JAMES-1930 Improve Exception handling for Authorizer
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/2bf11b03 Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/2bf11b03 Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/2bf11b03 Branch: refs/heads/master Commit: 2bf11b032f678f46733c25b64e4eb3114688bb09 Parents: 8b52a2b Author: Benoit Tellier <[email protected]> Authored: Thu Feb 9 10:46:23 2017 +0700 Committer: Antoine Duprat <[email protected]> Committed: Tue Feb 14 11:29:29 2017 +0100 ---------------------------------------------------------------------- .../mailbox/exception/NotAdminException.java | 23 ++++++++ .../exception/UserDoesNotExistException.java | 34 +++++++++++ .../ElasticSearchIntegrationTest.java | 2 +- .../search/LuceneMessageSearchIndexTest.java | 2 +- .../inmemory/InMemoryMailboxManagerTest.java | 2 +- .../MessageIdManagerTestSystemProvider.java | 2 +- .../manager/InMemoryIntegrationResources.java | 2 +- .../search/SimpleMessageSearchIndexTest.java | 2 +- .../james/mailbox/spring/NoAuthorizator.java | 4 +- .../james/mailbox/store/Authorizator.java | 10 +++- .../james/mailbox/store/FakeAuthorizator.java | 32 +++++++--- .../mailbox/store/StoreMailboxManager.java | 19 ++++-- .../mailbox/store/StoreMailboxManagerTest.java | 34 +++++++++-- .../james/mailbox/copier/MailboxCopierTest.java | 4 +- .../cassandra/host/CassandraHostSystem.java | 2 +- .../host/ElasticSearchHostSystem.java | 2 +- .../imapmailbox/hbase/host/HBaseHostSystem.java | 2 +- .../InMemoryEventAsynchronousHostSystem.java | 2 +- .../inmemory/host/InMemoryHostSystem.java | 2 +- .../mpt/imapmailbox/jcr/host/JCRHostSystem.java | 2 +- .../mpt/imapmailbox/jpa/host/JPAHostSystem.java | 2 +- .../host/LuceneSearchHostSystem.java | 2 +- .../maildir/host/MaildirHostSystem.java | 2 +- .../store/UserRepositoryAuthorizator.java | 24 ++++---- .../adapter/mailbox/MailboxManagementTest.java | 2 +- .../store/UserRepositoryAuthorizatorTest.java | 62 ++++++++++++++++---- .../apache/james/pop3server/POP3ServerTest.java | 5 +- .../routes/UserMailboxesRoutesTest.java | 3 +- 28 files changed, 218 insertions(+), 68 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/api/src/main/java/org/apache/james/mailbox/exception/NotAdminException.java ---------------------------------------------------------------------- diff --git a/mailbox/api/src/main/java/org/apache/james/mailbox/exception/NotAdminException.java b/mailbox/api/src/main/java/org/apache/james/mailbox/exception/NotAdminException.java new file mode 100644 index 0000000..a60f360 --- /dev/null +++ b/mailbox/api/src/main/java/org/apache/james/mailbox/exception/NotAdminException.java @@ -0,0 +1,23 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.mailbox.exception; + +public class NotAdminException extends MailboxException { +} http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/api/src/main/java/org/apache/james/mailbox/exception/UserDoesNotExistException.java ---------------------------------------------------------------------- diff --git a/mailbox/api/src/main/java/org/apache/james/mailbox/exception/UserDoesNotExistException.java b/mailbox/api/src/main/java/org/apache/james/mailbox/exception/UserDoesNotExistException.java new file mode 100644 index 0000000..0c5ddf2 --- /dev/null +++ b/mailbox/api/src/main/java/org/apache/james/mailbox/exception/UserDoesNotExistException.java @@ -0,0 +1,34 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.mailbox.exception; + +public class UserDoesNotExistException extends MailboxException { + + private final String name; + + public UserDoesNotExistException(String name) { + super("User " + name + "does not exist"); + this.name = name; + } + + public String getName() { + return name; + } +} http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/elasticsearch/src/test/java/org/apache/james/mailbox/elasticsearch/ElasticSearchIntegrationTest.java ---------------------------------------------------------------------- diff --git a/mailbox/elasticsearch/src/test/java/org/apache/james/mailbox/elasticsearch/ElasticSearchIntegrationTest.java b/mailbox/elasticsearch/src/test/java/org/apache/james/mailbox/elasticsearch/ElasticSearchIntegrationTest.java index e8e07d5..c406419 100644 --- a/mailbox/elasticsearch/src/test/java/org/apache/james/mailbox/elasticsearch/ElasticSearchIntegrationTest.java +++ b/mailbox/elasticsearch/src/test/java/org/apache/james/mailbox/elasticsearch/ElasticSearchIntegrationTest.java @@ -94,7 +94,7 @@ public class ElasticSearchIntegrationTest extends AbstractMessageSearchIndexTest storeMailboxManager = new InMemoryMailboxManager( mapperFactory, new FakeAuthenticator(), - new FakeAuthorizator(), + FakeAuthorizator.defaultReject(), new JVMMailboxPathLocker(), new UnionMailboxACLResolver(), new SimpleGroupMembershipResolver(), http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/lucene/src/test/java/org/apache/james/mailbox/lucene/search/LuceneMessageSearchIndexTest.java ---------------------------------------------------------------------- diff --git a/mailbox/lucene/src/test/java/org/apache/james/mailbox/lucene/search/LuceneMessageSearchIndexTest.java b/mailbox/lucene/src/test/java/org/apache/james/mailbox/lucene/search/LuceneMessageSearchIndexTest.java index 