This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
The following commit(s) were added to refs/heads/master by this push:
new 1b25737 Improving login
1b25737 is described below
commit 1b257374591d87211d1fc2f154cf18d0303cce98
Author: Martin Stockhammer <[email protected]>
AuthorDate: Sun Jul 12 22:34:38 2020 +0200
Improving login
---
.../rest/api/model/RequestTokenRequest.java | 4 +-
.../redback/rest/api/model/TokenResponse.java | 2 +-
.../services/v2/DefaultAuthenticationService.java | 5 +++
.../services/v2/AbstractNativeRestServices.java | 24 ++++++++++--
.../v2/NativeAuthenticationServiceTest.java | 44 ++++++++++++++++++++++
5 files changed, 73 insertions(+), 6 deletions(-)
diff --git
a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/RequestTokenRequest.java
b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/RequestTokenRequest.java
index 470344d..ac878d1 100644
---
a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/RequestTokenRequest.java
+++
b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/RequestTokenRequest.java
@@ -27,7 +27,7 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name="refreshToken")
public class RequestTokenRequest
{
- String grantType = "authorization_code";
+ String grantType = "";
String clientId;
String clientSecret;
String code;
@@ -116,6 +116,7 @@ public class RequestTokenRequest
return password;
}
+ @XmlElement(name="password", required = true, nillable = false)
public void setPassword( String password )
{
this.password = password;
@@ -153,4 +154,5 @@ public class RequestTokenRequest
{
this.state = state;
}
+
}
diff --git
a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/TokenResponse.java
b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/TokenResponse.java
index 6c9d427..ad2deee 100644
---
a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/TokenResponse.java
+++
b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/TokenResponse.java
@@ -32,7 +32,7 @@ import java.time.Instant;
public class TokenResponse
{
String accessToken;
- String tokenType = "bearer";
+ String tokenType = "Bearer";
long expiresIn;
String refreshToken;
String scope;
diff --git
a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
index d9ea256..89fadd5 100644
---
a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
+++
b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
@@ -113,6 +113,9 @@ public class DefaultAuthenticationService
public TokenResponse logIn( RequestTokenRequest loginRequest )
throws RedbackServiceException
{
+ if (!"authorization_code".equals(loginRequest.getGrantType())) {
+ throw new RedbackServiceException(
"redback:bad_authorization_code", Response.Status.FORBIDDEN.getStatusCode( ) );
+ }
String userName = loginRequest.getUserId(), password =
loginRequest.getPassword();
PasswordBasedAuthenticationDataSource authDataSource =
new PasswordBasedAuthenticationDataSource( userName, password );
@@ -199,6 +202,8 @@ public class DefaultAuthenticationService
{
Token accessToken = jwtAuthenticator.refreshAccessToken(
request.getRefreshToken( ) );
Token refreshToken = jwtAuthenticator.tokenFromString(
request.getRefreshToken( ) );
+ response.setHeader( "Cache-Control", "no-store" );
+ response.setHeader( "Pragma", "no-cache" );
return new TokenResponse( accessToken, refreshToken );
}
catch ( TokenAuthenticationException e )
diff --git
a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java
b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java
index 2c24730..547a43b 100644
---
a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java
+++
b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java
@@ -63,11 +63,13 @@ public abstract class AbstractNativeRestServices
public static final String SYSPROP_START_SERVER =
"archiva.rest.start.server";
public static final String SYSPROP_SERVER_PORT =
"archiva.rest.server.port";
public static final String SYSPROP_SERVER_BASE_URI =
"archiva.rest.server.baseuri";
+ public static final String SYSPROP_SERVER_ADMIN_PWD =
"archiva.rest.server.admin_pwd";
public static final int STOPPED = 0;
public static final int STOPPING = 1;
public static final int STARTING = 2;
public static final int STARTED = 3;
public static final int ERROR = 4;
