Skip to content
Snippets Groups Projects
Commit ad84e16e authored by felmer's avatar felmer
Browse files

SSDM-6061: Audit log introduced. More tests more functionality, but not yet complete

parent e4ea5c90
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 836 additions and 140 deletions
openbis/source/java/ch/systemsx/cisd/openbis/generic/server/task/UserManagementMaintenanceTask.java
+ 93
43
View file @ ad84e16e
......@@ -27,6 +27,7 @@ import org.apache.log4j.Logger;
import com.fasterxml.jackson.databind.ObjectMapper;
import ch.ethz.sis.openbis.generic.server.asapi.v3.IApplicationServerInternalApi;
import ch.systemsx.cisd.authentication.Principal;
import ch.systemsx.cisd.authentication.ldap.LDAPAuthenticationService;
import ch.systemsx.cisd.common.exceptions.ConfigurationFailureException;
......@@ -35,6 +36,8 @@ import ch.systemsx.cisd.common.logging.Log4jSimpleLogger;
import ch.systemsx.cisd.common.logging.LogCategory;
import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.common.maintenance.IMaintenanceTask;
import ch.systemsx.cisd.common.utilities.ITimeAndWaitingProvider;
import ch.systemsx.cisd.common.utilities.SystemTimeProvider;
import ch.systemsx.cisd.openbis.generic.server.CommonServiceProvider;
/**
......@@ -42,18 +45,24 @@ import ch.systemsx.cisd.openbis.generic.server.CommonServiceProvider;
*/
public class UserManagementMaintenanceTask implements IMaintenanceTask
{
private static final String CONFIGURATION_FILE_PATH_PROPERTY = "configuration-file-path";
static final String CONFIGURATION_FILE_PATH_PROPERTY = "configuration-file-path";
private static final String DEFAULT_CONFIGURATION_FILE_PATH = "etc/user-management-maintenance-config.json";
static final String DEFAULT_CONFIGURATION_FILE_PATH = "etc/user-management-maintenance-config.json";
static final String AUDIT_LOG_FILE_PATH_PROPERTY = "audit-log-file-path";
static final String DEFAULT_AUDIT_LOG_FILE_PATH = "logs/user-management-audit_log.txt";
private static final Logger operationLog = LogFactory.getLogger(LogCategory.OPERATION,
UserManagementMaintenanceTask.class);
private static final Logger notificationLog = LogFactory.getLogger(LogCategory.NOTIFY,
UserManagementMaintenanceTask.class);
private File configurationFile;
private File auditLogFile;
private LDAPAuthenticationService ldapService;
@Override
......@@ -66,8 +75,12 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
throw new ConfigurationFailureException("Configuration file '" + configurationFile.getAbsolutePath()
+ "' doesn't exist or is a directory.");
}
ldapService = (LDAPAuthenticationService) CommonServiceProvider.getApplicationContext().getBean("ldap-authentication-service");
auditLogFile = new File(properties.getProperty(AUDIT_LOG_FILE_PATH_PROPERTY, DEFAULT_AUDIT_LOG_FILE_PATH));
if (auditLogFile.isDirectory())
{
throw new ConfigurationFailureException("Audit log file '" + auditLogFile.getAbsolutePath() + "' is a directory.");
}
ldapService = getLdapAuthenticationService();
if (ldapService.isConfigured() == false)
{
throw new ConfigurationFailureException("There is no LDAP authentication service configured. "
......@@ -75,7 +88,7 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
+ "'ldap.security.principal.password' have to be specified in 'service.properties'.");
}
operationLog.info("Plugin '" + pluginName + "' initialized. Configuration file: " + configurationFile.getAbsolutePath());
}
@Override
......@@ -87,46 +100,20 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
return;
}
Log4jSimpleLogger logger = new Log4jSimpleLogger(operationLog);
UserManager userManager = new UserManager(CommonServiceProvider.getApplicationServerApi(), config.getCommonSpaces(), logger);
