|
|
@@ -25,6 +25,8 @@ import static org.junit.Assert.assertTrue;
|
|
|
import java.util.List;
|
|
|
import java.util.Properties;
|
|
|
|
|
|
+import javax.persistence.EntityManager;
|
|
|
+
|
|
|
import junit.framework.Assert;
|
|
|
|
|
|
import org.apache.ambari.server.AmbariException;
|
|
|
@@ -39,14 +41,14 @@ import org.apache.ambari.server.orm.dao.ResourceDAO;
|
|
|
import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
|
|
|
import org.apache.ambari.server.orm.dao.UserDAO;
|
|
|
import org.apache.ambari.server.orm.entities.PermissionEntity;
|
|
|
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
|
|
|
-import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
|
|
|
import org.apache.ambari.server.orm.entities.ResourceEntity;
|
|
|
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
|
|
|
import org.apache.ambari.server.orm.entities.UserEntity;
|
|
|
import org.junit.After;
|
|
|
import org.junit.Before;
|
|
|
+import org.junit.Ignore;
|
|
|
import org.junit.Test;
|
|
|
+import org.mockito.Mockito;
|
|
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|
|
import org.springframework.security.core.Authentication;
|
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
|
@@ -55,6 +57,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
|
|
import com.google.inject.Guice;
|
|
|
import com.google.inject.Inject;
|
|
|
import com.google.inject.Injector;
|
|
|
+import com.google.inject.Provider;
|
|
|
import com.google.inject.persist.PersistService;
|
|
|
|
|
|
public class TestUsers {
|
|
|
@@ -80,6 +83,8 @@ public class TestUsers {
|
|
|
protected PrincipalDAO principalDAO;
|
|
|
@Inject
|
|
|
protected PasswordEncoder passwordEncoder;
|
|
|
+ @Inject
|
|
|
+ Provider<EntityManager> entityManagerProvider;
|
|
|
private Properties properties;
|
|
|
|
|
|
@Before
|
|
|
@@ -91,6 +96,23 @@ public class TestUsers {
|
|
|
injector.injectMembers(this);
|
|
|
Authentication auth = new UsernamePasswordAuthenticationToken("admin", null);
|
|
|
SecurityContextHolder.getContext().setAuthentication(auth);
|
|
|
+
|
|
|
+ // create admin permission
|
|
|
+ ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
|
|
|
+ resourceTypeEntity.setId(ResourceTypeEntity.AMBARI_RESOURCE_TYPE);
|
|
|
+ resourceTypeEntity.setName(ResourceTypeEntity.AMBARI_RESOURCE_TYPE_NAME);
|
|
|
+ resourceTypeDAO.create(resourceTypeEntity);
|
|
|
+
|
|
|
+ ResourceEntity resourceEntity = new ResourceEntity();
|
|
|
+ resourceEntity.setId(ResourceEntity.AMBARI_RESOURCE_ID);
|
|
|
+ resourceEntity.setResourceType(resourceTypeEntity);
|
|
|
+ resourceDAO.create(resourceEntity);
|
|
|
+
|
|
|
+ PermissionEntity adminPermissionEntity = new PermissionEntity();
|
|
|
+ adminPermissionEntity.setId(PermissionEntity.AMBARI_ADMIN_PERMISSION);
|
|
|
+ adminPermissionEntity.setPermissionName(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME);
|
|
|
+ adminPermissionEntity.setResourceType(resourceTypeEntity);
|
|
|
+ permissionDAO.create(adminPermissionEntity);
|
|
|
}
|
|
|
|
|
|
@After
|
|
|
@@ -116,12 +138,67 @@ public class TestUsers {
|
|
|
|
|
|
assertEquals(2, userDAO.findAll().size());
|
|
|
|
|
|
- UserEntity userEntity = userDAO.findLocalUserByName("user");
|
|
|
+ UserEntity userEntity = userDAO.findUserByName("user");
|
|
|
assertNotNull("user", userEntity.getUserPassword());
|
|
|
|
|
|
users.modifyPassword("user", "user", "resu");
|
|
|
|
|
|
- assertNotSame(userEntity.getUserPassword(), userDAO.findLocalUserByName("user").getUserPassword());
|
|
|
+ assertNotSame(userEntity.getUserPassword(), userDAO.findUserByName("user").getUserPassword());
