This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit c6b7c60710857a328d2e43b7c5f2a3897a2868c9 Author: Benoit Tellier <btell...@linagora.com> AuthorDate: Thu Jan 12 09:19:34 2023 +0700 [REFACTORING] Improve SessionProvider method cardinality --- .../org/apache/james/mailbox/SessionProvider.java | 45 +++----------- .../mailbox/manager/ManagerTestProvisionner.java | 2 +- .../james/mailbox/store/SessionProviderImpl.java | 72 ++++++++++++---------- .../james/mailbox/store/StoreMailboxManager.java | 18 ++---- .../mailbox/store/StoreMailboxManagerTest.java | 20 +++--- .../imap/processor/AbstractAuthProcessor.java | 5 +- .../james/jmap/AllowAuthenticationStrategy.java | 2 +- .../http/AccessTokenAuthenticationStrategy.java | 3 +- ...ParameterAccessTokenAuthenticationStrategy.java | 3 +- .../james/jmap/draft/model/MailboxFactoryTest.java | 4 +- .../AccessTokenAuthenticationStrategyTest.java | 17 ++++- .../jmap/http/JWTAuthenticationStrategyTest.java | 17 ++++- .../jmap/http/XUserAuthenticationStrategyTest.java | 18 +++++- .../strategy/AllowAuthenticationStrategy.scala | 2 +- .../jmap/http/BasicAuthenticationStrategy.scala | 2 +- .../james/jmap/http/JWTAuthenticationStrategy.java | 3 +- .../jmap/http/XUserAuthenticationStrategy.java | 2 +- .../james/pop3server/core/PassCmdHandler.java | 2 +- .../apache/james/pop3server/POP3ServerTest.java | 18 +++--- 19 files changed, 134 insertions(+), 121 deletions(-) diff --git a/mailbox/api/src/main/java/org/apache/james/mailbox/SessionProvider.java b/mailbox/api/src/main/java/org/apache/james/mailbox/SessionProvider.java index 1e0b224c41..0b8e21dfd1 100644 --- a/mailbox/api/src/main/java/org/apache/james/mailbox/SessionProvider.java +++ b/mailbox/api/src/main/java/org/apache/james/mailbox/SessionProvider.java @@ -23,8 +23,10 @@ import org.apache.james.core.Username; import org.apache.james.mailbox.exception.MailboxException; public interface SessionProvider { - interface DelegationLogin { + interface AuthorizationStep { MailboxSession as(Username other) throws MailboxException; + + MailboxSession withoutDelegation() throws MailboxException; } /** @@ -38,7 +40,7 @@ public interface SessionProvider { * Creates a new system session.<br> * A system session is intended to be used for programmatic access.<br> * - * Use {@link #login(Username, String)} when accessing this API from a + * Use {@link #authenticate(Username)} when accessing this API from a * protocol. * * @param userName @@ -47,28 +49,6 @@ public interface SessionProvider { */ MailboxSession createSystemSession(Username userName); - /** - * Creates a session for the given user. - * - * Use {@link #createSystemSession(Username)} for interactions not done by the user himself. - */ - MailboxSession login(Username userName); - - /** - * Autenticates the given user against the given password.<br> - * When authenticated and authorized, a session will be supplied - * - * @param userid - * user name - * @param passwd - * password supplied - * @return a <code>MailboxSession</code> when the user is authenticated and - * authorized to access - * @throws MailboxException - * when the creation fails for other reasons - */ - MailboxSession login(Username userid, String passwd) throws MailboxException; - /** * Authenticates the given user against the given password, * then switch to another user.<br> @@ -78,37 +58,26 @@ public interface SessionProvider { * username of the given user, matching the credentials * @param passwd * password supplied for the given user - * @param otherUserId - * username of the real user * @return a <code>MailboxSession</code> for the real user * when the given user is authenticated and authorized to access * @throws MailboxException * when the creation fails for other reasons */ - MailboxSession loginAsOtherUser(Username givenUserid, String passwd, Username otherUserId) throws MailboxException; - default DelegationLogin authenticate(Username givenUserid, String passwd) { - return otherUserId -> loginAsOtherUser(givenUserid, passwd, otherUserId); - } + AuthorizationStep