-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fe546c6
commit 2e73133
Showing
2 changed files
with
142 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -14,7 +14,10 @@ | |
| import net.ripe.db.whois.api.rest.mapper.FormattedClientAttributeMapper; | ||
| import net.ripe.db.whois.api.rest.mapper.WhoisObjectMapper; | ||
| import net.ripe.db.whois.common.apiKey.ApiKeyUtils; | ||
| import net.ripe.db.whois.common.rpsl.AttributeType; | ||
| import net.ripe.db.whois.common.rpsl.RpslAttribute; | ||
| import net.ripe.db.whois.common.rpsl.RpslObject; | ||
| import net.ripe.db.whois.common.rpsl.RpslObjectBuilder; | ||
| import org.apache.commons.lang3.StringUtils; | ||
| import org.eclipse.jetty.http.HttpStatus; | ||
| import org.junit.jupiter.api.AfterAll; | ||
|
|
@@ -26,6 +29,7 @@ | |
|
|
||
| import java.time.LocalDateTime; | ||
|
|
||
| import static jakarta.ws.rs.client.Entity.entity; | ||
| import static jakarta.ws.rs.core.Response.Status.OK; | ||
| import static jakarta.ws.rs.core.Response.Status.UNAUTHORIZED; | ||
| import static net.ripe.db.whois.api.ApiKeyAuthServerDummy.BASIC_AUTH_INVALID_API_KEY; | ||
|
|
@@ -35,6 +39,8 @@ | |
| import static net.ripe.db.whois.api.ApiKeyAuthServerDummy.BASIC_AUTH_TEST_NO_MNT; | ||
| import static net.ripe.db.whois.api.ApiKeyAuthServerDummy.BASIC_AUTH_TEST_TEST_MNT; | ||
| import static net.ripe.db.whois.api.rest.WhoisRestBasicAuthTestIntegration.getBasicAuthenticationHeader; | ||
| import static net.ripe.db.whois.common.rpsl.ObjectType.PERSON; | ||
| import static net.ripe.db.whois.common.rpsl.ObjectType.ROLE; | ||
| import static org.hamcrest.MatcherAssert.assertThat; | ||
| import static org.hamcrest.Matchers.contains; | ||
| import static org.hamcrest.Matchers.containsInAnyOrder; | ||
|
|
@@ -60,6 +66,7 @@ public class WhoisRestApiKeyAuthTestIntegration extends AbstractHttpsIntegration | |
| "address: Singel 258\n" + | ||
| "phone: +31 6 12345678\n" + | ||
| "nic-hdl: TR2-TEST\n" + | ||
| "e-mail: [email protected]\n" + | ||
| "mnt-by: OWNER-MNT\n" + | ||
| "source: TEST"; | ||
|
|
||
|
|
@@ -439,6 +446,139 @@ public void create_object_with_apikey_differnt_mnt_fails() { | |
| assertThat(response.getStatus(), is(UNAUTHORIZED.getStatusCode())); | ||
| } | ||
|
|
||
| @Test | ||
| public void update_object_with_apikey_no_mnt_with_sso() { | ||
| final RpslObject updated = new RpslObjectBuilder(TEST_ROLE) | ||
| .addAttributeSorted(new RpslAttribute(AttributeType.REMARKS, "more_test")) | ||
| .get(); | ||
|
|
||
| final WhoisResources whoisResources = SecureRestTest.target(getSecurePort(), "whois/TEST/role/TR2-TEST") | ||
| .request(MediaType.APPLICATION_XML) | ||
| .header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(BASIC_AUTH_PERSON_NO_MNT)) | ||
| .put(Entity.entity(map(updated), MediaType.APPLICATION_XML), WhoisResources.class); | ||
|
|
||
| assertThat(whoisResources.getWhoisObjects().size(), is(1)); | ||
| assertThat(databaseHelper.lookupObject(ROLE, updated.getKey().toString()).getValueForAttribute(AttributeType.REMARKS), is("more_test")); | ||