|
|
|
+ }
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void testGetAnyUser() throws Exception {
|
|
|
+ users.createUser("user", "user", true, false, false);
|
|
|
+ users.createUser("user_ldap", "user_ldap", true, false, true);
|
|
|
+
|
|
|
+ assertEquals("user", users.getAnyUser("user").getUserName());
|
|
|
+ assertEquals("user_ldap", users.getAnyUser("user_ldap").getUserName());
|
|
|
+ Assert.assertNull(users.getAnyUser("non_existing"));
|
|
|
+ }
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void testSetUserActive() throws Exception {
|
|
|
+ users.createUser("user", "user");
|
|
|
+
|
|
|
+ users.setUserActive("user", false);
|
|
|
+ Assert.assertEquals(false, users.getAnyUser("user").isActive());
|
|
|
+ users.setUserActive("user", true);
|
|
|
+ Assert.assertEquals(true, users.getAnyUser("user").isActive());
|
|
|
+
|
|
|
+ try {
|
|
|
+ users.setUserActive("fake user", true);
|
|
|
+ Assert.fail("It shouldn't be possible to call setUserActive() on non-existing user");
|
|
|
+ } catch (Exception ex) {
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void testSetUserLdap() throws Exception {
|
|
|
+ users.createUser("user", "user");
|
|
|
+ users.createUser("user_ldap", "user_ldap", true, false, true);
|
|
|
+
|
|
|
+ users.setUserLdap("user");
|
|
|
+ Assert.assertEquals(true, users.getAnyUser("user").isLdapUser());
|
|
|
+
|
|
|
+ try {
|
|
|
+ users.setUserLdap("fake user");
|
|
|
+ Assert.fail("It shouldn't be possible to call setUserLdap() on non-existing user");
|
|
|
+ } catch (AmbariException ex) {
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void testSetGroupLdap() throws Exception {
|
|
|
+ users.createGroup("group");
|
|
|
+
|
|
|
+ users.setGroupLdap("group");
|
|
|
+ Assert.assertTrue(users.getGroup("group").isLdapGroup());
|
|
|
+
|
|
|
+ try {
|
|
|
+ users.setGroupLdap("fake group");
|
|
|
+ Assert.fail("It shouldn't be possible to call setGroupLdap() on non-existing group");
|
|
|
+ } catch (AmbariException ex) {
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
@Test
|
|
|
@@ -174,6 +251,24 @@ public class TestUsers {
|
|
|
assertEquals(1, groupDAO.findGroupByName(groupName).getMemberEntities().size());
|
|
|
}
|
|
|
|
|
|
+ @Test
|
|
|
+ public void testGetAllMembers() throws Exception {
|
|
|
+ final String groupName = "engineering";
|
|
|
+ users.createGroup(groupName);
|
|
|
+ users.createUser("user1", "user1");
|
|
|
+ users.createUser("user2", "user2");
|
|
|
+ users.createUser("user3", "user3");
|
|
|
+ users.addMemberToGroup(groupName, "user1");
|
|
|
+ users.addMemberToGroup(groupName, "user2");
|
|
|
+ assertEquals(2, users.getAllMembers(groupName).size());
|
|
|
+
|
|
|
+ try {
|
|
|
+ users.getAllMembers("non existing");
|
|
|
+ Assert.fail("It shouldn't be possible to call getAllMembers() on non-existing group");
|
|
|
+ } catch (Exception ex) {
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
@Test
|
|
|
public void testRemoveMemberFromGroup() throws Exception {
|
|
|
final String groupName = "engineering";
|
|
|
@@ -205,113 +300,169 @@ public class TestUsers {
|
|
|
assertEquals(users.getGroupMembers("unexisting"), null);
|
|
|
}
|
|
|
|
|
|
- @Test
|
|
|
- public void testModifyPassword_UserByHimselfPasswordOk() throws Exception {
|
|
|
- Authentication auth = new UsernamePasswordAuthenticationToken("user", null);
|
|
|
- SecurityContextHolder.getContext().setAuthentication(auth);
|
|
|
+ @Test
|
|
|
+ public void testModifyPassword_UserByHimselfPasswordOk() throws Exception {
|
|
|
+ Authentication auth = new UsernamePasswordAuthenticationToken("user", null);
