usergrid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From g...@apache.org
Subject [1/8] incubator-usergrid git commit: Ensure that when external token validation is enabled, Admin Users cannot be created, activated or confirmed; plus a test.
Date Mon, 20 Apr 2015 16:18:08 GMT
Repository: incubator-usergrid
Updated Branches:
  refs/heads/master 61b492bb3 -> 2e90f39ce


Ensure that when external token validation is enabled, Admin Users cannot be created, activated
or confirmed; plus a test.


Project: http://git-wip-us.apache.org/repos/asf/incubator-usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-usergrid/commit/11709e05
Tree: http://git-wip-us.apache.org/repos/asf/incubator-usergrid/tree/11709e05
Diff: http://git-wip-us.apache.org/repos/asf/incubator-usergrid/diff/11709e05

Branch: refs/heads/master
Commit: 11709e05cc74abcadde0f817734ef04562237b41
Parents: 25d0077
Author: Dave Johnson <dmjohnson@apigee.com>
Authored: Fri Apr 17 18:23:00 2015 -0400
Committer: Dave Johnson <dmjohnson@apigee.com>
Committed: Fri Apr 17 18:23:00 2015 -0400

----------------------------------------------------------------------
 .../organizations/OrganizationsResource.java    |  18 +++-
 .../rest/management/users/UserResource.java     |  42 ++++++++
 .../rest/management/users/UsersResource.java    |  16 ++-
 .../rest/management/ManagementResourceIT.java   |  22 ++--
 .../rest/management/users/MUUserResourceIT.java | 102 +++++++++++++++++--
 5 files changed, 179 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/11709e05/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
index 67c273f..e4e9eda 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
@@ -33,6 +33,7 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
 
 import org.apache.usergrid.rest.RootResource;
+import org.apache.usergrid.rest.management.ManagementResource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -111,9 +112,9 @@ public class OrganizationsResource extends AbstractContextResource {
         String name = ( String ) json.remove( "name" );
         String email = ( String ) json.remove( "email" );
         String password = ( String ) json.remove( "password" );
-        Map<String, Object> properties = ( Map<String, Object> ) json.remove(
ORGANIZATION_PROPERTIES );
+        Map<String, Object> orgProperties = ( Map<String, Object> ) json.remove(
ORGANIZATION_PROPERTIES );
 
-        return newOrganization( ui, organizationName, username, name, email, password, json,
properties, callback );
+        return newOrganization( ui, organizationName, username, name, email, password, json,
orgProperties, callback );
     }
 
 
@@ -146,7 +147,16 @@ public class OrganizationsResource extends AbstractContextResource {
     /** Create a new organization */
     private JSONWithPadding newOrganization( @Context UriInfo ui, String organizationName,
String username, String name,
                                              String email, String password, Map<String,
Object> userProperties,
-                                             Map<String, Object> properties, String
callback ) throws Exception {
+                                             Map<String, Object> orgProperties, String
callback ) throws Exception {
+
+        final boolean externalTokensEnabled =
+                !StringUtils.isEmpty( properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL
) );
+
+        if ( externalTokensEnabled ) {
+            throw new IllegalArgumentException( "Organization / Admin Users must be created
via " +
+                    properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL ) );
+        }
+
         Preconditions
                 .checkArgument( StringUtils.isNotBlank( organizationName ), "The organization
parameter was missing" );
 
@@ -157,7 +167,7 @@ public class OrganizationsResource extends AbstractContextResource {
 
         OrganizationOwnerInfo organizationOwner = management
                 .createOwnerAndOrganization( organizationName, username, name, email, password,
false, false,
-                        userProperties, properties );
+                        userProperties, orgProperties );
 
         if ( organizationOwner == null ) {
             logger.info( "organizationOwner is null, returning. organization: {}", organizationName
);

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/11709e05/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 49b0037..de3928d 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -33,6 +33,8 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
 
+import org.apache.commons.lang.StringUtils;
+import org.apache.usergrid.rest.management.ManagementResource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Scope;
@@ -205,6 +207,14 @@ public class UserResource extends AbstractContextResource {
     @Produces( MediaType.TEXT_HTML )
     public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String
token ) {
 
+        final boolean externalTokensEnabled =
+                !StringUtils.isEmpty( properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL
) );
+
+        if ( externalTokensEnabled ) {
+            throw new IllegalArgumentException( "Admin Users must reset passwords via " +
+                    properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL ) );
+        }
+
         try {
             this.token = token;
 
@@ -234,6 +244,14 @@ public class UserResource extends AbstractContextResource {
                                              @FormParam( "recaptcha_challenge_field" ) String
challenge,
                                              @FormParam( "recaptcha_response_field" ) String
uresponse ) {
 