UserManager userManager = new UserManager(ldapService, getService(),
config.getCommonSpaces(), logger, getTimeProvider());
for (UserGroup group : config.getGroups())
{
String key = group.getKey();
List<String> ldapGroupKeys = group.getLdapGroupKeys();
if (ldapGroupKeys == null || ldapGroupKeys.isEmpty())
if (addGroup(userManager, group) == false)
{
operationLog.error("No ldapGroupKeys specified for group '" + key + "'. Task aborted.");
return;
}
Map<String, Principal> principalsByUserId = new TreeMap<>();
for (String ldapGroupKey : ldapGroupKeys)
{
if (StringUtils.isBlank(ldapGroupKey))
{
operationLog.error("Empty ldapGroupKey for group '" + key + "'. Task aborted.");
return;
}
List<Principal> principals = ldapService.listPrincipalsByKeyValue("ou", ldapGroupKey);
if (principals.isEmpty())
{
operationLog.error("No users found for ldapGroupKey '" + ldapGroupKey + "' for group '" + key + "'. Task aborted.");
return;
}
for (Principal principal : principals)
{
principalsByUserId.put(principal.getUserId(), principal);
}
}
userManager.addGroup(key, group, principalsByUserId);
}
String errorReport = userManager.manageUsers();
if (StringUtils.isNotBlank(errorReport))
{
notificationLog.error("User management failed for the following reasons:\n\n" + errorReport);
}
UserManagerReport userManagerReport = userManager.manage();
handleReport(userManagerReport);
operationLog.info("finished");
}
private UserManagerConfig readGroupDefinitions()
{
if (configurationFile.isFile() == false)
......@@ -137,7 +124,8 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
String serializedConfig = FileUtilities.loadToString(configurationFile);
try
{
return deserialize(serializedConfig);
ObjectMapper mapper = new ObjectMapper();
return mapper.readValue(serializedConfig, UserManagerConfig.class);
} catch (Exception e)
{
operationLog.error("Invalid content of configuration file '" + configurationFile.getAbsolutePath() + "': " + e, e);
......@@ -145,9 +133,71 @@ public class UserManagementMaintenanceTask implements IMaintenanceTask
}
}
private UserManagerConfig deserialize(String serializedConfig) throws Exception
private boolean addGroup(UserManager userManager, UserGroup group)
{
String key = group.getKey();
List<String> ldapGroupKeys = group.getLdapGroupKeys();
if (ldapGroupKeys == null || ldapGroupKeys.isEmpty())
{
operationLog.error("No ldapGroupKeys specified for group '" + key + "'. Task aborted.");
return false;
}
Map<String, Principal> principalsByUserId = new TreeMap<>();
for (String ldapGroupKey : ldapGroupKeys)
{
if (StringUtils.isBlank(ldapGroupKey))
{
operationLog.error("Empty ldapGroupKey for group '" + key + "'. Task aborted.");
return false;
}
List<Principal> principals = getUsersOfGroup(ldapGroupKey);
if (principals.isEmpty())
{
operationLog.error("No users found for ldapGroupKey '" + ldapGroupKey + "' for group '" + key + "'. Task aborted.");
return false;
}
for (Principal principal : principals)
{
principalsByUserId.put(principal.getUserId(), principal);
}
}
userManager.addGroup(group, principalsByUserId);
return true;
}
private void handleReport(UserManagerReport report)
{
ObjectMapper mapper = new ObjectMapper();
return mapper.readValue(serializedConfig, UserManagerConfig.class);
String errorReport = report.getErrorReport();
if (StringUtils.isNotBlank(errorReport))
{
notificationLog.error("User management failed for the following reason(s):\n\n" + errorReport);
}
String auditLog = report.getAuditLog();
if (StringUtils.isNotBlank(auditLog))
{
FileUtilities.appendToFile(auditLogFile, auditLog, true);
}
}
protected List<Principal> getUsersOfGroup(String ldapGroupKey)