|
|
|
+ SecurityContextHolder.getContext().setAuthentication(auth);
|
|
|
|
|
|
- users.createUser("user", "user");
|
|
|
+ users.createUser("user", "user");
|
|
|
|
|
|
- UserEntity userEntity = userDAO.findLocalUserByName("user");
|
|
|
+ UserEntity userEntity = userDAO.findUserByName("user");
|
|
|
|
|
|
- assertNotSame("user", userEntity.getUserPassword());
|
|
|
- assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
+ assertNotSame("user", userEntity.getUserPassword());
|
|
|
+ assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
|
|
|
- users.modifyPassword("user", "user", "user_new_password");
|
|
|
+ users.modifyPassword("user", "user", "user_new_password");
|
|
|
|
|
|
- assertTrue(passwordEncoder.matches("user_new_password", userDAO.findLocalUserByName("user").getUserPassword()));
|
|
|
- }
|
|
|
+ assertTrue(passwordEncoder.matches("user_new_password", userDAO.findUserByName("user").getUserPassword()));
|
|
|
+ }
|
|
|
|
|
|
- @Test
|
|
|
- public void testModifyPassword_UserByHimselfPasswordNotOk() throws Exception {
|
|
|
- Authentication auth = new UsernamePasswordAuthenticationToken("user", null);
|
|
|
- SecurityContextHolder.getContext().setAuthentication(auth);
|
|
|
+ @Test
|
|
|
+ public void testModifyPassword_UserByHimselfPasswordNotOk() throws Exception {
|
|
|
+ Authentication auth = new UsernamePasswordAuthenticationToken("user", null);
|
|
|
+ SecurityContextHolder.getContext().setAuthentication(auth);
|
|
|
|
|
|
- users.createUser("user", "user");
|
|
|
+ users.createUser("user", "user");
|
|
|
|
|
|
- UserEntity userEntity = userDAO.findLocalUserByName("user");
|
|
|
+ UserEntity userEntity = userDAO.findUserByName("user");
|
|
|
|
|
|
- assertNotSame("user", userEntity.getUserPassword());
|
|
|
- assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
+ assertNotSame("user", userEntity.getUserPassword());
|
|
|
+ assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
|
|
|
- try {
|
|
|
- users.modifyPassword("user", "admin", "user_new_password");
|
|
|
- Assert.fail("Exception should be thrown here as password is incorrect");
|
|
|
- } catch (AmbariException ex) {
|
|
|
- }
|
|
|
- }
|
|
|
+ try {
|
|
|
+ users.modifyPassword("user", "admin", "user_new_password");
|
|
|
+ Assert.fail("Exception should be thrown here as password is incorrect");
|
|
|
+ } catch (AmbariException ex) {
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
- @Test
|
|
|
- public void testModifyPassword_UserByNonAdmin() throws Exception {
|
|
|
- Authentication auth = new UsernamePasswordAuthenticationToken("user2", null);
|
|
|
- SecurityContextHolder.getContext().setAuthentication(auth);
|
|
|
+ @Test
|
|
|
+ public void testModifyPassword_UserByNonAdmin() throws Exception {
|
|
|
+ Authentication auth = new UsernamePasswordAuthenticationToken("user2", null);
|
|
|
+ SecurityContextHolder.getContext().setAuthentication(auth);
|
|
|
|
|
|
- users.createUser("user", "user");
|
|
|
- users.createUser("user2", "user2");
|
|
|
+ users.createUser("user", "user");
|
|
|
+ users.createUser("user2", "user2");
|
|
|
|
|
|
- UserEntity userEntity = userDAO.findLocalUserByName("user");
|
|
|
+ UserEntity userEntity = userDAO.findUserByName("user");
|
|
|
|
|
|
- assertNotSame("user", userEntity.getUserPassword());
|
|
|
- assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
+ assertNotSame("user", userEntity.getUserPassword());
|
|
|
+ assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
|
|
|
- try {
|
|
|
- users.modifyPassword("user", "user2", "user_new_password");
|
|
|