authenticate(Username givenUserid, String passwd); /** * Checking given user can log in as another user * When delegated and authorized, a session for the other user will be supplied * * @param givenUserid - * username of the given user, matching the credentials - * @param otherUserId - * username of the real user + * username of the given user * @return a <code>MailboxSession</code> for the real user * when the given user is authenticated and authorized to access * @throws MailboxException * when the creation fails for other reasons */ - MailboxSession loginAsOtherUser(Username givenUserid, Username otherUserId) throws MailboxException; - - default DelegationLogin authenticate(Username givenUserid) { - return otherUserId -> loginAsOtherUser(givenUserid, otherUserId); - } + AuthorizationStep authenticate(Username givenUserid); /** * <p> diff --git a/mailbox/api/src/test/java/org/apache/james/mailbox/manager/ManagerTestProvisionner.java b/mailbox/api/src/test/java/org/apache/james/mailbox/manager/ManagerTestProvisionner.java index 45079dcb31..bfa081e581 100644 --- a/mailbox/api/src/test/java/org/apache/james/mailbox/manager/ManagerTestProvisionner.java +++ b/mailbox/api/src/test/java/org/apache/james/mailbox/manager/ManagerTestProvisionner.java @@ -58,7 +58,7 @@ public class ManagerTestProvisionner { public ManagerTestProvisionner(IntegrationResources<?> integrationResources) throws Exception { this.integrationResources = integrationResources; - session = integrationResources.getMailboxManager().login(USER, USER_PASS); + session = integrationResources.getMailboxManager().authenticate(USER, USER_PASS).withoutDelegation(); subFolder = new MailboxPath(INBOX, "INBOX.SUB"); MaxQuotaManager maxQuotaManager = integrationResources.getMaxQuotaManager(); diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/SessionProviderImpl.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/SessionProviderImpl.java index 01f637a025..88cbc28b8e 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/SessionProviderImpl.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/SessionProviderImpl.java @@ -59,40 +59,50 @@ public class SessionProviderImpl implements SessionProvider { } @Override - public MailboxSession login(Username userName) { - return createSession(userName, Optional.of(userName), MailboxSession.SessionType.System); + public AuthorizationStep authenticate(Username thisUserId, String passwd) { + return new AuthorizationStep() { + @Override + public MailboxSession as(Username otherUserId) throws MailboxException { + if (!isValidLogin(thisUserId, passwd)) { + throw new BadCredentialsException(); + } + return authenticate(thisUserId).as(otherUserId); + } + + @Override + public MailboxSession withoutDelegation() throws MailboxException { + if (isValidLogin(thisUserId, passwd)) { + return createSession(thisUserId, Optional.ofNullable(thisUserId), MailboxSession.SessionType.User); + } else { + throw new BadCredentialsException(); + } + } + }; } @Override - public MailboxSession login(Username userid, String passwd) throws MailboxException { - if (isValidLogin(userid, passwd)) { - return createSession(userid, Optional.ofNullable(userid), MailboxSession.SessionType.User); - } else { - throw new BadCredentialsException(); - } - } - - @Override - public MailboxSession loginAsOtherUser(Username thisUserId, String passwd, Username otherUserId) throws MailboxException { - if (!isValidLogin(thisUserId, passwd)) { - throw new BadCredentialsException(); - } - return loginAsOtherUser(thisUserId, otherUserId); - } - - @Override - public MailboxSession loginAsOtherUser(Username givenUserid, Username otherUserId) throws MailboxException { - Authorizator.AuthorizationState authorizationState = authorizator.user(givenUserid).canLoginAs(otherUserId); - switch (authorizationState) { - case ALLOWED: - return createSession(otherUserId, Optional.of(givenUserid), MailboxSession.SessionType.System); - case FORBIDDEN: - throw new ForbiddenDelegationException(givenUserid, otherUserId); - case UNKNOWN_USER: - throw