|
31 | 31 | import org.cloudfoundry.identity.uaa.util.AlphanumericRandomValueStringGenerator; |
32 | 32 | import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; |
33 | 33 | import org.junit.jupiter.api.AfterEach; |
| 34 | +import org.junit.jupiter.api.Assertions; |
34 | 35 | import org.junit.jupiter.api.BeforeEach; |
35 | 36 | import org.junit.jupiter.api.Test; |
36 | 37 | import org.junit.jupiter.api.extension.ExtendWith; |
| 38 | +import org.junit.jupiter.params.ParameterizedTest; |
| 39 | +import org.junit.jupiter.params.provider.ValueSource; |
37 | 40 | import org.mockito.ArgumentCaptor; |
38 | 41 | import org.springframework.context.ApplicationEventPublisher; |
39 | 42 | import org.springframework.core.ParameterizedTypeReference; |
@@ -632,22 +635,29 @@ void testUaaPasswordGrant_defaultProviderUaa() { |
632 | 635 | verify(zoneAwareAuthzAuthenticationManager, times(0)).setLoginHint(any(), any()); |
633 | 636 | } |
634 | 637 |
|
635 | | - @Test |
636 | | - void testPasswordGrant_NoLoginHintWithDefaultUaa() { |
| 638 | + @ParameterizedTest |
| 639 | + @ValueSource(strings = { OriginKeys.UAA, OriginKeys.LDAP }) |
| 640 | + void testPasswordGrant_NoLoginHintWithDefaultUaaOrLdap(final String loginHintOrigin) { |
637 | 641 | Authentication auth = mock(Authentication.class); |
638 | 642 | when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); |
639 | 643 | Map<String, Object> additionalInformation = new HashMap<>(); |
640 | | - additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList("uaa")); |
| 644 | + additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(loginHintOrigin)); |
641 | 645 | when(uaaClient.getAdditionalInformation()).thenReturn(additionalInformation); |
642 | | - IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider("uaa"); |
| 646 | + IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider(loginHintOrigin); |
643 | 647 |
|
644 | 648 | instance.authenticate(auth); |
645 | 649 |
|
| 650 | + /* should read all in the zone during lookup of possible providers |
| 651 | + * - "uaa" or "ldap" is used, but not as login hint */ |
| 652 | + final String idzId = IdentityZoneHolder.get().getId(); |
| 653 | + verify(identityProviderProvisioning, times(1)).retrieveActive(idzId); |
| 654 | + verify(identityProviderProvisioning, times(0)).retrieveByOrigin(loginHintOrigin, idzId); |
| 655 | + |
646 | 656 | verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); |
647 | 657 | ArgumentCaptor<UaaLoginHint> captor = ArgumentCaptor.forClass(UaaLoginHint.class); |
648 | 658 | verify(zoneAwareAuthzAuthenticationManager, times(1)).setLoginHint(eq(auth), captor.capture()); |
649 | | - assertNotNull(captor.getValue()); |
650 | | - assertEquals("uaa", captor.getValue().getOrigin()); |
| 659 | + Assertions.assertNotNull(captor.getValue()); |
| 660 | + Assertions.assertEquals(loginHintOrigin, captor.getValue().getOrigin()); |
651 | 661 | } |
652 | 662 |
|
653 | 663 | @Test |
@@ -724,24 +734,30 @@ void testOIDCPasswordGrant_LoginHintOidcOverridesDefaultUaa() { |
724 | 734 | verify(identityProviderProvisioning, times(0)).retrieveActive(any()); |
725 | 735 | } |
726 | 736 |
|
727 | | - @Test |
728 | | - void testOIDCPasswordGrant_LoginHintUaaOverridesDefaultOidc() { |
| 737 | + @ParameterizedTest |
| 738 | + @ValueSource(strings = { OriginKeys.UAA, OriginKeys.LDAP }) |
| 739 | + void testOIDCPasswordGrant_LoginHintUaaOrLdapOverridesDefaultOidc(final String loginHintOrigin) { |
729 | 740 | UaaLoginHint loginHint = mock(UaaLoginHint.class); |
730 | | - when(loginHint.getOrigin()).thenReturn("uaa"); |
| 741 | + when(loginHint.getOrigin()).thenReturn(loginHintOrigin); |
731 | 742 | Authentication auth = mock(Authentication.class); |
732 | | - when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); |
| 743 | + when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(loginHint); |
733 | 744 | Map<String, Object> additionalInformation = new HashMap<>(); |
734 | | - additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList("uaa")); |
| 745 | + additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(loginHintOrigin)); |
735 | 746 | when(uaaClient.getAdditionalInformation()).thenReturn(additionalInformation); |
736 | 747 | IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider("oidcprovider"); |
737 | 748 |
|
738 | 749 | instance.authenticate(auth); |
739 | 750 |
|
| 751 | + // should read only "uaa" or "ldap" IdP during lookup of possible providers |
| 752 | + final String idzId = IdentityZoneHolder.get().getId(); |
| 753 | + verify(identityProviderProvisioning, times(0)).retrieveActive(idzId); |
| 754 | + verify(identityProviderProvisioning, times(1)).retrieveByOrigin(loginHintOrigin, idzId); |
| 755 | + |
740 | 756 | verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); |
741 | 757 | ArgumentCaptor<UaaLoginHint> captor = ArgumentCaptor.forClass(UaaLoginHint.class); |
742 | 758 | verify(zoneAwareAuthzAuthenticationManager, times(1)).setLoginHint(eq(auth), captor.capture()); |
743 | | - assertNotNull(captor.getValue()); |
744 | | - assertEquals("uaa", captor.getValue().getOrigin()); |
| 759 | + Assertions.assertNotNull(captor.getValue()); |
| 760 | + Assertions.assertEquals(loginHintOrigin, captor.getValue().getOrigin()); |
745 | 761 | } |
746 | 762 |
|
747 | 763 | @Test |
|
0 commit comments