Tests related basic authentication. #2138
Conversation
Signed-off-by: Lukasz Soszynski <[email protected]>
| return Arrays.stream(header) | ||
| .filter(header -> requireNonNull(name, "Header name is mandatory.").equalsIgnoreCase(header.getName())) | ||
| .findFirst() | ||
| .orElse(null); |
There was a problem hiding this comment.
Seems like it should throw if no header is found
There was a problem hiding this comment.
Shifting to throwing an exception would prevent tests cases from having to cover this scenario
There was a problem hiding this comment.
done
There was a problem hiding this comment.
| public void assertThatBrowserDoesNotAskUserForCredentials() { | ||
| Header header = getHeader(HttpHeaders.WWW_AUTHENTICATE); | ||
| assertThat(header, nullValue()); | ||
| } | ||
|
|
||
| public void assertThatBrowserAskUserForCredentials() { | ||
| Header header = getHeader(HttpHeaders.WWW_AUTHENTICATE); | ||
| assertThat(header, notNullValue()); | ||
| assertThat(header.getValue(), containsStringIgnoringCase("basic")); | ||
| } |
There was a problem hiding this comment.
These feel more special purpose to authentication test cases rather than methods that would be used in all test cases, what do you think about moving them?
There was a problem hiding this comment.
Done: I moved these methods to test classes.
Signed-off-by: Lukasz Soszynski <[email protected]>
There was a problem hiding this comment.
This is great @lukasz-soszynski-eliatra! These tests are nice and readable using the new framework. I have a couple of questions, but the changes look good to me.
| HttpResponse response = client.getAuthInfo(); | ||
|
|
||
| assertThat(response, is(notNullValue())); | ||
| response.assertStatusCode(SC_OK); |
There was a problem hiding this comment.
Would it make sense to add an additional assertion to ensure we can deserialize the response like what is done in testUserShouldNotHaveAssignedCustomAttributes?
| response.assertStatusCode(SC_OK); | |
| response.assertStatusCode(SC_OK); | |
| AuthInfo authInfo = response.getBodyAs(AuthInfo.class); | |
| assertThat(authInfo, is(notNullValue())); |
|
|
||
| @Test | ||
| public void shouldRespondWith401WhenUserDoesNotExist() { | ||
| try (TestRestClient client = cluster.getRestClient(NOT_EXISTING_USER, INVALID_PASSWORD)) { |
There was a problem hiding this comment.
Would all of these tests pass if an exception is thrown in getRestClient? I see this pattern used in a number of places in the codebase and I also see one instance where we add:
} catch (IOException ioe) {
fail("unexpected exception")
}
See:
There was a problem hiding this comment.
+1. In case an exception is thrown, how is it expected to be handled?
There was a problem hiding this comment.
Read up more here https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html
If there is an exception it is bubbled up as if the getRestClient was executed inside the try block, since there is no catch(Exception e) {} block in this test case there is nothing to capture.
TLDR: Exceptions work as expected, the test would fail if there was a problem 🥳
| @@ -336,8 +337,20 @@ public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params | |||
|
|
|||
| public static class AuthcDomain implements ToXContentObject { | |||
|
|
|||
| private static String PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqZbjLUAWc+DZTkinQAdvy1GFjPHPnxheU89hSiWoDD3NOW76H3u3T7cCDdOah2msdxSlBmCBH6wik8qLYkcV8owWukQg3PQmbEhrdPaKo0QCgomWs4nLgtmEYqcZ+QQldd82MdTlQ1QmoQmI9Uxqs1SuaKZASp3Gy19y8su5CV+FZ6BruUw9HELK055sAwl3X7j5ouabXGbcib2goBF3P52LkvbJLuWr5HDZEOeSkwIeqSeMojASM96K5SdotD+HwEyjaTjzRPL2Aa1BEQFWOQ6CFJLyLH7ZStDuPM1mJU1VxIVfMbZrhsUBjAnIhRynmWxML7YlNqkP9j6jyOIYQIDAQAB"; | |||
There was a problem hiding this comment.
Should we be using the new automatic test certificate generation for this?
There was a problem hiding this comment.
Actually, this is not a certificate but just a public key. The public key does not contain any metadata so it never expires.
|
|
||
| @Test | ||
| public void shouldRespondWith401WhenUserDoesNotExist() { | ||
| try (TestRestClient client = cluster.getRestClient(NOT_EXISTING_USER, INVALID_PASSWORD)) { |
There was a problem hiding this comment.
+1. In case an exception is thrown, how is it expected to be handled?
| } | ||
|
|
||
| private void assertThatBrowserDoesNotAskUserForCredentials(HttpResponse response) { | ||
| String reason = "Browser ask user for credentials what is not expected"; |
There was a problem hiding this comment.
nit: Browser asked user for credentials which is not expected
| } | ||
|
|
||
| @Test | ||
| public void browserShouldRequestUserForCredentials() { |
There was a problem hiding this comment.
nit: testBrowserShouldRequestForCredentials
| } | ||
|
|
||
| @Test | ||
| public void userShouldHaveAssignedCustomAttributes() { |
There was a problem hiding this comment.
nit: testUserShouldHaveAssignedCustomAttributes
| .challenge(false).config(ImmutableMap.of("jwt_header", headerName, "signing_key", signingKey)); | ||
| return this; | ||
| } | ||
|
|
||
| public AuthcDomain challengingAuthenticator(String type) { |
There was a problem hiding this comment.
nit: this should probly be rename to httpAuthenticatorWithChallenge.
* A few first tests for basic authentication. Signed-off-by: Lukasz Soszynski <[email protected]> Co-authored-by: Lukasz Soszynski <[email protected]> Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Lukasz Soszynski [email protected]
Description
[Describe what this change achieves]
The feature introduces integration tests related to basic authentication. The tests are implemented with the usage of a newly developed test framework.
Issues Resolved
Testing
Production code can be treated as a test for tests
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.