|
|
||
| } | ||
|
|
||
| @Test | ||
| public void update_object_with_apikey_with_mnt_with_sso() { | ||
| final RpslObject updated = new RpslObjectBuilder(TEST_ROLE) | ||
| .addAttributeSorted(new RpslAttribute(AttributeType.REMARKS, "more_test")) | ||
| .get(); | ||
|
|
||
| final WhoisResources whoisResources = SecureRestTest.target(getSecurePort(), "whois/TEST/role/TR2-TEST") | ||
| .request(MediaType.APPLICATION_XML) | ||
| .header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(BASIC_AUTH_PERSON_OWNER_MNT)) | ||
| .put(Entity.entity(map(updated), MediaType.APPLICATION_XML), WhoisResources.class); | ||
|
|
||
| assertThat(whoisResources.getWhoisObjects().size(), is(1)); | ||
| assertThat(databaseHelper.lookupObject(ROLE, updated.getKey().toString()).getValueForAttribute(AttributeType.REMARKS), is("more_test")); | ||
| } | ||
|
|
||
| @Test | ||
| public void update_object_with_invalid_apikey() { | ||
|
|
||
| final RpslObject updated = new RpslObjectBuilder(TEST_ROLE) | ||
| .addAttributeSorted(new RpslAttribute(AttributeType.REMARKS, "more_test")) | ||
| .get(); | ||
|
|
||
| final Response whoisResources = SecureRestTest.target(getSecurePort(), "whois/TEST/role/TR2-TEST") | ||
| .request(MediaType.APPLICATION_XML) | ||
| .header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(BASIC_AUTH_INVALID_API_KEY)) | ||
| .put(Entity.entity(map(updated), MediaType.APPLICATION_XML), Response.class); | ||
|
|
||
| assertThat(whoisResources.getStatus(), is(UNAUTHORIZED.getStatusCode())); | ||
| assertThat(databaseHelper.lookupObject(ROLE, updated.getKey().toString()).getValueOrNullForAttribute(AttributeType.REMARKS), is(nullValue())); | ||
|
|
||
| } | ||
|
|
||
| @Test | ||
| public void update_object_with_valid_apikey_invalid_jwt_signature() { | ||
|
|
||
| final RpslObject updated = new RpslObjectBuilder(TEST_ROLE) | ||
| .addAttributeSorted(new RpslAttribute(AttributeType.REMARKS, "more_test")) | ||
| .get(); | ||
|
|
||
| final Response whoisResources = SecureRestTest.target(getSecurePort(), "whois/TEST/role/TR2-TEST") | ||
| .request(MediaType.APPLICATION_XML) | ||
| .header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(BASIC_AUTH_INVALID_SIGNATURE_API_KEY)) | ||
| .put(Entity.entity(map(updated), MediaType.APPLICATION_XML), Response.class); | ||
|
|
||
| assertThat(whoisResources.getStatus(), is(UNAUTHORIZED.getStatusCode())); | ||
| assertThat(databaseHelper.lookupObject(ROLE, updated.getKey().toString()).getValueOrNullForAttribute(AttributeType.REMARKS), is(nullValue())); | ||
| } | ||
|
|
||
| @Test | ||
| public void update_object_with_apikey_different_mnt_fails() { | ||
|
|
||
| final RpslObject updated = new RpslObjectBuilder(TEST_ROLE) | ||
| .addAttributeSorted(new RpslAttribute(AttributeType.REMARKS, "more_test")) | ||
| .get(); | ||
|
|
||
| final Response whoisResources = SecureRestTest.target(getSecurePort(), "whois/TEST/role/TR2-TEST") | ||
| .request(MediaType.APPLICATION_XML) | ||
| .header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(BASIC_AUTH_TEST_TEST_MNT)) | ||
