杨翊 SionYang
GitHub
parent
298f36f145
commit
197795a854
@ -23,6 +23,7 @@ import com.alibaba.nacos.common.model.RestResult;
|
|||||||
import com.alibaba.nacos.common.model.RestResultUtils;
|
import com.alibaba.nacos.common.model.RestResultUtils;
|
||||||
import com.alibaba.nacos.common.utils.JacksonUtils;
|
import com.alibaba.nacos.common.utils.JacksonUtils;
|
||||||
import com.alibaba.nacos.common.utils.StringUtils;
|
import com.alibaba.nacos.common.utils.StringUtils;
|
||||||
|
import com.alibaba.nacos.core.context.RequestContextHolder;
|
||||||
import com.alibaba.nacos.persistence.model.Page;
|
import com.alibaba.nacos.persistence.model.Page;
|
||||||
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
|
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
|
||||||
import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
|
import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
|
||||||
@ -102,7 +103,11 @@ public class UserController {
|
|||||||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
|
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
|
||||||
@PostMapping
|
@PostMapping
|
||||||
public Object createUser(@RequestParam String username, @RequestParam String password) {
|
public Object createUser(@RequestParam String username, @RequestParam String password) {
|
||||||
|
if (AuthConstants.DEFAULT_USER.equals(username)) {
|
||||||
|
return RestResultUtils.failed(HttpStatus.CONFLICT.value(),
|
||||||
|
"User `nacos` is default admin user. Please use `/nacos/v1/auth/users/admin` API to init `nacos` users. "
|
||||||
|
+ "Detail see `https://nacos.io/docs/latest/manual/admin/auth/#31-%E8%AE%BE%E7%BD%AE%E7%AE%A1%E7%90%86%E5%91%98%E5%AF%86%E7%A0%81`");
|
||||||
|
}
|
||||||
User user = userDetailsService.getUserFromDatabase(username);
|
User user = userDetailsService.getUserFromDatabase(username);
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
throw new IllegalArgumentException("user '" + username + "' already exist!");
|
throw new IllegalArgumentException("user '" + username + "' already exist!");
|
||||||
@ -202,8 +207,7 @@ public class UserController {
|
|||||||
if (!authConfigs.isAuthEnabled()) {
|
if (!authConfigs.isAuthEnabled()) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
IdentityContext identityContext = (IdentityContext) request.getSession()
|
IdentityContext identityContext = RequestContextHolder.getContext().getAuthContext().getIdentityContext();
|
||||||
.getAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT);
|
|
||||||
if (identityContext == null) {
|
if (identityContext == null) {
|
||||||
throw new HttpSessionRequiredException("session expired!");
|
throw new HttpSessionRequiredException("session expired!");
|
||||||
}
|
}
|
||||||
@ -324,7 +328,6 @@ public class UserController {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Fuzzy matching username.
|
* Fuzzy matching username.
|
||||||
*
|
*
|
||||||
|
|||||||
@ -18,6 +18,7 @@ package com.alibaba.nacos.plugin.auth.impl.controller;
|
|||||||
|
|
||||||
import com.alibaba.nacos.auth.config.AuthConfigs;
|
import com.alibaba.nacos.auth.config.AuthConfigs;
|
||||||
import com.alibaba.nacos.common.model.RestResult;
|
import com.alibaba.nacos.common.model.RestResult;
|
||||||
|
import com.alibaba.nacos.core.context.RequestContextHolder;
|
||||||
import com.alibaba.nacos.persistence.model.Page;
|
import com.alibaba.nacos.persistence.model.Page;
|
||||||
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
|
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
|
||||||
import com.alibaba.nacos.plugin.auth.exception.AccessException;
|
import com.alibaba.nacos.plugin.auth.exception.AccessException;
|
||||||
@ -33,6 +34,7 @@ import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetailsServiceImpl;
|
|||||||
import com.alibaba.nacos.sys.env.EnvUtil;
|
import com.alibaba.nacos.sys.env.EnvUtil;
|
||||||
import com.fasterxml.jackson.databind.JsonNode;
|
import com.fasterxml.jackson.databind.JsonNode;
|
||||||
import com.fasterxml.jackson.databind.node.ObjectNode;
|
import com.fasterxml.jackson.databind.node.ObjectNode;
|
||||||
|
import org.junit.jupiter.api.AfterEach;
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.extension.ExtendWith;
|
import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
@ -105,6 +107,12 @@ class UserControllerTest {
|
|||||||
AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
|
AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
|
||||||
|
|
||||||
EnvUtil.setEnvironment(mockEnvironment);
|
EnvUtil.setEnvironment(mockEnvironment);
|
||||||
|
RequestContextHolder.getContext().getAuthContext().setIdentityContext(new IdentityContext());
|
||||||
|
}
|
||||||
|
|
||||||
|
@AfterEach
|
||||||
|
public void tearDown() {
|
||||||
|
RequestContextHolder.removeContext();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -123,20 +131,26 @@ class UserControllerTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testCreateUser1() {
|
void testCreateUser1() {
|
||||||
when(userDetailsService.getUserFromDatabase("nacos")).thenReturn(null);
|
when(userDetailsService.getUserFromDatabase("test")).thenReturn(null);
|
||||||
RestResult<String> result = (RestResult<String>) userController.createUser("nacos", "test");
|
RestResult<String> result = (RestResult<String>) userController.createUser("test", "test");
|
||||||
assertEquals(200, result.getCode());
|
assertEquals(200, result.getCode());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testCreateUser2() {
|
void testCreateUser2() {
|
||||||
when(userDetailsService.getUserFromDatabase("nacos")).thenReturn(new User());
|
when(userDetailsService.getUserFromDatabase("test")).thenReturn(new User());
|
||||||
assertThrows(IllegalArgumentException.class, () -> {
|