new UserDoesNotExistException(otherUserId); - default: - throw new RuntimeException("Unknown AuthorizationState " + authorizationState); - } + public AuthorizationStep authenticate(Username givenUserid) { + return new AuthorizationStep() { + @Override + public MailboxSession as(Username otherUserId) throws MailboxException { + Authorizator.AuthorizationState authorizationState = authorizator.user(givenUserid).canLoginAs(otherUserId); + switch (authorizationState) { + case ALLOWED: + return createSession(otherUserId, Optional.of(givenUserid), MailboxSession.SessionType.System); + case FORBIDDEN: + throw new ForbiddenDelegationException(givenUserid, otherUserId); + case UNKNOWN_USER: + throw new UserDoesNotExistException(otherUserId); + default: + throw new RuntimeException("Unknown AuthorizationState " + authorizationState); + } + } + + @Override + public MailboxSession withoutDelegation() { + return createSession(givenUserid, Optional.of(givenUserid), MailboxSession.SessionType.System); + } + }; } @Override diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java index 80aa7f98d2..78c053f1cd 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java @@ -249,23 +249,13 @@ public class StoreMailboxManager implements MailboxManager { } @Override - public MailboxSession login(Username userid, String passwd) throws MailboxException { - return sessionProvider.login(userid, passwd); + public AuthorizationStep authenticate(Username givenUserid, String passwd) { + return sessionProvider.authenticate(givenUserid, passwd); } @Override - public MailboxSession login(Username userid) { - return sessionProvider.login(userid); - } - - @Override - public MailboxSession loginAsOtherUser(Username adminUserid, String passwd, Username otherUserId) throws MailboxException { - return sessionProvider.loginAsOtherUser(adminUserid, passwd, otherUserId); - } - - @Override - public MailboxSession loginAsOtherUser(Username thisUserId, Username otherUserId) throws MailboxException { - return sessionProvider.loginAsOtherUser(thisUserId, otherUserId); + public AuthorizationStep authenticate(Username givenUserid) { + return sessionProvider.authenticate(givenUserid); } @Override diff --git a/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java b/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java index 8ac2b58d86..a9fff1961c 100644 --- a/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java +++ b/mailbox/store/src/test/java/org/apache/james/mailbox/store/StoreMailboxManagerTest.java @@ -168,63 +168,63 @@ class StoreMailboxManagerTest { @Test void loginShouldCreateSessionWhenGoodPassword() throws Exception { - MailboxSession expected = storeMailboxManager.login(CURRENT_USER, CURRENT_USER_PASSWORD); + MailboxSession expected = storeMailboxManager.authenticate(CURRENT_USER, CURRENT_USER_PASSWORD).withoutDelegation(); assertThat(expected.getUser()).isEqualTo(CURRENT_USER); } @Test void loginShouldThrowWhenBadPassword() { - assertThatThrownBy(() -> storeMailboxManager.login(CURRENT_USER, BAD_PASSWORD)) + assertThatThrownBy(() -> storeMailboxManager.authenticate(CURRENT_USER, BAD_PASSWORD).withoutDelegation()) .isInstanceOf(BadCredentialsException.class); } @Test void loginAsOtherUserShouldNotCreateUserSessionWhenAdminWithBadPassword() { - assertThatThrownBy(() -> storeMailboxManager.loginAsOtherUser(ADMIN, BAD_PASSWORD, CURRENT_USER)) + assertThatThrownBy(() -> storeMailboxManager.authenticate(ADMIN, BAD_PASSWORD).as(CURRENT_USER)) .isInstanceOf(BadCredentialsException.class); } @Test void loginAsOtherUserShouldNotCreateUserSessionWhenNotAdmin() { - assertThatThrownBy(() -> storeMailboxManager.loginAsOtherUser(CURRENT_USER, CURRENT_USER_PASSWORD, UNKNOWN_USER)) + assertThatThrownBy(() -> storeMailboxManager.authenticate(CURRENT_USER, CURRENT_USER_PASSWORD).as(UNKNOWN_USER)) .isInstanceOf(ForbiddenDelegationException.class); } @Test void