More test fixes

indigo-iam · Nov 12, 2021 · 0b62963 · 0b62963
1 parent 922b464
commit 0b62963
Show file tree

Hide file tree

Showing 28 changed files with 226 additions and 126 deletions.
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/security/IamApiSecurityConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/security/IamApiSecurityConfig.java
@@ -27,6 +27,7 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
 import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
@@ -60,7 +61,8 @@ public static class IamProxyCertificateApiConfig extends WebSecurityConfigurerAd
 
     @Override
     protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-      auth.userDetailsService(userDetailsService);
+      auth.userDetailsService(userDetailsService)
+        .passwordEncoder(NoOpPasswordEncoder.getInstance());
     }
 
     @Override

diff --git a/...n-service/src/main/java/it/infn/mw/iam/config/security/IamTokenEndointSecurityConfig.java b/...n-service/src/main/java/it/infn/mw/iam/config/security/IamTokenEndointSecurityConfig.java
@@ -32,6 +32,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
 import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
@@ -68,7 +69,9 @@ public class IamTokenEndointSecurityConfig extends WebSecurityConfigurerAdapter
 
   @Override
   protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-    auth.userDetailsService(userDetailsService);
+
+    auth.userDetailsService(userDetailsService)
+      .passwordEncoder(NoOpPasswordEncoder.getInstance());
   }
 
   @Bean

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/security/MitreSecurityConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/security/MitreSecurityConfig.java
@@ -27,6 +27,7 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
 import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
@@ -183,7 +184,8 @@ public static class IntrospectEndpointAuthorizationConfig extends WebSecurityCon
     @Override
     protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
 
-      auth.userDetailsService(userDetailsService);
+      auth.userDetailsService(userDetailsService)
+        .passwordEncoder(NoOpPasswordEncoder.getInstance());
     }
 
     @Override
@@ -224,7 +226,8 @@ public static class RevokeEndpointAuthorizationConfig extends WebSecurityConfigu
     @Override
     protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
 
-      auth.userDetailsService(userDetailsService);
+      auth.userDetailsService(userDetailsService)
+        .passwordEncoder(NoOpPasswordEncoder.getInstance());
     }
 
     private ClientCredentialsTokenEndpointFilter clientCredentialsEndpointFilter()

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/web/DefaultLoginPageConfiguration.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/web/DefaultLoginPageConfiguration.java
@@ -17,7 +17,6 @@
 
 import static it.infn.mw.iam.api.account_linking.AccountLinkingConstants.ACCOUNT_LINKING_DISABLE_PROPERTY;
 
-import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
@@ -27,6 +26,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.EnvironmentAware;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.stereotype.Component;
 
 import com.google.common.base.Strings;
@@ -69,20 +69,15 @@ public DefaultLoginPageConfiguration(OidcValidatedProviders providers, IamProper
   public void init() {
 
     oidcEnabled = !providers.getValidatedProviders().isEmpty();
-    githubEnabled = activeProfilesContains("github");
-    samlEnabled = activeProfilesContains("saml");
-    registrationEnabled = activeProfilesContains("registration");
+    githubEnabled = env.acceptsProfiles(Profiles.of("github"));
+    samlEnabled = env.acceptsProfiles(Profiles.of("saml"));
+    registrationEnabled = env.acceptsProfiles(Profiles.of("registration"));
     localAuthenticationVisible = IamProperties.LocalAuthenticationLoginPageMode.VISIBLE
       .equals(iamProperties.getLocalAuthn().getLoginPageVisibility());
     showLinkToLocalAuthn = IamProperties.LocalAuthenticationLoginPageMode.HIDDEN_WITH_LINK
       .equals(iamProperties.getLocalAuthn().getLoginPageVisibility());
   }
 
-  private boolean activeProfilesContains(String val) {
-
-    return Arrays.asList(env.getActiveProfiles()).contains(val);
-  }
-
   @Override
   public boolean isOidcEnabled() {
 

diff --git a/...gin-service/src/main/java/it/infn/mw/iam/core/web/DefaultStartRegistrationController.java b/...gin-service/src/main/java/it/infn/mw/iam/core/web/DefaultStartRegistrationController.java
@@ -20,6 +20,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.env.Environment;
+import org.springframework.core.env.Profiles;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -34,13 +35,7 @@ public class DefaultStartRegistrationController {
 
   @Autowired
   public DefaultStartRegistrationController(Environment env) {
-    registrationProfileEnabled = false;
-
-    for (String ap : env.getActiveProfiles()) {
-      if (REGISTRATION_PROFILE.equals(ap)) {
-        registrationProfileEnabled = true;
-      }
-    }
+    registrationProfileEnabled = env.acceptsProfiles(Profiles.of(REGISTRATION_PROFILE));
   }
 