assertThrows(IllegalArgumentException.class, () -> {
|
||||||
userController.createUser("nacos", "test");
|
userController.createUser("test", "test");
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testCreateUserNamedNacos() {
|
||||||
|
RestResult<String> result = (RestResult<String>) userController.createUser("nacos", "test");
|
||||||
|
assertEquals(409, result.getCode());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testCreateAdminUser1() {
|
void testCreateAdminUser1() {
|
||||||
when(authConfigs.getNacosAuthSystemType()).thenReturn(AuthSystemTypes.NACOS.name());
|
when(authConfigs.getNacosAuthSystemType()).thenReturn(AuthSystemTypes.NACOS.name());
|
||||||
@ -221,7 +235,7 @@ class UserControllerTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testUpdateUser3() throws IOException {
|
void testUpdateUser3() throws IOException {
|
||||||
|
RequestContextHolder.getContext().getAuthContext().setIdentityContext(null);
|
||||||
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
||||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||||
@ -234,15 +248,11 @@ class UserControllerTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testUpdateUser4() throws IOException {
|
void testUpdateUser4() throws IOException {
|
||||||
|
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
|
||||||
|
.setParameter(AuthConstants.NACOS_USER_KEY, user);
|
||||||
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
||||||
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
|
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
|
||||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||||
IdentityContext identityContext = new IdentityContext();
|
|
||||||
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, user);
|
|
||||||
mockHttpServletRequest.getSession()
|
|
||||||
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
|
|
||||||
identityContext);
|
|
||||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||||
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
|
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
|
||||||
mockHttpServletResponse, mockHttpServletRequest);
|
mockHttpServletResponse, mockHttpServletRequest);
|
||||||
@ -252,17 +262,13 @@ class UserControllerTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testUpdateUser5() throws IOException, AccessException {
|
void testUpdateUser5() throws IOException, AccessException {
|
||||||
|
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
|
||||||
|
.setParameter(AuthConstants.NACOS_USER_KEY, null);
|
||||||
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
||||||
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
|
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
|
||||||
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(user);
|
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(user);
|
||||||
|
|
||||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||||
IdentityContext identityContext = new IdentityContext();
|
|
||||||
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
|
|
||||||
mockHttpServletRequest.getSession()
|
|
||||||
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
|
|
||||||
identityContext);
|
|
||||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||||
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
|
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
|
||||||
mockHttpServletResponse, mockHttpServletRequest);
|
mockHttpServletResponse, mockHttpServletRequest);
|
||||||
@ -272,16 +278,12 @@ class UserControllerTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testUpdateUser6() throws IOException, AccessException {
|
void testUpdateUser6() throws IOException, AccessException {
|
||||||
|
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
|
||||||
|
.setParameter(AuthConstants.NACOS_USER_KEY, null);
|
||||||
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
||||||
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(null);
|
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(null);
|
||||||
|
|
||||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||||
IdentityContext identityContext = new IdentityContext();
|
|
||||||
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
|
|
||||||
mockHttpServletRequest.getSession()
|
|
||||||
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
|
|
||||||
identityContext);
|
|
||||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||||
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);
|
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);
|
||||||
|
|
||||||
@ -292,17 +294,13 @@ class UserControllerTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testUpdateUser7() throws IOException, AccessException {
|
void testUpdateUser7() throws IOException, AccessException {
|
||||||
|
RequestContextHolder.getContext().getAuthContext().getIdentityContext()
|
||||||
|
.setParameter(AuthConstants.NACOS_USER_KEY, null);
|
||||||
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
when(authConfigs.isAuthEnabled()).thenReturn(true);
|
||||||
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenThrow(
|
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenThrow(
|
||||||
new AccessException("test"));
|
new AccessException("test"));
|
||||||
|
|
||||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||||
IdentityContext identityContext = new IdentityContext();
|
|
||||||
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
|
|
||||||
mockHttpServletRequest.getSession()
|
|
||||||
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
|
|
||||||
identityContext);
|
|
||||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||||
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);
|
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user