Skip to content

Commit

Permalink
Merge pull request #10542 from stuartwdouglas/10532
Browse files Browse the repository at this point in the history 
If no challenge is generated return 401
  • Loading branch information
@gastaldi
gastaldi authored Jul 8, 2020
2 parents ee33c04 + 76f4a6c commit 28ffc46
Show file tree
Hide file tree
Showing 6 changed files with 118 additions and 14 deletions.
6 changes: 3 additions & 3 deletions ...urity/test-utils/src/main/java/io/quarkus/security/test/utils/TestIdentityController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@

public class TestIdentityController {

public static final Map<String, TestIdentity> idenitities = new ConcurrentHashMap<>();
public static final Map<String, TestIdentity> identities = new ConcurrentHashMap<>();

public static Builder resetRoles() {
idenitities.clear();
identities.clear();
return new Builder();
}

public static class Builder {
public Builder add(String username, String password, String... roles) {
idenitities.put(username, new TestIdentity(username, password, roles));
identities.put(username, new TestIdentity(username, password, roles));
return this;
}
}
Expand Down
2 changes: 1 addition & 1 deletion ...ecurity/test-utils/src/main/java/io/quarkus/security/test/utils/TestIdentityProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public Class<UsernamePasswordAuthenticationRequest> getRequestType() {
@Override
public Uni<SecurityIdentity> authenticate(UsernamePasswordAuthenticationRequest request,
AuthenticationRequestContext context) {
TestIdentityController.TestIdentity ident = TestIdentityController.idenitities.get(request.getUsername());
TestIdentityController.TestIdentity ident = TestIdentityController.identities.get(request.getUsername());
if (ident == null) {
return Uni.createFrom().optional(Optional.empty());
}
Expand Down
53 changes: 53 additions & 0 deletions ...-http/deployment/src/test/java/io/quarkus/vertx/http/security/EmptyChallengeTestCase.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
package io.quarkus.vertx.http.security;

import static org.hamcrest.Matchers.equalTo;

import java.util.function.Supplier;

import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;
import io.restassured.RestAssured;

public class EmptyChallengeTestCase {

private static final String APP_PROPS = "" +
"quarkus.http.auth.permission.roles1.paths=/*\n" +
"quarkus.http.auth.permission.roles1.policy=authenticated\n";

@RegisterExtension
static QuarkusUnitTest test = new QuarkusUnitTest().setArchiveProducer(new Supplier<JavaArchive>() {
@Override
public JavaArchive get() {
return ShrinkWrap.create(JavaArchive.class)
.addClasses(HeaderAuthenticator.class, PathHandler.class)
.addAsResource(new StringAsset(APP_PROPS), "application.properties");
}
});

@Test
public void testNoChallenge() {

RestAssured
.given()
.header("user", "test")
.when()
.get("/path")
.then()
.assertThat()
.statusCode(200)
.body(equalTo("test:/path"));
RestAssured
.given()
.when()
.get("/path")
.then()
.assertThat()
.statusCode(401);

}
}
44 changes: 44 additions & 0 deletions ...rtx-http/deployment/src/test/java/io/quarkus/vertx/http/security/HeaderAuthenticator.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package io.quarkus.vertx.http.security;

import java.util.Collections;
import java.util.Set;

import javax.enterprise.context.ApplicationScoped;

import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.security.runtime.QuarkusPrincipal;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;

@ApplicationScoped
public class HeaderAuthenticator implements HttpAuthenticationMechanism {
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
String user = context.request().getHeader("user");
if (user != null) {
return Uni.createFrom().item(QuarkusSecurityIdentity.builder().setPrincipal(new QuarkusPrincipal(user)).build());
}
return Uni.createFrom().nullItem();
}

@Override
public Uni<ChallengeData> getChallenge(RoutingContext context) {
return Uni.createFrom().nullItem();
}

@Override
public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
return Collections.emptySet();
}

@Override
public HttpCredentialTransport getCredentialTransport() {
return null;
}
}
2 changes: 1 addition & 1 deletion .../deployment/src/test/java/io/quarkus/vertx/http/security/TestTrustedIdentityProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public Class<TrustedAuthenticationRequest> getRequestType() {
@Override
public Uni<SecurityIdentity> authenticate(TrustedAuthenticationRequest request,
AuthenticationRequestContext context) {
TestIdentityController.TestIdentity ident = TestIdentityController.idenitities.get(request.getPrincipal());
TestIdentityController.TestIdentity ident = TestIdentityController.identities.get(request.getPrincipal());
if (ident == null) {
return Uni.createFrom().optional(Optional.empty());
}
Expand Down
25 changes: 16 additions & 9 deletions ...-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,10 @@
@ApplicationScoped
public class HttpAuthenticator {

final HttpAuthenticationMechanism[] mechanisms;
@Inject
IdentityProviderManager identityProviderManager;

final HttpAuthenticationMechanism[] mechanisms;

public HttpAuthenticator() {
mechanisms = null;
}
Expand Down Expand Up @@ -90,10 +89,10 @@ IdentityProviderManager getIdentityProviderManager() {
* Attempts authentication with the contents of the request. If this is possible the Uni
* will resolve to a valid SecurityIdentity when it is subscribed to. Note that Uni is lazy,
* so this may not happen until the Uni is subscribed to.
*
* <p>
* If invalid credentials are present then the completion stage will resolve to a
* {@link io.quarkus.security.AuthenticationFailedException}
*
* <p>
* If no credentials are present it will resolve to null.
*/
public Uni<SecurityIdentity> attemptAuthentication(RoutingContext routingContext) {
Expand All @@ -116,7 +115,6 @@ public Uni<SecurityIdentity> apply(SecurityIdentity data) {
}

/**
*
* @return
*/
public Uni<Boolean> sendChallenge(RoutingContext routingContext) {
Expand All @@ -125,15 +123,24 @@ public Uni<Boolean> sendChallenge(RoutingContext routingContext) {
HttpAuthenticationMechanism mech = mechanisms[i];
result = result.onItem().produceUni(new Function<Boolean, Uni<? extends Boolean>>() {
@Override
public Uni<? extends Boolean> apply(Boolean aBoolean) {
if (aBoolean) {
return Uni.createFrom().item(aBoolean);
public Uni<? extends Boolean> apply(Boolean authDone) {
if (authDone) {
return Uni.createFrom().item(authDone);
}
return mech.sendChallenge(routingContext);
}
});
}
return result;
return result.onItem().produceUni(new Function<Boolean, Uni<? extends Boolean>>() {
@Override
public Uni<? extends Boolean> apply(Boolean authDone) {
if (!authDone) {
routingContext.response().setStatusCode(401);
routingContext.response().end();
}
return Uni.createFrom().item(authDone);
}
});
}

public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
Expand Down

0 comments on commit 28ffc46

Please sign in to comment.