KARAF-5014: consider first group role in users.properties and ignore empty roles - unit tests

Author: stataru8

jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractPropertiesBackingEngine.java

@@ -199,7 +199,7 @@ public void deleteRole(String username, String role) {
             }
             for (int i = firstRoleIndex; i < infos.length; i++) {
                 if (infos[i] != null && !infos[i].equals(role)) {
-                    if(userInfoBuffer.length() > 0) {
+                    if(firstRoleIndex == 1 || userInfoBuffer.length() > 0) {
                         userInfoBuffer.append(",");
                     }
                     userInfoBuffer.append(infos[i]);

jaas/modules/src/test/java/org/apache/karaf/jaas/modules/AbstractPropertiesBackingEngineTest.java

@@ -0,0 +1,168 @@
+/*
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *  under the License.
+ */
+package org.apache.karaf.jaas.modules;
+
+import static org.apache.karaf.jaas.modules.PrincipalHelper.names;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.contains;
+import static org.hamcrest.Matchers.containsInAnyOrder;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.apache.felix.utils.properties.Properties;
+import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
+import org.apache.karaf.jaas.modules.properties.PropertiesBackingEngine;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+
+public class AbstractPropertiesBackingEngineTest {
+
+    private File f;
+    private Properties p;
+    private PropertiesBackingEngine engine;
+
+    @Before
+    public void start() throws IOException {
+        f = File.createTempFile(getClass().getName(), ".tmp");
+        p = new Properties(f);
+        engine = new PropertiesBackingEngine(p);
+    }
+
+    @Test
+    public void addUserInternalTest() {
+        // non-existing user
+        engine.addUserInternal("a", "");
+
+        // update empty password on existing user with no roles
+        engine.addUserInternal("a", "pass1");
+        assertThat(List.of(p.get("a").split(",")), contains("pass1"));
+        UserPrincipal upa = PrincipalHelper.getUser(engine, "a");
+        assertTrue(engine.listGroups(upa).isEmpty());
+        assertTrue(engine.listRoles(upa).isEmpty());
+
+        // update password on existing user with no roles
+        engine.addUserInternal("a", "pass2");
+        assertThat(List.of(p.get("a").split(",")), contains("pass2"));
+        upa = PrincipalHelper.getUser(engine, "a");
+        assertTrue(engine.listGroups(upa).isEmpty());
+        assertTrue(engine.listRoles(upa).isEmpty());
+
+        // update password on existing user with roles
+        engine.addRole("a", "role1");
+        engine.addGroup("a", "g1");
+        engine.addGroupRole("g1", "role2");
+        engine.addUserInternal("a", "pass3");
+        assertThat(List.of(p.get("a").split(",")),
+                contains("pass3", "role1", PropertiesBackingEngine.GROUP_PREFIX + "g1"));
+        upa = PrincipalHelper.getUser(engine, "a");
+        assertThat(names(engine.listGroups(upa)), containsInAnyOrder("g1"));
+        assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2"));
+    }
+
+    @Test
+    public void lookupUserTest() {
+        engine.addUser("a", "pass1");
+        engine.addGroup("a", "g1");
+
+        assertEquals("a", engine.lookupUser("a").getName());
+        assertNull(engine.lookupUser("g1"));
+        assertNull(engine.lookupUser("test"));
+    }
+
+    @Test
+    public void listRolesTest() {
+        // empty roles
+        p.put("a", "pass1,,,"); // simulate manual editing of the properties file
+        assertTrue(engine.listRoles("a").isEmpty());
+
+        // duplicate role
+        p.put("a", "pass1,role1,role1");
+        UserPrincipal upa = PrincipalHelper.getUser(engine, "a");
+        List<RolePrincipal> roles = engine.listRoles(upa);
+        assertEquals(1, roles.size());
+        assertEquals("role1", roles.get(0).getName());
+    }
+
+    @Test
+    public void addRoleTest() {
+        // empty info in groups
+        engine.createGroup("g1");
+        engine.addGroupRole("g1", "role1");
+        GroupPrincipal gpg1 = PrincipalHelper.getGroup(engine, "g1");
+        assertThat(names(engine.listRoles(gpg1)), contains("role1"));
+
+        // empty info in users
+        engine.addUser("a", "");
+        engine.addRole("a", "role2");
+        UserPrincipal upa = PrincipalHelper.getUser(engine, "a");
+        assertThat(names(engine.listRoles(upa)), contains("role2"));
+        // user empty password is preserved
+        assertThat(List.of(p.get("a").split(",")), containsInAnyOrder("", "role2"));
+
+        // duplicate role
+        engine.addRole("a", "role2");
+        upa = PrincipalHelper.getUser(engine, "a");
+        assertThat(names(engine.listRoles(upa)), contains("role2"));
+        assertThat(List.of(p.get("a").split(",")), containsInAnyOrder("", "role2"));
+
+        // duplicate group
+        engine.addUser("b", "");
+        engine.addGroup("b", "g2");
+        engine.addGroup("b", "g2");
+        UserPrincipal upb = PrincipalHelper.getUser(engine, "b");
+        assertThat(names(engine.listGroups(upb)), contains("g2"));
+        assertThat(List.of(p.get("b").split(",")),
+                containsInAnyOrder("", PropertiesBackingEngine.GROUP_PREFIX + "g2"));
+    }
+
+    @Test
+    public void deleteRoleTest() {
+        // delete in group
+        engine.createGroup("g1");
+        engine.addGroupRole("g1", "role1");
+        engine.addGroupRole("g1", "role2");
+        engine.addGroupRole("g1", "role3");
+        engine.deleteGroupRole("g1", "role1");
+        GroupPrincipal gpg1 = PrincipalHelper.getGroup(engine, "g1");
+        assertThat(names(engine.listRoles(gpg1)), containsInAnyOrder("role2", "role3"));
+
+        // delete in user
+        engine.addUser("a", "");
+        engine.addRole("a", "role4");
+        engine.addRole("a", "role5");
+        engine.addRole("a", "role6");
+        engine.deleteRole("a", "role4");
+        UserPrincipal upa = PrincipalHelper.getUser(engine, "a");
+        assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role5", "role6"));
+        // user empty password is preserved
+        assertThat(List.of(p.get("a").split(",")), containsInAnyOrder("", "role5", "role6"));
+    }
+
+    @After
+    public void cleanup() {
+        if (!f.delete()) {
+            fail("Could not delete temporary file: " + f);
+        }
+    }
+
+}