- Assert.fail("Exception should be thrown here as user2 can't change password of user");
|
|
|
- } catch (AmbariException ex) {
|
|
|
- }
|
|
|
- }
|
|
|
+ try {
|
|
|
+ users.modifyPassword("user", "user2", "user_new_password");
|
|
|
+ Assert.fail("Exception should be thrown here as user2 can't change password of user");
|
|
|
+ } catch (AmbariException ex) {
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
- @Test
|
|
|
- public void testModifyPassword_UserByAdmin() throws Exception {
|
|
|
- ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
|
|
|
- resourceTypeEntity.setId(ResourceTypeEntity.AMBARI_RESOURCE_TYPE);
|
|
|
- resourceTypeEntity.setName(ResourceTypeEntity.AMBARI_RESOURCE_TYPE_NAME);
|
|
|
- resourceTypeDAO.create(resourceTypeEntity);
|
|
|
+ @Test
|
|
|
+ public void testModifyPassword_UserByAdmin() throws Exception {
|
|
|
+ users.createUser("admin", "admin", true, true, false);
|
|
|
+ users.createUser("user", "user");
|
|
|
|
|
|
- ResourceEntity resourceEntity = new ResourceEntity();
|
|
|
- resourceEntity.setId(ResourceEntity.AMBARI_RESOURCE_ID);
|
|
|
- resourceEntity.setResourceType(resourceTypeEntity);
|
|
|
- resourceDAO.create(resourceEntity);
|
|
|
+ UserEntity userEntity = userDAO.findUserByName("user");
|
|
|
|
|
|
- PermissionEntity adminPermissionEntity = new PermissionEntity();
|
|
|
- adminPermissionEntity.setId(PermissionEntity.AMBARI_ADMIN_PERMISSION);
|
|
|
- adminPermissionEntity.setPermissionName(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME);
|
|
|
- adminPermissionEntity.setResourceType(resourceTypeEntity);
|
|
|
- permissionDAO.create(adminPermissionEntity);
|
|
|
+ assertNotSame("user", userEntity.getUserPassword());
|
|
|
+ assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
|
|
|
- users.createUser("admin", "admin", true, true, false);
|
|
|
- users.createUser("user", "user");
|
|
|
+ users.modifyPassword("user", "admin", "user_new_password");
|
|
|
+ assertTrue(passwordEncoder.matches("user_new_password", userDAO.findUserByName("user").getUserPassword()));
|
|
|
+ }
|
|
|
|
|
|
- UserEntity userEntity = userDAO.findLocalUserByName("user");
|
|
|
+ @Test
|
|
|
+ public void testCreateUserTwoParams() throws Exception {
|
|
|
+ users.createUser("user", "user");
|
|
|
|
|
|
- assertNotSame("user", userEntity.getUserPassword());
|
|
|
- assertTrue(passwordEncoder.matches("user", userEntity.getUserPassword()));
|
|
|
+ final User createdUser = users.getAnyUser("user");
|
|
|
+ Assert.assertEquals("user", createdUser.getUserName());
|
|
|
+ Assert.assertEquals(true, createdUser.isActive());
|
|
|
+ Assert.assertEquals(false, createdUser.isLdapUser());
|
|
|
+ Assert.assertEquals(false, createdUser.isAdmin());
|
|
|
+ }
|
|
|
|
|
|
- users.modifyPassword("user", "admin", "user_new_password");
|
|
|
- assertTrue(passwordEncoder.matches("user_new_password", userDAO.findLocalUserByName("user").getUserPassword()));
|
|
|
- }
|
|
|
+ @Test
|
|
|
+ @Ignore // TODO @Transactional annotation breaks this test
|
|
|
+ public void testCreateUserDefaultParams() throws Exception {
|
|
|
+ final Users spy = Mockito.spy(users);
|
|
|
+ spy.createUser("user", "user");
|
|
|
+ Mockito.verify(spy).createUser("user", "user", true, false, false);
|
|
|
+ }
|
|
|
|
|
|
- private void createLdapUser() {
|
|
|
+ @Test
|
|
|
+ public void testCreateUserFiveParams() throws Exception {
|
|
|
+ users.createUser("user", "user", false, false, false);
|
|
|
+
|
|
|
+ final User createdUser = users.getAnyUser("user");
|
|
|
+ Assert.assertEquals("user", createdUser.getUserName());
|
|
|
