hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-08 02:24:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CST-5669] Added redirect on ORCID login error

Browse Source
This commit is contained in:
Luca Giamminonni
2022-06-06 18:07:35 +02:00
parent 00031a0dd6
commit ab0fbcc9fe
2 changed files with 105 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dspace-server-webapp/src/main/java/org/dspace/app/rest/security/OrcidLoginFilter.java
View File

@@ -70,6 +70,16 @@ public class OrcidLoginFilter extends StatelessLoginFilter {
redirectAfterSuccess(req, res); redirectAfterSuccess(req, res);
} }
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
AuthenticationException failed) throws IOException, ServletException {
String baseRediredirectUrl = configurationService.getProperty("dspace.ui.url");
String redirectUrl = baseRediredirectUrl + "/error?status=401&code=orcid.generic-error";
response.sendRedirect(redirectUrl);
}
/** /**
* After successful login, redirect to the DSpace URL specified by this Orcid * After successful login, redirect to the DSpace URL specified by this Orcid
* request (in the "redirectUrl" request parameter). If that 'redirectUrl' is * request (in the "redirectUrl" request parameter). If that 'redirectUrl' is

193
dspace-server-webapp/src/test/java/org/dspace/app/rest/OrcidLoginFilterIT.java
View File

@@ -10,7 +10,6 @@ package org.dspace.app.rest;
import static java.util.Arrays.asList; import static java.util.Arrays.asList;
import static org.dspace.app.matcher.MetadataValueMatcher.with; import static org.dspace.app.matcher.MetadataValueMatcher.with;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasItem; import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
@@ -23,7 +22,6 @@ import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -112,8 +110,8 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
orcidAuthentication.setOrcidClient(orcidClientMock); orcidAuthentication.setOrcidClient(orcidClientMock);
configurationService.setProperty("plugin.sequence.org.dspace.authenticate.AuthenticationMethod", configurationService.setProperty("plugin.sequence.org.dspace.authenticate.AuthenticationMethod",
asList("org.dspace.authenticate.OrcidAuthentication", asList("org.dspace.authenticate.OrcidAuthentication",
"org.dspace.authenticate.PasswordAuthentication")); "org.dspace.authenticate.PasswordAuthentication"));
} }
@After @After
@@ -133,7 +131,8 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().isUnauthorized()); .andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"));
} }
@Test @Test
@@ -143,11 +142,11 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
when(orcidClientMock.getPerson(ACCESS_TOKEN, ORCID)).thenReturn(buildPerson("Test", "User", "test@email.it")); when(orcidClientMock.getPerson(ACCESS_TOKEN, ORCID)).thenReturn(buildPerson("Test", "User", "test@email.it"));
MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().is3xxRedirection()) .andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url"))) .andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url")))
.andExpect(cookie().exists("Authorization-cookie")) .andExpect(cookie().exists("Authorization-cookie"))
.andReturn(); .andReturn();
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID); verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID);
@@ -176,7 +175,8 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().isUnauthorized()); .andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"));
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID); verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID);
@@ -191,15 +191,12 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
when(orcidClientMock.getAccessToken(CODE)).thenReturn(buildOrcidTokenResponse(ORCID, ACCESS_TOKEN)); when(orcidClientMock.getAccessToken(CODE)).thenReturn(buildOrcidTokenResponse(ORCID, ACCESS_TOKEN));
when(orcidClientMock.getPerson(ACCESS_TOKEN, ORCID)).thenReturn(buildPerson("Test", "User")); when(orcidClientMock.getPerson(ACCESS_TOKEN, ORCID)).thenReturn(buildPerson("Test", "User"));
MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().isUnauthorized()) .andExpect(status().is3xxRedirection())
.andExpect(cookie().doesNotExist("Authorization-cookie")) .andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"))
.andExpect(header().exists("WWW-Authenticate")) .andExpect(cookie().doesNotExist("Authorization-cookie"))
.andReturn(); .andReturn();
String authenticateHeader = mvcResult.getResponse().getHeader("WWW-Authenticate");
assertThat(authenticateHeader, containsString("orcid realm=\"DSpace REST API\""));
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID); verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID);
@@ -211,9 +208,9 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
public void testWithoutAuthorizationCode() throws Exception { public void testWithoutAuthorizationCode() throws Exception {
getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")) getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid"))
.andExpect(status().isUnauthorized()) .andExpect(status().is3xxRedirection())
.andExpect(cookie().doesNotExist("Authorization-cookie")) .andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"))
.andExpect(header().exists("WWW-Authenticate")); .andExpect(cookie().doesNotExist("Authorization-cookie"));
verifyNoInteractions(orcidClientMock); verifyNoInteractions(orcidClientMock);
@@ -227,20 +224,20 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
EPerson ePerson = EPersonBuilder.createEPerson(context) EPerson ePerson = EPersonBuilder.createEPerson(context)
.withEmail("test@email.it") .withEmail("test@email.it")
.withNetId(ORCID) .withNetId(ORCID)
.withNameInMetadata("Test", "User") .withNameInMetadata("Test", "User")
.withCanLogin(true) .withCanLogin(true)
.build(); .build();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().is3xxRedirection()) .andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url"))) .andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url")))
.andExpect(cookie().exists("Authorization-cookie")) .andExpect(cookie().exists("Authorization-cookie"))
.andReturn(); .andReturn();
