Mock Grails Spring Security Logged in User - testing

Looking for a way to mock spring security in some unit/integration tests.
Grails: V2.1.0
Spring Security Core: V1.2.7.3
Controller has the following:
// some action
def index(){
def user = getLoggedInUser()
render ....
}
...
private getLoggedInUser(){
return User.get(springSecurityService.principal.id)
}
I tried the following and various other ways but can't see to get it to work:
void testSomething(){
def dc = new SomeController()
dc.springSecurityService = [
encodePassword: 'password',
reauthenticate: { String u -> true},
loggedIn: true,
principal: [username:"Bob"]]
dc.index()
... assertion....
It seems that the user is not getting created and can't get the principal.id. Any suggestions or better alternatives?

I think the user is just being created, but not saved, and that's why it doesn't have an ID.
The solution could be this:
void testSomething(){
def dc = new SomeController()
def loggedInUser = new User(username: "Bob").save() // This way the user will have an ID
dc.springSecurityService = [
encodePassword: 'password',
reauthenticate: { String u -> true},
loggedIn: true,
principal: loggedInUser]
dc.index() ... assertion....
There's an alternative:
void testSomething(){
def dc = new SomeController()
def loggedInUser = new User(...).save()
dc.metaClass.getLoggedInUser = { loggedInUser }
...
I would suggest a refactor to getLoggedInUser:
private getLoggedInUser(){
return springSecurityService.currentUser
}
With this change, you could write:
void testSomething(){
def dc = new SomeController()
def loggedInUser = new User(...).save()
dc.springSecurityService = [
encodePassword: 'password',
reauthenticate: { String u -> true},
loggedIn: true,
getCurrenUser: { loggedInUser }]
...

Related

Terraform - Manipulate local variables

I am trying to setup some aws_ssoadmin_managed_policy_attachments (there will end up being a lot) so ideally I just want to be able to update a local variable and then use for_each to go through said variable and churn out a bunch of resources the other side.
I currently have something like the following:
locals {
roles = {
admin = {
//managed_policy_name = toset(["AdministratorAccess", "AWSSupportAccess"])
managed_policy_name = "AWSSupportAccess"
perm_set_name = "admin"
}
auditor = { ...
}
}
There will be a bunch more roles within this. I use the below to transform it to something more usable by the for_each.
managed_policy_map = [for keys, managed_policy_names in local.roles : {
for managed_policy_name in managed_policy_names :
format("%s-%s", keys, managed_policy_name) => { "managed_policy_name" : managed_policy_name }
}]
perm_set_to_managed_policy_map = merge(local.managed_policy_map...)
Output from this:
a = [{
"admin-AWSSupportAccess" = {
"managed_policy_name" = "AWSSupportAccess"
"perm_set_name" = "admin"
}
"admin-admin" = {
"managed_policy_name" = "admin"
"perm_set_name" = "admin"
}
"auditor-ReadOnlyAccess" = {
"managed_policy_name" = "ReadOnlyAccess"
"perm_set_name" = "auditor"
}
"auditor-auditor" = {
"managed_policy_name" = "auditor"
"perm_set_name" = "auditor"
}
"auditor-auditor-permission-set" = {
"managed_policy_name" = "auditor-permission-set"
"perm_set_name" = "auditor"
}
},]
Now, ideally, I would like to use the commented managed_policy_name which uses a list (or set to avoid dupes) //managed_policy_name = toset(["AdministratorAccess", "AWSSupportAccess"]) and cycle through that to end up with something like.
a = [{
"admin-AdministratorAccess" = {
"managed_policy_name" = "AdministratorAccess"
"perm_set_name" = "admin"
}
"admin-AWSSupportAccess" = {
"managed_policy_name" = "AWSSupportAccess"
"perm_set_name" = "admin"
}
"auditor-ReadOnlyAccess" = {
"managed_policy_name" = "ReadOnlyAccess"
"perm_set_name" = "auditor"
} ...
Is this doable? My assumption is that it will be fairly complicated or I'm missing some Terraform function that makes it easy. Any help would be greatly appreciated.
You can simplify your variable structure:
locals {
roles = {
admin = toset(["AdministratorAccess", "AWSSupportAccess"])
auditor = ...
}
}
and then simplify your for expression:
managed_policy_map = [for role, managed_policy_names in local.roles : {
for policy in managed_policy_names : "${role}-${policy}" => {
"managed_policy_name" = policy
"perm_set_name" = role
}
}]
to easily achieve the same output structure with the set type instead of the string type:
[
{
"admin-AWSSupportAccess" = {
"managed_policy_name" = "AWSSupportAccess"
"perm_set_name" = "admin"
}
"admin-AdministratorAccess" = {
"managed_policy_name" = "AdministratorAccess"
"perm_set_name" = "admin"
}
},
]
I would also recommend simplifying the output structure for easier use in the for_each meta-argument according to the intention stated in the question.

