feat: Extend AuthToken Forwarding (#232)

Co-authored-by: Matthias Kuhr <52661546+MatKuhr@users.noreply.github.com>

Author: cschubertcs

cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ComplexDestinationPropertyFactory.java

@@ -184,28 +184,29 @@ AuthenticationType getAuthenticationType(
         @Nonnull final DestinationProperties baseProperties,
         @Nonnull final Option<BasicCredentials> basicCredentials )
     {
-        final Option<AuthenticationType> authType =
+        final AuthenticationType authType =
             baseProperties
                 .get(DestinationProperty.AUTH_TYPE)
-                .orElse(() -> baseProperties.get(DestinationProperty.AUTH_TYPE_FALLBACK));
+                .orElse(() -> baseProperties.get(DestinationProperty.AUTH_TYPE_FALLBACK))
+                .onEmpty(
+                    () -> log
+                        .debug(
+                            "No valid JSON primitive '{}' or '{}' defined. Falling back to {}.",
+                            DestinationProperty.AUTH_TYPE,
+                            DestinationProperty.AUTH_TYPE_FALLBACK,
+                            AuthenticationType.NO_AUTHENTICATION))
+                .getOrElse(AuthenticationType.NO_AUTHENTICATION);
 
-        if( authType.isEmpty() ) {
-            final AuthenticationType fallback;
+        final boolean forwardAuthToken = baseProperties.get(DestinationProperty.FORWARD_AUTH_TOKEN).getOrElse(false);
 
-            if( basicCredentials.isDefined() ) {
-                fallback = AuthenticationType.BASIC_AUTHENTICATION;
-            } else if( baseProperties.get(DestinationProperty.FORWARD_AUTH_TOKEN).getOrElse(false) ) {
-                fallback = AuthenticationType.TOKEN_FORWARDING;
-            } else {
-                fallback = AuthenticationType.NO_AUTHENTICATION;
-            }
-
-            final String msg = "No valid JSON primitive '{}' or '{}' defined. Falling back to {}.";
-            log.debug(msg, DestinationProperty.AUTH_TYPE, DestinationProperty.AUTH_TYPE_FALLBACK, fallback);
+        if( authType == AuthenticationType.NO_AUTHENTICATION && basicCredentials.isDefined() ) {
+            return AuthenticationType.BASIC_AUTHENTICATION;
+        }
 
-            return fallback;
+        if( authType == AuthenticationType.NO_AUTHENTICATION && forwardAuthToken ) {
+            return AuthenticationType.TOKEN_FORWARDING;
         }
-        return authType.get();
+        return authType;
     }
 
     @Nonnull

cloudplatform/connectivity-destination-service/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/DestinationServiceFactoryTest.java

@@ -121,4 +121,17 @@ void testTokenErrorsAreThrown()
             .isInstanceOf(DestinationAccessException.class)
             .hasMessageContaining("some-error-message");
     }
+
+    @Test
+    void propertyForwardAuthTokenShouldSetAuthenticationType()
+    {
+        response.getDestinationConfiguration().put("Type", "HTTP");
+        response.getDestinationConfiguration().put("Name", "httpDestination");
+        response.getDestinationConfiguration().put("URL", "https://example.com");
+        response.getDestinationConfiguration().put("forwardAuthToken", "true");
+
+        final Destination result = DestinationServiceFactory.fromDestinationServiceV1Response(response);
+
+        assertThat(result.asHttp().getAuthenticationType()).isEqualTo(AuthenticationType.TOKEN_FORWARDING);
+    }
 }

cloudplatform/connectivity-destination-service/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/ForwardAuthTokenTest.java

