Hi all I’m still working to improve test coverage on a SAML Authentication Handler [3,4,5] for Apache Sling. Since SAML and Forms Authentication Handlers both need tokens, I made the SAML TokenStore.java a derivate work from the Sling Form Handler TokenStore [1]. One of the challenges I face is the test coverage for the Forms TokenStore. There are integration tests for Forms login [2], but unit testing of Forms TokenStore is limited. It seems like a fundamental concern for the framework, and without tests it’s a challenge understanding exactly how TokenStore actually works.
Options: 1. Refactor TokenStore [1] and add unit tests. FYI sonarcloud [6] marked the following line as a bug which exists in Forms as well. Change private methods to package scope such that units tests can cover the methods. private volatile SecretKey[] currentTokens; I can help with this options (I’ve already stared quite a while at this code). But if some expert remembers how the Forms TokenStore works, it would be great if we could somehow collaborate. I would then update my derivative work for the Saml TokenStore. 2. Eliminate TokenStore from SAML Handler. SAML authentication handler is currently storing the token in an http session attribute. Expiring the JSESSIONID cookie could be good enough. Maybe we don’t need to worry about the Forms Auth Handler TokenStore right now. 3. Doing option 1, but also perhaps exporting the Forms TokenStore such that other Authentication Handlers have a common mechanism for creating a ring of security tokens. (is it a bad idea?) Thanks if you read this or have suggestions. Regards Cris [1] https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java [2] https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java [3] https://issues.apache.org/jira/browse/SLING-9397 [4] https://issues.apache.org/jira/browse/SLING-10193 [5] https://sonarcloud.io/component_measures?id=apache_sling-whiteboard&metric=new_coverage&pullRequest=69&selected=apache_sling-whiteboard%3Asaml-handler%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fsling%2Fauth%2Fsaml2%2Fimpl%2FTokenStore.java&view=list [6] https://sonarcloud.io/component_measures?id=apache_sling-whiteboard&metric=new_coverage&pullRequest=69&selected=apache_sling-whiteboard%3Asaml-handler%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fsling%2Fauth%2Fsaml2%2Fimpl%2FTokenStore.java&view=list