jaas/modules/src/test/java/org/apache/karaf/jaas/modules/PrincipalHelper.java

@@ -16,14 +16,32 @@
 
 import static java.util.stream.Collectors.toList;
 
+import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
+import org.junit.Assert;
 import java.security.Principal;
 import java.util.Collection;
 import java.util.List;
+import java.util.stream.Collectors;
 
 public class PrincipalHelper {
 
     public static List<String> names(Collection<? extends Principal> principals) {
         return principals.stream().map(Principal::getName).collect(toList());
     }
+
+    public static UserPrincipal getUser(AbstractPropertiesBackingEngine engine, String name) {
+        List<UserPrincipal> matchingUsers = engine.listUsers().stream()
+                .filter(user -> name.equals(user.getName())).collect(Collectors.toList());
+        Assert.assertFalse("User with name " + name + " was not found", matchingUsers.isEmpty());
+        return matchingUsers.iterator().next();
+    }
+
+    public static GroupPrincipal getGroup(AbstractPropertiesBackingEngine engine, String name) {
+        List<GroupPrincipal> matchingGroups = engine.listGroups().keySet().stream()
+                .filter(group -> name.equals(group.getName())).collect(Collectors.toList());
+        Assert.assertFalse("Group with name " + name + " was not found", matchingGroups.isEmpty());
+        return matchingGroups.iterator().next();
+    }
 
-}
+}

jaas/modules/src/test/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngineTest.java

@@ -18,22 +18,17 @@
 
 import static org.apache.karaf.jaas.modules.PrincipalHelper.names;
 import static org.hamcrest.Matchers.containsInAnyOrder;
-import static org.hamcrest.Matchers.contains;
-import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import java.io.File;
 import java.io.IOException;
-import java.util.Arrays;
-import java.util.List;
-import java.util.stream.Collectors;
 
 import org.apache.felix.utils.properties.Properties;
 import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
 import org.apache.karaf.jaas.boot.principal.UserPrincipal;
+import org.apache.karaf.jaas.modules.PrincipalHelper;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -58,8 +53,8 @@ public void testUserRoles() throws IOException {
         engine.addRole("a", "role1");
         engine.addRole("a", "role2");
 
-        UserPrincipal upa = getUser(engine, "a");
-        assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2"));
+        UserPrincipal upa = PrincipalHelper.getUser(engine, "a");
+        Assert.assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2"));
 
         engine.addGroup("a", "g");
         engine.addGroupRole("g", "role2");
@@ -68,26 +63,26 @@ public void testUserRoles() throws IOException {
         engine.addGroup("b", "g2");
         engine.addGroupRole("g2", "role4");
 
-        assertThat(names(engine.listUsers()), containsInAnyOrder("a", "b"));
-        assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2", "role3"));
+        Assert.assertThat(names(engine.listUsers()), containsInAnyOrder("a", "b"));
+        Assert.assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2", "role3"));
 
         checkLoading();
 
         assertNotNull(engine.lookupUser("a"));
         assertEquals("a", engine.lookupUser("a").getName());
 