loginAsOtherUserShouldThrowBadCredentialWhenBadPasswordAndNotAdminUser() { - assertThatThrownBy(() -> storeMailboxManager.loginAsOtherUser(CURRENT_USER, BAD_PASSWORD, CURRENT_USER)) + assertThatThrownBy(() -> storeMailboxManager.authenticate(CURRENT_USER, BAD_PASSWORD).as(CURRENT_USER)) .isInstanceOf(BadCredentialsException.class); } @Test void loginAsOtherUserShouldThrowBadCredentialWhenBadPasswordNotAdminUserAndUnknownUser() { - assertThatThrownBy(() -> storeMailboxManager.loginAsOtherUser(CURRENT_USER, BAD_PASSWORD, UNKNOWN_USER)) + assertThatThrownBy(() -> storeMailboxManager.authenticate(CURRENT_USER, BAD_PASSWORD).as(UNKNOWN_USER)) .isInstanceOf(BadCredentialsException.class); } @Test void loginAsOtherUserShouldThrowBadCredentialsWhenBadPasswordAndUserDoesNotExists() { - assertThatThrownBy(() -> storeMailboxManager.loginAsOtherUser(ADMIN, BAD_PASSWORD, UNKNOWN_USER)) + assertThatThrownBy(() -> storeMailboxManager.authenticate(ADMIN, BAD_PASSWORD).as(UNKNOWN_USER)) .isInstanceOf(BadCredentialsException.class); } @Test void loginAsOtherUserShouldNotCreateUserSessionWhenDelegatedUserDoesNotExist() { - assertThatThrownBy(() -> storeMailboxManager.loginAsOtherUser(ADMIN, ADMIN_PASSWORD, UNKNOWN_USER)) + assertThatThrownBy(() -> storeMailboxManager.authenticate(ADMIN, ADMIN_PASSWORD).as(UNKNOWN_USER)) .isInstanceOf(UserDoesNotExistException.class); } @Test void loginAsOtherUserShouldCreateUserSessionWhenAdminWithGoodPassword() throws Exception { - MailboxSession expected = storeMailboxManager.loginAsOtherUser(ADMIN, ADMIN_PASSWORD, CURRENT_USER); + MailboxSession expected = storeMailboxManager.authenticate(ADMIN, ADMIN_PASSWORD).as(CURRENT_USER); assertThat(expected.getUser()).isEqualTo(CURRENT_USER); } @Test void loginAsOtherUserWithoutPasswordShouldCreateUserSession() throws MailboxException { - MailboxSession expected = storeMailboxManager.loginAsOtherUser(ADMIN, CURRENT_USER); + MailboxSession expected = storeMailboxManager.authenticate(ADMIN).as(CURRENT_USER); assertThat(expected.getUser()).isEqualTo(CURRENT_USER); } diff --git a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java index 7f87ccba79..df82824b18 100644 --- a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java +++ b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractAuthProcessor.java @@ -71,8 +71,9 @@ public abstract class AbstractAuthProcessor<R extends ImapRequest> extends Abstr if (!authFailure) { final MailboxManager mailboxManager = getMailboxManager(); try { - final MailboxSession mailboxSession = mailboxManager.login(authenticationAttempt.getAuthenticationId(), - authenticationAttempt.getPassword()); + final MailboxSession mailboxSession = mailboxManager.authenticate(authenticationAttempt.getAuthenticationId(), + authenticationAttempt.getPassword()) + .withoutDelegation(); session.authenticated(); session.setMailboxSession(mailboxSession); provisionInbox(session, mailboxManager, mailboxSession); diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/AllowAuthenticationStrategy.java b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/AllowAuthenticationStrategy.java index 3983436993..7ccad73141 100644 --- a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/AllowAuthenticationStrategy.java +++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/AllowAuthenticationStrategy.java @@ -44,7 +44,7 @@ public class AllowAuthenticationStrategy implements AuthenticationStrategy { @Override public Mono<MailboxSession> createMailboxSession(HttpServerRequest httpRequest) { - return Mono.fromCallable(() -> mailboxManager.login(BOB)); + return Mono.fromCallable(() -> mailboxManager.authenticate(BOB).withoutDelegation()); } @Override diff --git a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java index 59471453f1..a22a1b61e5 100644 --- a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java +++ b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java @@ -28,6 +28,7 @@ import org.apache.james.jmap.exceptions.UnauthorizedException; import org.apache.james.mailbox.MailboxManager; import org.apache.james.mailbox.MailboxSession; +import com.github.fge.lambdas.Throwing; import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableMap; @@ -51,7 +52,7 @@ public class AccessTokenAuthenticationStrategy implements AuthenticationStrategy .filter(tokenString -> !tokenString.startsWith("Bearer")) .map(AccessToken::fromString) .flatMap(item -> Mono.from(accessTokenManager.getUsernameFromToken(item))) - .map(mailboxManager::login) + .map(Throwing.function(user -> mailboxManager.authenticate(user).withoutDelegation())) .onErrorResume(InvalidAccessToken.class, error -> Mono.error(new UnauthorizedException("Invalid access token", error))) .onErrorResume(NotAnAccessTokenException.class, error -> Mono.error(new UnauthorizedException("Not an access token", error))); } diff --git a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/QueryParameterAccessTokenAuthenticationStrategy.java b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/QueryParameterAccessTokenAuthenticationStrategy.java index eb30c07f5b..70d987b10e 100644 --- a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/QueryParameterAccessTokenAuthenticationStrategy.java +++ b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/QueryParameterAccessTokenAuthenticationStrategy.java @@ -31,6 +31,7 @@ import org.apache.james.jmap.draft.model.AttachmentAccessToken; import org.apache.james.mailbox.MailboxManager; import org.apache.james.mailbox.MailboxSession; +import com.github.fge.lambdas.Throwing; import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableMap; @@ -57,7 +58,7 @@ public class QueryParameterAccessTokenAuthenticationStrategy implements Authenti .filter(tokenManager::isValid) .map(AttachmentAccessToken::getUsername) .map(Username::of) - .map(mailboxManager::login); + .map(Throwing.function(user -> mailboxManager.authenticate(user).withoutDelegation())); } @Override diff --git a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/model/MailboxFactoryTest.java b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/model/MailboxFactoryTest.java index 2d7edee171..1150366850 100644 --- a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/model/MailboxFactoryTest.java +++ b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/model/MailboxFactoryTest.java @@ -72,8 +72,8 @@ public class MailboxFactoryTest { user = ManagerTestProvisionner.USER; otherUser = OTHER_USER; - mailboxSession = mailboxManager.login(user, ManagerTestProvisionner.USER_PASS); - otherMailboxSession = mailboxManager.login(otherUser, ManagerTestProvisionner.OTHER_USER_PASS); + mailboxSession = mailboxManager.authenticate(user, ManagerTestProvisionner.USER_PASS).withoutDelegation(); + otherMailboxSession = mailboxManager.authenticate(otherUser, ManagerTestProvisionner.OTHER_USER_PASS).withoutDelegation(); sut = new MailboxFactory(mailboxManager, quotaManager, quotaRootResolver); } diff --git a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java index f90b75e570..4a89c07705 100644 --- a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java +++ b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java @@ -26,6 +26,7 @@ import static org.mockito.Mockito.when; import java.util.UUID; +import org.apache.commons.lang3.NotImplementedException; import org.apache.james.core.Username; import org.apache.james.jmap.api.access.AccessToken; import org.apache.james.jmap.api.access.exceptions.InvalidAccessToken; @@ -33,6 +34,8 @@ import org.apache.james.jmap.draft.crypto.AccessTokenManagerImpl; import org.apache.james.jmap.exceptions.UnauthorizedException; import org.apache.james.mailbox.MailboxManager; import org.apache.james.mailbox.MailboxSession; +import org.apache.james.mailbox.SessionProvider; +import org.apache.james.mailbox.exception.MailboxException; import org.junit.Before; import org.junit.Test; @@ -115,8 +118,18 @@ public class AccessTokenAuthenticationStrategyTest { Username username = Username.of("123456789"); MailboxSession fakeMailboxSession = mock(MailboxSession.class); - when(mockedMailboxManager.login(eq(username))) - .thenReturn(fakeMailboxSession); + when(mockedMailboxManager.authenticate(eq(username))) + .thenReturn(new SessionProvider.AuthorizationStep() { + @Override + public