210bd98..d76ef4e 100644 --- a/mailbox/lucene/src/test/java/org/apache/james/mailbox/lucene/search/LuceneMessageSearchIndexTest.java +++ b/mailbox/lucene/src/test/java/org/apache/james/mailbox/lucene/search/LuceneMessageSearchIndexTest.java @@ -48,7 +48,7 @@ public class LuceneMessageSearchIndexTest extends AbstractMessageSearchIndexTest storeMailboxManager = new InMemoryMailboxManager( mapperFactory, new FakeAuthenticator(), - new FakeAuthorizator(), + FakeAuthorizator.defaultReject(), new JVMMailboxPathLocker(), new UnionMailboxACLResolver(), new SimpleGroupMembershipResolver(), http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/InMemoryMailboxManagerTest.java ---------------------------------------------------------------------- diff --git a/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/InMemoryMailboxManagerTest.java b/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/InMemoryMailboxManagerTest.java index f6bb97c..885d4e1 100644 --- a/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/InMemoryMailboxManagerTest.java +++ b/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/InMemoryMailboxManagerTest.java @@ -52,7 +52,7 @@ public class InMemoryMailboxManagerTest { InMemoryMailboxSessionMapperFactory mailboxSessionMapperFactory = new InMemoryMailboxSessionMapperFactory(); MessageId.Factory messageIdFactory = new InMemoryMessageId.Factory(); - InMemoryMailboxManager mailboxManager = new InMemoryMailboxManager(mailboxSessionMapperFactory, new FakeAuthenticator(), new FakeAuthorizator(), + InMemoryMailboxManager mailboxManager = new InMemoryMailboxManager(mailboxSessionMapperFactory, new FakeAuthenticator(), FakeAuthorizator.defaultReject(), aclResolver, groupMembershipResolver, messageParser, messageIdFactory, LIMIT_ANNOTATIONS, LIMIT_ANNOTATION_SIZE); try { http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/MessageIdManagerTestSystemProvider.java ---------------------------------------------------------------------- diff --git a/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/MessageIdManagerTestSystemProvider.java b/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/MessageIdManagerTestSystemProvider.java index cd54d43..8b27c6a 100644 --- a/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/MessageIdManagerTestSystemProvider.java +++ b/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/MessageIdManagerTestSystemProvider.java @@ -57,7 +57,7 @@ public class MessageIdManagerTestSystemProvider { InMemoryMailboxSessionMapperFactory mailboxSessionMapperFactory = new InMemoryMailboxSessionMapperFactory(); MessageId.Factory messageIdFactory = new InMemoryMessageId.Factory(); FakeAuthenticator authenticator = new FakeAuthenticator(); - FakeAuthorizator authorizator = new FakeAuthorizator(); + FakeAuthorizator authorizator = FakeAuthorizator.defaultReject(); authenticator.addUser(MailboxManagerFixture.USER, PASSWORD); authenticator.addUser(MailboxManagerFixture.OTHER_USER, PASSWORD); InMemoryMailboxManager mailboxManager = new InMemoryMailboxManager(mailboxSessionMapperFactory, authenticator, authorizator, http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/manager/InMemoryIntegrationResources.java ---------------------------------------------------------------------- diff --git a/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/manager/InMemoryIntegrationResources.java b/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/manager/InMemoryIntegrationResources.java index cc7d22d..240b5a7 100644 --- a/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/manager/InMemoryIntegrationResources.java +++ b/mailbox/memory/src/test/java/org/apache/james/mailbox/inmemory/manager/InMemoryIntegrationResources.java @@ -59,7 +59,7 @@ public class InMemoryIntegrationResources implements IntegrationResources { final StoreMailboxManager manager = new InMemoryMailboxManager( mailboxSessionMapperFactory, fakeAuthenticator, - new FakeAuthorizator(), + FakeAuthorizator.defaultReject(), new NoMailboxPathLocker(), new UnionMailboxACLResolver(), groupMembershipResolver, http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/scanning-search/src/test/java/org/apache/james/mailbox/store/search/SimpleMessageSearchIndexTest.java ---------------------------------------------------------------------- diff --git a/mailbox/scanning-search/src/test/java/org/apache/james/mailbox/store/search/SimpleMessageSearchIndexTest.java b/mailbox/scanning-search/src/test/java/org/apache/james/mailbox/store/search/SimpleMessageSearchIndexTest.java index 694778b..b23beb9 100644 --- a/mailbox/scanning-search/src/test/java/org/apache/james/mailbox/store/search/SimpleMessageSearchIndexTest.java +++ b/mailbox/scanning-search/src/test/java/org/apache/james/mailbox/store/search/SimpleMessageSearchIndexTest.java @@ -45,7 +45,7 @@ public class SimpleMessageSearchIndexTest extends AbstractMessageSearchIndexTest storeMailboxManager = new InMemoryMailboxManager( mapperFactory, new FakeAuthenticator(), - new FakeAuthorizator(), + FakeAuthorizator.defaultReject(), new JVMMailboxPathLocker(), new UnionMailboxACLResolver(), new SimpleGroupMembershipResolver(), http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/spring/src/main/java/org/apache/james/mailbox/spring/NoAuthorizator.java ---------------------------------------------------------------------- diff --git a/mailbox/spring/src/main/java/org/apache/james/mailbox/spring/NoAuthorizator.java b/mailbox/spring/src/main/java/org/apache/james/mailbox/spring/NoAuthorizator.java index 88500c3..f98e331 100644 --- a/mailbox/spring/src/main/java/org/apache/james/mailbox/spring/NoAuthorizator.java +++ b/mailbox/spring/src/main/java/org/apache/james/mailbox/spring/NoAuthorizator.java @@ -23,8 +23,8 @@ import org.apache.james.mailbox.store.Authorizator; public class NoAuthorizator implements Authorizator { @Override - public boolean canLoginAsOtherUser(String userId, String otherUserId) { - return false; + public AuthorizationState canLoginAsOtherUser(String userId, String otherUserId) { + return AuthorizationState.NOT_ADMIN; } } http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/store/src/main/java/org/apache/james/mailbox/store/Authorizator.java ---------------------------------------------------------------------- diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/Authorizator.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/Authorizator.java index 4710e34..2b01aa8 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/Authorizator.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/Authorizator.java @@ -19,11 +19,19 @@ package org.apache.james.mailbox.store; +import org.apache.james.mailbox.exception.MailboxException; + /** * Authenticates user credentials. */ public interface Authorizator { - boolean canLoginAsOtherUser(String userId, String otherUserId); + enum AuthorizationState { + ALLOWED, + NOT_ADMIN, + UNKNOWN_USER + } + + AuthorizationState canLoginAsOtherUser(String userId, String otherUserId) throws MailboxException; } http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/store/src/main/java/org/apache/james/mailbox/store/FakeAuthorizator.java ---------------------------------------------------------------------- diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/FakeAuthorizator.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/FakeAuthorizator.java index 4e15ed7..948ed55 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/FakeAuthorizator.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/FakeAuthorizator.java @@ -18,22 +18,38 @@ ****************************************************************/ package org.apache.james.mailbox.store; -import java.util.List; - -import com.google.common.collect.ImmutableList; +import com.google.common.base.Optional; public class FakeAuthorizator implements Authorizator { - private List<String> adminIds; + public static FakeAuthorizator defaultReject() { + return new FakeAuthorizator(Optional.<String>absent(), Optional.<String>absent()); + } + + public static FakeAuthorizator forUserAndAdmin(String admin, String user) { + return new FakeAuthorizator(Optional.of(admin), Optional.of(user)); + } - public FakeAuthorizator(String... adminIds) { - this.adminIds = ImmutableList.copyOf(adminIds); + private final Optional<String> adminId; + private final Optional<String> delegatedUserId; + private FakeAuthorizator(Optional<String> adminId, Optional<String> userId) { + this.adminId = adminId; + this.delegatedUserId = userId; } @Override - public boolean canLoginAsOtherUser(String userId, String otherUserId) { - return adminIds.contains(userId); + public AuthorizationState canLoginAsOtherUser(String userId, String otherUserId) { + if (!adminId.isPresent() || !this.delegatedUserId.isPresent()) { + return AuthorizationState.NOT_ADMIN; + } + if (!adminId.get().equals(userId)) { + return AuthorizationState.NOT_ADMIN; + } + if (!otherUserId.equals(this.delegatedUserId.get())) { + return AuthorizationState.UNKNOWN_USER; + } + return AuthorizationState.ALLOWED; } } http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java ---------------------------------------------------------------------- diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java index 705fd8d..110e08d 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java @@ -47,6 +47,8 @@ import org.apache.james.mailbox.exception.BadCredentialsException; import org.apache.james.mailbox.exception.MailboxException; import org.apache.james.mailbox.exception.MailboxExistsException; import org.apache.james.mailbox.exception.MailboxNotFoundException; +import org.apache.james.mailbox.exception.NotAdminException; +import org.apache.james.mailbox.exception.UserDoesNotExistException; import org.apache.james.mailbox.model.MailboxACL; import org.apache.james.mailbox.model.MailboxAnnotation; import org.apache.james.mailbox.model.MailboxAnnotationKey; @@ -421,12 +423,21 @@ public class StoreMailboxManager implements MailboxManager { } @Override - public MailboxSession loginAsOtherUser(String adminUserid, String passwd, String otherUserId, Logger log) throws BadCredentialsException, MailboxException { - if (login(adminUserid, passwd) && authorizator.canLoginAsOtherUser(adminUserid, otherUserId)) { - return createSystemSession(otherUserId, log); - } else { + public MailboxSession loginAsOtherUser(String adminUserid, String passwd, String otherUserId, Logger log) throws MailboxException { + if (! login(adminUserid, passwd)) { throw new