Multiclient auth+100% coverage

Author: jknack

coverage-report/src/test/java/org/jooby/pac4j/MultipleClientOnSameUrlFeature.java

@@ -0,0 +1,75 @@
+package org.jooby.pac4j;
+
+import org.jooby.test.ServerFeature;
+import org.junit.Test;
+import org.pac4j.core.exception.CredentialsException;
+import org.pac4j.core.profile.UserProfile;
+import org.pac4j.http.client.direct.DirectBasicAuthClient;
+import org.pac4j.http.client.direct.HeaderClient;
+import org.pac4j.http.credentials.HttpCredentials;
+import org.pac4j.http.credentials.TokenCredentials;
+import org.pac4j.http.credentials.authenticator.Authenticator;
+import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator;
+import org.pac4j.http.profile.HttpProfile;
+import org.pac4j.http.profile.creator.AuthenticatorProfileCreator;
+
+import com.google.common.io.BaseEncoding;
+
+public class MultipleClientOnSameUrlFeature extends ServerFeature {
+
+  public static class HeaderAuthenticator implements Authenticator<TokenCredentials> {
+
+    @Override
+    public void validate(final TokenCredentials credentials) {
+      if (credentials == null || !credentials.getToken().equals("1234")) {
+        throw new CredentialsException("Bad token");
+      }
+    }
+
+  }
+
+  {
+
+    HeaderClient client = new HeaderClient();
+    client.setHeaderName("X-Token");
+    client.setAuthenticator(new HeaderAuthenticator());
+    client.setProfileCreator(credentials -> {
+      HttpProfile profile = new HttpProfile();
+      profile.setId(credentials.getToken());
+      return profile;
+    });
+    use(new Auth()
+        .client("/multi-client/**", client)
+        .client("/multi-client/**", new DirectBasicAuthClient(
+            new SimpleTestUsernamePasswordAuthenticator(),
+            new AuthenticatorProfileCreator<HttpCredentials, UserProfile>())));
+
+    get("/multi-client", req -> req.get(Auth.CNAME));
+  }
+
+  @Test
+  public void auth() throws Exception {
+    request()
+        .get("/multi-client")
+        .header("X-Token", "1234")
+        .expect("HeaderClient")
+        .expect(200);
+  }
+
+  @Test
+  public void basic() throws Exception {
+    request()
+        .get("/multi-client")
+        .header("Authorization", "Basic " + BaseEncoding.base64().encode("test:test".getBytes()))
+        .expect("DirectBasicAuthClient")
+        .expect(200);
+  }
+
+  @Test
+  public void unauthorized() throws Exception {
+    request()
+        .get("/multi-client")
+        .expect(401);
+  }
+
+}

jooby-pac4j/src/main/java/org/jooby/internal/pac4j/AuthFilter.java

@@ -21,6 +21,7 @@
 import static java.util.Objects.requireNonNull;
 
 import java.util.List;
+import java.util.function.Predicate;
 
 import org.jooby.Err;
 import org.jooby.Request;
@@ -43,8 +44,13 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javaslang.CheckedFunction1;
+
 public class AuthFilter implements Route.Handler {
 
+  @SuppressWarnings("rawtypes")
+  private static final Predicate<Client> useSession = c -> c instanceof IndirectClient;
+
   /** The logging system. */
   private final Logger log = LoggerFactory.getLogger(getClass());
 
@@ -67,54 +73,62 @@ public String getName() {
     return clientName;
   }
 
-  @SuppressWarnings({"rawtypes", "unchecked" })
+  @SuppressWarnings({"unchecked" })
   @Override
-  public void handle(final Request req, final Response rsp) throws Exception {
+  public void handle(final Request req, final Response rsp) throws Throwable {
     Clients clients = req.require(Clients.class);
     String clientName = req.param(clients.getClientNameParameter()).value(this.clientName);
 
     WebContext ctx = req.require(WebContext.class);
     ClientFinder finder = req.require(ClientFinder.class);
     AuthStore<UserProfile> store = req.require(AuthStore.class);
 
