Add test

indigo-iam · Sep 23, 2024 · 811f2ce · 811f2ce
1 parent c5f2260
commit 811f2ce
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 27 deletions.
diff --git a/.../src/test/java/it/infn/mw/iam/test/ext_authn/x509/X509AuthenticationIntegrationTests.java b/.../src/test/java/it/infn/mw/iam/test/ext_authn/x509/X509AuthenticationIntegrationTests.java
@@ -189,11 +189,13 @@ public void testx509AccountLinking() throws Exception {
       .andExpect(
           flash().attribute(ACCOUNT_LINKING_DASHBOARD_MESSAGE_KEY, equalTo(confirmationMessage)));
 
-    Optional<IamAccount> linkedUser = iamX509CertificateRepo.findBySubject(TEST_0_SUBJECT).stream().findFirst();
+    Optional<IamAccount> linkedUser =
+        iamX509CertificateRepo.findBySubject(TEST_0_SUBJECT).stream().findFirst();
     assertThat(linkedUser.isPresent(), is(true));
     assertThat(linkedUser.get().getUsername(), is("test"));
 
-    Optional<IamX509Certificate> test0Cert = iamX509CertificateRepo.findBySubjectAndIssuer(TEST_0_SUBJECT, TEST_0_ISSUER);
+    Optional<IamX509Certificate> test0Cert =
+        iamX509CertificateRepo.findBySubjectAndIssuer(TEST_0_SUBJECT, TEST_0_ISSUER);
     assertThat(test0Cert.isPresent(), is(true));
 
     IamAccount linkedAccount = iamAccountRepo.findByCertificateSubject(TEST_0_SUBJECT)
@@ -227,19 +229,37 @@ public void testx509AccountLinking() throws Exception {
         String.format("Certificate '%s' linked succesfully", credential1.getSubject());
 
     mvc.perform(post("/iam/account-linking/X509").session(session1).with(csrf().asHeader()))
-    .andExpect(status().is3xxRedirection())
-    .andExpect(redirectedUrl("/dashboard"))
-    .andExpect(
-        flash().attribute(ACCOUNT_LINKING_DASHBOARD_MESSAGE_KEY, equalTo(confirmationMsg)));
+      .andExpect(status().is3xxRedirection())
+      .andExpect(redirectedUrl("/dashboard"))
+      .andExpect(
+          flash().attribute(ACCOUNT_LINKING_DASHBOARD_MESSAGE_KEY, equalTo(confirmationMsg)));
 
-    Optional<IamX509Certificate> testCert1 = iamX509CertificateRepo.findBySubjectAndIssuer(TEST_0_SUBJECT, TEST_0_ISSUER);
+    Optional<IamX509Certificate> testCert1 =
+        iamX509CertificateRepo.findBySubjectAndIssuer(TEST_0_SUBJECT, TEST_0_ISSUER);
     assertThat(testCert1.isPresent(), is(true));
     assertThat(testCert1.get().getAccount().getUsername(), is("test"));
-
-    Optional<IamX509Certificate> testCert2 = iamX509CertificateRepo.findBySubjectAndIssuer(TEST_0_SUBJECT, TEST_NEW_ISSUER);
+
+    Optional<IamX509Certificate> testCert2 =
+        iamX509CertificateRepo.findBySubjectAndIssuer(TEST_0_SUBJECT, TEST_NEW_ISSUER);
     assertThat(testCert2.isPresent(), is(true));
     assertThat(testCert2.get().getAccount().getUsername(), is("test"));
 
+    // Try to link cert to another user
+    MockHttpSession session2 = loginAsTest100UserWithTest0Cert(mvc);
+    IamX509AuthenticationCredential credential2 =
+        (IamX509AuthenticationCredential) session2.getAttribute(X509_CREDENTIAL_SESSION_KEY);
+
+    assertThat(credential2.getSubject(), equalTo(TEST_0_SUBJECT));
+    assertThat(credential2.getIssuer(), equalTo(TEST_0_ISSUER));
+
+    String expectedErrorMessage =
+        String.format("X.509 credential with subject '%s' is already linked to another user",
+            credential2.getSubject());
+
+    mvc.perform(post("/iam/account-linking/X509").session(session2).with(csrf().asHeader()))
+      .andExpect(status().is3xxRedirection())
+      .andExpect(
+          flash().attribute(ACCOUNT_LINKING_DASHBOARD_ERROR_KEY, equalTo(expectedErrorMessage)));
   }
 
   @Test
@@ -277,15 +297,15 @@ public void testx509AccountLinkingWithDifferentSubjectAndIssuer() throws Excepti
         String.format("Certificate '%s' linked succesfully", credential1.getSubject());
 
     mvc.perform(post("/iam/account-linking/X509").session(session1).with(csrf().asHeader()))
-    .andExpect(status().is3xxRedirection())
-    .andExpect(redirectedUrl("/dashboard"))
-    .andExpect(
-        flash().attribute(ACCOUNT_LINKING_DASHBOARD_MESSAGE_KEY, equalTo(confirmationMsg)));
+      .andExpect(status().is3xxRedirection())
+      .andExpect(redirectedUrl("/dashboard"))
+      .andExpect(
+          flash().attribute(ACCOUNT_LINKING_DASHBOARD_MESSAGE_KEY, equalTo(confirmationMsg)));
 
     linkedAccount = iamAccountRepo.findByCertificateSubject(TEST_1_SUBJECT)
-        .orElseThrow(() -> new AssertionFailedError("Expected user linked to certificate not found"));
+      .orElseThrow(() -> new AssertionFailedError("Expected user linked to certificate not found"));
 
