Shib: refactor to exercise getAffiliation from API #2939

IQSS · Mar 14, 2016 · 0d1cc9b · 0d1cc9b
1 parent c76e67d
commit 0d1cc9b
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 10 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/Shib.java b/src/main/java/edu/harvard/iq/dataverse/Shib.java
@@ -133,7 +133,6 @@ public class Shib implements java.io.Serializable {
 //    private boolean debug = false;
     private String emailAddress;
     private boolean useHeaders;
-    private final String testShibIdpEntityId = "https://idp.testshib.org/idp/shibboleth";
 
     public enum State {
 
@@ -237,8 +236,8 @@ public void init() {
         try {
             emailAddressInAssertion = getRequiredValueFromAssertion(emailAttribute);
         } catch (Exception ex) {
-            if (shibIdp.equals(testShibIdpEntityId)) {
-                logger.info("For " + testShibIdpEntityId + " (which as of this writing doesn't provide the " + emailAttribute + " attribute) setting email address to value of eppn: " + shibUserIdentifier);
+            if (shibIdp.equals(ShibUtil.testShibIdpEntityId)) {
+                logger.info("For " + shibIdp + " (which as of this writing doesn't provide the " + emailAttribute + " attribute) setting email address to value of eppn: " + shibUserIdentifier);
                 emailAddressInAssertion = shibUserIdentifier;
             } else {
                 // forcing all other IdPs to send us an an email
@@ -643,7 +642,7 @@ private String getRequiredValueFromAssertion(String key) throws Exception {
             String msg = "The SAML assertion for \"" + key + "\" was null. Please contact support.";
             logger.info(msg);
             boolean showMessage = true;
-            if (shibIdp.equals(testShibIdpEntityId) && key.equals(emailAttribute)) {
+            if (shibIdp.equals(ShibUtil.testShibIdpEntityId) && key.equals(emailAttribute)) {
                 showMessage = false;
             }
             if (showMessage) {
@@ -825,7 +824,7 @@ private void mutateRequestForDevRandom() {
     }
 
     private void mutateRequestForDevConstantTestShib1() {
-        request.setAttribute(shibIdpAttribute, testShibIdpEntityId);
+        request.setAttribute(shibIdpAttribute, ShibUtil.testShibIdpEntityId);
         // the TestShib "eppn" looks like an email address
         request.setAttribute(uniquePersistentIdentifier, "saml@testshib.org");
 //        request.setAttribute(displayNameAttribute, "Sam El");

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/TestApi.java b/src/main/java/edu/harvard/iq/dataverse/api/TestApi.java
@@ -11,6 +11,7 @@
 import edu.harvard.iq.dataverse.authorization.providers.builtin.PasswordEncryption;
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibServiceBean;
+import edu.harvard.iq.dataverse.authorization.providers.shib.ShibUtil;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.authorization.users.User;
 import javax.ejb.Stateless;
@@ -162,6 +163,11 @@ public Response builtin2shib(String content) {
          * @todo If affiliation is not null, put it in RoleAssigneeDisplayInfo
          * constructor.
          */
+        /**
+         * Here we are exercising (via an API test) shibService.getAffiliation
+         * with the TestShib IdP and a non-production DevShibAccountType.
+         */
+        idPEntityId = ShibUtil.testShibIdpEntityId;
         String overwriteAffiliation = shibService.getAffiliation(idPEntityId, Shib.DevShibAccountType.RANDOM);
         logger.info("overwriteAffiliation: " + overwriteAffiliation);
         /**
@@ -213,6 +219,9 @@ public Response builtin2shib(String content) {
         response.add("value to overwrite old first name", overwriteFirstName);
         response.add("value to overwrite old last name", overwriteLastName);
         response.add("value to overwrite old email address", overwriteEmail);
+        if (overwriteAffiliation != null) {
+            response.add("affiliation", overwriteAffiliation);
+        }
         response.add("problems", problems);
         return okResponse(response);
     }

diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibUtil.java b/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibUtil.java
@@ -13,6 +13,8 @@ public class ShibUtil {
 
     private static final Logger logger = Logger.getLogger(ShibUtil.class.getCanonicalName());
 
+    public static final String testShibIdpEntityId = "https://idp.testshib.org/idp/shibboleth";
+
     /**
      * @todo Use this to display "Harvard University", for example, based on
      * https://dataverse.harvard.edu/Shibboleth.sso/DiscoFeed

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java b/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
@@ -10,8 +10,10 @@
 import org.junit.BeforeClass;
 import static com.jayway.restassured.RestAssured.given;
 import java.util.UUID;
+import static org.hamcrest.CoreMatchers.equalTo;
 import org.junit.AfterClass;
 import static org.junit.Assert.assertEquals;
+import org.junit.Ignore;
 
 public class AdminIT {
 
@@ -49,6 +51,7 @@ public static void setUp() {
                 .statusCode(OK.getStatusCode());
     }
 
+    @Ignore
     @Test
     public void testListAuthenticatedUsers() throws Exception {
         Response anon = listAuthenticatedUsers("");
@@ -77,11 +80,19 @@ public void testConvertShibUserToBuiltin() throws Exception {
 
         Response makeShibUser = migrateBuiltinToShib(data, superuserApiToken);
         makeShibUser.prettyPrint();
-        /**
-         * @todo Expect a non-OK response if the Shib user has an invalid email
-         * address: https://github.com/IQSS/dataverse/issues/2998
-         */
-        makeShibUser.then().assertThat().statusCode(OK.getStatusCode());
+        Integer migrateBuiltinToShib = makeShibUser.statusCode();
+        if (migrateBuiltinToShib.equals(OK.getStatusCode())) {
+            makeShibUser.then().assertThat()
+                    .statusCode(OK.getStatusCode())
+                    .body("data.affiliation", equalTo("TestShib Test IdP")
+                    );
+        } else {
+            /**
+             * Expect a non-OK response if the Shib user has an invalid email
+             * address: https://github.com/IQSS/dataverse/issues/2998
+             */
+            return;
+        }
 
         Response shibToBuiltinAnon = migrateShibToBuiltin(Long.MAX_VALUE, "", "");
         shibToBuiltinAnon.prettyPrint();