-    Client client = find(finder, clients, ctx, null, clientName);
-
-    boolean useSession = client instanceof IndirectClient;
-
-    String profileId = profileID(useSession, req);
-    UserProfile profile = profileId == null ? null : store.get(profileId).orElse(null);
-
-    if (profile == null) {
-      if (client instanceof DirectClient) {
-        log.debug("Performing authentication for client: {}", client);
-        try {
-          Credentials credentials = client.getCredentials(ctx);
-          log.debug("credentials: {}", credentials);
-          profile = client.getUserProfile(credentials, ctx);
-          log.debug("profile: {}", profile);
-          if (profile != null) {
-            req.set(Auth.ID, profile.getId());
-            store.set(profile);
+    // stateless or previously authenticated stateful
+    UserProfile profile = find(finder, clients, ctx, null, clientName, client -> {
+      String profileId = profileID(useSession.test(client), req);
+      UserProfile identity = profileId == null ? null : store.get(profileId).orElse(null);
+
+      if (identity == null) {
+        if (client instanceof DirectClient) {
+          log.debug("Performing authentication for client: {}", client);
+          try {
+            Credentials credentials = client.getCredentials(ctx);
+            log.debug("credentials: {}", credentials);
+            identity = client.getUserProfile(credentials, ctx);
+            log.debug("profile: {}", identity);
+            if (identity != null) {
+              req.set(Auth.ID, identity.getId());
+              req.set(Auth.CNAME, client.getName());
+              store.set(identity);
+            }
+          } catch (RequiresHttpAction e) {
+            throw new TechnicalException("Unexpected HTTP action", e);
           }
-        } catch (RequiresHttpAction e) {
-          throw new TechnicalException("Unexpected HTTP action", e);
         }
       }
-    }
+      return identity;
+    });
 
     if (profile == null) {
-      if (useSession) {
-        // indirect client, start authentication
-        try {
-          final String requestedUrl = ctx.getFullRequestURL();
-          log.debug("requestedUrl: {}", requestedUrl);
-          ctx.setSessionAttribute(Pac4jConstants.REQUESTED_URL, requestedUrl);
-          client.redirect(ctx, true);
-          rsp.end();
-        } catch (RequiresHttpAction ex) {
-          new AuthResponse(rsp).handle(client, ex);
+      // try stateful auth
+      Boolean redirected = find(finder, clients, ctx, null, clientName, client -> {
+        if (useSession.test(client)) {
+          // indirect client, start authentication
+          try {
+            final String requestedUrl = ctx.getFullRequestURL();
+            log.debug("requestedUrl: {}", requestedUrl);
+            ctx.setSessionAttribute(Pac4jConstants.REQUESTED_URL, requestedUrl);
+            client.redirect(ctx, true);
+            rsp.end();
+          } catch (RequiresHttpAction ex) {
+            new AuthResponse(rsp).handle(client, ex);
+          }
+          return Boolean.TRUE;
+        } else {
+          return null;
         }
-      } else {
+      });
+      if (redirected != Boolean.TRUE) {
         throw new Err(Status.UNAUTHORIZED);
       }
     } else {
@@ -129,13 +143,19 @@ private String profileID(final boolean useSession, final Request req) {
   }
 
   @SuppressWarnings("rawtypes")
-  private Client find(final ClientFinder finder, final Clients clients, final WebContext ctx,
-      final Class<? extends Client<?, ?>> clientType, final String clientName) {
+  private <T> T find(final ClientFinder finder, final Clients clients, final WebContext ctx,
+      final Class<? extends Client<?, ?>> clientType, final String clientName,
+      final CheckedFunction1<Client, T> fn) throws Throwable {
+
     List<Client> result = finder.find(clients, ctx, clientName);
-    if (result.size() > 0) {
-      return result.get(0);
+    for (Client client : result) {
+      T value = fn.apply(client);
+      if (value != null) {
+        return value;
+      }
     }
-    throw new Err(Status.UNAUTHORIZED);
+
+    return null;
   }
 
   @SuppressWarnings("rawtypes")

jooby-pac4j/src/main/java/org/jooby/internal/pac4j/AuthSerializer.java

@@ -26,6 +26,8 @@
 import com.google.common.io.BaseEncoding;
 import com.google.common.primitives.Primitives;
 
+import javaslang.control.Try;
+
 public final class AuthSerializer {
 
   private static final String PREFIX = "b64~";
@@ -34,26 +36,24 @@ public static final Object strToObject(final String value) {
     if (value == null || !value.startsWith(PREFIX)) {
       return value;
     }
-    byte[] bytes = BaseEncoding.base64().decode(value.substring(PREFIX.length()));
-    try (ObjectInputStream stream = new ObjectInputStream(new ByteArrayInputStream(bytes))) {
-      return stream.readObject();
-    } catch (Exception ex) {
-      throw new IllegalArgumentException("Can't de-serialize value " + value, ex);
-    }
+    return Try.of(() -> {
+      byte[] bytes = BaseEncoding.base64().decode(value.substring(PREFIX.length()));
+      return new ObjectInputStream(new ByteArrayInputStream(bytes)).readObject();
+    }).getOrElseThrow(
+        ex -> new IllegalArgumentException("Can't de-serialize value " + value, ex));
   }
 
   public static final String objToStr(final Object value) {
     if (value instanceof CharSequence || Primitives.isWrapperType(value.getClass())) {
       return value.toString();
     }
-    ByteArrayOutputStream bytes = new ByteArrayOutputStream();
-    try (ObjectOutputStream stream = new ObjectOutputStream(bytes)) {
+    return Try.of(() -> {
+      ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+      ObjectOutputStream stream = new ObjectOutputStream(bytes);
       stream.writeObject(value);
       stream.flush();
       return PREFIX + BaseEncoding.base64().encode(bytes.toByteArray());
-    } catch (Exception ex) {
-      throw new IllegalArgumentException("Can't serialize value " + value, ex);
-    }
+    }).getOrElseThrow(ex -> new IllegalArgumentException("Can't serialize value " + value, ex));
   }
 
