make User field configurable for whitelist check

fixes #3288

Author: Vladimir Kotal

plugins/src/main/java/opengrok/auth/plugin/UserWhiteListPlugin.java

@@ -18,7 +18,7 @@
  */
 
 /*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
  * Portions Copyright (c) 2020, Chris Fraire <[email protected]>.
  */
 package opengrok.auth.plugin;
@@ -43,18 +43,31 @@ public class UserWhiteListPlugin implements IAuthorizationPlugin {
     private static final String className = UserWhiteListPlugin.class.getName();
     private static final Logger LOGGER = Logger.getLogger(className);
 
+    // configuration parameters
     static final String FILE_PARAM = "file";
+    static final String FIELD_PARAM = "fieldName";
+
+    // valid values for the FIELD_NAME parameter
+    static final String USERNAME_FIELD = "username";
+    static final String ID_FIELD = "id";
 
     private final Set<String> whitelist = new TreeSet<>();
+    private String fieldName;
 
     @Override
     public void load(Map<String, Object> parameters) {
         String filePath;
-
         if ((filePath = (String) parameters.get(FILE_PARAM)) == null) {
             throw new IllegalArgumentException("Missing parameter [" + FILE_PARAM + "] in the configuration");
         }
 
+        if ((fieldName = (String) parameters.get(FIELD_PARAM)) == null) {
+            fieldName = USERNAME_FIELD;
+        } else if (!fieldName.equals(USERNAME_FIELD) && !fieldName.equals(ID_FIELD)) {
+            throw new IllegalArgumentException("Invalid value of parameter [" + FIELD_PARAM +
+                    "] in the configuration: only " + USERNAME_FIELD + " or " + ID_FIELD + " are supported");
+        }
+
         // Load whitelist from file to memory.
         try (Stream<String> stream = Files.lines(Paths.get(filePath))) {
             stream.forEach(whitelist::add);
@@ -76,7 +89,13 @@ private boolean checkWhitelist(HttpServletRequest request) {
             return false;
         }
 
-        return whitelist.contains(user.getUsername());
+        if (fieldName.equals(USERNAME_FIELD)) {
+            return user.getUsername() != null && whitelist.contains(user.getUsername());
+        } else if (fieldName.equals(ID_FIELD)) {
+            return user.getId() != null && whitelist.contains(user.getId());
+        }
+
+        return false;
     }
 
     @Override

plugins/src/test/java/opengrok/auth/plugin/UserWhiteListPluginTest.java

@@ -19,6 +19,7 @@
 
 /*
  * Copyright (c) 2020, Chris Fraire <[email protected]>.
+ * Copyright (c) 2020 Oracle and/or its affiliates. All rights reserved.
  */
 package opengrok.auth.plugin;
 
@@ -27,6 +28,8 @@
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 import org.opengrok.indexer.configuration.Group;
 import org.opengrok.indexer.configuration.Project;
 import org.opengrok.indexer.util.RandomString;
@@ -37,6 +40,9 @@
 import java.io.FileOutputStream;
 import java.io.OutputStreamWriter;
 import java.nio.charset.StandardCharsets;
+import java.security.InvalidParameterException;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 
 import static org.junit.Assert.assertFalse;
@@ -47,38 +53,67 @@
 /**
  * Represents a container for tests of {@link UserWhiteListPlugin}.
  */
+@RunWith(Parameterized.class)
 public class UserWhiteListPluginTest {
 
     private static final String OK_USER = "user1321";
-    private static File tempWhitelist;
+    private static final String OK_ID = "id2178";
+    private static File tempWhitelistUser;
+    private static File tempWhitelistId;
     private static HashMap<String, Object> validPluginParameters;
 
     private UserWhiteListPlugin plugin;
+    private final String param;
+
+    @Parameterized.Parameters
+    public static Collection<String> parameters() {
+        return Arrays.asList(UserWhiteListPlugin.ID_FIELD, UserWhiteListPlugin.USERNAME_FIELD);
+    }
+
+    public UserWhiteListPluginTest(String param) {
+        this.param = param;
+    }
 
     @BeforeClass
     public static void beforeClass() throws Exception {
-        tempWhitelist = File.createTempFile("UserWhiteListPluginTest", "txt");
+        tempWhitelistUser = File.createTempFile("UserWhiteListPluginTestUser", "txt");
         try (BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
-                new FileOutputStream(tempWhitelist), StandardCharsets.UTF_8))) {
+                new FileOutputStream(tempWhitelistUser), StandardCharsets.UTF_8))) {
             writer.write(OK_USER);
             // Don't bother with trailing LF.
         }
 
+        tempWhitelistId = File.createTempFile("UserWhiteListPluginTestId", "txt");
+        try (BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
+                new FileOutputStream(tempWhitelistId), StandardCharsets.UTF_8))) {
+            writer.write(OK_ID);
+            // Don't bother with trailing LF.
+        }
+
         validPluginParameters = new HashMap<>();
-        validPluginParameters.put(UserWhiteListPlugin.FILE_PARAM, tempWhitelist.getPath());
     }
 