+ Assert.assertEquals(false, createdUser.isActive());
|
|
|
+ Assert.assertEquals(false, createdUser.isLdapUser());
|
|
|
+ Assert.assertEquals(false, createdUser.isAdmin());
|
|
|
+
|
|
|
+ users.createUser("user2", "user2", true, true, true);
|
|
|
+ final User createdUser2 = users.getAnyUser("user2");
|
|
|
+ Assert.assertEquals("user2", createdUser2.getUserName());
|
|
|
+ Assert.assertEquals(true, createdUser2.isActive());
|
|
|
+ Assert.assertEquals(true, createdUser2.isLdapUser());
|
|
|
+ Assert.assertEquals(true, createdUser2.isAdmin());
|
|
|
+ }
|
|
|
|
|
|
- PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
|
|
|
- principalTypeEntity.setName(PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME);
|
|
|
- principalTypeDAO.create(principalTypeEntity);
|
|
|
+ @Test(expected = AmbariException.class)
|
|
|
+ public void testCreateUserDuplicate() throws Exception {
|
|
|
+ users.createUser("user", "user");
|
|
|
+ users.createUser("user", "user");
|
|
|
+ }
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void testRemoveUser() throws Exception {
|
|
|
+ users.createUser("user1", "user1");
|
|
|
+ users.createUser("user2", "user2");
|
|
|
+ users.createUser("user3", "user3");
|
|
|
+ Assert.assertEquals(3, users.getAllUsers().size());
|
|
|
+
|
|
|
+ users.removeUser(users.getAnyUser("user1"));
|
|
|
|
|
|
- PrincipalEntity principalEntity = new PrincipalEntity();
|
|
|
- principalEntity.setPrincipalType(principalTypeEntity);
|
|
|
- principalDAO.create(principalEntity);
|
|
|
+ Assert.assertNull(users.getAnyUser("user1"));
|
|
|
+ Assert.assertEquals(2, users.getAllUsers().size());
|
|
|
+ }
|
|
|
|
|
|
- UserEntity ldapUser = new UserEntity();
|
|
|
+ @Test
|
|
|
+ public void testGrantAdminPrivilege() throws Exception {
|
|
|
+ users.createUser("user", "user");
|
|
|
|
|
|
- ldapUser.setUserName("ldapUser");
|
|
|
- ldapUser.setLdapUser(true);
|
|
|
- ldapUser.setPrincipal(principalEntity);
|
|
|
+ final User user = users.getAnyUser("user");
|
|
|
+ users.grantAdminPrivilege(user.getUserId());
|
|
|
|
|
|
- userDAO.create(ldapUser);
|
|
|
+ Assert.assertTrue(users.getAnyUser("user").isAdmin());
|
|
|
+ }
|
|
|
|
|
|
- UserEntity userEntity = userDAO.findLdapUserByName("ldapUser");
|
|
|
+ @Test
|
|
|
+ public void testRevokeAdminPrivilege() throws Exception {
|
|
|
+ users.createUser("admin", "admin", true, true, false);
|
|
|
+
|
|
|
+ final User admin = users.getAnyUser("admin");
|
|
|
+ users.revokeAdminPrivilege(admin.getUserId());
|
|
|
+
|
|
|
+ Assert.assertFalse(users.getAnyUser("admin").isAdmin());
|
|
|
+ }
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void testIsUserCanBeRemoved() throws Exception {
|
|
|
+ users.createUser("admin", "admin", true, true, false);
|
|
|
+ users.createUser("admin2", "admin2", true, true, false);
|
|
|
+
|
|
|
+ Assert.assertTrue(users.isUserCanBeRemoved(userDAO.findUserByName("admin")));
|
|
|
+ Assert.assertTrue(users.isUserCanBeRemoved(userDAO.findUserByName("admin2")));
|
|
|
+
|
|
|
+ users.removeUser(users.getAnyUser("admin"));
|
|
|
+
|
|
|
+ Assert.assertFalse(users.isUserCanBeRemoved(userDAO.findUserByName("admin2")));
|
|
|
+ users.createUser("user", "user");
|
|
|
+ Assert.assertFalse(users.isUserCanBeRemoved(userDAO.findUserByName("admin2")));
|
|
|
|
|
|
- userDAO.merge(ldapUser);
|
|
|
+ users.createUser("admin3", "admin3", true, true, false);
|
|
|
+ Assert.assertTrue(users.isUserCanBeRemoved(userDAO.findUserByName("admin2")));
|
|
|
+ Assert.assertTrue(users.isUserCanBeRemoved(userDAO.findUserByName("admin3")));
|
|
|
}
|
|
|
|
|
|
}
|
Siddharth Wagle