| .put(Entity.entity(map(updated), MediaType.APPLICATION_XML), Response.class); | ||
|
|
||
| assertThat(whoisResources.getStatus(), is(UNAUTHORIZED.getStatusCode())); | ||
| assertThat(databaseHelper.lookupObject(ROLE, updated.getKey().toString()).getValueOrNullForAttribute(AttributeType.REMARKS), is(nullValue())); | ||
|
|
||
| } | ||
|
|
||
| @Test | ||
| public void update_object_with_apikey_different_mnt_same_sso_fails() { | ||
| databaseHelper.addObject(RpslObject.parse("" + | ||
| "mntner: TEST-MNT\n" + | ||
| "descr: Owner Maintainer\n" + | ||
| "admin-c: TP1-TEST\n" + | ||
| "upd-to: [email protected]\n" + | ||
| "auth: MD5-PW $1$d9fKeTr2$Si7YudNf4rUGmR71n/cqk/ #test\n" + | ||
| "auth: SSO [email protected]\n" + | ||
| "auth: SSO [email protected]\n" + | ||
| "mnt-by: OWNER-MNT\n" + | ||
| "source: TEST")); | ||
|
|
||
|
|
||
| final RpslObject updated = new RpslObjectBuilder(TEST_ROLE) | ||
| .addAttributeSorted(new RpslAttribute(AttributeType.REMARKS, "more_test")) | ||
| .get(); | ||
|
|
||
| final Response whoisResources = SecureRestTest.target(getSecurePort(), "whois/TEST/role/TR2-TEST") | ||
| .request(MediaType.APPLICATION_XML) | ||
| .header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(BASIC_AUTH_TEST_TEST_MNT)) | ||
| .put(Entity.entity(map(updated), MediaType.APPLICATION_XML), Response.class); | ||
|
|
||
| assertThat(whoisResources.getStatus(), is(UNAUTHORIZED.getStatusCode())); | ||
| assertThat(databaseHelper.lookupObject(ROLE, updated.getKey().toString()).getValueOrNullForAttribute(AttributeType.REMARKS), is(nullValue())); | ||
| } | ||
|
|
||
| @Test | ||
| public void update_object_with_apikey_same_mnt_different_sso_fails() { | ||
| databaseHelper.updateObject(RpslObject.parse("" + | ||
| "mntner: OWNER-MNT\n" + | ||
| "descr: Owner Maintainer\n" + | ||
| "admin-c: TP1-TEST\n" + | ||
| "upd-to: [email protected]\n" + | ||
| "auth: MD5-PW $1$d9fKeTr2$Si7YudNf4rUGmR71n/cqk/ #test\n" + | ||
| "auth: SSO [email protected]\n" + | ||
| "mnt-by: OWNER-MNT\n" + | ||
| "source: TEST")); | ||
|
|
||
| final RpslObject updated = new RpslObjectBuilder(TEST_ROLE) | ||
| .addAttributeSorted(new RpslAttribute(AttributeType.REMARKS, "more_test")) | ||
| .get(); | ||
|
|
||
| final Response whoisResources = SecureRestTest.target(getSecurePort(), "whois/TEST/role/TR2-TEST") | ||
| .request(MediaType.APPLICATION_XML) | ||
| .header(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(BASIC_AUTH_TEST_TEST_MNT)) | ||
| .put(Entity.entity(map(updated), MediaType.APPLICATION_XML), Response.class); | ||
|
|
||
| assertThat(whoisResources.getStatus(), is(UNAUTHORIZED.getStatusCode())); | ||
| assertThat(databaseHelper.lookupObject(ROLE, updated.getKey().toString()).getValueOrNullForAttribute(AttributeType.REMARKS), is(nullValue())); | ||
| } | ||
|
|
||
| private static void assertIrt(final WhoisObject whoisObject, final boolean isFIltered) { | ||
| assertThat(whoisObject.getAttributes(), contains( | ||
| new Attribute("irt", "irt-test"), | ||
|
|
||