Django channels without redis

I have a django app based on this tutorial that works perfectly. It uses Redis in the Channel layers
CHANNEL_LAYERS = {
'default': {
'BACKEND': 'channels_redis.core.RedisChannelLayer',
'CONFIG': {
"hosts": [('127.0.0.1', 6379)],
},
},
}
The problem I have is that my web hosting provider will not allow Redis (unless I pay ££££).
Every example that I can find uses Redis in this role. Is there an alternative I could use?
there are a few options.
you can run your channel layer on a different service to were the main instance runs. AWS ElastiCache or many other redis hosts out there.
There is also a RabbitMQ channel layer but if your hosting provider charges a lot for reddis i expect they will also charge a lot for this ... https://github.com/CJWorkbench/channels_rabbitmq/
It turned out that channels is a non-starter on an affordable web-hosting platform. So I reverted to using Ajax and long polling. My application is based on this Django Tutorial.
models.py
class Message(models.Model):
room_name = models.CharField(null=False, blank=False, max_length=50)
sender = models.CharField(null=False, blank=False, max_length=50, default='Sender username')
datetime = models.DateTimeField(null=True, auto_now_add=True)
type = models.IntegerField(null=True, blank=True)
text = models.CharField(null=False, blank=False, max_length=250, default='message text')
context = models.TextField(null=True, blank=True)
urls.py
urlpatterns = [
path('<str:partner_pk>/check-message', views.CheckMessage.as_view(), name="check-message"),
path('<str:partner_pk>/send-message/<str:chat_text>', views.SendMessage.as_view(), name="send-message"),
]
views.py
class CheckMessage(View):
"""Duo check message."""
def get(self, request, partner_pk):
"""Render the GET request."""
pair, room_name = sort_pair(partner_pk, request.user.pk)
partner = User.objects.get(pk=partner_pk)
profile = get_object_or_404(Profile, user=request.user)
message = Message.objects.filter(room_name=room_name, sender=partner.username).earliest('datetime')
context = {'type': -1}
context = json.loads(message.context)
context['sender'] = message.sender
context['datetime'] = message.datetime
context['message_type'] = message.type
context['text'] = message.text
context['seat'] = profile.seat
message.delete()
return JsonResponse(context, safe=False)
class SendMessage(View):
def get(self, request, partner_pk, chat_text):
message_type = app.MESSAGE_TYPES['chat']
send_message(request, partner_pk, message_type, text=chat_text, context={})
return JsonResponse({}, safe=False)
chat.js
window.setInterval(checkMessage, 3000);
function checkMessage () {
$.ajax(
{
type:"GET",
url: "check-message",
cache: false,
success: function(message) {
processMessage(message);
}
}
)
}
// Take action when a message is received
function processMessage(context) {
switch (context.message_type) {
case 0:
sendMessage(context)
functionOne()
break;
case 1:
sendMessage(context)
functionTwo()
break;
case 2:
sendMessage(context)
functionThree()
break;
}
}
// Send a message to chat
function sendMessage (context) {
if (context.sender != username) {
var messageObject = {
'username': context.sender,
'text': context.text,
};
displayChat(context);
}
}
// Display a chat message in the chat box.
function displayChat(context) {
if (context.text !== '') {
var today = new Date();
var hours = pad(today.getHours(), 2)
var minutes = pad(today.getMinutes(), 2)
var seconds = pad(today.getSeconds(), 2)
var time = hours + ":" + minutes + ":" + seconds;
var chat_log = document.getElementById("chat-log");
chat_log.value += ('('+time+') '+context.sender + ': ' + context.text + '\n');
chat_log.scrollTop = chat_log.scrollHeight;
}
}
//pad string with leading zeros
function pad(num, size) {
var s = num+"";
while (s.length < size) s = "0" + s;
return s;
}
// Call submit chat message if the user presses <return>.
document.querySelector('#chat-message-input').focus();
document.querySelector('#chat-message-input').onkeyup = function (e) {
if (e.keyCode === 13) { // enter, return
document.querySelector('#chat-message-submit').click();
}
};
// Submit the chat message if the user clicks on 'Send'.
document.querySelector('#chat-message-submit').onclick = function (e) {
var messageField = document.querySelector('#chat-message-input'), text = messageField.value, chat_log = document.getElementById("chat-log");
context = {sender: username, text: messageField.value}
displayChat(context)
sendChat(messageField.value)
chat_log.scrollTop = chat_log.scrollHeight;
messageField.value = '';
};
// Call the send-chat view
function sendChat(chat_text) {
$.ajax(
{
type:"GET",
url: "send-message/"+chat_text,
cache: false,
}
)
}