   @RequestMapping(method = RequestMethod.GET, path = "/start-registration")
@@ -50,7 +45,7 @@ public String startRegistration(Authentication authentication) {
         && !authentication.getAuthorities().contains(EXT_AUTHN_UNREGISTERED_USER_AUTH)) {
       return "iam/dashboard";
     }
-    
+
     if (registrationProfileEnabled) {
       return "iam/register";
     } else {

diff --git a/iam-login-service/src/main/resources/application-mysql-test.yml b/iam-login-service/src/main/resources/application-mysql-test.yml
@@ -15,8 +15,6 @@
 #
 
 spring:
-  profiles:
-    include: mysql,registration,saml
   datasource:
 
     url: jdbc:mysql://${IAM_DB_HOST:dev.local.io}:${IAM_DB_PORT:3306}/${IAM_DB_NAME:iam}?useSSL=${IAM_DB_USE_SSL:false}

diff --git a/iam-login-service/src/main/resources/application-prod.yml b/iam-login-service/src/main/resources/application-prod.yml
@@ -15,8 +15,6 @@
 #
 
 spring:
-  profiles:
-    include: mysql,flyway-repair
 
   flyway:
     locations:

diff --git a/iam-login-service/src/main/resources/application.yml b/iam-login-service/src/main/resources/application.yml
@@ -44,6 +44,8 @@ spring:
     default: h2-test
     group:
      "h2-test": "h2,saml,registration"
+     "mysql-test": "mysql,saml,registration"
+     "prod": "mysql,flyway-repair"
 
   jpa:
     generate-ddl: true

diff --git a/...vice/src/test/java/it/infn/mw/iam/test/actuator/ExternalServiceActuatorEndpointTests.java b/...vice/src/test/java/it/infn/mw/iam/test/actuator/ExternalServiceActuatorEndpointTests.java
@@ -23,6 +23,7 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -42,6 +43,7 @@
 @IamMockMvcIntegrationTest
 @IfProfileValue(name = "iam.offline", values = {"false", "<null>"})
 @ProfileValueSourceConfiguration(NullSafeSystemProfileValueSource.class)
+@Ignore("We no longer have a dedicated health endpoint for external connectivity tests")
 public class ExternalServiceActuatorEndpointTests {
 
   private static final String ADMIN_USERNAME = "admin";

diff --git a/...rvice/src/test/java/it/infn/mw/iam/test/api/account/find/FindAccountIntegrationTests.java b/...rvice/src/test/java/it/infn/mw/iam/test/api/account/find/FindAccountIntegrationTests.java
@@ -256,6 +256,8 @@ public void findNotInGroupWorks() throws Exception {
 
     // Cleanup all group memberships and groups
     accountRepo.deleteAllAccountGroupMemberships();
+
+
     groupRepo.deleteAll();
 
     // Create group hierarchy
@@ -275,9 +277,11 @@ public void findNotInGroupWorks() throws Exception {
 
     sibling = groupService.createGroup(sibling);
 
+    final long allUserCount = accountRepo.count();
+
     mvc.perform(get(FIND_NOT_IN_GROUP_RESOURCE, rootGroup.getUuid()).param("count", "10"))
       .andExpect(OK)
-      .andExpect(jsonPath("$.totalResults", is(253)));
+      .andExpect(jsonPath("$.totalResults", is((int) allUserCount)));
 
     mvc.perform(get(FIND_NOT_IN_GROUP_RESOURCE, rootGroup.getUuid()).param("filter", "admin"))
       .andExpect(OK)

diff --git a/...test/java/it/infn/mw/iam/test/ext_authn/saml/validator/SamlValidatorIntegrationTests.java b/...test/java/it/infn/mw/iam/test/ext_authn/saml/validator/SamlValidatorIntegrationTests.java
@@ -53,7 +53,7 @@
 
 @RunWith(SpringRunner.class)
 @IamMockMvcIntegrationTest
-@SpringBootTest(classes = {IamLoginService.class},
+@SpringBootTest(classes = {IamLoginService.class, SamlValidatorIntegrationTests.TestConfig.class},
     webEnvironment = WebEnvironment.MOCK)
 @WebAppConfiguration
 public class SamlValidatorIntegrationTests extends SamlAuthenticationTestSupport {

diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/lifecycle/AccountLifecycleTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/lifecycle/AccountLifecycleTests.java
@@ -29,6 +29,7 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Primary;
@@ -37,17 +38,21 @@
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import it.infn.mw.iam.IamLoginService;
 import it.infn.mw.iam.core.lifecycle.ExpiredAccountsHandler;
 import it.infn.mw.iam.persistence.model.IamAccount;
 import it.infn.mw.iam.persistence.model.IamLabel;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
 import it.infn.mw.iam.test.api.TestSupport;
+import it.infn.mw.iam.test.core.CoreControllerTestSupport;
 import it.infn.mw.iam.test.lifecycle.cern.LifecycleTestSupport;
 import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
 