 }

jooby-pac4j/src/main/java/org/jooby/pac4j/Auth.java

@@ -288,6 +288,8 @@ public class Auth implements Jooby.Module {
   /** Name of the local request variable that holds the username. */
   public static final String ID = Auth.class.getName() + ".id";
 
+  public static final String CNAME = Auth.class.getName() + ".client.id";
+
   private Multimap<String, BiFunction<Binder, Config, AuthFilter>> bindings = ArrayListMultimap
       .create();
 

jooby-pac4j/src/test/java/org/jooby/internal/pac4j/AuthFilterTest.java

@@ -33,6 +33,8 @@
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
+import javaslang.control.Try;
+
 @RunWith(PowerMockRunner.class)
 @PrepareForTest({AuthFilter.class, Clients.class })
 public class AuthFilterTest {
@@ -67,8 +69,12 @@ public class AuthFilterTest {
   @SuppressWarnings("rawtypes")
   private <C extends Client> Block findClient(final Class<C> clientType, final String client) {
     return unit -> {
-      C c = unit.mock(clientType);
-      unit.registerMock(clientType, c);
+      C c = Try.of(() -> unit.get(clientType))
+          .getOrElse(() -> {
+            C m = unit.mock(clientType);
+            unit.registerMock(clientType, m);
+            return m;
+          });
 
       ClientFinder finder = unit.get(ClientFinder.class);
       expect(finder.find(unit.get(Clients.class), unit.get(WebContext.class), client))
@@ -201,6 +207,7 @@ public void handleDirect() throws Exception {
             .expect(clientName("ParameterClient"))
             .expect(findClient(ParameterClient.class, "ParameterClient"))
             .expect(reqAuthID(profileId))
+            .expect(reqAuthCNAME(ParameterClient.class))
             .expect(authStore(profileId, null))
             .expect(creds(ParameterClient.class))
             .expect(userProfile(ParameterClient.class, profile))
@@ -217,6 +224,17 @@ public void handleDirect() throws Exception {
             });
   }
 
+  @SuppressWarnings("rawtypes")
+  private Block reqAuthCNAME(final Class<? extends Client> client) {
+    return unit -> {
+      Client c = unit.get(client);
+      expect(c.getName()).andReturn(client.getSimpleName());
+
+      Request req = unit.get(Request.class);
+      expect(req.set(Auth.CNAME, client.getSimpleName())).andReturn(req);
+    };
+  }
+
   @Test
   public void handleDirectNoClient() throws Exception {
     String profileId = "123";
@@ -231,11 +249,11 @@ public void handleDirectNoClient() throws Exception {
             .expect(clients)
             .expect(clientName("ParameterClient"))
             .expect(findNoClient(ParameterClient.class, "ParameterClient"))
+            .expect(findNoClient(ParameterClient.class, "ParameterClient"))
             .run(unit -> {
               try {
                 new AuthFilter(ParameterClient.class, HttpProfile.class)
-                    .handle(unit.get(Request.class), unit.get(Response.class),
-                        unit.get(Route.Chain.class));
+                    .handle(unit.get(Request.class), unit.get(Response.class));
                 fail("expecting 401");
               } catch (Err ex) {
                 assertEquals(401, ex.statusCode());
@@ -280,6 +298,7 @@ public void handleDirectNoProfile() throws Exception {
             .expect(clients)
             .expect(clientName("ParameterClient"))
             .expect(findClient(ParameterClient.class, "ParameterClient"))
+            .expect(findClient(ParameterClient.class, "ParameterClient"))
             .expect(reqAuthID(profileId))
             .expect(authStore(profileId, null))
             .expect(creds(ParameterClient.class))

pom.xml

@@ -2349,7 +2349,7 @@ org.eclipse.jdt.apt.processorOptions/defaultOverwrite=true
     <junit.version>4.11</junit.version>
     <easymock.version>3.2</easymock.version>
     <powermock.version>1.6.4</powermock.version>
-    <jacoco.version>0.7.5.201505241946</jacoco.version>
+    <jacoco.version>0.7.7.201606060606</jacoco.version>
 
     <!-- Maven properties -->
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>