adding an IT for testing login via email instead of uid

Should have been done in the context of PR #50, but better late than never.
georchestra · Mar 14, 2024 · 0bd1984 · 0bd1984
1 parent 985a028
commit 0bd1984
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 22 deletions.
diff --git a/...sic/LdapAuthenticatorProviderBuilder.java → ...ic/LdapAuthenticationProviderBuilder.java b/...sic/LdapAuthenticatorProviderBuilder.java → ...ic/LdapAuthenticationProviderBuilder.java
@@ -24,10 +24,13 @@
 import org.georchestra.gateway.security.ldap.NoPasswordLdapUserDetailsMapper;
 import org.georchestra.gateway.security.ldap.extended.ExtendedLdapAuthenticationProvider;
 import org.georchestra.gateway.security.ldap.extended.ExtendedPasswordPolicyAwareContextSource;
+import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
 import org.springframework.security.ldap.authentication.BindAuthenticator;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
 import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
@@ -40,45 +43,42 @@
 @Accessors(chain = true, fluent = true)
 public class LdapAuthenticatorProviderBuilder {
 
-    private @Setter String url;
-    private @Setter String baseDn;
+    protected @Setter String url;
+    protected @Setter String baseDn;
 
-    private @Setter String userSearchBase;
-    private @Setter String userSearchFilter;
+    protected @Setter String userSearchBase;
+    protected @Setter String userSearchFilter;
 
-    private @Setter String rolesSearchBase;
-    private @Setter String rolesSearchFilter;
+    protected @Setter String rolesSearchBase;
+    protected @Setter String rolesSearchFilter;
 
-    private @Setter String adminDn;
-    private @Setter String adminPassword;
-
-    private @Setter AccountDao accountDao;
+    protected @Setter String adminDn;
+    protected @Setter String adminPassword;
 
     // null = all atts, empty == none
-    private @Setter String[] returningAttributes = null;
+    protected @Setter String[] returningAttributes = null;
 
-    public ExtendedLdapAuthenticationProvider build() {
+    public LdapAuthenticationProvider build() {
         requireNonNull(url, "url is not set");
         requireNonNull(baseDn, "baseDn is not set");
         requireNonNull(userSearchBase, "userSearchBase is not set");
         requireNonNull(userSearchFilter, "userSearchFilter is not set");
         requireNonNull(rolesSearchBase, "rolesSearchBase is not set");
         requireNonNull(rolesSearchFilter, "rolesSearchFilter is not set");
 
-        final ExtendedPasswordPolicyAwareContextSource source = contextSource();
+        final BaseLdapPathContextSource source = contextSource();
         final BindAuthenticator authenticator = ldapAuthenticator(source);
         final DefaultLdapAuthoritiesPopulator rolesPopulator = ldapAuthoritiesPopulator(source);
-        ExtendedLdapAuthenticationProvider provider = new ExtendedLdapAuthenticationProvider(authenticator,
-                rolesPopulator);
+
+        LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator, rolesPopulator);
 
         final GrantedAuthoritiesMapper rolesMapper = ldapAuthoritiesMapper();
         provider.setAuthoritiesMapper(rolesMapper);
-        provider.setUserDetailsContextMapper(new NoPasswordLdapUserDetailsMapper());
-        provider.setAccountDao(accountDao);
+        provider.setUserDetailsContextMapper(new LdapUserDetailsMapper());
         return provider;
     }
 
-    private BindAuthenticator ldapAuthenticator(BaseLdapPathContextSource contextSource) {
+    protected BindAuthenticator ldapAuthenticator(BaseLdapPathContextSource contextSource) {
         FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter,
                 contextSource);
 
@@ -90,8 +90,9 @@ private BindAuthenticator ldapAuthenticator(BaseLdapPathContextSource contextSou
         return authenticator;
     }
 
-    private ExtendedPasswordPolicyAwareContextSource contextSource() {
-        ExtendedPasswordPolicyAwareContextSource context = new ExtendedPasswordPolicyAwareContextSource(url);
+    protected BaseLdapPathContextSource contextSource() {
+        LdapContextSource context = new LdapContextSource();
+        context.setUrl(url);
         context.setBase(baseDn);
         if (adminDn != null) {
             context.setUserDn(adminDn);
@@ -101,14 +102,15 @@ private ExtendedPasswordPolicyAwareContextSource contextSource() {
         return context;
     }
 
-    private GrantedAuthoritiesMapper ldapAuthoritiesMapper() {
+    protected GrantedAuthoritiesMapper ldapAuthoritiesMapper() {
         return new SimpleAuthorityMapper();
     }
 
-    private DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator(BaseLdapPathContextSource contextSource) {
+    protected DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator(BaseLdapPathContextSource contextSource) {
         DefaultLdapAuthoritiesPopulator authoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource,
                 rolesSearchBase);
         authoritiesPopulator.setGroupSearchFilter(rolesSearchFilter);
         return authoritiesPopulator;
     }
+
 }
diff --git a/...est/java/org/georchestra/gateway/security/ldap/extended/ExtendedLdapAuthenticationIT.java b/...est/java/org/georchestra/gateway/security/ldap/extended/ExtendedLdapAuthenticationIT.java
@@ -56,6 +56,16 @@ static void registerLdap(DynamicPropertyRegistry registry) {
                 .jsonPath("$.GeorchestraUser.username").isEqualTo("testadmin");
     }
 
+    public @Test void testWhoamiUsingEmail() {
+        testClient.get().uri("/whoami")//
+                .header("Authorization", "Basic cHNjK3Rlc3RhZG1pbkBnZW9yY2hlc3RyYS5vcmc6dGVzdGFkbWlu") // [email protected]:testadmin
+                .exchange()//
+                .expectStatus()//
+                .is2xxSuccessful()//
+                .expectBody()//
+                .jsonPath("$.GeorchestraUser.username").isEqualTo("testadmin");
+    }
+
     public @Test void testWhoamiNoPasswordRevealed() {
         testClient.get().uri("/whoami")//
                 .header("Authorization", "Basic dGVzdGFkbWluOnRlc3RhZG1pbg==") // testadmin:testadmin