@@ -0,0 +1,140 @@
+package com.sap.cloud.sdk.cloudplatform.connectivity;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Consumer;
+
+import javax.annotation.Nonnull;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import com.google.common.net.HttpHeaders;
+import com.sap.cloud.sdk.cloudplatform.requestheader.RequestHeaderAccessor;
+
+class ForwardAuthTokenTest
+{
+    static Collection<TestCase> createTestCases()
+    {
+        return List
+            .of(
+                // forwardAuthToken = true && authType = NoAuthentication
+                TestCaseBuilder
+                    .forProperty(DestinationProperty.FORWARD_AUTH_TOKEN.getKeyName(), "true")
+                    .and(DestinationProperty.AUTH_TYPE.getKeyName(), AuthenticationType.NO_AUTHENTICATION)
+                    .expectTokenForwarding(),
+                // forwardAuthToken = true && unset authType
+                TestCaseBuilder
+                    .forProperty(DestinationProperty.FORWARD_AUTH_TOKEN.getKeyName(), "true")
+                    .expectTokenForwarding(),
+                // forwardAuthToken = false && authType = NoAuthentication
+                TestCaseBuilder
+                    .forProperty(DestinationProperty.FORWARD_AUTH_TOKEN.getKeyName(), "false")
+                    .and(DestinationProperty.AUTH_TYPE.getKeyName(), AuthenticationType.NO_AUTHENTICATION)
+                    .expectNoTokenForwarding(),
+                // forwardAuthToken = false && unset authType
+                TestCaseBuilder
+                    .forProperty(DestinationProperty.FORWARD_AUTH_TOKEN.getKeyName(), "false")
+                    .expectNoTokenForwarding(),
+                // unset forwardAuthToken && authType = NoAuthentication
+                TestCaseBuilder
+                    .forProperty(DestinationProperty.AUTH_TYPE.getKeyName(), AuthenticationType.NO_AUTHENTICATION)
+                    .expectNoTokenForwarding(),
+                // unset forwardAuthToken && unset authType
+                TestCaseBuilder.forNoProperties().expectNoTokenForwarding());
+    }
+
+    private enum AssertionType
+    {
+        TOKEN_IS_FORWARDED(ForwardAuthTokenTest::assertThatTokenIsForwarded),
+        TOKEN_IS_NOT_FORWARDED(ForwardAuthTokenTest::assertThatTokenIsNotForwarded);
+
+        private final Consumer<HttpDestination> assertion;
+
+        AssertionType( final Consumer<HttpDestination> assertion )
+        {
+            this.assertion = assertion;
+        }
+    }
+
+    private record TestCase( Map<String, Object> properties, AssertionType forwardingAssertion )
+    {
+    }
+
+    private static class TestCaseBuilder
+    {
+
+        private final Map<String, Object> properties = new HashMap<>();
+
+        TestCaseBuilder( String key, Object value )
+        {
+            properties.put(key, value);
+        }
+
+        TestCaseBuilder()
+        {
+
+        }
+
+        static TestCaseBuilder forProperty( String key, Object value )
+        {
+            return new TestCaseBuilder(key, value);
+        }
+
+        static TestCaseBuilder forNoProperties()
+        {
+            return new TestCaseBuilder();
+        }
+
+        TestCaseBuilder and( final String key, final Object value )
+        {
+            properties.put(key, value);
+            return this;
+        }
+
+        TestCase expectTokenForwarding()
+        {
+            return new TestCase(properties, AssertionType.TOKEN_IS_FORWARDED);
+        }
+
+        TestCase expectNoTokenForwarding()
+        {
+            return new TestCase(properties, AssertionType.TOKEN_IS_NOT_FORWARDED);
+        }
+    }
+
+    @ParameterizedTest
+    @MethodSource( "createTestCases" )
+    void localDestinationShouldFulfillTestCase( @Nonnull final TestCase testCase )
+    {
+        final HttpDestination destination = buildLocalDestination(testCase.properties);
+        testCase.forwardingAssertion.assertion.accept(destination);
+    }
+
+    private HttpDestination buildLocalDestination( Map<String, Object> properties )
+    {
+        return DefaultDestination.fromMap(properties).uri("sap.com").build().asHttp();
+    }
+
+    private static void assertThatTokenIsNotForwarded( final HttpDestination destination )
+    {
+        final Collection<Header> headers =
+            RequestHeaderAccessor
+                .executeWithHeaderContainer(Map.of(HttpHeaders.AUTHORIZATION, "token"), () -> destination.getHeaders());
+
+        assertThat(headers).isEmpty();
+    }
+
+    private static void assertThatTokenIsForwarded( final HttpDestination destination )
+    {
+        final Collection<Header> headers =
+            RequestHeaderAccessor
+                .executeWithHeaderContainer(Map.of(HttpHeaders.AUTHORIZATION, "token"), () -> destination.getHeaders());
+
+        assertThat(headers).containsExactly(new Header(HttpHeaders.AUTHORIZATION, "token"));
+    }
+}

release_notes.md

@@ -54,6 +54,7 @@
       - Update [Guava](https://central.sonatype.com/artifact/com.google.guava/guava/33.0.0-jre) from `32.1.3-jre` to `33.0.0-jre`
       - Update [Jackson](https://central.sonatype.com/artifact/com.fasterxml.jackson.core/jackson-core/2.16.1) from `2.15.3` to `2.16.1`
       - Update [Commons Lang](https://central.sonatype.com/artifact/org.apache.commons/commons-lang3/3.14.0) from `3.13.0` to `3.14.0`
+- Destinations retrieved from the BTP Destination Service now correctly evaluate the `forwardAuthToken` property if it has the authentication type `NoAuthentication`.
 
 ### 🐛 Fixed Issues