diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java index 0dce1cc9a97..e4b9acaed48 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java @@ -33,6 +33,8 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; import org.mockito.ArgumentCaptor; import org.springframework.context.ApplicationEventPublisher; import org.springframework.core.ParameterizedTypeReference; @@ -108,12 +110,16 @@ void setUp() throws Exception { uaaProvider = mock(IdentityProvider.class); when(uaaProvider.getType()).thenReturn(OriginKeys.UAA); when(uaaProvider.getOriginKey()).thenReturn(OriginKeys.UAA); + when(uaaProvider.isActive()).thenReturn(true); ldapProvider = mock(IdentityProvider.class); when(ldapProvider.getType()).thenReturn(OriginKeys.LDAP); when(ldapProvider.getOriginKey()).thenReturn(OriginKeys.LDAP); + when(ldapProvider.isActive()).thenReturn(true); when(identityProviderProvisioning.retrieveActive("uaa")).thenReturn(Arrays.asList(idp, uaaProvider, ldapProvider)); when(identityProviderProvisioning.retrieveByOrigin("oidcprovider", "uaa")).thenReturn(idp); + when(identityProviderProvisioning.retrieveByOrigin("uaa", "uaa")).thenReturn(uaaProvider); + when(identityProviderProvisioning.retrieveByOrigin("ldap", "uaa")).thenReturn(ldapProvider); Authentication clientAuth = mock(Authentication.class); when(clientAuth.getName()).thenReturn("clientid"); @@ -627,22 +633,29 @@ void testUaaPasswordGrant_defaultProviderUaa() { verify(zoneAwareAuthzAuthenticationManager, times(0)).setLoginHint(any(), any()); } - @Test - void testPasswordGrant_NoLoginHintWithDefaultUaa() { + @ParameterizedTest + @ValueSource(strings = { OriginKeys.UAA, OriginKeys.LDAP }) + void testPasswordGrant_NoLoginHintWithDefaultUaaOrLdap(final String loginHintOrigin) { Authentication auth = mock(Authentication.class); when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); Map additionalInformation = new HashMap<>(); - additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList("uaa")); + additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(loginHintOrigin)); when(uaaClient.getAdditionalInformation()).thenReturn(additionalInformation); - IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider("uaa"); + IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider(loginHintOrigin); instance.authenticate(auth); + /* should not read all in the zone during lookup of possible providers + * - "uaa" or "ldap" is used, but not as login hint */ + final String idzId = IdentityZoneHolder.get().getId(); + verify(identityProviderProvisioning, times(0)).retrieveActive(idzId); + verify(identityProviderProvisioning, times(1)).retrieveByOrigin(loginHintOrigin, idzId); + verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); ArgumentCaptor captor = ArgumentCaptor.forClass(UaaLoginHint.class); verify(zoneAwareAuthzAuthenticationManager, times(1)).setLoginHint(eq(auth), captor.capture()); assertNotNull(captor.getValue()); - assertEquals("uaa", captor.getValue().getOrigin()); + assertEquals(loginHintOrigin, captor.getValue().getOrigin()); } @Test @@ -719,24 +732,30 @@ void testOIDCPasswordGrant_LoginHintOidcOverridesDefaultUaa() { verify(identityProviderProvisioning, times(0)).retrieveActive(any()); } - @Test - void testOIDCPasswordGrant_LoginHintUaaOverridesDefaultOidc() { + @ParameterizedTest + @ValueSource(strings = { OriginKeys.UAA, OriginKeys.LDAP }) + void testOIDCPasswordGrant_LoginHintUaaOrLdapOverridesDefaultOidc(final String loginHintOrigin) { UaaLoginHint loginHint = mock(UaaLoginHint.class); - when(loginHint.getOrigin()).thenReturn("uaa"); + when(loginHint.getOrigin()).thenReturn(loginHintOrigin); Authentication auth = mock(Authentication.class); - when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); + when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(loginHint); Map additionalInformation = new HashMap<>(); - additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList("uaa")); + additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(loginHintOrigin)); when(uaaClient.getAdditionalInformation()).thenReturn(additionalInformation); IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider("oidcprovider"); instance.authenticate(auth); + // should read only "uaa" or "ldap" IdP during lookup of possible providers + final String idzId = IdentityZoneHolder.get().getId(); + verify(identityProviderProvisioning, times(0)).retrieveActive(idzId); + verify(identityProviderProvisioning, times(1)).retrieveByOrigin(loginHintOrigin, idzId); + verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); ArgumentCaptor captor = ArgumentCaptor.forClass(UaaLoginHint.class); verify(zoneAwareAuthzAuthenticationManager, times(1)).setLoginHint(eq(auth), captor.capture()); assertNotNull(captor.getValue()); - assertEquals("uaa", captor.getValue().getOrigin()); + assertEquals(loginHintOrigin, captor.getValue().getOrigin()); } @Test