OpenID Connect and IdentityServer4: APIs vs scopes

http://docs.identityserver.io/en/latest/reference/api_resource.html says "An API must have at least one scope."
It seems this restriction is not enforced by IdentityServer4: I have
public static IEnumerable<ApiResource> GetApis(IConfiguration config)
{
return new ApiResource[]
{
new ApiResource("orm", "Our ORM"),
};
}
(without scopes here) and my software does work and seems not to produce any errors. Do I understand correctly that here I have an error but IdentityServer4 just does not diagnose the error?
Moreover, I have
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets = { new Secret("XXX".Sha256()) },
RedirectUris = { ormClientURL + "/signin-oidc" },
FrontChannelLogoutUri = ormClientURL + "/signout-oidc",
PostLogoutRedirectUris = { ormClientURL + "/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "orm" }
},
and it works despite I have no scope "orm" defined.
Why does it indeed work?
How to fix this properly? (Which clients and scopes should I define?)
It appears that the ApiResource constructor adds a Scope using the name and displayName provided:
public ApiResource(string name, string displayName)
: this(name, displayName, null)
{
}
public ApiResource(string name, string displayName, IEnumerable<string> claimTypes)
{
if (name.IsMissing()) throw new ArgumentNullException(nameof(name));
Name = name;
DisplayName = displayName;
Scopes.Add(new Scope(name, displayName));
if (!claimTypes.IsNullOrEmpty())
{
foreach (var type in claimTypes)
{
UserClaims.Add(type);
}
}
}
https://github.com/IdentityServer/IdentityServer4/blob/master/src/Storage/src/Models/ApiResource.cs

Do I need different module in each test case using Nancy?

I want to test my web application, without the web services layer. in order to do that I am using Nancy framework.
I am mocking ServiceA as follow:
public class ServiceAModule : NancyModule
{
public ServiceAModule () : base("/serviceAPath")
{
Get["/"] = p =>
{
var s = #"{Property1 : 23}";
var jsonBytes = Encoding.UTF8.GetBytes(s);
return new Response
{
ContentType = "application/json",
Contents = stream => stream.Write(jsonBytes, 0, jsonBytes.Length),
StatusCode = HttpStatusCode.OK
};
};
}
Now, in my tests: I initialize Nancy service:
private static IDisposable CreateService()
{
const string url = "http://+:8088";
var service = WebApp.Start(url, builder =>
{
var browser = new Browser(with => { with.EnableAutoRegistration(); });
builder.UseNancy();
});
return service;
}
And I am testing the application UI using selenium.
My question is: I need different scenario (different response from ServiceAModule Get end point), what are my options?
As I see it, I have one option, which is to create different module for each test case and register this module on each test.
This solution brings a lot of code, and mess.
Do I have any other option? what is the common use of Nancy in this cases?
Thank you!
What do you mean by different response ? You can add as many actions as you want on the same Module
public ServiceAModule () : base("/serviceAPath")
{
Get["/"] = p => Response.AsJson(new {Property1 : 23 });
Post["/"] = p => Response.AsText("Saved !!!");
Get["/thing"] = p => Response.AsJson(new { foo : 3434 , bar : 900 });
}

Yii2 signup without saving session data

I have registration form in my Yii2 advanced application. In my application only admin can register users. But when I register new user, admin session data are destroyed and new user's session data are set. What I am trying is not to change session data when I register new user. Admin user is still should be set to session data. How to solve this problem. This is my action in controller:
public function actionSignup()
{
$model = new SignupForm();
if(Yii::$app->user->can('admin'))
{
if (($response = self::ajaxValidate($model)) !== false)
return $response;
if (self::postValidate($model))
{
try
{
$trans = Yii::$app->db->beginTransaction();
if ($user = $model->signup()) {
Yii::$app->getUser()->login($user);
}
//tagidan tushgan odamining child_left, child_right tini o'zgartirish
$under = UserModel::findOne($user->id_parent_under);
if ($under->id_child_left == 0)
$under->id_child_left = $user->id;
else
$under->id_child_right = $user->id;
$under->update(false);
ChildrenBinaryModel::insertNewUser($user);
ChildrenClassicModel::insertNewUser($user);
$parents = ChildrenBinaryModel::find()->with('user')->where(["id_child" => $user->id])->orderBy(['depth' => SORT_ASC])->all();
$c_user = $user;
foreach($parents as $p)
{
$p_user = $p->user;
if ($p_user->id_child_left == $c_user->id)
$p_user->ball_left += 100;
else
$p_user->ball_right += 100;
$p_user->update(false);
$c_user = $p_user;
}
$trans->commit();
}
catch(\Exception $e)
{
$trans->rollBack();
return $this->renderContent($e->getMessage());
}
return $this->render('index');
}
return $this->render('signup', [
'model' => $model,
]);
}else{
throw new ForbiddenHttpException;
}
}
Checkout the documentation for \yii\web\User::login(). When this is run in your code by calling Yii::$app->getUser()->login($user), the session data is set to match your $user.
If it's always the admin user that's signing up new users, I'm not sure you even need to run the login method.
I have solved this problem. In order to make answer clearly and simple I will show you default signup action in site controller (Yii2 advanced template):
public function actionSignup()
{
$model = new SignupForm();
if ($model->load(Yii::$app->request->post())) {
if ($user = $model->signup()) {
if (Yii::$app->user->enableSession = false &&
Yii::$app->getUser()->login($user)) {
return $this->goHome();
}
}
}
return $this->render('signup', [
'model' => $model,
]);
}
Only I have done was adding this
Yii::$app->user->enableSession = false
inside the if statement