{
return ldapService.listPrincipalsByKeyValue("ou", ldapGroupKey);
}
protected LDAPAuthenticationService getLdapAuthenticationService()
{
return (LDAPAuthenticationService) CommonServiceProvider.getApplicationContext().getBean("ldap-authentication-service");
}
protected IApplicationServerInternalApi getService()
{
return CommonServiceProvider.getApplicationServerApi();
}
protected ITimeAndWaitingProvider getTimeProvider()
{
return SystemTimeProvider.SYSTEM_TIME_PROVIDER;
}
}
openbis/source/java/ch/systemsx/cisd/openbis/generic/server/task/UserManagerReport.java 0 → 100644
+ 101
0
View file @ ad84e16e
/*
* Copyright 2018 ETH Zuerich, SIS
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ch.systemsx.cisd.openbis.generic.server.task;
import java.text.MessageFormat;
import java.util.Date;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.id.AuthorizationGroupPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.space.id.ISpaceId;
import ch.systemsx.cisd.common.utilities.ITimeProvider;
/**
* @author Franz-Josef Elmer
*/
public class UserManagerReport
{
private StringBuilder errorReport = new StringBuilder();
private StringBuilder auditLog = new StringBuilder();
private ITimeProvider timeProvider;
public UserManagerReport(ITimeProvider timeProvider)
{
this.timeProvider = timeProvider;
}
public String getErrorReport()
{
return errorReport.toString();
}
public String getAuditLog()
{
return auditLog.toString();
}
void addErrorMessage(String message)
{
errorReport.append(message).append('\n');
}
void addGroup(String groupCode)
{
log("ADD-GROUP", groupCode);
}
void deactivateUser(String userId)
{
log("DEACTIVATE-USER", userId);
}
void addUser(String userId, String homeSpaceCode)
{
log("ADD-USER", userId + " (home space: " + homeSpaceCode + ")");
}
void addSpace(ISpaceId spaceId)
{
log("ADD-SPACE", spaceId);
}
void assignRoleTo(AuthorizationGroupPermId groupId, Role role, ISpaceId spaceId)
{
log("ASSIGN-ROLE-TO-GROUP", groupId + ", SPACE_" + role + " for " + spaceId);
}
void addUserToGroup(String groupCode, String userId)
{
log("ADD-USER-TO-GROUP", groupCode + ", " + userId);
}
void removeUserFromGroup(String groupCode, String userId)
{
log("REMOVE-USER-FROM-GROUP", groupCode + ", " + userId);
}
private void log(String action, Object details)
{
Date timeStamp = new Date(timeProvider.getTimeInMilliseconds());
MessageFormat messageFormat = new MessageFormat("{0,date,yyyy-MM-dd HH:mm:ss} [{1}] {2}\n");
auditLog.append(messageFormat.format(new Object[] { timeStamp, action, details }));
}
}
openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/task/UserManagerExpectationsBuilder.java
+ 70
18
View file @ ad84e16e
......@@ -32,6 +32,9 @@ import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.AuthorizationGroup;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.fetchoptions.AuthorizationGroupFetchOptions;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.authorizationgroup.id.AuthorizationGroupPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.id.ObjectPermId;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.common.interfaces.ICodeHolder;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.person.Person;
......@@ -45,6 +48,7 @@ import ch.ethz.sis.openbis.generic.server.asapi.v3.IApplicationServerInternalApi
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.IOperationContext;
import ch.ethz.sis.openbis.generic.server.asapi.v3.executor.OperationContext;
import ch.systemsx.cisd.authentication.Principal;
import ch.systemsx.cisd.openbis.generic.server.task.UserManager;
import ch.systemsx.cisd.openbis.generic.shared.IOpenBisSessionManager;