     @AfterClass
     public static void afterClass() {
-        if (tempWhitelist != null) {
+        if (tempWhitelistUser != null) {
             //noinspection ResultOfMethodCallIgnored
-            tempWhitelist.delete();
+            tempWhitelistUser.delete();
+        }
+        if (tempWhitelistId != null) {
+            //noinspection ResultOfMethodCallIgnored
+            tempWhitelistId.delete();
         }
     }
 
     @Before
     public void setUp() {
         plugin = new UserWhiteListPlugin();
+        validPluginParameters.put(UserWhiteListPlugin.FIELD_PARAM, this.param);
+        if (this.param.equals(UserWhiteListPlugin.USERNAME_FIELD)) {
+            validPluginParameters.put(UserWhiteListPlugin.FILE_PARAM, tempWhitelistUser.getPath());
+        } else {
+            validPluginParameters.put(UserWhiteListPlugin.FILE_PARAM, tempWhitelistId.getPath());
+        }
     }
 
     @Test
@@ -89,6 +124,16 @@ public void shouldThrowOnLoadIfNullArgument() {
             }, "plugin.load(null)");
     }
 
+    @Test
+    public void shouldThrowOnLoadIfInvalidFieldName() {
+        assertThrows(IllegalArgumentException.class, () -> {
+            HashMap<String, Object> map = new HashMap<>();
+            map.put(UserWhiteListPlugin.FILE_PARAM, tempWhitelistUser.getPath());
+            map.put(UserWhiteListPlugin.FIELD_PARAM, "huh");
+            plugin.load(map);
+        }, "plugin.load(null)");
+    }
+
     @Test
     public void shouldThrowOnLoadIfUnreadableFileSpecified() {
         HashMap<String, Object> unreadablePluginParameters = new HashMap<>();
@@ -131,15 +176,21 @@ public void shouldAllowWhitelistedUserForAnyProject() {
         plugin.load(validPluginParameters);
 
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(OK_USER));
+        User user;
+        if (this.param.equals(UserWhiteListPlugin.USERNAME_FIELD)) {
+            user = new User(OK_USER);
+        } else {
+            user = new User("blurb", OK_ID);
+        }
+        req.setAttribute(UserPlugin.REQUEST_ATTR, user);
 
         Project randomProject = new Project(RandomString.generateUpper(10));
         boolean projectAllowed = plugin.isAllowed(req, randomProject);
-        assertTrue("should allow OK_USER for random project 1", projectAllowed);
+        assertTrue("should allow OK entity for random project 1", projectAllowed);
 
         randomProject = new Project(RandomString.generateUpper(10));
         projectAllowed = plugin.isAllowed(req, randomProject);
-        assertTrue("should allow OK_USER for random project 2", projectAllowed);
+        assertTrue("should allow OK entity for random project 2", projectAllowed);
     }
 
     @Test
@@ -151,19 +202,25 @@ public void shouldNotAllowRandomUserForAnyProject() {
 
         Project randomProject = new Project(RandomString.generateUpper(10));
         boolean projectAllowed = plugin.isAllowed(req, randomProject);
-        assertFalse("should not allow rando for random project 1", projectAllowed);
+        assertFalse("should not allow random user for random project 1", projectAllowed);
 
         randomProject = new Project(RandomString.generateUpper(10));
         projectAllowed = plugin.isAllowed(req, randomProject);
-        assertFalse("should not allow rando for random project 2", projectAllowed);
+        assertFalse("should not allow random user for random project 2", projectAllowed);
     }
 
     @Test
     public void shouldAllowWhitelistedUserForAnyGroup() {
         plugin.load(validPluginParameters);
 
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(OK_USER));
+        User user;
+        if (this.param.equals(UserWhiteListPlugin.USERNAME_FIELD)) {
+            user = new User(OK_USER);
+        } else {
+            user = new User("blurb", OK_ID);
+        }
+        req.setAttribute(UserPlugin.REQUEST_ATTR, user);
 
         Group randomGroup = new Group(RandomString.generateUpper(10));
         boolean groupAllowed = plugin.isAllowed(req, randomGroup);
@@ -183,10 +240,10 @@ public void shouldNotAllowRandomUserForAnyGroup() {
 
         Group randomGroup = new Group(RandomString.generateUpper(10));
         boolean projectAllowed = plugin.isAllowed(req, randomGroup);
-        assertFalse("should not allow rando for random group 1", projectAllowed);
+        assertFalse("should not allow random random group 1", projectAllowed);
 
         randomGroup = new Group(RandomString.generateUpper(10));
         projectAllowed = plugin.isAllowed(req, randomGroup);
-        assertFalse("should not allow rando for random group 2", projectAllowed);
+        assertFalse("should not allow random for random group 2", projectAllowed);
     }
 }