Fix #12395, use request context replace session depend. (#12398)

This commit is contained in:
杨翊 SionYang 2024-07-22 13:32:41 +08:00 committed by GitHub
parent 298f36f145
commit 197795a854
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 34 additions and 33 deletions

View File

@ -23,6 +23,7 @@ import com.alibaba.nacos.common.model.RestResult;
import com.alibaba.nacos.common.model.RestResultUtils; import com.alibaba.nacos.common.model.RestResultUtils;
import com.alibaba.nacos.common.utils.JacksonUtils; import com.alibaba.nacos.common.utils.JacksonUtils;
import com.alibaba.nacos.common.utils.StringUtils; import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.context.RequestContextHolder;
import com.alibaba.nacos.persistence.model.Page; import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.plugin.auth.api.IdentityContext; import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.constant.ActionTypes; import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
@ -102,7 +103,11 @@ public class UserController {
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE) @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
@PostMapping @PostMapping
public Object createUser(@RequestParam String username, @RequestParam String password) { public Object createUser(@RequestParam String username, @RequestParam String password) {
if (AuthConstants.DEFAULT_USER.equals(username)) {
return RestResultUtils.failed(HttpStatus.CONFLICT.value(),
"User `nacos` is default admin user. Please use `/nacos/v1/auth/users/admin` API to init `nacos` users. "
+ "Detail see `https://nacos.io/docs/latest/manual/admin/auth/#31-%E8%AE%BE%E7%BD%AE%E7%AE%A1%E7%90%86%E5%91%98%E5%AF%86%E7%A0%81`");
}
User user = userDetailsService.getUserFromDatabase(username); User user = userDetailsService.getUserFromDatabase(username);
if (user != null) { if (user != null) {
throw new IllegalArgumentException("user '" + username + "' already exist!"); throw new IllegalArgumentException("user '" + username + "' already exist!");
@ -202,8 +207,7 @@ public class UserController {
if (!authConfigs.isAuthEnabled()) { if (!authConfigs.isAuthEnabled()) {
return true; return true;
} }
IdentityContext identityContext = (IdentityContext) request.getSession() IdentityContext identityContext = RequestContextHolder.getContext().getAuthContext().getIdentityContext();
.getAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT);
if (identityContext == null) { if (identityContext == null) {
throw new HttpSessionRequiredException("session expired!"); throw new HttpSessionRequiredException("session expired!");
} }
@ -324,7 +328,6 @@ public class UserController {
} }
} }
/** /**
* Fuzzy matching username. * Fuzzy matching username.
* *

View File

@ -18,6 +18,7 @@ package com.alibaba.nacos.plugin.auth.impl.controller;
import com.alibaba.nacos.auth.config.AuthConfigs; import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.model.RestResult; import com.alibaba.nacos.common.model.RestResult;
import com.alibaba.nacos.core.context.RequestContextHolder;
import com.alibaba.nacos.persistence.model.Page; import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.plugin.auth.api.IdentityContext; import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.exception.AccessException; import com.alibaba.nacos.plugin.auth.exception.AccessException;
@ -33,6 +34,7 @@ import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetailsServiceImpl;
import com.alibaba.nacos.sys.env.EnvUtil; import com.alibaba.nacos.sys.env.EnvUtil;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode; import com.fasterxml.jackson.databind.node.ObjectNode;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
@ -105,6 +107,12 @@ class UserControllerTest {
AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString()); AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
EnvUtil.setEnvironment(mockEnvironment); EnvUtil.setEnvironment(mockEnvironment);
RequestContextHolder.getContext().getAuthContext().setIdentityContext(new IdentityContext());
}
@AfterEach
public void tearDown() {
RequestContextHolder.removeContext();
} }
@Test @Test
@ -123,20 +131,26 @@ class UserControllerTest {
@Test @Test
void testCreateUser1() { void testCreateUser1() {
when(userDetailsService.getUserFromDatabase("nacos")).thenReturn(null); when(userDetailsService.getUserFromDatabase("test")).thenReturn(null);
RestResult<String> result = (RestResult<String>) userController.createUser("nacos", "test"); RestResult<String> result = (RestResult<String>) userController.createUser("test", "test");
assertEquals(200, result.getCode()); assertEquals(200, result.getCode());
} }
@Test @Test
void testCreateUser2() { void testCreateUser2() {
when(userDetailsService.getUserFromDatabase("nacos")).thenReturn(new User()); when(userDetailsService.getUserFromDatabase("test")).thenReturn(new User());
assertThrows(IllegalArgumentException.class, () -> { assertThrows(IllegalArgumentException.class, () -> {
userController.createUser("nacos", "test"); userController.createUser("test", "test");
}); });
} }
@Test
void testCreateUserNamedNacos() {
RestResult<String> result = (RestResult<String>) userController.createUser("nacos", "test");
assertEquals(409, result.getCode());
}
@Test @Test
void testCreateAdminUser1() { void testCreateAdminUser1() {
when(authConfigs.getNacosAuthSystemType()).thenReturn(AuthSystemTypes.NACOS.name()); when(authConfigs.getNacosAuthSystemType()).thenReturn(AuthSystemTypes.NACOS.name());
@ -221,7 +235,7 @@ class UserControllerTest {
@Test @Test
void testUpdateUser3() throws IOException { void testUpdateUser3() throws IOException {
RequestContextHolder.getContext().getAuthContext().setIdentityContext(null);
when(authConfigs.isAuthEnabled()).thenReturn(true); when(authConfigs.isAuthEnabled()).thenReturn(true);
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse(); MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
@ -234,15 +248,11 @@ class UserControllerTest {
@Test @Test
void testUpdateUser4() throws IOException { void testUpdateUser4() throws IOException {
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, user);
when(authConfigs.isAuthEnabled()).thenReturn(true); when(authConfigs.isAuthEnabled()).thenReturn(true);
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User()); when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, user);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse(); MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test", RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
mockHttpServletResponse, mockHttpServletRequest); mockHttpServletResponse, mockHttpServletRequest);
@ -252,17 +262,13 @@ class UserControllerTest {
@Test @Test
void testUpdateUser5() throws IOException, AccessException { void testUpdateUser5() throws IOException, AccessException {
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, null);
when(authConfigs.isAuthEnabled()).thenReturn(true); when(authConfigs.isAuthEnabled()).thenReturn(true);
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User()); when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(user); when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(user);
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse(); MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test", RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
mockHttpServletResponse, mockHttpServletRequest); mockHttpServletResponse, mockHttpServletRequest);
@ -272,16 +278,12 @@ class UserControllerTest {
@Test @Test
void testUpdateUser6() throws IOException, AccessException { void testUpdateUser6() throws IOException, AccessException {
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, null);
when(authConfigs.isAuthEnabled()).thenReturn(true); when(authConfigs.isAuthEnabled()).thenReturn(true);
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(null); when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(null);
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse(); MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest); Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);
@ -292,17 +294,13 @@ class UserControllerTest {
@Test @Test
void testUpdateUser7() throws IOException, AccessException { void testUpdateUser7() throws IOException, AccessException {
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, null);
when(authConfigs.isAuthEnabled()).thenReturn(true); when(authConfigs.isAuthEnabled()).thenReturn(true);
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenThrow( when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenThrow(
new AccessException("test")); new AccessException("test"));
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse(); MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest); Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);