-     assertThat(linkedAccount.getX509Certificates().size(), is(2));
+    assertThat(linkedAccount.getX509Certificates().size(), is(2));
   }
 
   @Test
@@ -377,17 +397,20 @@ public void testx509AuthNFailsIfDisabledUser() throws Exception {
   @Test
   public void testHashAndEqualsMethods() {
 
-   HashSet<IamX509Certificate> set1 = new HashSet<IamX509Certificate>(Arrays.asList(TEST_0_IAM_X509_CERT, TEST_1_IAM_X509_CERT));
-   assertThat(set1.size(), is(2));
-   assertNotEquals(TEST_0_IAM_X509_CERT.hashCode(), TEST_1_IAM_X509_CERT.hashCode());
-   assertEquals(set1.hashCode(), TEST_0_IAM_X509_CERT.hashCode()+TEST_1_IAM_X509_CERT.hashCode());
-   assertNotEquals(TEST_0_IAM_X509_CERT, TEST_1_IAM_X509_CERT);
-
-   HashSet<IamX509Certificate> set2 = new HashSet<IamX509Certificate>(Arrays.asList(TEST_0_IAM_X509_CERT, TEST_2_IAM_X509_CERT));
-   assertThat(set2.size(), is(1));
-   assertEquals(TEST_0_IAM_X509_CERT.hashCode(), TEST_2_IAM_X509_CERT.hashCode());
-   assertEquals(set2.hashCode(), TEST_0_IAM_X509_CERT.hashCode());
-   assertEquals(TEST_0_IAM_X509_CERT, TEST_2_IAM_X509_CERT);
+    HashSet<IamX509Certificate> set1 =
+        new HashSet<IamX509Certificate>(Arrays.asList(TEST_0_IAM_X509_CERT, TEST_1_IAM_X509_CERT));
+    assertThat(set1.size(), is(2));
+    assertNotEquals(TEST_0_IAM_X509_CERT.hashCode(), TEST_1_IAM_X509_CERT.hashCode());
+    assertEquals(set1.hashCode(),
+        TEST_0_IAM_X509_CERT.hashCode() + TEST_1_IAM_X509_CERT.hashCode());
+    assertNotEquals(TEST_0_IAM_X509_CERT, TEST_1_IAM_X509_CERT);
+
+    HashSet<IamX509Certificate> set2 =
+        new HashSet<IamX509Certificate>(Arrays.asList(TEST_0_IAM_X509_CERT, TEST_2_IAM_X509_CERT));
+    assertThat(set2.size(), is(1));
+    assertEquals(TEST_0_IAM_X509_CERT.hashCode(), TEST_2_IAM_X509_CERT.hashCode());
+    assertEquals(set2.hashCode(), TEST_0_IAM_X509_CERT.hashCode());
+    assertEquals(TEST_0_IAM_X509_CERT, TEST_2_IAM_X509_CERT);
 
   }
 

diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/ext_authn/x509/X509TestSupport.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/ext_authn/x509/X509TestSupport.java
@@ -67,7 +67,7 @@ public class X509TestSupport {
   public static final String TEST_1_SERIAL = "10";
   public static final String TEST_1_V_START = "Sep 26 15:39:36 2012 GMT";
   public static final String TEST_1_V_END = "Sep 24 15:39:36 2022 GMT";
-  
+
   public static final String TEST_NEW_ISSUER = "CN=Test1 CA,O=IGI,C=IT";
 
   public static final String RCAUTH_CA_CERT_PATH = "src/test/resources/x509/rcauth-mock-ca.p12";
@@ -93,6 +93,7 @@ public class X509TestSupport {
   protected String TEST_1_CERT_LABEL = "TEST 1 cert label";
 
   protected String TEST_USERNAME = "test";
+  protected String TEST_100_USERNAME = "test_100";
   protected String TEST_PASSWORD = "password";
 
   protected X509Credential RCAUTH_CA_CRED;
@@ -183,6 +184,33 @@ protected MockHttpSession loginAsTestUserWithTest0Cert(MockMvc mvc) throws Excep
     return session;
   }
 
+  protected MockHttpSession loginAsTest100UserWithTest0Cert(MockMvc mvc) throws Exception {
+
+    MockHttpSession session =
+        (MockHttpSession) mvc.perform(get("/").headers(test0SSLHeadersVerificationSuccess()))
+          .andExpect(status().isFound())
+          .andExpect(redirectedUrl("http://localhost/login"))
+          .andExpect(MockMvcResultMatchers.request()
+            .sessionAttribute(X509_CREDENTIAL_SESSION_KEY, notNullValue()))
+          .andReturn()
+          .getRequest()
+          .getSession();
+
+    session = (MockHttpSession) mvc
+      .perform(post("/login").session(session)
+        .param("username", TEST_100_USERNAME)
+        .param("password", TEST_PASSWORD)
+        .param("submit", "Login"))
+      .andExpect(status().is3xxRedirection())
+      .andExpect(redirectedUrl("http://localhost/"))
+      .andExpect(authenticated().withUsername("test_100"))
+      .andReturn()
+      .getRequest()
+      .getSession();
+
+    return session;
+  }
+
   protected MockHttpSession loginAsTestUserWithTest1Cert(MockMvc mvc) throws Exception {
 
     MockHttpSession session =