Skip to content

Commit

Permalink
Fix #12395, use request context replace session depend. (#12398)
Browse files Browse the repository at this point in the history
  • Loading branch information
KomachiSion authored Jul 22, 2024
1 parent 298f36f commit 197795a
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 33 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import com.alibaba.nacos.common.model.RestResultUtils;
import com.alibaba.nacos.common.utils.JacksonUtils;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.context.RequestContextHolder;
import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.constant.ActionTypes;
Expand Down Expand Up @@ -102,7 +103,11 @@ public class UserController {
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
@PostMapping
public Object createUser(@RequestParam String username, @RequestParam String password) {

if (AuthConstants.DEFAULT_USER.equals(username)) {
return RestResultUtils.failed(HttpStatus.CONFLICT.value(),
"User `nacos` is default admin user. Please use `/nacos/v1/auth/users/admin` API to init `nacos` users. "
+ "Detail see `https://nacos.io/docs/latest/manual/admin/auth/#31-%E8%AE%BE%E7%BD%AE%E7%AE%A1%E7%90%86%E5%91%98%E5%AF%86%E7%A0%81`");
}
User user = userDetailsService.getUserFromDatabase(username);
if (user != null) {
throw new IllegalArgumentException("user '" + username + "' already exist!");
Expand Down Expand Up @@ -202,8 +207,7 @@ private boolean hasPermission(String username, HttpServletRequest request)
if (!authConfigs.isAuthEnabled()) {
return true;
}
IdentityContext identityContext = (IdentityContext) request.getSession()
.getAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT);
IdentityContext identityContext = RequestContextHolder.getContext().getAuthContext().getIdentityContext();
if (identityContext == null) {
throw new HttpSessionRequiredException("session expired!");
}
Expand Down Expand Up @@ -324,7 +328,6 @@ public RestResult<String> updatePassword(@RequestParam(value = "oldPassword") St
}
}


/**
* Fuzzy matching username.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.model.RestResult;
import com.alibaba.nacos.core.context.RequestContextHolder;
import com.alibaba.nacos.persistence.model.Page;
import com.alibaba.nacos.plugin.auth.api.IdentityContext;
import com.alibaba.nacos.plugin.auth.exception.AccessException;
Expand All @@ -33,6 +34,7 @@
import com.alibaba.nacos.sys.env.EnvUtil;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
Expand Down Expand Up @@ -105,6 +107,12 @@ void setUp() throws Exception {
AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());

EnvUtil.setEnvironment(mockEnvironment);
RequestContextHolder.getContext().getAuthContext().setIdentityContext(new IdentityContext());
}

@AfterEach
public void tearDown() {
RequestContextHolder.removeContext();
}

@Test
Expand All @@ -123,20 +131,26 @@ void testLoginWithAuthedUser() throws AccessException, IOException {

@Test
void testCreateUser1() {
when(userDetailsService.getUserFromDatabase("nacos")).thenReturn(null);
RestResult<String> result = (RestResult<String>) userController.createUser("nacos", "test");
when(userDetailsService.getUserFromDatabase("test")).thenReturn(null);
RestResult<String> result = (RestResult<String>) userController.createUser("test", "test");
assertEquals(200, result.getCode());

}

@Test
void testCreateUser2() {
when(userDetailsService.getUserFromDatabase("nacos")).thenReturn(new User());
when(userDetailsService.getUserFromDatabase("test")).thenReturn(new User());
assertThrows(IllegalArgumentException.class, () -> {
userController.createUser("nacos", "test");
userController.createUser("test", "test");
});
}

@Test
void testCreateUserNamedNacos() {
RestResult<String> result = (RestResult<String>) userController.createUser("nacos", "test");
assertEquals(409, result.getCode());
}

@Test
void testCreateAdminUser1() {
when(authConfigs.getNacosAuthSystemType()).thenReturn(AuthSystemTypes.NACOS.name());
Expand Down Expand Up @@ -221,7 +235,7 @@ void testUpdateUser2() {

@Test
void testUpdateUser3() throws IOException {

RequestContextHolder.getContext().getAuthContext().setIdentityContext(null);
when(authConfigs.isAuthEnabled()).thenReturn(true);
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
Expand All @@ -234,15 +248,11 @@ void testUpdateUser3() throws IOException {

@Test
void testUpdateUser4() throws IOException {

RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, user);
when(authConfigs.isAuthEnabled()).thenReturn(true);
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, user);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
mockHttpServletResponse, mockHttpServletRequest);
Expand All @@ -252,17 +262,13 @@ void testUpdateUser4() throws IOException {

@Test
void testUpdateUser5() throws IOException, AccessException {

RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, null);
when(authConfigs.isAuthEnabled()).thenReturn(true);
when(userDetailsService.getUserFromDatabase(anyString())).thenReturn(new User());
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(user);

MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
RestResult<String> result = (RestResult<String>) userController.updateUser("nacos", "test",
mockHttpServletResponse, mockHttpServletRequest);
Expand All @@ -272,16 +278,12 @@ void testUpdateUser5() throws IOException, AccessException {

@Test
void testUpdateUser6() throws IOException, AccessException {

RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, null);
when(authConfigs.isAuthEnabled()).thenReturn(true);
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenReturn(null);

MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);

Expand All @@ -292,17 +294,13 @@ void testUpdateUser6() throws IOException, AccessException {

@Test
void testUpdateUser7() throws IOException, AccessException {

RequestContextHolder.getContext().getAuthContext().getIdentityContext()
.setParameter(AuthConstants.NACOS_USER_KEY, null);
when(authConfigs.isAuthEnabled()).thenReturn(true);
when(authenticationManager.authenticate(any(MockHttpServletRequest.class))).thenThrow(
new AccessException("test"));

MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
IdentityContext identityContext = new IdentityContext();
identityContext.setParameter(AuthConstants.NACOS_USER_KEY, null);
mockHttpServletRequest.getSession()
.setAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT,
identityContext);
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
Object result = userController.updateUser("nacos", "test", mockHttpServletResponse, mockHttpServletRequest);

Expand Down

0 comments on commit 197795a

Please sign in to comment.