diff --git a/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroTokenHandler.java b/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroTokenHandler.java index 797d062d761b2..e695e479c57cd 100644 --- a/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroTokenHandler.java +++ b/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroTokenHandler.java @@ -84,7 +84,10 @@ public void revokeToken(AuthToken token) { @Override public void resetToken(AuthToken token) { - + if (token instanceof BasicAuthToken) { + final BasicAuthToken basicAuthToken = (BasicAuthToken) token; + basicAuthToken.revoke(); + } } public String generatePassword() { diff --git a/plugins/identity-shiro/src/test/java/org/opensearch/identity/shiro/AuthTokenHandlerTests.java b/plugins/identity-shiro/src/test/java/org/opensearch/identity/shiro/AuthTokenHandlerTests.java index b927c36ab22a8..dc4e21b37b2ae 100644 --- a/plugins/identity-shiro/src/test/java/org/opensearch/identity/shiro/AuthTokenHandlerTests.java +++ b/plugins/identity-shiro/src/test/java/org/opensearch/identity/shiro/AuthTokenHandlerTests.java @@ -10,6 +10,8 @@ import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; +import org.opensearch.OpenSearchException; +import org.opensearch.identity.noop.NoopTokenHandler; import org.opensearch.identity.tokens.AuthToken; import org.opensearch.identity.tokens.BasicAuthToken; import org.opensearch.identity.tokens.NoopToken; @@ -25,17 +27,19 @@ public class AuthTokenHandlerTests extends OpenSearchTestCase { - private ShiroTokenHandler authTokenHandler; + private ShiroTokenHandler shiroAuthTokenHandler; + private NoopTokenHandler noopTokenHandler; @Before public void testSetup() { - authTokenHandler = new ShiroTokenHandler(); + shiroAuthTokenHandler = new ShiroTokenHandler(); + noopTokenHandler = new NoopTokenHandler(); } public void testShouldExtractBasicAuthTokenSuccessfully() { final BasicAuthToken authToken = new BasicAuthToken("Basic YWRtaW46YWRtaW4="); // admin:admin - final AuthenticationToken translatedToken = authTokenHandler.translateAuthToken(authToken).get(); + final AuthenticationToken translatedToken = shiroAuthTokenHandler.translateAuthToken(authToken).get(); assertThat(translatedToken, is(instanceOf(UsernamePasswordToken.class))); final UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) translatedToken; @@ -47,7 +51,7 @@ public void testShouldExtractBasicAuthTokenSuccessfully() { public void testShouldExtractBasicAuthTokenSuccessfully_twoSemiColonPassword() { final BasicAuthToken authToken = new BasicAuthToken("Basic dGVzdDp0ZTpzdA=="); // test:te:st - final AuthenticationToken translatedToken = authTokenHandler.translateAuthToken(authToken).get(); + final AuthenticationToken translatedToken = shiroAuthTokenHandler.translateAuthToken(authToken).get(); assertThat(translatedToken, is(instanceOf(UsernamePasswordToken.class))); final UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) translatedToken; @@ -57,7 +61,7 @@ public void testShouldExtractBasicAuthTokenSuccessfully_twoSemiColonPassword() { } public void testShouldReturnNullWhenExtractingNullToken() { - final Optional translatedToken = authTokenHandler.translateAuthToken(null); + final Optional translatedToken = shiroAuthTokenHandler.translateAuthToken(null); assertThat(translatedToken.isEmpty(), is(true)); } @@ -65,29 +69,51 @@ public void testShouldReturnNullWhenExtractingNullToken() { public void testShouldRevokeTokenSuccessfully() { final BasicAuthToken authToken = new BasicAuthToken("Basic dGVzdDp0ZTpzdA=="); assertTrue(authToken.toString().equals("Basic auth token with user=test, password=te:st")); - authTokenHandler.revokeToken(authToken); + shiroAuthTokenHandler.revokeToken(authToken); assert (authToken.toString().equals("Basic auth token with user=, password=")); } public void testShouldFailWhenRevokeToken() { final