BadCredentialsException(); } + Authorizator.AuthorizationState authorizationState = authorizator.canLoginAsOtherUser(adminUserid, otherUserId); + switch (authorizationState) { + case ALLOWED: + return createSystemSession(otherUserId, log); + case NOT_ADMIN: + throw new NotAdminException(); + case UNKNOWN_USER: + throw new UserDoesNotExistException(otherUserId); + default: + throw new RuntimeException("Unknown AuthorizationState " + authorizationState); + } } /** http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java ---------------------------------------------------------------------- diff --git a/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java b/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java index fd4fae2..c55d7cc 100644 --- a/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java +++ b/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java @@ -30,6 +30,8 @@ import org.apache.james.mailbox.acl.UnionMailboxACLResolver; import org.apache.james.mailbox.exception.BadCredentialsException; import org.apache.james.mailbox.exception.MailboxException; import org.apache.james.mailbox.exception.MailboxNotFoundException; +import org.apache.james.mailbox.exception.NotAdminException; +import org.apache.james.mailbox.exception.UserDoesNotExistException; import org.apache.james.mailbox.mock.MockMailboxSession; import org.apache.james.mailbox.model.MailboxId; import org.apache.james.mailbox.model.MailboxPath; @@ -54,6 +56,8 @@ public class StoreMailboxManagerTest { private static final MailboxId MAILBOX_ID = TestId.of(123); private static final Logger LOGGER = LoggerFactory.getLogger(StoreMailboxManagerTest.class); private static final int UID_VALIDITY = 42; + public static final String UNKNOWN_USER = "otheruser"; + public static final String BAD_PASSWORD = "badpassword"; private StoreMailboxManager storeMailboxManager; private MailboxMapper mockedMailboxMapper; private MailboxSession mockedMailboxSession; @@ -69,7 +73,7 @@ public class StoreMailboxManagerTest { FakeAuthenticator authenticator = new FakeAuthenticator(); authenticator.addUser(CURRENT_USER, CURRENT_USER_PASSWORD); authenticator.addUser(ADMIN, ADMIN_PASSWORD); - storeMailboxManager = new StoreMailboxManager(mockedMapperFactory, authenticator, new FakeAuthorizator(ADMIN), + storeMailboxManager = new StoreMailboxManager(mockedMapperFactory, authenticator, FakeAuthorizator.forUserAndAdmin(ADMIN, CURRENT_USER), new JVMMailboxPathLocker(), new UnionMailboxACLResolver(), new SimpleGroupMembershipResolver(), new MessageParser(), messageIdFactory); storeMailboxManager.init(); @@ -186,17 +190,37 @@ public class StoreMailboxManagerTest { @Test(expected = BadCredentialsException.class) public void loginShouldThrowWhenBadPassword() throws Exception { - storeMailboxManager.login(CURRENT_USER, "badpassword", LOGGER); + storeMailboxManager.login(CURRENT_USER, BAD_PASSWORD, LOGGER); } @Test(expected = BadCredentialsException.class) public void loginAsOtherUserShouldNotCreateUserSessionWhenAdminWithBadPassword() throws Exception { - storeMailboxManager.loginAsOtherUser(ADMIN, "badpassword", CURRENT_USER, LOGGER); + storeMailboxManager.loginAsOtherUser(ADMIN, BAD_PASSWORD, CURRENT_USER, LOGGER); } - @Test(expected = BadCredentialsException.class) + @Test(expected = NotAdminException.class) public void loginAsOtherUserShouldNotCreateUserSessionWhenNotAdmin() throws Exception { - storeMailboxManager.loginAsOtherUser(CURRENT_USER, CURRENT_USER_PASSWORD, "otheruser", LOGGER); + storeMailboxManager.loginAsOtherUser(CURRENT_USER, CURRENT_USER_PASSWORD, UNKNOWN_USER, LOGGER); + } + + @Test(expected = BadCredentialsException.class) + public void loginAsOtherUserShouldThrowBadCredentialWhenBadPasswordAndNotAdminUser() throws Exception { + storeMailboxManager.loginAsOtherUser(CURRENT_USER, BAD_PASSWORD, CURRENT_USER, LOGGER); + } + + @Test(expected = BadCredentialsException.class) + public void loginAsOtherUserShouldThrowBadCredentialWhenBadPasswordNotAdminUserAndUnknownUser() throws Exception { + storeMailboxManager.loginAsOtherUser(CURRENT_USER, BAD_PASSWORD, UNKNOWN_USER, LOGGER); + } + + @Test(expected = BadCredentialsException.class) + public void loginAsOtherUserShouldThrowBadCredentialsWhenBadPasswordAndUserDoesNotExists() throws Exception { + storeMailboxManager.loginAsOtherUser(ADMIN, BAD_PASSWORD, UNKNOWN_USER, LOGGER); + } + + @Test(expected = UserDoesNotExistException.class) + public void loginAsOtherUserShouldNotCreateUserSessionWhenDelegatedUserDoesNotExist() throws Exception { + storeMailboxManager.loginAsOtherUser(ADMIN, ADMIN_PASSWORD, UNKNOWN_USER, LOGGER); } @Test http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mailbox/tool/src/test/java/org/apache/james/mailbox/copier/MailboxCopierTest.java ---------------------------------------------------------------------- diff --git a/mailbox/tool/src/test/java/org/apache/james/mailbox/copier/MailboxCopierTest.java b/mailbox/tool/src/test/java/org/apache/james/mailbox/copier/MailboxCopierTest.java index c0bdbc1..45db8bf 100644 --- a/mailbox/tool/src/test/java/org/apache/james/mailbox/copier/MailboxCopierTest.java +++ b/mailbox/tool/src/test/java/org/apache/james/mailbox/copier/MailboxCopierTest.java @@ -169,8 +169,8 @@ public class MailboxCopierTest { }, new Authorizator() { @Override - public boolean canLoginAsOtherUser(String userId, String otherUserId) { - return false; + public AuthorizationState canLoginAsOtherUser(String userId, String otherUserId) { + return AuthorizationState.NOT_ADMIN; } }, aclResolver, http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/cassandra/src/test/java/org/apache/james/mpt/imapmailbox/cassandra/host/CassandraHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/cassandra/src/test/java/org/apache/james/mpt/imapmailbox/cassandra/host/CassandraHostSystem.java b/mpt/impl/imap-mailbox/cassandra/src/test/java/org/apache/james/mpt/imapmailbox/cassandra/host/CassandraHostSystem.java index 8e76403..e466f2d 100644 --- a/mpt/impl/imap-mailbox/cassandra/src/test/java/org/apache/james/mpt/imapmailbox/cassandra/host/CassandraHostSystem.java +++ b/mpt/impl/imap-mailbox/cassandra/src/test/java/org/apache/james/mpt/imapmailbox/cassandra/host/CassandraHostSystem.java @@ -92,7 +92,7 @@ public class CassandraHostSystem extends JamesImapHostSystem { new CassandraAnnotationModule()); cassandraClusterSingleton = CassandraCluster.create(mailboxModule); userManager = new FakeAuthenticator(); - authorizator = new FakeAuthorizator(); + authorizator = FakeAuthorizator.defaultReject(); com.datastax.driver.core.Session session = cassandraClusterSingleton.getConf(); CassandraModSeqProvider modSeqProvider = new CassandraModSeqProvider(session); CassandraUidProvider uidProvider = new CassandraUidProvider(session); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/elasticsearch/src/test/java/org/apache/james/mpt/imapmailbox/elasticsearch/host/ElasticSearchHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/elasticsearch/src/test/java/org/apache/james/mpt/imapmailbox/elasticsearch/host/ElasticSearchHostSystem.java b/mpt/impl/imap-mailbox/elasticsearch/src/test/java/org/apache/james/mpt/imapmailbox/elasticsearch/host/ElasticSearchHostSystem.java index 6caa31c..5989b02 100644 --- a/mpt/impl/imap-mailbox/elasticsearch/src/test/java/org/apache/james/mpt/imapmailbox/elasticsearch/host/ElasticSearchHostSystem.java +++ b/mpt/impl/imap-mailbox/elasticsearch/src/test/java/org/apache/james/mpt/imapmailbox/elasticsearch/host/ElasticSearchHostSystem.java @@ -125,7 +125,7 @@ public class ElasticSearchHostSystem extends JamesImapHostSystem { GroupMembershipResolver groupMembershipResolver = new SimpleGroupMembershipResolver(); MessageParser messageParser = new MessageParser(); - mailboxManager = new StoreMailboxManager(factory, userManager, new FakeAuthorizator(), aclResolver, groupMembershipResolver, messageParser, + mailboxManager = new StoreMailboxManager(factory, userManager, FakeAuthorizator.defaultReject(), aclResolver, groupMembershipResolver, messageParser, messageIdFactory, MailboxConstants.DEFAULT_LIMIT_ANNOTATIONS_ON_MAILBOX, MailboxConstants.DEFAULT_LIMIT_ANNOTATION_SIZE); mailboxManager.setMessageSearchIndex(searchIndex); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/hbase/src/test/java/org/apache/james/mpt/imapmailbox/hbase/host/HBaseHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/hbase/src/test/java/org/apache/james/mpt/imapmailbox/hbase/host/HBaseHostSystem.java b/mpt/impl/imap-mailbox/hbase/src/test/java/org/apache/james/mpt/imapmailbox/hbase/host/HBaseHostSystem.java index 7ed820e..4feb238 100644 --- a/mpt/impl/imap-mailbox/hbase/src/test/java/org/apache/james/mpt/imapmailbox/hbase/host/HBaseHostSystem.java +++ b/mpt/impl/imap-mailbox/hbase/src/test/java/org/apache/james/mpt/imapmailbox/hbase/host/HBaseHostSystem.java @@ -92,7 +92,7 @@ public class HBaseHostSystem extends JamesImapHostSystem { } userManager = new FakeAuthenticator(); - FakeAuthorizator authorizator = new FakeAuthorizator(); + FakeAuthorizator authorizator = FakeAuthorizator.defaultReject(); final HBaseModSeqProvider modSeqProvider = new HBaseModSeqProvider(conf); final HBaseUidProvider uidProvider = new HBaseUidProvider(conf); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryEventAsynchronousHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryEventAsynchronousHostSystem.java b/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryEventAsynchronousHostSystem.java index 0f24491..a628031 100644 --- a/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryEventAsynchronousHostSystem.java +++ b/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryEventAsynchronousHostSystem.java @@ -83,7 +83,7 @@ public class InMemoryEventAsynchronousHostSystem extends JamesImapHostSystem { GroupMembershipResolver groupMembershipResolver = new SimpleGroupMembershipResolver(); MessageParser messageParser = new MessageParser(); - mailboxManager = new StoreMailboxManager(factory, userManager, new FakeAuthorizator(), aclResolver, groupMembershipResolver, messageParser, + mailboxManager = new StoreMailboxManager(factory, userManager, FakeAuthorizator.defaultReject(), aclResolver, groupMembershipResolver, messageParser, new InMemoryMessageId.Factory(), MailboxConstants.DEFAULT_LIMIT_ANNOTATIONS_ON_MAILBOX, MailboxConstants.DEFAULT_LIMIT_ANNOTATION_SIZE); QuotaRootResolver quotaRootResolver = new DefaultQuotaRootResolver(factory); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryHostSystem.java b/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryHostSystem.java index 5cb7729..de3a4f7 100644 --- a/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryHostSystem.java +++ b/mpt/impl/imap-mailbox/inmemory/src/test/java/org/apache/james/mpt/imapmailbox/inmemory/host/InMemoryHostSystem.java @@ -85,7 +85,7 @@ public class InMemoryHostSystem extends JamesImapHostSystem { MessageParser messageParser = new MessageParser(); InMemoryMailboxSessionMapperFactory mailboxSessionMapperFactory = new InMemoryMailboxSessionMapperFactory(); - mailboxManager = new InMemoryMailboxManager(mailboxSessionMapperFactory, userManager, new FakeAuthorizator(), + mailboxManager = new InMemoryMailboxManager(mailboxSessionMapperFactory, userManager, FakeAuthorizator.defaultReject(), new JVMMailboxPathLocker(), aclResolver, groupMembershipResolver, messageParser, new InMemoryMessageId.Factory()); QuotaRootResolver quotaRootResolver = new DefaultQuotaRootResolver(mailboxManager.getMapperFactory()); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/jcr/src/test/java/org/apache/james/mpt/imapmailbox/jcr/host/JCRHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/jcr/src/test/java/org/apache/james/mpt/imapmailbox/jcr/host/JCRHostSystem.java b/mpt/impl/imap-mailbox/jcr/src/test/java/org/apache/james/mpt/imapmailbox/jcr/host/JCRHostSystem.java index edca72d..51f5fe2 100644 --- a/mpt/impl/imap-mailbox/jcr/src/test/java/org/apache/james/mpt/imapmailbox/jcr/host/JCRHostSystem.java +++ b/mpt/impl/imap-mailbox/jcr/src/test/java/org/apache/james/mpt/imapmailbox/jcr/host/JCRHostSystem.java @@ -95,7 +95,7 @@ public class JCRHostSystem extends JamesImapHostSystem{ GroupMembershipResolver groupMembershipResolver = new SimpleGroupMembershipResolver(); MessageParser messageParser = new MessageParser(); - mailboxManager = new JCRMailboxManager(mf, userManager, new FakeAuthorizator(), aclResolver, groupMembershipResolver, messageParser, + mailboxManager = new JCRMailboxManager(mf, userManager, FakeAuthorizator.defaultReject(), aclResolver, groupMembershipResolver, messageParser, new DefaultMessageId.Factory()); mailboxManager.init(); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/jpa/src/test/java/org/apache/james/mpt/imapmailbox/jpa/host/JPAHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/jpa/src/test/java/org/apache/james/mpt/imapmailbox/jpa/host/JPAHostSystem.java b/mpt/impl/imap-mailbox/jpa/src/test/java/org/apache/james/mpt/imapmailbox/jpa/host/JPAHostSystem.java index 37165bc..7c6f930 100644 --- a/mpt/impl/imap-mailbox/jpa/src/test/java/org/apache/james/mpt/imapmailbox/jpa/host/JPAHostSystem.java +++ b/mpt/impl/imap-mailbox/jpa/src/test/java/org/apache/james/mpt/imapmailbox/jpa/host/JPAHostSystem.java @@ -83,7 +83,7 @@ public class JPAHostSystem extends JamesImapHostSystem { GroupMembershipResolver groupMembershipResolver = new SimpleGroupMembershipResolver(); MessageParser messageParser = new MessageParser(); - mailboxManager = new OpenJPAMailboxManager(mf, userManager, new FakeAuthorizator(), locker, false, aclResolver, groupMembershipResolver, messageParser, new DefaultMessageId.Factory()); + mailboxManager = new OpenJPAMailboxManager(mf, userManager, FakeAuthorizator.defaultReject(), locker, false, aclResolver, groupMembershipResolver, messageParser, new DefaultMessageId.Factory()); mailboxManager.init(); SubscriptionManager subscriptionManager = new JPASubscriptionManager(mf); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/lucenesearch/src/test/java/org/apache/james/mpt/imapmailbox/lucenesearch/host/LuceneSearchHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/lucenesearch/src/test/java/org/apache/james/mpt/imapmailbox/lucenesearch/host/LuceneSearchHostSystem.java b/mpt/impl/imap-mailbox/lucenesearch/src/test/java/org/apache/james/mpt/imapmailbox/lucenesearch/host/LuceneSearchHostSystem.java index 10d8845..caa3b08 100644 --- a/mpt/impl/imap-mailbox/lucenesearch/src/test/java/org/apache/james/mpt/imapmailbox/lucenesearch/host/LuceneSearchHostSystem.java +++ b/mpt/impl/imap-mailbox/lucenesearch/src/test/java/org/apache/james/mpt/imapmailbox/lucenesearch/host/LuceneSearchHostSystem.java @@ -125,7 +125,7 @@ public class LuceneSearchHostSystem extends JamesImapHostSystem { GroupMembershipResolver groupMembershipResolver = new SimpleGroupMembershipResolver(); MessageParser messageParser = new MessageParser(); - mailboxManager = new OpenJPAMailboxManager(factory, userManager, new FakeAuthorizator(), locker, false, aclResolver, groupMembershipResolver, messageParser, messageIdFactory); + mailboxManager = new OpenJPAMailboxManager(factory, userManager, FakeAuthorizator.defaultReject(), locker, false, aclResolver, groupMembershipResolver, messageParser, messageIdFactory); LuceneMessageSearchIndex searchIndex = new LuceneMessageSearchIndex(factory, mailboxIdFactory, fsDirectory, messageIdFactory, mailboxManager); searchIndex.setEnableSuffixMatch(true); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/mpt/impl/imap-mailbox/maildir/src/test/java/org/apache/james/mpt/imapmailbox/maildir/host/MaildirHostSystem.java ---------------------------------------------------------------------- diff --git a/mpt/impl/imap-mailbox/maildir/src/test/java/org/apache/james/mpt/imapmailbox/maildir/host/MaildirHostSystem.java