Skip to content

Commit

Permalink
Refactor InternalUsers REST API test (opensearch-project#4481)
Browse files Browse the repository at this point in the history
Signed-off-by: Andrey Pleskach <[email protected]>
  • Loading branch information
willyborankin authored Jul 5, 2024
1 parent 20c8775 commit a588bdd
Show file tree
Hide file tree
Showing 10 changed files with 1,081 additions and 1,182 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -373,4 +373,37 @@ void assertResponseBody(final String responseBody) {
assertThat(responseBody, not(equalTo("")));
}

static ToXContentObject configJsonArray(final String... values) {
return (builder, params) -> {
builder.startArray();
if (values != null) {
for (final var v : values) {
if (v == null) {
builder.nullValue();
} else {
builder.value(v);
}
}
}
return builder.endArray();
};
}

static String[] generateArrayValues(boolean useNulls) {
final var length = randomIntBetween(1, 5);
final var values = new String[length];
final var nullIndex = randomIntBetween(0, length - 1);
for (var i = 0; i < values.length; i++) {
if (useNulls && i == nullIndex) values[i] = null;
else values[i] = randomAsciiAlphanumOfLength(10);
}
return values;
}

static ToXContentObject randomConfigArray(final boolean useNulls) {
return useNulls
? configJsonArray(generateArrayValues(useNulls))
: randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray()));
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -82,33 +82,6 @@ public AbstractConfigEntityApiIntegrationTest(final String path, final TestDescr
this.testDescriptor = testDescriptor;
}

static ToXContentObject configJsonArray(final String... values) {
return (builder, params) -> {
builder.startArray();
if (values != null) {
for (final var v : values) {
if (v == null) {
builder.nullValue();
} else {
builder.value(v);
}
}
}
return builder.endArray();
};
}

static String[] generateArrayValues(boolean useNulls) {
final var length = randomIntBetween(1, 5);
final var values = new String[length];
final var nullIndex = randomIntBetween(0, length - 1);
for (var i = 0; i < values.length; i++) {
if (useNulls && i == nullIndex) values[i] = null;
else values[i] = randomAsciiAlphanumOfLength(10);
}
return values;
}

@Override
protected String apiPath(String... paths) {
final StringJoiner fullPath = new StringJoiner("/").add(super.apiPath(path));
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

package org.opensearch.security.api;

import java.util.StringJoiner;

import org.junit.Test;

import org.opensearch.core.xcontent.ToXContentObject;
import org.opensearch.security.dlic.rest.validation.PasswordValidator;
import org.opensearch.security.dlic.rest.validation.RequestContentValidator;
import org.opensearch.security.support.ConfigConstants;

import static org.opensearch.security.api.PatchPayloadHelper.addOp;
import static org.opensearch.security.api.PatchPayloadHelper.patch;

public class InternalUsersRegExpPasswordRulesRestApiIntegrationTest extends AbstractApiIntegrationTest {

final static String PASSWORD_VALIDATION_ERROR_MESSAGE = "xxxxxxxx";

static {
clusterSettings.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_ERROR_MESSAGE, PASSWORD_VALIDATION_ERROR_MESSAGE)
.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX, "(?=.*[A-Z])(?=.*[^a-zA-Z\\\\d])(?=.*[0-9])(?=.*[a-z]).{8,}")
.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_SCORE_BASED_VALIDATION_STRENGTH, PasswordValidator.ScoreStrength.FAIR.name());
}

String internalUsers(String... path) {
final var fullPath = new StringJoiner("/").add(super.apiPath("internalusers"));
if (path != null) {
for (final var p : path)
fullPath.add(p);
}
return fullPath.toString();
}

ToXContentObject internalUserWithPassword(final String password) {
return (builder, params) -> builder.startObject()
.field("password", password)
.field("backend_roles", randomConfigArray(false))
.endObject();
}

@Test
public void canNotCreateUsersWithPassword() throws Exception {
withUser(ADMIN_USER_NAME, client -> {
// validate short passwords
badRequest(() -> client.putJson(internalUsers("tooshoort"), internalUserWithPassword("")));
badRequest(() -> client.putJson(internalUsers("tooshoort"), internalUserWithPassword("123")));
badRequest(() -> client.putJson(internalUsers("tooshoort"), internalUserWithPassword("1234567")));
badRequest(() -> client.putJson(internalUsers("tooshoort"), internalUserWithPassword("1Aa%")));
badRequest(() -> client.putJson(internalUsers("tooshoort"), internalUserWithPassword("123456789")));
badRequest(() -> client.putJson(internalUsers("tooshoort"), internalUserWithPassword("a123456789")));
badRequest(() -> client.putJson(internalUsers("tooshoort"), internalUserWithPassword("A123456789")));
// validate that password same as user
badRequest(() -> client.putJson(internalUsers("$1aAAAAAAAAC"), internalUserWithPassword("$1aAAAAAAAAC")));
badRequest(() -> client.putJson(internalUsers("$1aAAAAAAAac"), internalUserWithPassword("$1aAAAAAAAAC")));
badRequestWithReason(
() -> client.patch(
internalUsers(),
patch(
addOp("testuser1", internalUserWithPassword("$aA123456789")),
addOp("testuser2", internalUserWithPassword("testpassword2"))
)
),
PASSWORD_VALIDATION_ERROR_MESSAGE
);
// validate similarity
badRequestWithReason(
() -> client.putJson(internalUsers("some_user_name"), internalUserWithPassword("H3235,cc,some_User_Name")),
RequestContentValidator.ValidationError.SIMILAR_PASSWORD.message()
);
});
}

@Test
public void canCreateUsersWithPassword() throws Exception {
withUser(ADMIN_USER_NAME, client -> {
created(() -> client.putJson(internalUsers("ok1"), internalUserWithPassword("$aA123456789")));
created(() -> client.putJson(internalUsers("ok2"), internalUserWithPassword("$Aa123456789")));
created(() -> client.putJson(internalUsers("ok3"), internalUserWithPassword("$1aAAAAAAAAA")));
ok(() -> client.putJson(internalUsers("ok3"), internalUserWithPassword("$1aAAAAAAAAC")));
ok(() -> client.patch(internalUsers(), patch(addOp("ok3", internalUserWithPassword("$1aAAAAAAAAB")))));
ok(() -> client.putJson(internalUsers("ok1"), internalUserWithPassword("Admin_123")));
});
}

}
Loading

0 comments on commit a588bdd

Please sign in to comment.