Skip to content

Commit

Permalink
Align behavior for getDeferredIdentity and getIdentity in TestIdentit…
Browse files Browse the repository at this point in the history
…yAssociation

Signed-off-by: Christian von Atzigen <[email protected]>
  • Loading branch information
vonatzigenc committed Jan 3, 2023
1 parent 4dd3936 commit 81fb692
Show file tree
Hide file tree
Showing 4 changed files with 103 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import io.quarkus.oidc.common.runtime.OidcConstants;
import io.quarkus.security.Authenticated;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.SecurityIdentityAssociation;
import io.vertx.ext.web.RoutingContext;

@Path("/web-app")
Expand All @@ -33,6 +34,9 @@ public class ProtectedResource {
@Inject
SecurityIdentity identity;

@Inject
SecurityIdentityAssociation securityIdentityAssociation;

@Inject
Principal principal;

Expand Down Expand Up @@ -68,13 +72,15 @@ public class ProtectedResource {
@Path("test-security")
public String testSecurity() {
return securityContext.getUserPrincipal().getName() + ":" + identity.getPrincipal().getName() + ":"
+ principal.getName();
+ principal.getName() + ":"
+ securityIdentityAssociation.getDeferredIdentity().await().indefinitely().getPrincipal().getName();
}

@GET
@Path("test-security-oidc")
public String testSecurityJwt() {
return idToken.getName() + ":" + identity.getPrincipal().getName() + ":" + principal.getName()
+ ":" + securityIdentityAssociation.getDeferredIdentity().await().indefinitely().getPrincipal().getName()
+ ":" + idToken.getGroups().iterator().next()
+ ":" + idToken.getClaim("email")
+ ":" + userInfo.getString("sub")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ public class TestSecurityLazyAuthTest {
@TestSecurity(user = "user1", roles = "viewer")
public void testWithDummyUser() {
RestAssured.when().get("test-security").then()
.body(is("user1:user1:user1"));
.body(is("user1:user1:user1:user1"));
}

@Test
@TestSecurityMetaAnnotation
public void testJwtWithDummyUser() {
RestAssured.when().get("test-security-oidc").then()
.body(is("userOidc:userOidc:userOidc:viewer:[email protected]:subject:aud"));
.body(is("userOidc:userOidc:userOidc:userOidc:viewer:[email protected]:subject:aud"));
}

@Retention(RetentionPolicy.RUNTIME)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,11 @@ public void setIdentity(Uni<SecurityIdentity> identity) {

@Override
public Uni<SecurityIdentity> getDeferredIdentity() {
if (testIdentity != null) {
return Uni.createFrom().item(testIdentity);
if (testIdentity == null) {
return delegate.getDeferredIdentity();
}
return delegate.getDeferredIdentity();
return delegate.getDeferredIdentity().onItem()
.transform(underlying -> underlying.isAnonymous() ? testIdentity : underlying);
}

@Override
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
package io.quarkus.test.security;

import static io.quarkus.security.runtime.QuarkusSecurityIdentity.builder;
import static org.junit.jupiter.api.Assertions.assertSame;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

import io.quarkus.runtime.BlockingOperationControl;
import io.quarkus.runtime.IOThreadDetector;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusPrincipal;
import io.smallrye.mutiny.Uni;

public class TestIdentityAssociationTest {

TestIdentityAssociation sut;

@BeforeEach
void init() {
sut = new TestIdentityAssociation();
sut.delegate = new DelegateSecurityIdentityAssociation();

BlockingOperationControl.setIoThreadDetector(new IOThreadDetector[0]);
}

@Test
void useDelegateIfTestIdentityIsNull() {
// create anonymous identity
SecurityIdentity mockedIdentity = builder().setAnonymous(true).build();
Uni<SecurityIdentity> mockedIdentityUni = Uni.createFrom().item(mockedIdentity);
sut.setIdentity(mockedIdentity);
sut.setIdentity(mockedIdentityUni);

// reset testIdentity
sut.setTestIdentity(null);

// get identity direct + deferred
SecurityIdentity deferred = sut.getDeferredIdentity().await().indefinitely();
SecurityIdentity identity = sut.getIdentity();

// must be the same instance
assertSame(identity, deferred, "Must be same instance directly and deferred");
assertSame(mockedIdentity, identity, "Expected delegate. (TestIdentity is null)");
}

@Test
void useTestIdentityIfDelegateIsAnonymous() {
// create anonymous identity
SecurityIdentity mockedIdentity = builder().setAnonymous(true).build();
Uni<SecurityIdentity> mockedIdentityUni = Uni.createFrom().item(mockedIdentity);
// create test identity
SecurityIdentity mockedTestIdentity = builder().setPrincipal(new QuarkusPrincipal("test-identity")).build();
sut.setIdentity(mockedIdentity);
sut.setIdentity(mockedIdentityUni);

// reset testIdentity
sut.setTestIdentity(mockedTestIdentity);

// get identity direct + deferred
SecurityIdentity deferred = sut.getDeferredIdentity().await().indefinitely();
SecurityIdentity identity = sut.getIdentity();

// must be the same instance
assertSame(identity, deferred, "Must be same instance directly and deferred");
assertSame(mockedTestIdentity, identity, "Expected testIdentity. (Delegate is anonymous)");
}

@Test
void useDelegateIfNotAnonymous() {
// create identity with principal
SecurityIdentity mockedIdentity = builder().setPrincipal(new QuarkusPrincipal("delegate")).build();
Uni<SecurityIdentity> mockedIdentityUni = Uni.createFrom().item(mockedIdentity);
// create test identity
SecurityIdentity mockedTestIdentity = builder().setPrincipal(new QuarkusPrincipal("test-identity")).build();
sut.setIdentity(mockedIdentity);
sut.setIdentity(mockedIdentityUni);

// reset testIdentity
sut.setTestIdentity(mockedTestIdentity);

// get identity direct + deferred
SecurityIdentity deferred = sut.getDeferredIdentity().await().indefinitely();
SecurityIdentity identity = sut.getIdentity();

// must be the same instance
assertSame(identity, deferred, "Must be same instance directly and deferred");
assertSame(mockedIdentity, identity, "Expected delegate. (Delegate is not anonymous)");
}
}

0 comments on commit 81fb692

Please sign in to comment.