b/mpt/impl/imap-mailbox/maildir/src/test/java/org/apache/james/mpt/imapmailbox/maildir/host/MaildirHostSystem.java index 9a97fdd..dcb73c4 100644 --- a/mpt/impl/imap-mailbox/maildir/src/test/java/org/apache/james/mpt/imapmailbox/maildir/host/MaildirHostSystem.java +++ b/mpt/impl/imap-mailbox/maildir/src/test/java/org/apache/james/mpt/imapmailbox/maildir/host/MaildirHostSystem.java @@ -72,7 +72,7 @@ public class MaildirHostSystem extends JamesImapHostSystem { GroupMembershipResolver groupMembershipResolver = new SimpleGroupMembershipResolver(); MessageParser messageParser = new MessageParser(); - mailboxManager = new StoreMailboxManager(mailboxSessionMapperFactory, userManager, new FakeAuthorizator(), locker, aclResolver, + mailboxManager = new StoreMailboxManager(mailboxSessionMapperFactory, userManager, FakeAuthorizator.defaultReject(), locker, aclResolver, groupMembershipResolver, messageParser, new DefaultMessageId.Factory()); mailboxManager.init(); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizator.java ---------------------------------------------------------------------- diff --git a/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizator.java b/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizator.java index 494a499..cda4fa9 100644 --- a/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizator.java +++ b/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizator.java @@ -21,19 +21,17 @@ package org.apache.james.adapter.mailbox.store; import javax.inject.Inject; -import org.apache.james.lifecycle.api.LogEnabled; +import org.apache.james.mailbox.exception.MailboxException; import org.apache.james.mailbox.store.Authorizator; import org.apache.james.user.api.UsersRepository; import org.apache.james.user.api.UsersRepositoryException; -import org.slf4j.Logger; /** * Authorizator which use an UsersRepository to check if the delegation is allowed */ -public class UserRepositoryAuthorizator implements Authorizator, LogEnabled { +public class UserRepositoryAuthorizator implements Authorizator { private final UsersRepository repos; - private Logger log; @Inject public UserRepositoryAuthorizator(UsersRepository repos) { @@ -41,18 +39,18 @@ public class UserRepositoryAuthorizator implements Authorizator, LogEnabled { } @Override - public boolean canLoginAsOtherUser(String userId, String otherUserId) { + public AuthorizationState canLoginAsOtherUser(String userId, String otherUserId) throws MailboxException { try { - return repos.isAdministrator(userId) && repos.contains(otherUserId); + if (!repos.isAdministrator(userId)) { + return AuthorizationState.NOT_ADMIN; + } + if (!repos.contains(otherUserId)) { + return AuthorizationState.UNKNOWN_USER; + } + return AuthorizationState.ALLOWED; } catch (UsersRepositoryException e) { - log.warn("Unable to access UsersRepository", e); + throw new MailboxException("Unable to access usersRepository", e); } - return false; - } - - @Override - public void setLog(Logger log) { - this.log = log; } } http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/MailboxManagementTest.java ---------------------------------------------------------------------- diff --git a/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/MailboxManagementTest.java b/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/MailboxManagementTest.java index dbcd8ac..4c4cc42 100644 --- a/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/MailboxManagementTest.java +++ b/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/MailboxManagementTest.java @@ -56,7 +56,7 @@ public class MailboxManagementTest { StoreMailboxManager mailboxManager = new StoreMailboxManager( inMemoryMapperFactory, new FakeAuthenticator(), - new FakeAuthorizator(), + FakeAuthorizator.defaultReject(), new JVMMailboxPathLocker(), new UnionMailboxACLResolver(), new SimpleGroupMembershipResolver(), http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizatorTest.java ---------------------------------------------------------------------- diff --git a/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizatorTest.java b/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizatorTest.java index ea94ba4..84e499e 100644 --- a/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizatorTest.java +++ b/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/store/UserRepositoryAuthorizatorTest.java @@ -1,65 +1,101 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + package org.apache.james.adapter.mailbox.store; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import org.apache.james.mailbox.exception.MailboxException; +import org.apache.james.mailbox.store.Authorizator; import org.apache.james.user.api.UsersRepository; import org.apache.james.user.api.UsersRepositoryException; import org.junit.Before; +import org.junit.Rule; import org.junit.Test; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.junit.rules.ExpectedException; public class UserRepositoryAuthorizatorTest { private static final String ADMIN = "admin"; private static final String USER = "user"; - private static final Logger LOGGER = LoggerFactory.getLogger(UserRepositoryAuthorizatorTest.class); private UsersRepository usersRepository; private UserRepositoryAuthorizator