import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
import ch.systemsx.cisd.openbis.generic.shared.dto.SpacePE;
......@@ -65,8 +69,10 @@ class UserManagerExpectationsBuilder
private Map<String, List<Principal>> usersByGroup = new TreeMap<>();
private Map<String, List<Principal>> disabledUsersByGroup = new TreeMap<>();
private List<Principal> unknownUsers = new ArrayList<>();
private Map<String, List<Principal>> disabledUsersByGroup = new TreeMap<>();
private Map<String, List<Principal>> normalUsersByGroup = new TreeMap<>();
private Map<String, List<Principal>> adminUsersByGroup = new TreeMap<>();
......@@ -80,6 +86,12 @@ class UserManagerExpectationsBuilder
this.commonSpaces = commonSpaces;
}
UserManagerExpectationsBuilder unknownUser(Principal user)
{
unknownUsers.add(user);
return this;
}
UserManagerExpectationsBuilder disabledUser(Principal user, String... groups)
{
return addUser(user, disabledUsersByGroup, groups);
......@@ -120,6 +132,7 @@ class UserManagerExpectationsBuilder
{
String sessionToken = v3api.login(TEST_USER, PASSWORD);
assertSpaces(sessionToken);
assertUnknownUsers(sessionToken);
assertUsers(sessionToken);
assertAuthorization(sessionToken);
v3api.logout(sessionToken);
......@@ -155,10 +168,49 @@ class UserManagerExpectationsBuilder
List<String> expectedSpaces = extractedSortedPermIds(spaces);
SpaceFetchOptions fetchOptions = new SpaceFetchOptions();
List<String> actualSpaces = extractedSortedCodes(v3api.getSpaces(sessionToken, spaces, fetchOptions).values());
System.out.println("UserManagerTestExpectation: Spaces: " + expectedSpaces);
assertEquals(actualSpaces.toString(), expectedSpaces.toString());
}
private void assertUnknownUsers(String sessionToken)
{
Map<String, Set<String>> usersByGroupId = getAllUsersOfGroups(sessionToken);
assertEquals(usersByGroupId.isEmpty(), false);
List<PersonPermId> personIds = unknownUsers.stream().map(p -> new PersonPermId(p.getUserId())).collect(Collectors.toList());
PersonFetchOptions fetchOptions = new PersonFetchOptions();
fetchOptions.withRoleAssignments();
for (Person person : v3api.getPersons(sessionToken, personIds, fetchOptions).values())
{
String userId = person.getUserId();
assertEquals(person.isActive(), Boolean.FALSE, "Active flag of user " + userId);
assertEquals(person.getRoleAssignments().size(), 0, "Role assignments of user " + userId);
for (Entry<String, Set<String>> entry : usersByGroupId.entrySet())
{
if (entry.getValue().contains(userId))
{
fail("User " + userId + " still in authorization group " + entry.getKey());
}
}
}
}
private Map<String, Set<String>> getAllUsersOfGroups(String sessionToken)
{
AuthorizationGroupFetchOptions groupFetchOptions = new AuthorizationGroupFetchOptions();
groupFetchOptions.withUsers();
List<AuthorizationGroupPermId> ids = new ArrayList<>();
for (String groupCode : usersByGroup.keySet())
{
ids.add(new AuthorizationGroupPermId(groupCode));
ids.add(new AuthorizationGroupPermId(UserManager.createAdminGroupCode(groupCode)));
}
Map<String, Set<String>> usersByGroupId = new TreeMap<>();
for (AuthorizationGroup group : v3api.getAuthorizationGroups(sessionToken, ids, groupFetchOptions).values())
{
usersByGroupId.put(group.getCode(), group.getUsers().stream().map(Person::getUserId).collect(Collectors.toSet()));
}
return usersByGroupId;
}
private void assertUsers(String sessionToken)
{
List<PersonPermId> allUsers = applyMapperToAllUsers(user -> new PersonPermId(user.getUserId()));
......@@ -168,7 +220,6 @@ class UserManagerExpectationsBuilder
Function<IPersonId, PersonPermId> mapper = id -> (PersonPermId) id;
List<String> expectedUsers = extractedSortedPermIds(allUsers);