MailboxSession as(Username other) { + throw new NotImplementedException(); + } + + @Override + public MailboxSession withoutDelegation() { + return fakeMailboxSession; + } + }); UUID authHeader = UUID.randomUUID(); AccessToken accessToken = AccessToken.fromString(authHeader.toString()); diff --git a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/JWTAuthenticationStrategyTest.java b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/JWTAuthenticationStrategyTest.java index 73cc2769ce..9ca3fc96d8 100644 --- a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/JWTAuthenticationStrategyTest.java +++ b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/JWTAuthenticationStrategyTest.java @@ -26,12 +26,15 @@ import static org.mockito.Mockito.when; import java.util.Optional; +import org.apache.commons.lang3.NotImplementedException; import org.apache.james.core.Username; import org.apache.james.domainlist.api.DomainList; import org.apache.james.jmap.exceptions.UnauthorizedException; import org.apache.james.jwt.JwtTokenVerifier; import org.apache.james.mailbox.MailboxManager; import org.apache.james.mailbox.MailboxSession; +import org.apache.james.mailbox.SessionProvider; +import org.apache.james.mailbox.exception.MailboxException; import org.apache.james.user.memory.MemoryUsersRepository; import org.junit.Before; import org.junit.Test; @@ -122,8 +125,18 @@ public class JWTAuthenticationStrategyTest { MailboxSession fakeMailboxSession = mock(MailboxSession.class); when(stubTokenVerifier.verifyAndExtractLogin(validAuthHeader)).thenReturn(Optional.of(username)); - when(mockedMailboxManager.login(eq(Username.of(username)))) - .thenReturn(fakeMailboxSession); + when(mockedMailboxManager.authenticate(eq(Username.of(username)))) + .thenReturn(new SessionProvider.AuthorizationStep() { + @Override + public MailboxSession as(Username other) throws MailboxException { + throw new NotImplementedException(); + } + + @Override + public MailboxSession withoutDelegation() throws MailboxException { + return fakeMailboxSession; + } + }); when(mockedHeaders.get(AUTHORIZATION_HEADERS)) .thenReturn(fakeAuthHeaderWithPrefix); diff --git a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/XUserAuthenticationStrategyTest.java b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/XUserAuthenticationStrategyTest.java index a52951bfe1..1a3bc2fad3 100644 --- a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/XUserAuthenticationStrategyTest.java +++ b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/XUserAuthenticationStrategyTest.java @@ -24,12 +24,16 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import org.apache.commons.lang3.NotImplementedException; +import org.apache.james.core.Username; import org.apache.james.dnsservice.api.DNSService; import org.apache.james.domainlist.lib.DomainListConfiguration; import org.apache.james.domainlist.memory.MemoryDomainList; import org.apache.james.jmap.exceptions.UnauthorizedException; import org.apache.james.mailbox.MailboxManager; import org.apache.james.mailbox.MailboxSession; +import org.apache.james.mailbox.SessionProvider; +import org.apache.james.mailbox.exception.MailboxException; import org.apache.james.user.memory.MemoryUsersRepository; import org.junit.Before; import org.junit.Test; @@ -57,8 +61,18 @@ public class XUserAuthenticationStrategyTest { when(mockedMailboxManager.createSystemSession(any())) .thenReturn(fakeMailboxSession); - when(mockedMailboxManager.login(any())) - .thenReturn(fakeMailboxSession); + when(mockedMailboxManager.authenticate(any())) + .thenReturn(new SessionProvider.AuthorizationStep() { + @Override + public MailboxSession as(Username other) { + throw new NotImplementedException(); + } + + @Override + public MailboxSession withoutDelegation() { + return fakeMailboxSession; + } + }); when(mockedRequest.requestHeaders()) .thenReturn(mockedHeaders); diff --git a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/custom/authentication/strategy/AllowAuthenticationStrategy.scala