+ public static final String DEFAULT_ADMIN_PWD = "Ackd245_aer9sdfa#sjDfn";
private RequestSpecification requestSpec;
protected Logger log = LoggerFactory.getLogger( getClass() );
@@ -77,7 +79,12 @@ public abstract class AbstractNativeRestServices
private static AtomicInteger serverStarted = new AtomicInteger( STOPPED );
private UserManager userManager;
private RoleManager roleManager;
+ private String adminPwd;
+ public AbstractNativeRestServices( )
+ {
+ this.adminPwd = System.getProperty( SYSPROP_SERVER_ADMIN_PWD,
DEFAULT_ADMIN_PWD );
+ }
protected abstract String getServicePath();
@@ -154,22 +161,31 @@ public abstract class AbstractNativeRestServices
return this.roleManager;
}
+ protected String getAdminPwd() {
+ return this.adminPwd;
+ }
+
+ protected String getAdminUser() {
+ return RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME;
+ }
+
private void setupAdminUser() throws UserManagerException,
RoleManagerException
{
+
UserManager um = getUserManager( );
User adminUser = null;
try
{
- adminUser = um.findUser(
RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME );
+ adminUser = um.findUser( getAdminUser() );
} catch ( UserNotFoundException e ) {
// ignore
}
if (adminUser==null)
{
- adminUser = um.createUser(
RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME, "Administrator",
"[email protected]" );
- adminUser.setUsername(
RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME );
- adminUser.setPassword( FakeCreateAdminServiceImpl.ADMIN_TEST_PWD );
+ adminUser = um.createUser( getAdminUser(), "Administrator",
"[email protected]" );
+ adminUser.setUsername( getAdminUser() );
+ adminUser.setPassword( getAdminPwd() );
adminUser.setFullName( "the admin user" );
adminUser.setEmail( "[email protected]" );
adminUser.setPermanent( true );
diff --git
a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeAuthenticationServiceTest.java
b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeAuthenticationServiceTest.java
index 2a5182a..fea3392 100644
---
a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeAuthenticationServiceTest.java
+++
b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeAuthenticationServiceTest.java
@@ -34,11 +34,14 @@ import
org.springframework.test.context.junit.jupiter.SpringExtension;
import java.time.Instant;
import java.time.OffsetDateTime;
+import java.util.HashMap;
+import java.util.Map;
import static io.restassured.RestAssured.*;
import static io.restassured.http.ContentType.JSON;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.notNullValue;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.springframework.core.annotation.MergedAnnotations.from;
@@ -87,4 +90,45 @@ public class NativeAuthenticationServiceTest extends
AbstractNativeRestServices
assertTrue( dateTime.toInstant( ).isBefore( afterCall ) );
}
+ @Test
+ void tokenLogin() {
+ Map<String, Object> jsonAsMap = new HashMap<>();
+ jsonAsMap.put( "grant_type", "authorization_code" );
+ jsonAsMap.put("user_id", getAdminUser());
+ jsonAsMap.put("password", getAdminPwd() );
+ Response result = given( ).spec( getRequestSpec( ) )
+ .contentType( JSON )
+ .body( jsonAsMap )
+ .when( ).post( "/token").then( ).statusCode( 200 )
+ .extract( ).response( );
+ assertNotNull( result.body( ).jsonPath( ).getString( "access_token" )
);
+ assertNotNull( result.body( ).jsonPath( ).getString( "refresh_token" )
);
+ }
+
+ @Test
+ void invalidGrantTypeLogin() {
+ Map<String, Object> jsonAsMap = new HashMap<>();
+ jsonAsMap.put( "grant_type", "bad_code" );
+ jsonAsMap.put("user_id", getAdminUser());
+ jsonAsMap.put("password", getAdminPwd() );
+ Response result = given( ).spec( getRequestSpec( ) )
+ .contentType( JSON )
+ .body( jsonAsMap )
+ .when( ).post( "/token").then( ).statusCode( 403 )
+ .extract( ).response( );
+ }
+
+ @Test
+ void invalidPasswordLogin() {
+ Map<String, Object> jsonAsMap = new HashMap<>();
+ jsonAsMap.put( "grant_type", "authorization_code" );
+ jsonAsMap.put("user_id", getAdminUser());
+ jsonAsMap.put("password", "xxxx" );
+ Response result = given( ).spec( getRequestSpec( ) )
+ .contentType( JSON )
+ .body( jsonAsMap )
+ .when( ).post( "/token").then( ).statusCode( 401 )
+ .extract( ).response( );
+ }
+
}
