Issue 10343: Disabled default quarkus-oidc tenant blocks access to th…

…e public resources
quarkusio · Jul 2, 2020 · 5a58161 · 5a58161
1 parent 9663f0c
commit 5a58161
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 2 deletions.
diff --git a/extensions/oidc/runtime/pom.xml b/extensions/oidc/runtime/pom.xml
@@ -57,6 +57,16 @@
             <artifactId>quarkus-junit5-internal</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit5-mockito</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.vertx</groupId>
+            <artifactId>vertx-codegen</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-jackson</artifactId>

diff --git a/...sions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java b/...sions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanism.java
@@ -29,8 +29,9 @@ public class OidcAuthenticationMechanism implements HttpAuthenticationMechanism
     @Override
     public Uni<SecurityIdentity> authenticate(RoutingContext context,
             IdentityProviderManager identityProviderManager) {
-        return isWebApp(context) ? codeAuth.authenticate(context, identityProviderManager, resolver)
-                : bearerAuth.authenticate(context, identityProviderManager, resolver);
+        return Uni.createFrom().deferred(() -> isWebApp(context),
+                isWebApp -> isWebApp ? codeAuth.authenticate(context, identityProviderManager, resolver)
+                        : bearerAuth.authenticate(context, identityProviderManager, resolver));
     }
 
     @Override

diff --git a/...s/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanismTest.java b/...s/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcAuthenticationMechanismTest.java
@@ -0,0 +1,46 @@
+package io.quarkus.oidc.runtime;
+
+import static org.mockito.Mockito.verifyNoInteractions;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import io.quarkus.security.identity.IdentityProviderManager;
+import io.vertx.ext.web.RoutingContext;
+
+public class OidcAuthenticationMechanismTest {
+
+    @Mock
+    private DefaultTenantConfigResolver resolver;
+
+    @Mock
+    private RoutingContext context;
+
+    @Mock
+    private IdentityProviderManager identityProviderManager;
+
+    @InjectMocks
+    private OidcAuthenticationMechanism mechanism = new OidcAuthenticationMechanism();
+
+    @BeforeEach
+    public void setUp() {
+        MockitoAnnotations.initMocks(this);
+    }
+
+    @Test
+    public void shouldNotCheckWebAppInSync() {
+        whenAuthenticate();
+        thenResolverIsNotCalled();
+    }
+
+    private void whenAuthenticate() {
+        mechanism.authenticate(context, identityProviderManager);
+    }
+
+    private void thenResolverIsNotCalled() {
+        verifyNoInteractions(resolver);
+    }
+}