List<String> actualUsers = extractedSortedPermIds(persons.keySet().stream().map(mapper).collect(Collectors.toSet()));
System.out.println("UserManagerTestExpectation: Users: " + expectedUsers);
assertEquals(actualUsers.toString(), expectedUsers.toString());
for (PersonPermId id : allUsers)
{
......@@ -192,28 +243,29 @@ class UserManagerExpectationsBuilder
{
for (Entry<String, List<Principal>> entry : disabledUsersByGroup.entrySet())
{
String groupKey = entry.getKey();
String groupCode = entry.getKey();
for (Principal user : entry.getValue())
{
commonSpaces.get(Role.USER).forEach(expectForSpace(expectations, user, groupKey, Level.NON));
commonSpaces.get(Role.OBSERVER).forEach(expectForSpace(expectations, user, groupKey, Level.NON));
commonSpaces.get(Role.USER).forEach(expectForSpace(expectations, user, groupCode, Level.NON));
commonSpaces.get(Role.OBSERVER).forEach(expectForSpace(expectations, user, groupCode, Level.NON));
for (List<Principal> users2 : usersByGroup.values())
{
users2.forEach(user2 -> expectations.expect(user, getOwenSpace(user2), Level.NON));
users2.forEach(user2 -> expectations.expect(user, getOwenSpace(user2),
equals(user, user2) ? Level.SPACE_ADMIN : Level.NON));
}
}
}
}
private void createExpectationsForNormalUsers(AuthorizationExpectations expectations)
{
for (Entry<String, List<Principal>> entry : normalUsersByGroup.entrySet())
{
String groupKey = entry.getKey();
String groupCode = entry.getKey();
for (Principal user : entry.getValue())
{
commonSpaces.get(Role.USER).forEach(expectForSpace(expectations, user, groupKey, Level.SPACE_USER));
commonSpaces.get(Role.OBSERVER).forEach(expectForSpace(expectations, user, groupKey, Level.SPACE_OBSERVER));
commonSpaces.get(Role.USER).forEach(expectForSpace(expectations, user, groupCode, Level.SPACE_USER));
commonSpaces.get(Role.OBSERVER).forEach(expectForSpace(expectations, user, groupCode, Level.SPACE_OBSERVER));
for (List<Principal> users2 : usersByGroup.values())
{
users2.forEach(user2 -> expectations.expect(user, getOwenSpace(user2),
......@@ -227,17 +279,17 @@ class UserManagerExpectationsBuilder
{
for (Entry<String, List<Principal>> entry : adminUsersByGroup.entrySet())
{
String groupKey = entry.getKey();
String groupCode = entry.getKey();
for (Principal user : entry.getValue())
{
commonSpaces.get(Role.USER).forEach(expectForSpace(expectations, user, groupKey, Level.SPACE_ADMIN));
commonSpaces.get(Role.OBSERVER).forEach(expectForSpace(expectations, user, groupKey, Level.SPACE_ADMIN));
commonSpaces.get(Role.USER).forEach(expectForSpace(expectations, user, groupCode, Level.SPACE_ADMIN));
commonSpaces.get(Role.OBSERVER).forEach(expectForSpace(expectations, user, groupCode, Level.SPACE_ADMIN));
Set<Entry<String, List<Principal>>> entrySet = usersByGroup.entrySet();
for (Entry<String, List<Principal>> entry2 : entrySet)
{
String group2Key = entry2.getKey();
String groupCode2 = entry2.getKey();
List<Principal> users2 = entry2.getValue();
if (groupKey.equals(group2Key))
if (groupCode.equals(groupCode2))
{
users2.forEach(user2 -> expectations.expect(user, getOwenSpace(user2), Level.SPACE_ADMIN));
} else
......@@ -249,9 +301,9 @@ class UserManagerExpectationsBuilder
}
}
private Consumer<String> expectForSpace(AuthorizationExpectations expectations, Principal user, String groupKey, Level level)
private Consumer<String> expectForSpace(AuthorizationExpectations expectations, Principal user, String groupCode, Level level)
{
return space -> expectations.expect(user, createCommonSpaceCode(groupKey, space), level);
return space -> expectations.expect(user, createCommonSpaceCode(groupCode, space), level);
}
private static final class AuthorizationExpectations
......
openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/task/UserManagerTest.java
+ 324
15
View file @ ad84e16e
......@@ -22,7 +22,9 @@ import java.util.Arrays;
import java.util.EnumMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.annotation.Resource;
......@@ -31,11 +33,14 @@ import org.testng.annotations.Test;
import ch.ethz.sis.openbis.generic.asapi.v3.dto.roleassignment.Role;
import ch.ethz.sis.openbis.systemtest.asapi.v3.AbstractTest;
import ch.systemsx.cisd.authentication.NullAuthenticationService;
import ch.systemsx.cisd.authentication.Principal;
import ch.systemsx.cisd.common.logging.MockLogger;
import ch.systemsx.cisd.common.utilities.MockTimeProvider;
import ch.systemsx.cisd.openbis.generic.server.ComponentNames;
import ch.systemsx.cisd.openbis.generic.server.task.UserGroup;
import ch.systemsx.cisd.openbis.generic.server.task.UserManager;
import ch.systemsx.cisd.openbis.generic.server.task.UserManagerReport;
import ch.systemsx.cisd.openbis.generic.shared.IOpenBisSessionManager;
/**
......@@ -69,17 +74,37 @@ public class UserManagerTest extends AbstractTest
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = new UserManager(v3api, commonSpaces, logger);
UserManager userManager = createUserManager(commonSpaces, logger);
Map<String, Principal> principals = principals(U3, U1, U2);
UserGroup group = new UserGroup();
group.setAdmins(Arrays.asList(U1.getUserId(), "blabla"));
userManager.addGroup("G1", group, principals);
UserGroup group = group("G1", U1.getUserId(), "blabla");
userManager.addGroup(group, principals);
// When
String errorMessages = userManager.manageUsers();
UserManagerReport report = manage(userManager);
// Then
assertEquals(errorMessages, "");
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [ADD-GROUP] G1\n"
+ "1970-01-01 01:00:01 [ADD-GROUP] G1_ADMIN\n"
+ "1970-01-01 01:00:02 [ADD-SPACE] G1_ALPHA\n"
+ "1970-01-01 01:00:03 [ASSIGN-ROLE-TO-GROUP] G1, SPACE_USER for G1_ALPHA\n"
+ "1970-01-01 01:00:04 [ASSIGN-ROLE-TO-GROUP] G1_ADMIN, SPACE_ADMIN for G1_ALPHA\n"
+ "1970-01-01 01:00:05 [ADD-SPACE] G1_BETA\n"
+ "1970-01-01 01:00:06 [ASSIGN-ROLE-TO-GROUP] G1, SPACE_USER for G1_BETA\n"
+ "1970-01-01 01:00:07 [ASSIGN-ROLE-TO-GROUP] G1_ADMIN, SPACE_ADMIN for G1_BETA\n"
+ "1970-01-01 01:00:08 [ADD-SPACE] G1_GAMMA\n"
+ "1970-01-01 01:00:09 [ASSIGN-ROLE-TO-GROUP] G1, SPACE_OBSERVER for G1_GAMMA\n"
+ "1970-01-01 01:00:10 [ASSIGN-ROLE-TO-GROUP] G1_ADMIN, SPACE_ADMIN for G1_GAMMA\n"
+ "1970-01-01 01:00:11 [ADD-USER] u1 (home space: U1)\n"
+ "1970-01-01 01:00:12 [ADD-USER-TO-GROUP] G1, u1\n"
+ "1970-01-01 01:00:13 [ASSIGN-ROLE-TO-GROUP] G1_ADMIN, SPACE_ADMIN for U1\n"
+ "1970-01-01 01:00:14 [ADD-USER-TO-GROUP] G1_ADMIN, u1\n"
+ "1970-01-01 01:00:15 [ADD-USER] u2 (home space: U2)\n"
+ "1970-01-01 01:00:16 [ADD-USER-TO-GROUP] G1, u2\n"
+ "1970-01-01 01:00:17 [ASSIGN-ROLE-TO-GROUP] G1_ADMIN, SPACE_ADMIN for U2\n"
+ "1970-01-01 01:00:18 [ADD-USER] u3 (home space: U3)\n"
+ "1970-01-01 01:00:19 [ADD-USER-TO-GROUP] G1, u3\n"
+ "1970-01-01 01:00:20 [ASSIGN-ROLE-TO-GROUP] G1_ADMIN, SPACE_ADMIN for U3\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G1");
builder.user(U2, "G1");
......@@ -93,20 +118,27 @@ public class UserManagerTest extends AbstractTest
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = new UserManager(v3api, commonSpaces, logger);
UserGroup group = new UserGroup();
group.setAdmins(Arrays.asList(U1.getUserId(), "blabla"));
userManager.addGroup("G2", group, principals(U1));
assertEquals(userManager.manageUsers(), "");
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId(), "blabla");
userManager.addGroup(group, principals(U1));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).adminUser(U1, "G2").assertExpectations();
userManager = new UserManager(v3api, commonSpaces, logger);
userManager.addGroup("G2", group, principals(U2, U3));
userManager = createUserManager(commonSpaces, logger);
