Added some more testing procedures, more is likely to be added after review of the sign-in process

2011-07-12 14:55:54 +02:00 · 2011-07-12 14:55:54 +02:00 · 58ef8a3ff7
commit 58ef8a3ff7
parent f8421f77f7
4 changed files with 33 additions and 7 deletions
--- a/src/main/java/se/su/dsv/scipro/SciProApplication.java
+++ b/src/main/java/se/su/dsv/scipro/SciProApplication.java
@ -104,9 +104,8 @@ public class SciProApplication extends RepositoryApplication implements IThemabl

 	/**
 	 * Logger instance.
-	 * @TODO Inject
 	 */
-	private Logger logger = Logger.getLogger(this.getClass());
+	private Logger logger = Logger.getLogger(SciProApplication.class);
 	/**
 	 * Constructor
 	 */
--- a/src/main/java/se/su/dsv/scipro/SciProSession.java
+++ b/src/main/java/se/su/dsv/scipro/SciProSession.java
@ -207,6 +207,8 @@ public class SciProSession extends WebSession {
 	 * @return true if the switch was successful, else false.
 	 */
 	public boolean switchAuthenticatedUser(final String suUser, final String suRealm){
+		if(!isLoggedIn() || user == null)//Terminate early
+			return false;
 		logger.info("Currently logged in user: '"+user.getEmailAddress()+"' attempting switch to '"+suUser+"@"+suRealm+"'");
 		if(suUser != null && roleDao.isSysadmin(user)){
 			iRoles.clear();
--- a/src/main/resources/applicationContext.xml
+++ b/src/main/resources/applicationContext.xml
@ -83,7 +83,7 @@
 		<property name="enableRemoteUserLookup" value="true"></property>
 		<!-- This property points to the location of the daisy json search -->
 		<property name="remoteLookupUrl" value="https://thesis.dsv.su.se/projectplan/json" />
-		<!--  External auth support (via J2EE standard mechanism REMOTE_USER) -->
+		<!--  External auth support (via J2EE standard mechanism REMOTE_USER), if true: other authentication mechanics will be bypassed.-->
 		<property name="acceptExternalAuthentication" value="true"/>
 	</bean>
 	
--- a/src/test/java/se/su/dsv/scipro/security/auth/TestAuthRoutines.java
+++ b/src/test/java/se/su/dsv/scipro/security/auth/TestAuthRoutines.java
@ -53,7 +53,10 @@ public class TestAuthRoutines {
 		fixedLookup = new IUserLookup(){
 			@Override
 			public User lookup(String username) throws Exception{
-				return user;
+				if(username.equals("kalle-kula"))
+					return user;
+				else
+					return null;
 			}
 		};
 		//Create mock user and associated data
@ -111,7 +114,7 @@ public class TestAuthRoutines {
 		wt.setupRequestAndResponse();
 		session = (SciProSession)wt.getWicketSession();
 	}
-	@Test(expected=IllegalStateException.class)
+	@Test
 	public void testAuthenticationHelper() throws IllegalStateException {
 		//Try with faulty request
 		ExternalAuthenticationRequestHelper helper = new ExternalAuthenticationRequestHelper(wt.getServletRequest());
@ -133,11 +136,14 @@ public class TestAuthRoutines {
 		Assert.assertTrue(helper.getExternalAuthRemoteUserId().equals("kalle-kula"));
 		Assert.assertTrue(helper.getExternalAuthRemoteUserRealm().equals("DSV.SU.SE"));
 		Assert.assertTrue(helper.isRemoteUserValid(user));
+	}
+	@Test(expected=IllegalStateException.class)
+	public void testNullRequest(){
 		//At this point, an exception should be thrown
 		new ExternalAuthenticationRequestHelper(null);
 	}
-	@Test
-	public void testSignInAndSu(){
+	@Test(expected=NullPointerException.class)
+	public void testSessionSignInAndSu(){
 		ExternalAuthenticationRequestHelper helper = new ExternalAuthenticationRequestHelper(new HttpServletRequestWrapper(wt.getServletRequest()){
 			@Override
 			public String getRemoteUser(){
@ -158,5 +164,24 @@ public class TestAuthRoutines {
 		user.setRoles(roles);
 		Assert.assertTrue(session.switchAuthenticatedUser("kalle-kula", "dsv.su.se"));
 		Assert.assertTrue(session.getUser().getIdentifier().equals(user.getIdentifier()));
+		//This should fail with an exception, there is no such user
+		session.switchAuthenticatedUser("somebody","somewhere.se");
+	}
+	@Test(expected=NullPointerException.class)
+	public void testFailedAuthenticatedSignIn(){
+		ExternalAuthenticationRequestHelper helper = new ExternalAuthenticationRequestHelper(new HttpServletRequestWrapper(wt.getServletRequest()){
+			@Override
+			public String getRemoteUser(){
+				return "some-dude@ki.se";
+			}
+		});
+		//This should throw exceptions, not sure about this interface (throwing exceptions when authentication passes but no user can be located).
+		helper.signIn(session);
+	}
+	@Test
+	public void testFailedSwitchAuthentitedUser(){
+		Assert.assertFalse(session.isLoggedIn());
+		Assert.assertFalse(session.switchAuthenticatedUser("some-dude-who-is-not-real","someplace.se"));
+		Assert.assertFalse(session.switchAuthenticatedUser("some-dude","someplace.se"));
 	}
 }