org.junit.Before;
+import org.junit.Test;
+import org.slf4j.Logger;
+
+public class QueryParameterAccessTokenAuthenticationStrategyTest {
+
+    private static final String USERNAME = "usera@domain.tld";
+    private static final String VALID_ATTACHMENT_TOKEN = "usera@domain.tld_"
+            + "2016-06-29T13:41:22.124Z_"
+            + "DiZa0O14MjLWrAA8P6MG35Gt5CBp7mt5U1EH/M++rIoZK7nlGJ4dPW0dvZD7h4m3o5b/Yd8DXU5x2x4+s0HOOKzD7X0RMlsU7JHJMNLvTvRGWF/C+MUyC8Zce7DtnRVPEQX2uAZhL2PBABV07Vpa8kH+NxoS9CL955Bc1Obr4G+KN2JorADlocFQA6ElXryF5YS/HPZSvq1MTC6aJIP0ku8WRpRnbwgwJnn26YpcHXcJjbkCBtd9/BhlMV6xNd2hTBkfZmYdoNo+UKBaXWzLxAlbLuxjpxwvDNJfOEyWFPgHDoRvzP+G7KzhVWjanHAHrhF0GilEa/MKpOI1qHBSwA==";
+
+    private SimpleTokenManager mockedSimpleTokenManager;
+    private MailboxManager mockedMailboxManager;
+    private QueryParameterAccessTokenAuthenticationStrategy testee;
+    private HttpServletRequest request;
+
+    @Before
+    public void setup() {
+        mockedSimpleTokenManager = mock(SimpleTokenManager.class);
+        mockedMailboxManager = mock(MailboxManager.class);
+        request = mock(HttpServletRequest.class);
+
+        testee = new QueryParameterAccessTokenAuthenticationStrategy(mockedSimpleTokenManager,
mockedMailboxManager);
+    }
+
+    @Test
+    public void createMailboxSessionShouldThrowWhenNoAccessTokenProvided() {
+        when(request.getParameter("access_token"))
+            .thenReturn(null);
+
+        assertThatThrownBy(() -> testee.createMailboxSession(request))
+            .isExactlyInstanceOf(UnauthorizedException.class);
+    }
+
+    @Test
+    public void createMailboxSessionShouldThrowWhenAccessTokenIsNotValid() {
+        when(request.getParameter("access_token"))
+            .thenReturn("bad");
+
+        assertThatThrownBy(() -> testee.createMailboxSession(request))
+                .isExactlyInstanceOf(UnauthorizedException.class);
+    }
+
+    @Test
+    public void createMailboxSessionShouldThrowWhenMailboxExceptionHasOccurred() throws Exception
{
+        when(mockedMailboxManager.createSystemSession(eq(USERNAME), any(Logger.class)))
+                .thenThrow(new MailboxException());
+
+        when(request.getParameter("access_token"))
+            .thenReturn(VALID_ATTACHMENT_TOKEN);
+        when(request.getPathInfo())
+            .thenReturn("/blobId");
+
+        when(mockedSimpleTokenManager.isValid(AttachmentAccessToken.from(VALID_ATTACHMENT_TOKEN,
"blobId")))
+            .thenReturn(true);
+
+        assertThatThrownBy(() -> testee.createMailboxSession(request))
+                .isExactlyInstanceOf(MailboxSessionCreationException.class);
+    }
+}
\ No newline at end of file


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message