 
 @RunWith(SpringRunner.class)
 @IamMockMvcIntegrationTest
+@SpringBootTest(classes = {IamLoginService.class, CoreControllerTestSupport.class,
+    AccountLifecycleTests.TestConfig.class})
 @TestPropertySource(
     properties = {"lifecycle.account.expiredAccountPolicy.suspensionGracePeriodDays=7",
         "lifecycle.account.expiredAccountPolicy.removalGracePeriodDays=30"})

diff --git a/...test/java/it/infn/mw/iam/test/lifecycle/AccountLifecycleTestsNoSuspensionGracePeriod.java b/...test/java/it/infn/mw/iam/test/lifecycle/AccountLifecycleTestsNoSuspensionGracePeriod.java
@@ -31,22 +31,30 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Primary;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import it.infn.mw.iam.IamLoginService;
 import it.infn.mw.iam.core.lifecycle.ExpiredAccountsHandler;
 import it.infn.mw.iam.persistence.model.IamAccount;
 import it.infn.mw.iam.persistence.model.IamLabel;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
 import it.infn.mw.iam.test.api.TestSupport;
+import it.infn.mw.iam.test.core.CoreControllerTestSupport;
 import it.infn.mw.iam.test.lifecycle.cern.LifecycleTestSupport;
 import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
 
 @RunWith(SpringRunner.class)
 @IamMockMvcIntegrationTest
+@SpringBootTest(
+    classes = {IamLoginService.class, CoreControllerTestSupport.class,
+        AccountLifecycleTestsNoSuspensionGracePeriod.TestConfig.class},
+    webEnvironment = WebEnvironment.MOCK)
 @TestPropertySource(
     properties = {"lifecycle.account.expiredAccountPolicy.suspensionGracePeriodDays=0",
         "lifecycle.account.expiredAccountPolicy.removalGracePeriodDays=30"})

diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/ImplicitFlowTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/ImplicitFlowTests.java
@@ -149,7 +149,7 @@ public void testImplicitFlowSucceeds() throws Exception {
        .param("authorize", "Authorize")
        .param("remember", "until-revoked")
        .session(session))
-     .andExpect(status().isFound())
+     .andExpect(status().is3xxRedirection())
      .andReturn().getResponse().getRedirectedUrl();
 
    assertThat(redirectedUrl, startsWith(IMPLICIT_CLIENT_REDIRECT_URL+"#"));

diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/TokenExchangeTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/TokenExchangeTests.java
@@ -45,6 +45,7 @@
 import org.springframework.test.context.junit4.SpringRunner;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.nimbusds.jose.shaded.json.JSONObject;
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.JWTParser;
@@ -53,7 +54,7 @@
 import it.infn.mw.iam.persistence.model.IamAup;
 import it.infn.mw.iam.persistence.repository.IamAupRepository;
 import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
-import net.minidev.json.JSONObject;
+
 
 
 

diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/jwk/JWKEndpointTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/jwk/JWKEndpointTests.java
@@ -48,7 +48,7 @@ public void testKeys() throws Exception {
     .andExpect(jsonPath("$.keys[0].kty").value("RSA"))
     .andExpect(jsonPath("$.keys[0].e").value("AQAB"))
     .andExpect(jsonPath("$.keys[0].kid").value("rsa1"))
-    .andExpect(jsonPath("$.keys[0].n").value("nuvTJO-6RxIbIyYpPvAWeLSZ4o8o9T_lFU0ltiqAlp5eR-ID36aPqMvBGnNOcTVPcoFpfmQL5INgoWNJGTUm7pWTpV1wZjZe7PX6dFBhRe8SQQ0yb5SVc29-sX1QK-Cg7gKTe0l7Wrhve2vazHH1uYEqLUoTVnGsAx1nzL66M-M"));
+    .andExpect(jsonPath("$.keys[0].n").value("4GRvJuFantVV3JdjwQOAkfREnwUFp2znRBTOIJhPamyH4gf4YlI5PQT79415NV4_HrWYzgooH5AK6-7WE-TLLGEAVK5vdk4vv79bG7ukvjvBPxAjEhQn6-Amln88iXtvicEGbh--3CKbQj1jryVU5aWM6jzweaabFSeCILVEd6ZT7ofXaAqan9eLzU5IEtTPy5MfrrOvWw5Q7D2yzMqc5LksmaQSw8XtmhA8gnENnIqjAMmPtRltf93wjtmiamgVENOVPdN-93Nd5w-pnMwEyoO6Q9JqXxV6lD6qBRxI7_5t4_vmVxcbbxcZbSAMoHqA2pbSMJ4Jcw-27Hct9jesLQ"));
     // @formatter:on
 