NoopToken authToken = new NoopToken(); assert (authToken.getTokenIdentifier().equals("Noop")); - assertThrows(UnsupportedAuthenticationToken.class, () -> authTokenHandler.revokeToken(authToken)); + assertThrows(UnsupportedAuthenticationToken.class, () -> shiroAuthTokenHandler.revokeToken(authToken)); } public void testShouldGetTokenInfoSuccessfully() { final BasicAuthToken authToken = new BasicAuthToken("Basic dGVzdDp0ZTpzdA=="); - assert (authToken.toString().equals(authTokenHandler.getTokenInfo(authToken))); + assert (authToken.toString().equals(shiroAuthTokenHandler.getTokenInfo(authToken))); + final NoopToken noopAuthToken = new NoopToken(); + assert (noopTokenHandler.getTokenInfo(noopAuthToken).equals("Token is NoopToken")); } public void testShouldFailGetTokenInfo() { final NoopToken authToken = new NoopToken(); assert (authToken.getTokenIdentifier().equals("Noop")); - assertThrows(UnsupportedAuthenticationToken.class, () -> authTokenHandler.getTokenInfo(authToken)); + assertThrows(UnsupportedAuthenticationToken.class, () -> shiroAuthTokenHandler.getTokenInfo(authToken)); } public void testShouldFailValidateToken() { final AuthToken authToken = new NoopToken(); - assertFalse(authTokenHandler.validateToken(authToken)); + assertFalse(shiroAuthTokenHandler.validateToken(authToken)); } + + public void testShouldResetToken(AuthToken token) { + BasicAuthToken authToken = new BasicAuthToken("Basic dGVzdDp0ZTpzdA=="); + shiroAuthTokenHandler.resetToken(authToken); + assert (authToken.getPassword().equals("")); + assert (authToken.getUser().equals("")); + } + + public void testShouldPassThrough() { + final NoopToken authToken = new NoopToken(); + noopTokenHandler.resetToken(authToken); + noopTokenHandler.revokeToken(authToken); + } + + public void testShouldFailPassThrough() { + BasicAuthToken authToken = new BasicAuthToken("Basic dGVzdDp0ZTpzdA=="); + assertThrows(OpenSearchException.class, () -> noopTokenHandler.resetToken(authToken)); + assertThrows(OpenSearchException.class, () -> noopTokenHandler.revokeToken(authToken)); + } + } diff --git a/server/src/main/java/org/opensearch/identity/noop/NoopTokenManager.java b/server/src/main/java/org/opensearch/identity/noop/NoopTokenHandler.java similarity index 70% rename from server/src/main/java/org/opensearch/identity/noop/NoopTokenManager.java rename to server/src/main/java/org/opensearch/identity/noop/NoopTokenHandler.java index 6568dc6a00ae0..6dd1618d3e6c9 100644 --- a/server/src/main/java/org/opensearch/identity/noop/NoopTokenManager.java +++ b/server/src/main/java/org/opensearch/identity/noop/NoopTokenHandler.java @@ -8,6 +8,10 @@ package org.opensearch.identity.noop; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.opensearch.OpenSearchException; +import org.opensearch.identity.IdentityService; import org.opensearch.identity.tokens.AuthToken; import org.opensearch.identity.tokens.NoopToken; import org.opensearch.identity.tokens.TokenManager; @@ -15,7 +19,9 @@ /** * This class represents a Noop Token Manager */ -public class NoopTokenManager implements TokenManager { +public class NoopTokenHandler implements TokenManager { + + private static final Logger log = LogManager.getLogger(IdentityService.class); /** * Generate a new Noop Token @@ -58,7 +64,11 @@ public String getTokenInfo(AuthToken token) { */ @Override public void revokeToken(AuthToken token) { - + if (token instanceof NoopToken) { + log.info("Revoke operation is not supported for NoopTokens"); + return; + } + throw new OpenSearchException("Token is not a NoopToken"); } /** @@ -67,6 +77,10 @@ public void revokeToken(AuthToken token) { */ @Override public void resetToken(AuthToken token) { - + if (token instanceof NoopToken) { + log.info("Reset operation is not supported for NoopTokens"); + return; + } + throw new OpenSearchException("Token is not a NoopToken"); } }