         // removing some stuff
-        UserPrincipal upb = getUser(engine, "b");
+        UserPrincipal upb = PrincipalHelper.getUser(engine, "b");
         assertEquals(1, engine.listGroups(upa).size());
         assertEquals(2, engine.listGroups(upb).size());
 
         GroupPrincipal gp = engine.listGroups(upa).iterator().next();
         engine.deleteGroupRole("g", "role2");
-        assertThat(names(engine.listRoles(gp)), containsInAnyOrder("role3"));
+        Assert.assertThat(names(engine.listRoles(gp)), containsInAnyOrder("role3"));
 
         // role2 should still be there as it was added to the user directly too
-        assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2", "role3"));
-        assertThat(names(engine.listRoles(upb)), containsInAnyOrder("role3", "role4"));
+        Assert.assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2", "role3"));
+        Assert.assertThat(names(engine.listRoles(upb)), containsInAnyOrder("role3", "role4"));
 
         engine.deleteGroup("b", "g");
         engine.deleteGroup("b", "g2");
@@ -101,65 +96,14 @@ public void testUserRoles() throws IOException {
     private void checkLoading() throws IOException {
         PropertiesBackingEngine engine = new PropertiesBackingEngine(new Properties(f));
         assertEquals(2, engine.listUsers().size());
-        UserPrincipal upa_2 = getUser(engine, "a");
-        UserPrincipal upb_2 = getUser(engine, "b");
+        UserPrincipal upa_2 = PrincipalHelper.getUser(engine, "a");
+        UserPrincipal upb_2 = PrincipalHelper.getUser(engine, "b");
 
         assertEquals(3, engine.listRoles(upa_2).size());
-        assertThat(names(engine.listRoles(upa_2)), containsInAnyOrder("role1", "role2", "role3"));
+        Assert.assertThat(names(engine.listRoles(upa_2)), containsInAnyOrder("role1", "role2", "role3"));
 
         assertEquals(3, engine.listRoles(upb_2).size());
-        assertThat(names(engine.listRoles(upb_2)), containsInAnyOrder("role2", "role3", "role4"));
-    }
-    
-    private UserPrincipal getUser(PropertiesBackingEngine engine, String name) {
-        List<UserPrincipal> matchingUsers = engine.listUsers().stream()
-            .filter(user->name.equals(user.getName())).collect(Collectors.toList());
-        Assert.assertFalse("User with name " + name + " was not found", matchingUsers.isEmpty());
-        return matchingUsers.iterator().next();
-    }
-
-    @Test
-    public void testUserPassword() throws IOException {
-        Properties p = new Properties(f);
-        PropertiesBackingEngine engine = new PropertiesBackingEngine(p);
-
-        // update password when user has no roles
-        engine.addUser("a", "pass1");
-        engine.addUser("a", "pass2");
-        assertThat(Arrays.asList(p.get("a").split(",")), contains("pass2"));
-        UserPrincipal upa = getUser(engine, "a");
-        assertTrue(engine.listRoles(upa).isEmpty());
-
-        // update empty password when user has no roles
-        engine.addUser("b", "");
-        engine.addUser("b", "pass3");
-        assertThat(Arrays.asList(p.get("b").split(",")), contains("pass3"));
-        UserPrincipal upb = getUser(engine, "b");
-        assertTrue(engine.listRoles(upb).isEmpty());
-
-        // update password when user has roles
-        engine.addUser("c", "pass4");
-        engine.addRole("c", "role1");
-        engine.addGroup("c", "g1");
-        engine.addGroupRole("g1", "role2");
-        engine.addUser("c", "pass5");
-        assertThat(Arrays.asList(p.get("c").split(",")),
-                contains("pass5", "role1", PropertiesBackingEngine.GROUP_PREFIX + "g1"));
-        UserPrincipal upc = getUser(engine, "c");
-        assertThat(names(engine.listRoles(upc)), containsInAnyOrder("role1", "role2"));
-        assertThat(names(engine.listGroups(upc)), containsInAnyOrder("g1"));
-
-        // update empty password when user has roles
-        engine.addUser("d", "");
-        engine.addRole("d", "role3");
-        engine.addGroup("d", "g2");
-        engine.addGroupRole("g2", "role4");
-        engine.addUser("d", "pass6");
-        assertThat(Arrays.asList(p.get("d").split(",")),
-                contains("pass6", "role3", PropertiesBackingEngine.GROUP_PREFIX + "g2"));
-        UserPrincipal upd = getUser(engine, "d");
-        assertThat(names(engine.listRoles(upd)), containsInAnyOrder("role3", "role4"));
-        assertThat(names(engine.listGroups(upd)), containsInAnyOrder("g2"));
+        Assert.assertThat(names(engine.listRoles(upb_2)), containsInAnyOrder("role2", "role3", "role4"));
     }
 
     @After