+        final boolean externalTokensEnabled =
+                !StringUtils.isEmpty( properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL
) );
+
+        if ( externalTokensEnabled ) {
+            throw new IllegalArgumentException( "Admin Users must reset passwords via " +
+                    properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL ) );
+        }
+
         try {
             this.token = token;
 
@@ -309,6 +327,14 @@ public class UserResource extends AbstractContextResource {
     @Produces( MediaType.TEXT_HTML )
     public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token )
{
 
+        final boolean externalTokensEnabled =
+                !StringUtils.isEmpty( properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL
) );
+
+        if ( externalTokensEnabled ) {
+            throw new IllegalArgumentException( "Admin Users must activate via " +
+                    properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL ) );
+        }
+
         try {
             management.handleActivationTokenForAdminUser( user.getUuid(), token );
             return handleViewable( "activate", this );
@@ -330,6 +356,14 @@ public class UserResource extends AbstractContextResource {
     @Produces( MediaType.TEXT_HTML )
     public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
 
+        final boolean externalTokensEnabled =
+                !StringUtils.isEmpty( properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL
) );
+
+        if ( externalTokensEnabled ) {
+            throw new IllegalArgumentException( "Admin Users must confirm via " +
+                    properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL ) );
+        }
+
         try {
             ActivationState state = management.handleConfirmationTokenForAdminUser( user.getUuid(),
token );
             if ( state == ActivationState.CONFIRMED_AWAITING_ACTIVATION ) {
@@ -355,6 +389,14 @@ public class UserResource extends AbstractContextResource {
                                        @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback )
             throws Exception {
 
+        final boolean externalTokensEnabled =
+                !StringUtils.isEmpty( properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL
) );
+
+        if ( externalTokensEnabled ) {
+            throw new IllegalArgumentException( "Admin Users must reactiveate via " +
+                    properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL ) );
+        }
+
         logger.info( "Send activation email for user: {}" , user.getUuid() );
 
         ApiResponse response = createApiResponse();

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/11709e05/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
index 144a6de..d907632 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
@@ -34,8 +34,10 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.usergrid.management.exceptions.ManagementException;
 import org.apache.usergrid.rest.RootResource;
+import org.apache.usergrid.rest.management.ManagementResource;
 import org.apache.usergrid.services.exceptions.ServiceResourceNotFoundException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -78,7 +80,7 @@ public class UsersResource extends AbstractContextResource {
     @Path(RootResource.USER_ID_PATH)
     public UserResource getUserById( @Context UriInfo ui, @PathParam( "userId" ) String userIdStr
) throws Exception {
 
-        return getUserResource(management.getAdminUserByUuid(UUID.fromString(userIdStr)),
"user id", userIdStr);
+        return getUserResource(management.getAdminUserByUuid( UUID.fromString( userIdStr
) ), "user id", userIdStr);
     }
 
 
@@ -101,14 +103,14 @@ public class UsersResource extends AbstractContextResource {
         if (user == null) {
             throw new ManagementException("Could not find organization for " + type + " :
" + value);
         }
-        return getSubResource(UserResource.class).init(user);
+        return getSubResource(UserResource.class).init( user );
     }
 
 
     @Path(RootResource.EMAIL_PATH)
     public UserResource getUserByEmail( @Context UriInfo ui, @PathParam( "email" ) String
email ) throws Exception {
 
-        return getUserResource(management.getAdminUserByEmail(email), "email", email);
+        return getUserResource(management.getAdminUserByEmail( email ), "email", email);
     }
 
 
@@ -120,6 +122,14 @@ public class UsersResource extends AbstractContextResource {
                                        @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback )
             throws Exception {
 
+        final boolean externalTokensEnabled =
+                !StringUtils.isEmpty( properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL
) );
+
+        if ( externalTokensEnabled ) {
+            throw new IllegalArgumentException( "Admin Users must signup via " +
+                    properties.getProperty( ManagementResource.USERGRID_CENTRAL_URL ) );
+        }
+
         logger.info( "Create user: " + username );
 
         ApiResponse response = createApiResponse();

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/11709e05/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
index d6b507e..2cec9ac 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
@@ -669,7 +669,7 @@ public class ManagementResourceIT extends AbstractRestIT {
 
         String suToken = superAdminToken();
         Map<String, String> props = new HashMap<String, String>();
-        props.put( USERGRID_CENTRAL_URL, getBaseURI().toURL().toExternalForm());
+        props.put( USERGRID_CENTRAL_URL, getBaseURI().toURL().toExternalForm() );
         resource().path( "/testproperties" )
                 .queryParam( "access_token", suToken)
                 .accept( MediaType.APPLICATION_JSON )
@@ -722,7 +722,7 @@ public class ManagementResourceIT extends AbstractRestIT {
 
         // create an org and an admin user
 
-        String rand = RandomStringUtils.randomAlphanumeric(10);
+        String rand = RandomStringUtils.randomAlphanumeric( 10 );
         final String username = "user_" + rand;
         OrganizationOwnerInfo orgInfo = setup.getMgmtSvc().createOwnerAndOrganization(
                 username, username, "Test User", username + "@example.com", "password" );
@@ -743,17 +743,23 @@ public class ManagementResourceIT extends AbstractRestIT {
         try {
 
             Map<String, Object> loginInfo = new HashMap<String, Object>() {{
-                                                                              put("username",
username );
-                                                                              put("password",
"password");
-                                                                              put("grant_type",
"password");
-                                                                              }};
+                put("username", username );
+                put("password", "password");
+                put("grant_type", "password");
+            }};
             JsonNode accessInfoNode = resource().path("/management/token")
                     .type( MediaType.APPLICATION_JSON_TYPE )
                     .post( JsonNode.class, loginInfo );
             fail("Login as Admin User must fail when validate external tokens is enabled");
 
-        } catch ( Exception actual ) {
-            logger.debug( "error", actual );
+        } catch ( UniformInterfaceException actual ) {
+            assertEquals( 400, actual.getResponse().getStatus() );
+            String errorMsg = actual.getResponse().getEntity( JsonNode.class ).get( "error_description"
).toString();
+            logger.error( "ERROR: " + errorMsg );
+            assertTrue( errorMsg.contains( "Admin Users must login via" ));
+
+        } catch ( Exception e ) {
+            fail( "We expected a UniformInterfaceException" );
         }
 
         // login as superuser must succeed

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/11709e05/stack/rest/src/test/java/org/apache/usergrid/rest/management/users/MUUserResourceIT.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/users/MUUserResourceIT.java
b/stack/rest/src/test/java/org/apache/usergrid/rest/management/users/MUUserResourceIT.java
index a75a401..65d6d50 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/users/MUUserResourceIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/users/MUUserResourceIT.java
@@ -25,9 +25,14 @@ import java.util.Map;
 import javax.mail.Message;
 import javax.mail.MessagingException;
 import javax.mail.internet.MimeMultipart;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 
+import org.apache.commons.lang.RandomStringUtils;
 import org.codehaus.jackson.JsonNode;
+import org.jclouds.json.Json;
 import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
@@ -55,6 +60,7 @@ import org.apache.commons.lang.StringUtils;
 import com.sun.jersey.api.client.UniformInterfaceException;
 import com.sun.jersey.api.representation.Form;
 
+import static org.apache.usergrid.rest.management.ManagementResource.USERGRID_CENTRAL_URL;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -71,7 +77,7 @@ import static org.apache.usergrid.utils.MapUtils.hashMap;
 
 /** @author zznate */
 public class MUUserResourceIT extends AbstractRestIT {
-    private Logger LOG = LoggerFactory.getLogger( MUUserResourceIT.class );
+    private Logger logger = LoggerFactory.getLogger( MUUserResourceIT.class );
 
 
     @Rule
@@ -87,7 +93,7 @@ public class MUUserResourceIT extends AbstractRestIT {
     @Test
 //    @Ignore( "aok - check this please" )
     public void testCaseSensitivityAdminUser() throws Exception {
-        LOG.info( "Starting testCaseSensitivityAdminUser()" );
+        logger.info( "Starting testCaseSensitivityAdminUser()" );
         UserInfo mixcaseUser = setup.getMgmtSvc()
                                     .createAdminUser( "AKarasulu", "Alex Karasulu", "AKarasulu@Apache.org",
"test",
                                             true, false );
@@ -157,7 +163,7 @@ public class MUUserResourceIT extends AbstractRestIT {
                 assertEquals( "invalid_grant", node.get( "error" ).getTextValue() );
                 assertEquals( "User must be confirmed to authenticate",
                         node.get( "error_description" ).getTextValue() );
-                LOG.info( "Unconfirmed user was not authorized to authenticate!" );
+                logger.info( "Unconfirmed user was not authorized to authenticate!" );
             }
 
             // Confirm the getting account confirmation email for unconfirmed user
@@ -174,7 +180,7 @@ public class MUUserResourceIT extends AbstractRestIT {
             // Extract the token to confirm the user
             // -------------------------------------------
             String token = getTokenFromMessage( confirmation );
-            LOG.info( token );
+            logger.info( token );
 
