Github user snoopdave commented on a diff in the pull request:
https://github.com/apache/incubator-usergrid/pull/224#discussion_r28521479
--- Diff:
stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
---
@@ -640,4 +644,139 @@ public void revokeToken() throws Exception {
assertEquals( Status.OK, status );
}
+
+ @Test
+ public void testValidateExternalToken() throws Exception {
+
+ // create a new admin user, get access token
+
+ String rand = RandomStringUtils.randomAlphanumeric(10);
+ final String username = "user_" + rand;
+ OrganizationOwnerInfo orgInfo =
setup.getMgmtSvc().createOwnerAndOrganization(
+ username, username, "Test User", username +
"@example.com", "password" );
+
+ Map<String, Object> loginInfo = new HashMap<String, Object>() {{
+ put("username", username );
+ put("password", "password");
+ put("grant_type", "password");
+ }};
+ JsonNode accessInfoNode = resource().path("/management/token")
+ .type( MediaType.APPLICATION_JSON_TYPE )
+ .post( JsonNode.class, loginInfo );
+ String accessToken = accessInfoNode.get( "access_token"
).getTextValue();
+
+ // set the Usergrid Central SSO URL because Tomcat port is
dynamically assigned
+
+ String suToken = superAdminToken();
+ Map<String, String> props = new HashMap<String, String>();
+ props.put( USERGRID_CENTRAL_URL,
getBaseURI().toURL().toExternalForm());
+ resource().path( "/testproperties" )
+ .queryParam( "access_token", suToken)
+ .accept( MediaType.APPLICATION_JSON )
+ .type( MediaType.APPLICATION_JSON_TYPE )
+ .post( props );
+
+ // attempt to validate the token, must be valid
+
+ JsonNode validatedNode = resource().path(
"/management/externaltoken" )
+ .queryParam( "access_token", suToken ) // as superuser
+ .queryParam( "ext_access_token", accessToken )
+ .queryParam( "ttl", "1000" )
+ .get( JsonNode.class );
+ String validatedAccessToken = validatedNode.get( "access_token"
).getTextValue();
+ assertEquals( accessToken, validatedAccessToken );
+
+ // attempt to validate an invalid token, must fail
+
+ try {
+ resource().path( "/management/externaltoken" )
+ .queryParam( "access_token", suToken ) // as superuser
+ .queryParam( "ext_access_token", "rubbish_token")
+ .queryParam( "ttl", "1000" )
+ .get( JsonNode.class );
+ fail("Validation should have failed");
+ } catch ( Exception actual ) {
+ logger.debug( "error", actual );
+ }
+
+
+
+ // TODO: how do we test the create new user and organization case?
+
+
+
+ // unset the Usergrid Central SSO URL so it does not interfere
with other tests
+
+ props.put( USERGRID_CENTRAL_URL, "" );
+ resource().path( "/testproperties" )
+ .queryParam( "access_token", suToken)
+ .accept( MediaType.APPLICATION_JSON )
+ .type( MediaType.APPLICATION_JSON_TYPE )
+ .post( props );
+
+ }
+
+
+ @Test
+ public void testSuperuserOnlyWhenValidateExternalTokensEnabled()
throws Exception {
--- End diff --
Added this new test today to ensure that "superuser-only login when
external token validation enabled" logic is working properly.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