group.setAdmins(Arrays.asList(U1.getUserId()));
userManager.addGroup(group, principals(U1, U2, U3));
// When
String errorMessages = userManager.manageUsers();
UserManagerReport report = manage(userManager);
// Then
assertEquals(errorMessages, "");
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [ADD-USER] u2 (home space: U2)\n"
+ "1970-01-01 01:00:01 [ADD-USER-TO-GROUP] G2, u2\n"
+ "1970-01-01 01:00:02 [ASSIGN-ROLE-TO-GROUP] G2_ADMIN, SPACE_ADMIN for U2\n"
+ "1970-01-01 01:00:03 [ADD-USER] u3 (home space: U3)\n"
+ "1970-01-01 01:00:04 [ADD-USER-TO-GROUP] G2, u3\n"
+ "1970-01-01 01:00:05 [ASSIGN-ROLE-TO-GROUP] G2_ADMIN, SPACE_ADMIN for U3\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.user(U2, "G2");
......@@ -114,11 +146,281 @@ public class UserManagerTest extends AbstractTest
builder.assertExpectations();
}
@Test
public void testRemoveNormalUserFromAGroup()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId(), "blabla");
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).adminUser(U1, "G2").user(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger);
userManager.addGroup(group, principals(U1, U3));
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [REMOVE-USER-FROM-GROUP] G2, u2\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.disabledUser(U2, "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
@Test
public void testChangeNormalUserToAdmin()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2");
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).user(U1, "G2").user(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger);
group = group("G2", U1.getUserId());
userManager.addGroup(group, principals(U1, U2, U3));
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [ADD-USER-TO-GROUP] G2_ADMIN, u1\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.user(U2, "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
@Test
public void testChangeAdminUserToNormalAdmin()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId());
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).adminUser(U1, "G2").user(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger);
group = group("G2");
userManager.addGroup(group, principals(U1, U2, U3));
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [REMOVE-USER-FROM-GROUP] G2_ADMIN, u1\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.user(U1, "G2");
builder.user(U2, "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
@Test
public void testRemoveNormalUserFromAGroupAndAddItAgain()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId(), "blabla");
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
userManager = createUserManager(commonSpaces, logger);
userManager.addGroup(group, principals(U1, U3));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).adminUser(U1, "G2").disabledUser(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger);
userManager.addGroup(group, principals(U1, U2, U3));
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [ADD-USER-TO-GROUP] G2, u2\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.user(U2, "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
@Test
public void testRemoveAdminUserFromAGroup()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId(), "blabla");
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).adminUser(U1, "G2").user(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger);
userManager.addGroup(group, principals(U2, U3));
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [REMOVE-USER-FROM-GROUP] G2, u1\n"
+ "1970-01-01 01:00:01 [REMOVE-USER-FROM-GROUP] G2_ADMIN, u1\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.disabledUser(U1, "G2");
builder.user(U2, "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
@Test
public void testRemoveAdminUserFromAGroupAndAddItAgain()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId(), "blabla");
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
