From 72b0cd6f2e8ef130ad97407ae19459c3efb7d16d Mon Sep 17 00:00:00 2001
From: Bogumil Zebek <bogumil.zebek@nokia.com>
Date: Mon, 17 Aug 2020 08:25:48 +0200
Subject: Add junits for aaf auth provider

Issue-ID: OPTFRA-776
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Change-Id: Id8928c9953ef236165b81917efd28084239ad3f2
---
 .../org/onap/optf/cmso/aaf/AafAuthProvider.java    |  30 ++++--
 .../onap/optf/cmso/aaf/AafAuthProviderTest.java    | 119 +++++++++++++++++++++
 2 files changed, 142 insertions(+), 7 deletions(-)
 create mode 100644 cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java

diff --git a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java
index 0a7a69e..079572d 100755
--- a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java
+++ b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java
@@ -1,6 +1,7 @@
 /*
  * Copyright (c) 2019 AT&T Intellectual Property.
  * Modifications Copyright © 2018 IBM.
+ * Modifications Copyright © 2020 Nokia.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,11 +28,12 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
-*/
+ */
 
 package org.onap.optf.cmso.aaf;
 
 import java.util.ArrayList;
+
 import org.onap.optf.cmso.SpringProfiles;
 import org.onap.optf.cmso.aaf.AafClientCache.AuthorizationResult;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -40,7 +42,6 @@ import org.springframework.core.env.Environment;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.stereotype.Component;
 
@@ -48,6 +49,8 @@ import org.springframework.stereotype.Component;
 @Profile(SpringProfiles.AAF_AUTHENTICATION)
 public class AafAuthProvider implements AuthenticationProvider {
 
+    public static final Authentication NO_TOKEN_FOR_UNAUTHENTICATED_USER = null;
+    public static final String NO_SESSION_FOR_USER = null;
     @Autowired
     Environment env;
 
@@ -58,7 +61,16 @@ public class AafAuthProvider implements AuthenticationProvider {
     public Authentication authenticate(Authentication authentication) {
         String name = authentication.getName();
         String password = authentication.getCredentials().toString();
-        String sessionId = null;
+        String sessionId = getUserSessionId(authentication);
+        if (isAafAuthenticationActivate() && isUserNotAuthenticated(name, password, sessionId)) {
+            return NO_TOKEN_FOR_UNAUTHENTICATED_USER;
+        }
+        return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
+
+    }
+
+    private String getUserSessionId(Authentication authentication) {
+        String sessionId = NO_SESSION_FOR_USER;
         Object details = authentication.getDetails();
         if (details instanceof WebAuthenticationDetails) {
             WebAuthenticationDetails webAuthDetails = (WebAuthenticationDetails) details;
@@ -66,11 +78,15 @@ public class AafAuthProvider implements AuthenticationProvider {
                 sessionId = webAuthDetails.getRemoteAddress() + ":" + webAuthDetails.getSessionId();
             }
         }
-        if (env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true) && clientCache.authenticate(name, password, sessionId) != AuthorizationResult.Authenticated ) {
-                return null;
-            }
-        return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
+        return sessionId;
+    }
+
+    private boolean isAafAuthenticationActivate() {
+        return env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true);
+    }
 
+    private boolean isUserNotAuthenticated(String name, String password, String sessionId) {
+        return clientCache.authenticate(name, password, sessionId) != AuthorizationResult.Authenticated;
     }
 
     @Override
diff --git a/cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java b/cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java
new file mode 100644
index 0000000..cb6ca80
--- /dev/null
+++ b/cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright © 2020 Nokia.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.optf.cmso.aaf;
+
+
+import org.assertj.core.api.Assertions;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.core.env.Environment;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class AafAuthProviderTest {
+
+    public static final String USER_NAME = "someUserName";
+    public static final String SESSION_NOT_EXIST = null;
+    @Mock
+    Environment env;
+
+    @Mock
+    AafClientCache clientCache;
+
+    @InjectMocks
+    AafAuthProvider aafAuthProvider;
+
+    @Mock
+    private Authentication authentication;
+
+    @Mock
+    private WebAuthenticationDetails webAuthenticationDetails;
+
+    @Test
+    public void shouldRejectAuthenticationWhenUserIsUnauthenticated() {
+        // given
+        makeAafAuthenticationActive();
+        String name = USER_NAME;
+        String password = "invalidPass";
+        mockAuthenticationInstance(name, password, null);
+        rejectUserAuthentication(name, password);
+
+        // when/then
+        Assertions.assertThat(aafAuthProvider.authenticate(authentication)).isNull();
+    }
+
+    @Test
+    public void shouldAuthenticateUser() {
+        // given
+        makeAafAuthenticationActive();
+        when(webAuthenticationDetails.getRemoteAddress()).thenReturn("remoteAddress");
+        when(webAuthenticationDetails.getSessionId()).thenReturn("123");
+        String name = USER_NAME;
+        String password = "properPassword";
+        mockAuthenticationInstance(name, password, webAuthenticationDetails);
+        acceptUserAuthentication(name, password);
+        // when/then
+        Assertions.assertThat(aafAuthProvider.authenticate(authentication)).isNotNull();
+    }
+
+    @Test
+    public void shouldSupportUsernamePasswordAuthenticationToken() {
+        // when/then
+        Assertions.assertThat(aafAuthProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
+    }
+
+    private void makeAafAuthenticationActive() {
+        when(env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true)).thenReturn(true);
+    }
+
+    private void rejectUserAuthentication(String name, String password) {
+        when(clientCache.authenticate(name, password, SESSION_NOT_EXIST)).thenReturn(AafClientCache.AuthorizationResult.AuthenticationFailure);
+    }
+
+    private void acceptUserAuthentication(String name, String password) {
+        when(clientCache.authenticate(name, password, "remoteAddress:123")).thenReturn(AafClientCache.AuthorizationResult.Authenticated);
+    }
+
+    private void mockAuthenticationInstance(String name, String password, WebAuthenticationDetails webAuthenticationDetails) {
+        when(authentication.getName()).thenReturn(name);
+        when(authentication.getCredentials()).thenReturn(password);
+        when(authentication.getDetails()).thenReturn(webAuthenticationDetails);
+    }
+
+
+}
-- 
cgit 1.2.3-korg