b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/custom/authentication/strategy/AllowAuthenticationStrategy.scala index 9f9a1cad40..9b90e3b153 100644 --- a/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/custom/authentication/strategy/AllowAuthenticationStrategy.scala +++ b/server/protocols/jmap-rfc-8621-integration-tests/jmap-rfc-8621-integration-tests-common/src/main/scala/org/apache/james/jmap/rfc8621/contract/custom/authentication/strategy/AllowAuthenticationStrategy.scala @@ -30,7 +30,7 @@ import reactor.netty.http.server.HttpServerRequest case class AllowAuthenticationStrategy @Inject() (mailboxManager: MailboxManager) extends AuthenticationStrategy { override def createMailboxSession(httpRequest: HttpServerRequest): Mono[MailboxSession] = - SMono.fromCallable(() => mailboxManager.login(Fixture.BOB)) + SMono.fromCallable(() => mailboxManager.authenticate(Fixture.BOB).withoutDelegation()) .asJava() override def correspondingChallenge(): AuthenticationChallenge = diff --git a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/http/BasicAuthenticationStrategy.scala b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/http/BasicAuthenticationStrategy.scala index 309f54b84f..de235f22eb 100644 --- a/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/http/BasicAuthenticationStrategy.scala +++ b/server/protocols/jmap-rfc-8621/src/main/scala/org/apache/james/jmap/http/BasicAuthenticationStrategy.scala @@ -118,7 +118,7 @@ class BasicAuthenticationStrategy @Inject()(val usersRepository: UsersRepository .handle(publishNext) .filterWhen(isValid) .map(_.username) - .map(mailboxManager.login) + .map(mailboxManager.authenticate(_).withoutDelegation()) .asJava() diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/JWTAuthenticationStrategy.java b/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/JWTAuthenticationStrategy.java index 17cbcfee79..de95dc0b66 100644 --- a/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/JWTAuthenticationStrategy.java +++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/JWTAuthenticationStrategy.java @@ -30,6 +30,7 @@ import org.apache.james.user.api.UsersRepository; import org.apache.james.user.api.UsersRepositoryException; import org.apache.james.util.ReactorUtils; +import com.github.fge.lambdas.Throwing; import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableMap; @@ -71,7 +72,7 @@ public class JWTAuthenticationStrategy implements AuthenticationStrategy { return username; }).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER)) - .map(mailboxManager::login); + .map(Throwing.function(user -> mailboxManager.authenticate(user).withoutDelegation())); } @Override diff --git a/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/XUserAuthenticationStrategy.java b/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/XUserAuthenticationStrategy.java index e915bc1adf..022d75f92b 100644 --- a/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/XUserAuthenticationStrategy.java +++ b/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/XUserAuthenticationStrategy.java @@ -68,7 +68,7 @@ public class XUserAuthenticationStrategy implements AuthenticationStrategy { } catch (UsersRepositoryException e) { throw new UnauthorizedException("Invalid username", e); } - return mailboxManager.login(username); + return mailboxManager.authenticate(username).withoutDelegation(); }).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER); } diff --git a/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java b/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java index 07b4e93aa1..6a7444fa9f 100644 --- a/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java +++ b/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java @@ -87,7 +87,7 @@ public class PassCmdHandler extends AbstractPassCmdHandler { private Mailbox auth(POP3Session session, String password) throws IOException { MailboxSession mSession = null; try { - mSession = manager.login(session.getUsername(), password); + mSession = manager.authenticate(session.getUsername(), password).withoutDelegation(); session.stopDetectingCommandInjection(); manager.startProcessingRequest(mSession); MailboxPath inbox = MailboxPath.inbox(mSession); diff --git a/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java b/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java index 3fa6ff6e06..46646e5e57 100644 --- a/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java +++ b/server/protocols/protocols-pop3/src/test/java/org/apache/james/pop3server/POP3ServerTest.java @@ -272,7 +272,7 @@ public class POP3ServerTest { pop3Client.disconnect(); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar"); + MailboxSession session = mailboxManager.authenticate(username, "bar").withoutDelegation(); if (!mailboxManager.mailboxExists(mailboxPath, session).block()) { mailboxManager.createMailbox(mailboxPath, session); } @@ -352,7 +352,7 @@ public class POP3ServerTest { Username username = Username.of("foo2"); usersRepository.addUser(username, "bar2"); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar2"); + MailboxSession session = mailboxManager.authenticate(username, "bar2").withoutDelegation(); mailboxManager.createMailbox(mailboxPath, session); byte[] content = ("Return-path: ret...@test.com\r\n" + "Content-Transfer-Encoding: plain\r\n" @@ -389,7 +389,7 @@ public class POP3ServerTest { Username username = Username.of("foo2"); usersRepository.addUser(username, "bar2"); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar2"); + MailboxSession session = mailboxManager.authenticate(username, "bar2").withoutDelegation(); mailboxManager.createMailbox(mailboxPath, session); byte[] content = ("Return-path: ret...@test.com\r\n" + "Content-Transfer-Encoding: plain\r\n" @@ -426,7 +426,7 @@ public class POP3ServerTest { Username username = Username.of("foo2"); usersRepository.addUser(username, "bar2"); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar2"); + MailboxSession session = mailboxManager.authenticate(username, "bar2").withoutDelegation(); mailboxManager.createMailbox(mailboxPath, session); byte[] content = ("Return-path: ret...@test.com\r\n" + "Content-Transfer-Encoding: plain\r\n" @@ -469,7 +469,7 @@ public class POP3ServerTest { usersRepository.addUser(username, "bar2"); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar2"); + MailboxSession session = mailboxManager.authenticate(username, "bar2").withoutDelegation(); if (!mailboxManager.mailboxExists(mailboxPath, session).block()) { mailboxManager.createMailbox(mailboxPath, session); @@ -556,7 +556,7 @@ public class POP3ServerTest { usersRepository.addUser(username, "bar2"); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar2"); + MailboxSession session = mailboxManager.authenticate(username, "bar2").withoutDelegation(); if (!mailboxManager.mailboxExists(mailboxPath, session).block()) { mailboxManager.createMailbox(mailboxPath, session); @@ -602,7 +602,7 @@ public class POP3ServerTest { usersRepository.addUser(username, "bar2"); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar2"); + MailboxSession session = mailboxManager.authenticate(username, "bar2").withoutDelegation(); if (!mailboxManager.mailboxExists(mailboxPath, session).block()) { mailboxManager.createMailbox(mailboxPath, session); @@ -652,7 +652,7 @@ public class POP3ServerTest { usersRepository.addUser(username, "bar2"); MailboxPath mailboxPath = MailboxPath.inbox(username); - MailboxSession session = mailboxManager.login(username, "bar2"); + MailboxSession session = mailboxManager.authenticate(username, "bar2").withoutDelegation(); if (!mailboxManager.mailboxExists(mailboxPath, session).block()) { mailboxManager.createMailbox(mailboxPath, session); @@ -861,7 +861,7 @@ public class POP3ServerTest { Username username = Username.of("foo6"); usersRepository.addUser(username, "bar6"); - MailboxSession session = mailboxManager.login(username, "bar6"); + MailboxSession session = mailboxManager.authenticate(username, "bar6").withoutDelegation(); MailboxPath mailboxPath = MailboxPath.inbox(username); --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org