userManager = createUserManager(commonSpaces, logger);
userManager.addGroup(group, principals(U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).disabledUser(U1, "G2").user(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger);
userManager.addGroup(group, principals(U1, U2, U3));
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [ADD-USER-TO-GROUP] G2, u1\n"
+ "1970-01-01 01:00:01 [ADD-USER-TO-GROUP] G2_ADMIN, u1\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.user(U2, "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
@Test
public void testUserFromAGroupHasLefted()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId(), "blabla");
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager).getErrorReport(), "");
createBuilder(commonSpaces).adminUser(U1, "G2").user(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger, U2);
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
assertEquals(report.getAuditLog(), "1970-01-01 01:00:00 [DEACTIVATE-USER] u2\n");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.unknownUser(U2);
builder.user(U3, "G2");
builder.assertExpectations();
}
// @Test
public void testReuseSameUserId()
{
// Given
MockLogger logger = new MockLogger();
Map<Role, List<String>> commonSpaces = commonSpaces();
UserManager userManager = createUserManager(commonSpaces, logger);
UserGroup group = group("G2", U1.getUserId(), "blabla");
userManager.addGroup(group, principals(U1, U2, U3));
assertEquals(manage(userManager), "");
createBuilder(commonSpaces).adminUser(U1, "G2").user(U2, "G2").user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger, U2);
userManager.addGroup(group, principals(U1, U3));
assertEquals(manage(userManager), "");
createBuilder(commonSpaces).adminUser(U1, "G2").unknownUser(U2).user(U3, "G2").assertExpectations();
userManager = createUserManager(commonSpaces, logger);
userManager.addGroup(group, principals(U1, U2, U3));
// When
UserManagerReport report = manage(userManager);
// Then
assertEquals(report.getErrorReport(), "");
UserManagerExpectationsBuilder builder = createBuilder(commonSpaces);
builder.adminUser(U1, "G2");
builder.user(cloneFor(U2, "u2_2"), "G2");
builder.user(U3, "G2");
builder.assertExpectations();
}
private Principal cloneFor(Principal user, String userId)
{
return new Principal(userId, user.getFirstName(), user.getLastName(), user.getEmail());
}
private UserManager createUserManager(Map<Role, List<String>> commonSpaces, MockLogger logger,
Principal... usersUnknownByAuthenticationService)
{
Set<String> unknownUsers = Arrays.asList(usersUnknownByAuthenticationService).stream().map(Principal::getUserId).collect(Collectors.toSet());
NullAuthenticationService authenticationService = new NullAuthenticationService()
{
@Override
public Principal getPrincipal(String user) throws IllegalArgumentException
{
if (unknownUsers.contains(user))
{
throw new IllegalArgumentException("Unknown user " + user);
}
return new Principal(user, "John", "Doe", "jd@abc.de");
}
};
return new UserManager(authenticationService, v3api, commonSpaces, logger, new MockTimeProvider(0, 1000));
}
private UserManagerExpectationsBuilder createBuilder(Map<Role, List<String>> commonSpaces)
{
return new UserManagerExpectationsBuilder(v3api, testService, sessionManager, commonSpaces);
}
private UserManagerReport manage(UserManager userManager)
{
UserManagerReport errorReport = userManager.manage();
daoFactory.getSessionFactory().getCurrentSession().flush();
return errorReport;
}
private Map<String, Principal> principals(Principal... principals)
{
Map<String, Principal> map = new TreeMap<>();
......@@ -129,4 +431,11 @@ public class UserManagerTest extends AbstractTest
return map;
}
private UserGroup group(String groupKey, String... admins)
{
UserGroup userGroup = new UserGroup();
userGroup.setKey(groupKey);
userGroup.setAdmins(Arrays.asList(admins));
return userGroup;
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment