usergrid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mru...@apache.org
Subject [6/8] usergrid git commit: Allow superuser to access @RequireAdminUserAccess
Date Tue, 29 Mar 2016 20:11:47 GMT
Allow superuser to access @RequireAdminUserAccess


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/f61b5a13
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/f61b5a13
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/f61b5a13

Branch: refs/heads/hotfix-2.0.0
Commit: f61b5a1306e5f5bed29286c3a821797f7ca9b81c
Parents: 8dddc0e
Author: Michael Russo <mrusso@apigee.com>
Authored: Mon Feb 22 21:17:24 2016 -0800
Committer: Michael Russo <mrusso@apigee.com>
Committed: Mon Feb 22 21:17:24 2016 -0800

----------------------------------------------------------------------
 .../MvccEntitySerializationStrategyImpl.java    |  2 +-
 .../security/SecuredResourceFilterFactory.java  |  2 +-
 .../usergrid/rest/management/AdminUsersIT.java  | 99 ++++++++++++++++----
 .../endpoints/NamedResource.java                | 32 +++++++
 .../endpoints/mgmt/OrgResource.java             |  5 +
 .../endpoints/mgmt/TokenResource.java           |  9 ++
 6 files changed, 130 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/f61b5a13/stack/corepersistence/collection/src/main/java/org/apache/usergrid/persistence/collection/serialization/impl/MvccEntitySerializationStrategyImpl.java
----------------------------------------------------------------------
diff --git a/stack/corepersistence/collection/src/main/java/org/apache/usergrid/persistence/collection/serialization/impl/MvccEntitySerializationStrategyImpl.java
b/stack/corepersistence/collection/src/main/java/org/apache/usergrid/persistence/collection/serialization/impl/MvccEntitySerializationStrategyImpl.java
index 6badbc1..8dbb24f 100644
--- a/stack/corepersistence/collection/src/main/java/org/apache/usergrid/persistence/collection/serialization/impl/MvccEntitySerializationStrategyImpl.java
+++ b/stack/corepersistence/collection/src/main/java/org/apache/usergrid/persistence/collection/serialization/impl/MvccEntitySerializationStrategyImpl.java
@@ -200,7 +200,7 @@ public abstract class MvccEntitySerializationStrategyImpl implements MvccEntityS
                             final List<ScopedRowKey<CollectionPrefixedKey<Id>>>
scopedRowKeys ) {
 
                             try {
-                                return keyspace.prepareQuery( columnFamily ).getKeySlice(
rowKeys )
+                                return keyspace.prepareQuery( columnFamily ).getKeySlice(
scopedRowKeys )
                                                               .withColumnRange( maxVersion,
null, false,
                                                                       1 ).execute().getResult();
                             }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/f61b5a13/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 2699938..c554fea 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -321,7 +321,7 @@ public class SecuredResourceFilterFactory implements ResourceFilterFactory
{
         @Override
         public void authorize( ContainerRequest request ) {
             logger.debug( "AdminUserFilter.authorize" );
-            if ( !isUser( getUserIdentifier() ) ) {
+            if ( !isUser( getUserIdentifier() ) && !isServiceAdmin() ) {
                 throw mappableSecurityException( "unauthorized", "No admin user access authorized"
);
             }
         }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/f61b5a13/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
index 2a68029..7b13fd1 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
@@ -158,6 +158,7 @@ public class AdminUsersIT extends AbstractRestIT {
      * Get the management user feed and check that it has the correct title.
      * @throws Exception
      */
+    @Ignore
     @Test
     public void mgmtUserFeed() throws Exception {
 
@@ -332,16 +333,35 @@ public class AdminUsersIT extends AbstractRestIT {
         }
     }
 
-    /**
-     * Update the current management user and make sure the change persists
-     * @throws Exception
-     */
-    @Ignore("Fails because we cannot GET a management user with a super user token - only
with an Admin level token."
-        + "But, we can PUT with a superuser token. This test will work once that issue has
been resolved.")
     @Test
-    public void updateManagementUser() throws Exception {
+    public void updateManagementUserNoToken() throws Exception {
+
+
+        Organization newOrg = createOrgPayload( "updateManagementUserNoToken", null );
+
+
+        Organization orgReturned = clientSetup.getRestClient().management().orgs().post(
newOrg );
+
+        assertNotNull( orgReturned.getOwner() );
+
+        //Add a property to management user
+        Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
+
+        try{
+            management().users().user( newOrg.getUsername() ).put( userProperty );
+        } catch( UniformInterfaceException e ){
+
+            int status = e.getResponse().getStatus();
+            assertEquals(401, status);
+        }
+
+    }
+
+    @Test
+    public void updateManagementUserSuperuserToken() throws Exception {
+
 
-        Organization newOrg = createOrgPayload( "updateManagementUser", null );
+        Organization newOrg = createOrgPayload( "updateManagementUserSuperuserToken", null
);
 
 
         Organization orgReturned = clientSetup.getRestClient().management().orgs().post(
newOrg );
@@ -350,24 +370,69 @@ public class AdminUsersIT extends AbstractRestIT {
 
         //Add a property to management user
         Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
+
+        management.token().setToken( clientSetup.getSuperuserToken());
         management().users().user( newOrg.getUsername() ).put( userProperty );
 
-        Entity userUpdated = updateAdminUser( userProperty, orgReturned );
 
-        assertEquals( "usergrid",userUpdated.getAsString( "company" ) );
+    }
 
-        //Update property with new management value.
-        userProperty = new Entity(  ).chainPut( "company","Apigee" );
+    @Test
+    public void updateManagementUserAdminToken() throws Exception {
 
-        userUpdated = updateAdminUser( userProperty, orgReturned);
+        Organization newOrg = createOrgPayload( "updateManagementUserAdminToken", null );
+
+
+        Organization orgReturned = clientSetup.getRestClient().management().orgs().post(
newOrg );
+
+        assertNotNull( orgReturned.getOwner() );
+
+        String orgName = orgReturned.getName();
+
+        //Add a property to management user
+        Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
+
+        User adminUser = orgReturned.getOwner();
+
+        Token adminToken = management.token().get(adminUser.getUsername(), orgName);
+        assertNotNull(adminToken);
+        management.token().setToken( adminToken );
+        management().users().user( newOrg.getUsername() ).put( userProperty );
 
-        assertEquals( "Apigee",userUpdated.getAsString( "company" ) );
     }
 
-    private Entity updateAdminUser(Entity userProperty, Organization organization){
-        management().users().user( organization.getUsername() ).put( userProperty );
+    @Test
+    public void updateManagementUserWrongAdminToken() throws Exception {
+
+        Organization newOrg = createOrgPayload( "updateManagementUserWrongAdminToken", null
);
+        Organization orgReturned = clientSetup.getRestClient().management().orgs().post(
newOrg );
+        assertNotNull( orgReturned.getOwner() );
+
+        // add a new management user to the org for the purpose of a 'wrong' user trying
update others
+        Entity adminUserPayload = new Entity();
+        String wrongAdminUsername = "wrongAdminUser"+UUIDUtils.newTimeUUID();
+        adminUserPayload.put( "username", wrongAdminUsername );
+        adminUserPayload.put( "name", wrongAdminUsername );
+        adminUserPayload.put( "email", wrongAdminUsername+"@usergrid.com" );
+        adminUserPayload.put( "password", wrongAdminUsername );
+        management().orgs().org( clientSetup.getOrganizationName() ).users().post(User.class
,adminUserPayload );
 
-        return management().users().user( organization.getUsername() ).get();
+
+        // get token of the newly added wrongAdminUser
+        Token wrongAdminToken = management.token().get(wrongAdminUsername, wrongAdminUsername);
+        assertNotNull(wrongAdminToken);
+        management.token().setToken( wrongAdminToken );
+
+        try{
+            //Add a property to management user
+            Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
+            management().users().user( newOrg.getUsername() ).put( userProperty );
+
+        } catch( UniformInterfaceException e ){
+
+            int status = e.getResponse().getStatus();
+            assertEquals(401, status);
+        }
 
     }
 

http://git-wip-us.apache.org/repos/asf/usergrid/blob/f61b5a13/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/NamedResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/NamedResource.java
b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/NamedResource.java
index bf5dbf0..8d8ed6b 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/NamedResource.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/NamedResource.java
@@ -17,12 +17,16 @@
 package org.apache.usergrid.rest.test.resource2point0.endpoints;
 
 
+import com.sun.jersey.api.client.GenericType;
+import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
+import org.apache.usergrid.rest.test.resource2point0.model.Entity;
 import org.apache.usergrid.rest.test.resource2point0.model.QueryParameters;
 import org.apache.usergrid.rest.test.resource2point0.model.Token;
 import org.apache.usergrid.rest.test.resource2point0.state.ClientContext;
 
 import com.sun.jersey.api.client.WebResource;
 
+import javax.ws.rs.core.MediaType;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
@@ -105,5 +109,33 @@ public abstract class NamedResource implements UrlResource {
         return resource;
     }
 
+    public <T> T post(Class<T> type, Entity requestEntity) {
+        return post(true,type,requestEntity,null,false);
+
+    }
+
+    //Used for empty posts
+    public <T> T post( boolean useToken, Class<T> type, Map entity, final QueryParameters
queryParameters, boolean useBasicAuthentication ) {
+        WebResource resource = getResource(useToken);
+        resource = addParametersToResource(resource, queryParameters);
+        WebResource.Builder builder = resource
+            .type(MediaType.APPLICATION_JSON_TYPE)
+            .accept( MediaType.APPLICATION_JSON );
+
+        if(entity!=null){
+            builder.entity(entity);
+        }
+
+        if(useBasicAuthentication){
+            //added httpBasicauth filter to all setup calls because they all do verification
this way.
+            HTTPBasicAuthFilter httpBasicAuthFilter = new HTTPBasicAuthFilter( "superuser","superpassword"
);
+            resource.addFilter(httpBasicAuthFilter);
+        }
+
+        GenericType<T> gt = new GenericType<>((Class) type);
+        return builder.post(gt.getRawClass());
+
+    }
+
 
 }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/f61b5a13/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/OrgResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/OrgResource.java
b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/OrgResource.java
index 2786cb0..1b7202a 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/OrgResource.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/OrgResource.java
@@ -55,6 +55,11 @@ public class OrgResource  extends NamedResource {
         return new OrganizationResource( orgname,context,this );
     }
 
+    public OrganizationResource org( final String orgname ){
+        return new OrganizationResource( orgname,context,this );
+    }
+
+
     /**
      * This post is for the POST params case, where the entire call is made using queryParameters.
      */

http://git-wip-us.apache.org/repos/asf/usergrid/blob/f61b5a13/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/TokenResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/TokenResource.java
b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/TokenResource.java
index cb4d286..b029949 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/TokenResource.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource2point0/endpoints/mgmt/TokenResource.java
@@ -48,6 +48,15 @@ public class TokenResource extends NamedResource {
         return token;
     }
 
+    public Token get(String username, String password){
+        QueryParameters queryParameters = new QueryParameters();
+        queryParameters.addParam( "grant_type", "password" );
+        queryParameters.addParam( "username", username );
+        queryParameters.addParam( "password", password );
+        return get(queryParameters);
+
+    }
+
     /**
      * Obtains an access token and sets the token for the context to use in later calls
      *


Mime
View raw message