   }

diff --git a/...-service/src/test/java/it/infn/mw/iam/test/oauth/profile/WLCGProfileIntegrationTests.java b/...-service/src/test/java/it/infn/mw/iam/test/oauth/profile/WLCGProfileIntegrationTests.java
@@ -54,6 +54,7 @@
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import com.nimbusds.jose.shaded.json.JSONObject;
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.JWTParser;
@@ -68,9 +69,10 @@
 import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
 import it.infn.mw.iam.test.util.oauth.MockOAuth2Filter;
 import it.infn.mw.iam.test.util.oauth.MockOAuth2Request;
-import net.minidev.json.JSONObject;
 
 
+
+@SuppressWarnings("deprecation")
 @RunWith(SpringRunner.class)
 @IamMockMvcIntegrationTest
 @TestPropertySource(properties = {

diff --git a/...in-service/src/test/java/it/infn/mw/iam/test/registration/RegistrationLifecycleTests.java b/...in-service/src/test/java/it/infn/mw/iam/test/registration/RegistrationLifecycleTests.java
@@ -57,7 +57,8 @@
 @RunWith(SpringRunner.class)
 @IamMockMvcIntegrationTest
 @SpringBootTest(
-    classes = {IamLoginService.class, OidcTestConfig.class, CoreControllerTestSupport.class},
+    classes = {IamLoginService.class, OidcTestConfig.class, CoreControllerTestSupport.class,
+        RegistrationLifecycleTests.TestConfig.class},
     webEnvironment = WebEnvironment.MOCK)
 @TestPropertySource(properties = {
     // @formatter:off

diff --git a/...n-service/src/test/java/it/infn/mw/iam/test/registration/RegistrationPrivilegedTests.java b/...n-service/src/test/java/it/infn/mw/iam/test/registration/RegistrationPrivilegedTests.java
@@ -21,10 +21,10 @@
 import static it.infn.mw.iam.core.IamRegistrationRequestStatus.NEW;
 import static it.infn.mw.iam.core.IamRegistrationRequestStatus.REJECTED;
 import static org.hamcrest.CoreMatchers.nullValue;
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasSize;
 import static org.junit.Assert.assertNotNull;
-import static org.hamcrest.MatcherAssert.assertThat;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
@@ -47,6 +47,7 @@
 import it.infn.mw.iam.api.scim.exception.IllegalArgumentException;
 import it.infn.mw.iam.persistence.model.IamAccount;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
+import it.infn.mw.iam.persistence.repository.IamRegistrationRequestRepository;
 import it.infn.mw.iam.registration.PersistentUUIDTokenGenerator;
 import it.infn.mw.iam.registration.RegistrationRequestDto;
 import it.infn.mw.iam.registration.RegistrationRequestService;
@@ -74,9 +75,24 @@ public class RegistrationPrivilegedTests {
   @Autowired
   private RegistrationRequestService registrationService;
 
+  @Autowired
+  private IamRegistrationRequestRepository requestRepo;
+
   @Autowired
   private IamAccountRepository repo;
 
+  @Before
+  public void setup() {
+    requestRepo.deleteAll();
+    mockOAuth2Filter.cleanupSecurityContext();
+  }
+
+  @After
+  public void teardown() {
+    requestRepo.deleteAll();
+    mockOAuth2Filter.cleanupSecurityContext();
+  }
+
   private Supplier<AssertionError> assertionError(String message) {
     return () -> new AssertionError(message);
   }
@@ -125,15 +141,7 @@ protected RegistrationRequestDto approveRequest(String uuid) throws Exception {
     return objectMapper.readValue(response, RegistrationRequestDto.class);
   }
 
-  @Before
-  public void setup() {
-    mockOAuth2Filter.cleanupSecurityContext();
-  }
 
-  @After
-  public void teardown() {
-    mockOAuth2Filter.cleanupSecurityContext();
-  }
 
   @Test
   @WithMockOAuthUser(clientId = "registration-client", scopes = {"registration:read"})
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,8 +15,6 @@ @@
     #
     spring:
-      profiles:
-        include: mysql,flyway-repair
       flyway:
         locations:
@@ Expand Down @@