testee; + @Rule + public ExpectedException expectedException = ExpectedException.none(); + @Before public void setUp() throws Exception { usersRepository = mock(UsersRepository.class); testee = new UserRepositoryAuthorizator(usersRepository); - testee.setLog(LOGGER); } @Test - public void canLoginAsOtherUserShouldReturnFalseWhenIsAdministratorThrows() throws Exception { + public void canLoginAsOtherUserShouldThrowMailboxExceptionWhenIsAdministratorThrows() throws Exception { when(usersRepository.isAdministrator(ADMIN)) .thenThrow(new UsersRepositoryException("expected error")); - - assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isFalse(); + + expectedException.expect(MailboxException.class); + + testee.canLoginAsOtherUser(ADMIN, USER); } @Test - public void canLoginAsOtherUserShouldReturnFalseWhenIsAdministratorReturnFalse() throws Exception { + public void canLoginAsOtherUserShouldReturnNotAdminWhenNotAdminAndNoUser() throws Exception { when(usersRepository.isAdministrator(ADMIN)) .thenReturn(false); + when(usersRepository.contains(USER)) + .thenReturn(false); - assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isFalse(); + assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isEqualTo(Authorizator.AuthorizationState.NOT_ADMIN); + } + + @Test + public void canLoginAsOtherUserShouldReturnNotAdminWhenNotAdminAndUser() throws Exception { + when(usersRepository.isAdministrator(ADMIN)) + .thenReturn(false); + when(usersRepository.contains(USER)) + .thenReturn(true); + + assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isEqualTo(Authorizator.AuthorizationState.NOT_ADMIN); } @Test - public void canLoginAsOtherUserShouldReturnFalseWhenUserIsNotInRepository() throws Exception { + public void canLoginAsOtherUserShouldReturnUnknownUserWhenUserIsNotInRepository() throws Exception { when(usersRepository.isAdministrator(ADMIN)) .thenReturn(true); when(usersRepository.contains(USER)) .thenReturn(false); - assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isFalse(); + assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isEqualTo(Authorizator.AuthorizationState.UNKNOWN_USER); } @Test - public void canLoginAsOtherUserShouldReturnTrueWhenAdminAndUserIsInRepository() throws Exception { + public void canLoginAsOtherUserShouldReturnAllowedWhenAdminAndUserIsInRepository() throws Exception { when(usersRepository.isAdministrator(ADMIN)) .thenReturn(true); when(usersRepository.contains(USER)) .thenReturn(true); - assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isTrue(); + assertThat(testee.canLoginAsOtherUser(ADMIN, USER)).isEqualTo(Authorizator.AuthorizationState.ALLOWED); } } http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java ---------------------------------------------------------------------- diff --git a/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java b/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java index 1b6e453..46501c9 100644 --- a/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java +++ b/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java @@ -740,10 +740,9 @@ public class POP3ServerTest { } } }, new Authorizator() { - @Override - public boolean canLoginAsOtherUser(String userId, String otherUserId) { - return false; + public AuthorizationState canLoginAsOtherUser(String userId, String otherUserId) { + return AuthorizationState.NOT_ADMIN; } }, aclResolver, groupMembershipResolver, messageParser, new DefaultMessageId.Factory(), MailboxConstants.DEFAULT_LIMIT_ANNOTATIONS_ON_MAILBOX, MailboxConstants.DEFAULT_LIMIT_ANNOTATION_SIZE); mailboxManager.init(); http://git-wip-us.apache.org/repos/asf/james-project/blob/2bf11b03/server/protocols/webadmin/src/test/java/org/apache/james/webadmin/routes/UserMailboxesRoutesTest.java ---------------------------------------------------------------------- diff --git a/server/protocols/webadmin/src/test/java/org/apache/james/webadmin/routes/UserMailboxesRoutesTest.java b/server/protocols/webadmin/src/test/java/org/apache/james/webadmin/routes/UserMailboxesRoutesTest.java index bd28679..8c9c2db 100644 --- a/server/protocols/webadmin/src/test/java/org/apache/james/webadmin/routes/UserMailboxesRoutesTest.java +++ b/server/protocols/webadmin/src/test/java/org/apache/james/webadmin/routes/UserMailboxesRoutesTest.java @@ -45,6 +45,7 @@ import org.apache.james.mailbox.model.MailboxId; import org.apache.james.mailbox.model.MailboxPath; import org.apache.james.mailbox.model.MailboxQuery; import org.apache.james.mailbox.model.MessageId; +import org.apache.james.mailbox.store.FakeAuthorizator; import org.apache.james.mailbox.store.JVMMailboxPathLocker; import org.apache.james.mailbox.store.SimpleMailboxMetaData; import org.apache.james.mailbox.store.mail.model.DefaultMessageId; @@ -103,7 +104,7 @@ public class UserMailboxesRoutesTest { MessageId.Factory messageIdFactory = new DefaultMessageId.Factory(); InMemoryMailboxManager mailboxManager = new InMemoryMailboxManager(new InMemoryMailboxSessionMapperFactory(), (userid, passwd) -> true, - (adminUserid, userid) -> false, + FakeAuthorizator.defaultReject(), new JVMMailboxPathLocker(), new UnionMailboxACLResolver(), new SimpleGroupMembershipResolver(), --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