             ActivationState state =
                     setup.getMgmtSvc().handleConfirmationTokenForAdminUser( orgOwner.getOwner().getUuid(),
token );
@@ -194,7 +200,7 @@ public class MUUserResourceIT extends AbstractRestIT {
                     .accept( MediaType.APPLICATION_JSON ).get( JsonNode.class );
 
             assertNotNull( node );
-            LOG.info( "Authentication succeeded after confirmation: {}.", node.toString()
);
+            logger.info( "Authentication succeeded after confirmation: {}.", node.toString()
);
         }
         finally {
             setTestProperties( originalProperties );
@@ -305,7 +311,7 @@ public class MUUserResourceIT extends AbstractRestIT {
         logNode( node );
 
         payload = hashMap( "company", "Usergrid" );
-        LOG.info( "sending PUT for company update" );
+        logger.info( "sending PUT for company update" );
         node = resource().path( String.format( "/management/users/%s", userId ) ).queryParam(
"access_token", token )
                 .type( MediaType.APPLICATION_JSON_TYPE ).put( JsonNode.class, payload );
         assertNotNull( node );
@@ -602,4 +608,88 @@ public class MUUserResourceIT extends AbstractRestIT {
         assertEquals( context.getActiveUser().getEmail(), adminNode.get( "email" ).asText()
);
         assertEquals( context.getActiveUser().getUser(), adminNode.get( "username" ).asText()
);
     }
+
+
+    @Test
+    public void testNoAdminUserSignupWhenValidateExternalTokensEnabled() throws Exception
{
+
+        // turn on validate external tokens by setting the usergrid.central.url
+
+        String suToken = superAdminToken();
+        Map<String, String> props = new HashMap<String, String>();
+        props.put( USERGRID_CENTRAL_URL, getBaseURI().toURL().toExternalForm());
+        resource().path( "/testproperties" )
+                .queryParam( "access_token", suToken)
+                .accept( MediaType.APPLICATION_JSON )
+                .type( MediaType.APPLICATION_JSON_TYPE )
+                .post( props );
+
+        // create an admin user must fail
+
+        try {
+
+            // create an admin user
+
+            final String rand = RandomStringUtils.randomAlphanumeric( 10 );
+            Map<String, String> payload = new HashMap<String, String>() {{
+                put( "username", "user_" + rand );
+                put( "name", "Joe Userperson" );
+                put( "email", "joe_" + rand + "@example.com" );
+                put( "password", "wigglestone" );
+            }};
+            JsonNode node = resource().path( "/management/users")
+                    .accept( MediaType.APPLICATION_JSON )
+                    .type( MediaType.APPLICATION_JSON )
+                    .post( JsonNode.class, payload );
+
+            fail( "Create admin user should fail" );
+
+        } catch ( UniformInterfaceException actual ) {
+            assertEquals( 400, actual.getResponse().getStatus() );
+            String errorMsg = actual.getResponse().getEntity( JsonNode.class ).get( "error_description"
).toString();
+            assertTrue( errorMsg.startsWith( "Admin Users must signup via http://localhost:"
) );
+
+        } catch ( Exception e ) {
+            fail("We expected a UniformInterfaceException");
+        }
+
+
+        try {
+
+            // create an org and an admin user
+
+            final String rand = RandomStringUtils.randomAlphanumeric( 10 );
+            Map<String, String> payload = new HashMap<String, String>() {{
+                put( "organization", "org_" + rand );
+                put( "username", "user_" + rand );
+                put( "name", "Joe Userperson" );
+                put( "email", "joe_" + rand + "@example.com" );
+                put( "password", "wigglestone" );
+            }};
+            JsonNode node = resource().path( "/management/organizations/")
+                    .accept( MediaType.APPLICATION_JSON )
+                    .type( MediaType.APPLICATION_JSON )
+                    .post( JsonNode.class, payload );
+
+            fail( "Create org and admin user should fail" );
+
+        } catch ( UniformInterfaceException actual ) {
+            assertEquals( 400, actual.getResponse().getStatus() );
+            assertTrue( actual.getResponse().getEntity( JsonNode.class ).get( "error_description"
)
+                    .toString().startsWith( "Organization / Admin Users must be created via
http://localhost:" ));
+
+        } catch ( Exception e ) {
+            fail("We expected a UniformInterfaceException");
+        }
+
+
+        // turn off validate external tokens by un-setting the usergrid.central.url
+
+        props.put( USERGRID_CENTRAL_URL, "" );
+        resource().path( "/testproperties" )
+                .queryParam( "access_token", suToken)
+                .accept( MediaType.APPLICATION_JSON )
+                .type( MediaType.APPLICATION_JSON_TYPE )
+                .post( props );
+    }
 }


Mime
View raw message