This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit fffa4b5b3b83e2a0c2f98548f5cf363afb31e94c Author: LanKhuat <[email protected]> AuthorDate: Tue Jul 28 14:24:07 2020 +0700 JAMES-3351 AccessToken strategy --- .../http/AccessTokenAuthenticationStrategy.java | 12 ++++++--- .../AccessTokenAuthenticationStrategyTest.java | 31 ++++++++++++++-------- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java index 5f9435d..e584ef1 100644 --- a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java +++ b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.java @@ -21,13 +21,15 @@ package org.apache.james.jmap.http; import javax.inject.Inject; import org.apache.james.jmap.api.access.AccessToken; +import org.apache.james.jmap.api.access.exceptions.InvalidAccessToken; +import org.apache.james.jmap.api.access.exceptions.NotAnAccessTokenException; import org.apache.james.jmap.draft.api.AccessTokenManager; +import org.apache.james.jmap.exceptions.UnauthorizedException; import org.apache.james.mailbox.MailboxManager; import org.apache.james.mailbox.MailboxSession; import com.google.common.annotations.VisibleForTesting; -import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import reactor.netty.http.server.HttpServerRequest; @@ -44,11 +46,13 @@ public class AccessTokenAuthenticationStrategy implements AuthenticationStrategy @Override public Mono<MailboxSession> createMailboxSession(HttpServerRequest httpRequest) { - return Flux.fromStream(authHeaders(httpRequest)) + return Mono.fromCallable(() -> authHeaders(httpRequest)) + .filter(tokenString -> !tokenString.startsWith("Bearer")) .map(AccessToken::fromString) .filterWhen(accessTokenManager::isValid) - .flatMap(accessTokenManager::getUsernameFromToken) + .flatMap(item -> Mono.from(accessTokenManager.getUsernameFromToken(item))) .map(mailboxManager::createSystemSession) - .singleOrEmpty(); + .onErrorResume(InvalidAccessToken.class, error -> Mono.error(new UnauthorizedException("Invalid access token", error))) + .onErrorResume(NotAnAccessTokenException.class, error -> Mono.error(new UnauthorizedException("Not an access token", error))); } } diff --git a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java index b48f305..05c2d2b 100644 --- a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java +++ b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/http/AccessTokenAuthenticationStrategyTest.java @@ -28,8 +28,8 @@ import java.util.UUID; import org.apache.james.core.Username; import org.apache.james.jmap.api.access.AccessToken; -import org.apache.james.jmap.api.access.exceptions.NotAnAccessTokenException; import org.apache.james.jmap.draft.crypto.AccessTokenManagerImpl; +import org.apache.james.jmap.exceptions.UnauthorizedException; import org.apache.james.mailbox.MailboxManager; import org.apache.james.mailbox.MailboxSession; import org.junit.Before; @@ -65,20 +65,17 @@ public class AccessTokenAuthenticationStrategyTest { @Test public void createMailboxSessionShouldReturnEmptyWhenNoAuthProvided() { - when(mockedHeaders.getAll(AUTHORIZATION_HEADERS)) - .thenReturn(ImmutableList.of()); - assertThat(testee.createMailboxSession(mockedRequest).blockOptional()) .isEmpty(); } @Test public void createMailboxSessionShouldThrowWhenAuthHeaderIsNotAnUUID() { - when(mockedHeaders.getAll(AUTHORIZATION_HEADERS)) - .thenReturn(ImmutableList.of("bad")); + when(mockedHeaders.get(AUTHORIZATION_HEADERS)) + .thenReturn("bad"); assertThatThrownBy(() -> testee.createMailboxSession(mockedRequest).block()) - .isExactlyInstanceOf(NotAnAccessTokenException.class); + .isExactlyInstanceOf(UnauthorizedException.class); } @Test @@ -93,8 +90,8 @@ public class AccessTokenAuthenticationStrategyTest { AccessToken accessToken = AccessToken.fromString(authHeader.toString()); when(mockedAccessTokenManager.getUsernameFromToken(accessToken)) .thenReturn(Mono.just(username)); - when(mockedHeaders.getAll(AUTHORIZATION_HEADERS)) - .thenReturn(ImmutableList.of(authHeader.toString())); + when(mockedHeaders.get(AUTHORIZATION_HEADERS)) + .thenReturn(authHeader.toString()); when(mockedAccessTokenManager.isValid(accessToken)) .thenReturn(Mono.just(false)); @@ -103,6 +100,18 @@ public class AccessTokenAuthenticationStrategyTest { } @Test + public void createMailboxSessionShouldThrowWhenMultipleAuthHeaders() { + UUID authHeader1 = UUID.randomUUID(); + UUID authHeader2 = UUID.randomUUID(); + + when(mockedHeaders.getAll(AUTHORIZATION_HEADERS)) + .thenReturn(ImmutableList.of(authHeader1.toString(), authHeader2.toString())); + + assertThatThrownBy(() -> testee.createMailboxSession(mockedRequest).block()) + .isExactlyInstanceOf(IllegalArgumentException.class); + } + + @Test public void createMailboxSessionShouldReturnWhenAuthHeadersAreValid() { Username username = Username.of("123456789"); MailboxSession fakeMailboxSession = mock(MailboxSession.class); @@ -114,8 +123,8 @@ public class AccessTokenAuthenticationStrategyTest { AccessToken accessToken = AccessToken.fromString(authHeader.toString()); when(mockedAccessTokenManager.getUsernameFromToken(accessToken)) .thenReturn(Mono.just(username)); - when(mockedHeaders.getAll(AUTHORIZATION_HEADERS)) - .thenReturn(ImmutableList.of(authHeader.toString())); + when(mockedHeaders.get(AUTHORIZATION_HEADERS)) + .thenReturn(authHeader.toString()); when(mockedAccessTokenManager.isValid(accessToken)) .thenReturn(Mono.just(true)); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
