Restructure and split tests

jenkinsci · Dec 20, 2024 · 0b1d642 · 0b1d642
1 parent e64f086
commit 0b1d642
Show file tree

Hide file tree

Showing 9 changed files with 1,384 additions and 836 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
@@ -1320,14 +1320,12 @@ public void doFinishLogin(StaplerRequest request, StaplerResponse response) thro
      */
     public boolean handleTokenExpiration(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
             throws IOException, ServletException {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-
-        if (httpRequest.getRequestURI().endsWith("/logout")) {
-            // No need to refresh token when logging out
+        if (isLogoutRequest(httpRequest)) {
             return true;
         }
 
-        if (authentication == null || authentication instanceof AnonymousAuthenticationToken) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (isAnonymousOrNoAuthentication(authentication)) {
             return true;
         }
 
@@ -1336,32 +1334,17 @@ public boolean handleTokenExpiration(HttpServletRequest httpRequest, HttpServlet
             return true;
         }
 
-        if (isAllowTokenAccessWithoutOicSession()) {
-            // check if this is a valid api token based request
-            String authHeader = httpRequest.getHeader("Authorization");
-            if (authHeader != null && authHeader.startsWith("Basic ")) {
-                String token = new String(Base64.getDecoder().decode(authHeader.substring(6)), StandardCharsets.UTF_8)
-                        .split(":")[1];
-
-                ApiTokenProperty apiTokenProperty = user.getProperty(ApiTokenProperty.class);
-                if (apiTokenProperty != null && apiTokenProperty.matchesPassword(token)) {
-                    // this was a valid jenkins token being used, exit this filter and let
-                    // the rest of chain be processed
-                    return true;
-                } // else do nothing and continue evaluating this request
-            }
-        }
-
         OicCredentials credentials = user.getProperty(OicCredentials.class);
-
         if (credentials == null) {
             return true;
         }
 
+        if (isValidApiTokenRequest(httpRequest, user)) {
+            return true;
+        }
+
         if (isExpired(credentials)) {
-            if (serverConfiguration.toProviderMetadata().getGrantTypes() != null
-                    && serverConfiguration.toProviderMetadata().getGrantTypes().contains(GrantType.REFRESH_TOKEN)
-                    && !Strings.isNullOrEmpty(credentials.getRefreshToken())) {
+            if (canRefreshToken(credentials)) {
                 LOGGER.log(Level.FINEST, "Attempting to refresh credential for user: {0}", user.getId());
                 boolean retVal = refreshExpiredToken(user.getId(), credentials, httpRequest, httpResponse);
                 LOGGER.log(Level.FINEST, "Refresh credential for user returned {0}", retVal);
@@ -1375,6 +1358,38 @@ public boolean handleTokenExpiration(HttpServletRequest httpRequest, HttpServlet
         return true;
     }
 
+    boolean isLogoutRequest(HttpServletRequest request) {
+        return request.getRequestURI().endsWith("/logout");
+    }
+
+    boolean isAnonymousOrNoAuthentication(Authentication authentication) {
+        return authentication == null || authentication instanceof AnonymousAuthenticationToken;
+    }
+
+    boolean isValidApiTokenRequest(HttpServletRequest httpRequest, User user) {
+        if (isAllowTokenAccessWithoutOicSession()) {
+            // check if this is a valid api token based request
+            String authHeader = httpRequest.getHeader("Authorization");
+            if (authHeader != null && authHeader.startsWith("Basic ")) {
+                String token = new String(Base64.getDecoder().decode(authHeader.substring(6)), StandardCharsets.UTF_8)
+                        .split(":")[1];
+
+                // this was a valid jenkins token being used, exit this filter and let
+                // the rest of chain be processed
+                // else do nothing and continue evaluating this request
+                ApiTokenProperty apiTokenProperty = user.getProperty(ApiTokenProperty.class);
+                return apiTokenProperty != null && apiTokenProperty.matchesPassword(token);
+            }
+        }
+        return false;
+    }
+
+    boolean canRefreshToken(OicCredentials credentials) {
+        return serverConfiguration.toProviderMetadata().getGrantTypes() != null
+                && serverConfiguration.toProviderMetadata().getGrantTypes().contains(GrantType.REFRESH_TOKEN)
+                && !Strings.isNullOrEmpty(credentials.getRefreshToken());
+    }
+
     private void redirectToLoginUrl(HttpServletRequest req, HttpServletResponse res) throws IOException {
         if (req != null && (req.getSession(false) != null || Strings.isNullOrEmpty(req.getHeader("Authorization")))) {
             req.getSession().invalidate();

diff --git a/src/test/java/org/jenkinsci/plugins/oic/MockHttpServletResponse.java b/src/test/java/org/jenkinsci/plugins/oic/MockHttpServletResponse.java
@@ -0,0 +1,199 @@
+package org.jenkinsci.plugins.oic;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Collection;
+import java.util.Locale;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+public class MockHttpServletResponse implements HttpServletResponse {
+
+    public MockHttpServletResponse() {}
+
+    @Override
+    public void addCookie(Cookie cookie) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean containsHeader(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String encodeURL(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String encodeRedirectURL(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String encodeUrl(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String encodeRedirectUrl(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void sendError(int i, String s) throws IOException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void sendError(int i) throws IOException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void sendRedirect(String s) throws IOException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setDateHeader(String s, long l) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void addDateHeader(String s, long l) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setHeader(String s, String s1) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void addHeader(String s, String s1) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setIntHeader(String s, int i) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void addIntHeader(String s, int i) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setStatus(int i) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setStatus(int i, String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public int getStatus() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String getHeader(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public Collection<String> getHeaders(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public Collection<String> getHeaderNames() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String getCharacterEncoding() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String getContentType() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public ServletOutputStream getOutputStream() throws IOException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public PrintWriter getWriter() throws IOException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setCharacterEncoding(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setContentLength(int i) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setContentLengthLong(long l) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setContentType(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setBufferSize(int i) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public int getBufferSize() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void flushBuffer() throws IOException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void resetBuffer() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean isCommitted() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void reset() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void setLocale(Locale locale) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public Locale getLocale() {
+        throw new UnsupportedOperationException();
+    }
+}