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verifyNoMoreInteractions(orcidClientMock); verifyNoMoreInteractions(orcidClientMock);
@@ -259,19 +256,19 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
EPersonBuilder.createEPerson(context) EPersonBuilder.createEPerson(context)
.withEmail("test@email.it") .withEmail("test@email.it")
.withNetId(ORCID) .withNetId(ORCID)
.withNameInMetadata("Test", "User") .withNameInMetadata("Test", "User")
.withCanLogin(false) .withCanLogin(false)
.build(); .build();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().isUnauthorized()) .andExpect(status().is3xxRedirection())
.andExpect(cookie().doesNotExist("Authorization-cookie")) .andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"))
.andExpect(header().exists("WWW-Authenticate")); .andExpect(cookie().doesNotExist("Authorization-cookie"));
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verifyNoMoreInteractions(orcidClientMock); verifyNoMoreInteractions(orcidClientMock);
@@ -287,19 +284,19 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
EPerson ePerson = EPersonBuilder.createEPerson(context) EPerson ePerson = EPersonBuilder.createEPerson(context)
.withEmail("test@email.it") .withEmail("test@email.it")
.withNameInMetadata("Test", "User") .withNameInMetadata("Test", "User")
.withCanLogin(true) .withCanLogin(true)
.build(); .build();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().is3xxRedirection()) .andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url"))) .andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url")))
.andExpect(cookie().exists("Authorization-cookie")) .andExpect(cookie().exists("Authorization-cookie"))
.andReturn(); .andReturn();
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID); verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID);
@@ -320,18 +317,18 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
EPersonBuilder.createEPerson(context) EPersonBuilder.createEPerson(context)
.withEmail("test@email.it") .withEmail("test@email.it")
.withNameInMetadata("Test", "User") .withNameInMetadata("Test", "User")
.withCanLogin(false) .withCanLogin(false)
.build(); .build();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().isUnauthorized()) .andExpect(status().is3xxRedirection())
.andExpect(cookie().doesNotExist("Authorization-cookie")) .andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"))
.andExpect(header().exists("WWW-Authenticate")); .andExpect(cookie().doesNotExist("Authorization-cookie"));
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID); verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID);
@@ -347,18 +344,18 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
EPersonBuilder.createEPerson(context) EPersonBuilder.createEPerson(context)
.withEmail("test@email.it") .withEmail("test@email.it")
.withNameInMetadata("Test", "User") .withNameInMetadata("Test", "User")
.withCanLogin(false) .withCanLogin(false)
.build(); .build();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().isUnauthorized()) .andExpect(status().is3xxRedirection())
.andExpect(cookie().doesNotExist("Authorization-cookie")) .andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"))
.andExpect(header().exists("WWW-Authenticate")); .andExpect(cookie().doesNotExist("Authorization-cookie"));
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verifyNoMoreInteractions(orcidClientMock); verifyNoMoreInteractions(orcidClientMock);
@@ -374,18 +371,18 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
EPersonBuilder.createEPerson(context) EPersonBuilder.createEPerson(context)
.withEmail("test@email.it") .withEmail("test@email.it")
.withNameInMetadata("Test", "User") .withNameInMetadata("Test", "User")
.withCanLogin(false) .withCanLogin(false)
.build(); .build();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().isUnauthorized()) .andExpect(status().is3xxRedirection())
.andExpect(cookie().doesNotExist("Authorization-cookie")) .andExpect(redirectedUrl("http://localhost:4000/error?status=401&code=orcid.generic-error"))
.andExpect(header().exists("WWW-Authenticate")); .andExpect(cookie().doesNotExist("Authorization-cookie"));
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID); verify(orcidClientMock).getPerson(ACCESS_TOKEN, ORCID);
@@ -401,39 +398,39 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
Community community = CommunityBuilder.createCommunity(context) Community community = CommunityBuilder.createCommunity(context)
.withName("Community") .withName("Community")
.build(); .build();
CollectionBuilder.createCollection(context, community) CollectionBuilder.createCollection(context, community)
.withName("Persons") .withName("Persons")
.withEntityType("Person") .withEntityType("Person")
.build(); .build();
EPerson ePerson = EPersonBuilder.createEPerson(context) EPerson ePerson = EPersonBuilder.createEPerson(context)
.withEmail("test@email.it") .withEmail("test@email.it")
.withPassword(password) .withPassword(password)
.withNetId(ORCID) .withNetId(ORCID)
.withNameInMetadata("Test", "User") .withNameInMetadata("Test", "User")
.withCanLogin(true) .withCanLogin(true)
.build(); .build();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
String ePersonToken = getAuthToken("test@email.it", password); String ePersonToken = getAuthToken("test@email.it", password);
getClient(ePersonToken).perform(post("/api/eperson/profiles/") getClient(ePersonToken).perform(post("/api/eperson/profiles/")
.contentType(MediaType.APPLICATION_JSON_VALUE)) .contentType(MediaType.APPLICATION_JSON_VALUE))
.andExpect(status().isCreated()) .andExpect(status().isCreated())
.andExpect(jsonPath("$.id", is(ePerson.getID().toString()))) .andExpect(jsonPath("$.id", is(ePerson.getID().toString())))
.andExpect(jsonPath("$.visible", is(false))) .andExpect(jsonPath("$.visible", is(false)))
.andExpect(jsonPath("$.type", is("profile"))); .andExpect(jsonPath("$.type", is("profile")));
MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid") MvcResult mvcResult = getClient().perform(get("/api/" + AuthnRest.CATEGORY + "/orcid")
.param("code", CODE)) .param("code", CODE))
.andExpect(status().is3xxRedirection()) .andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url"))) .andExpect(redirectedUrl(configurationService.getProperty("dspace.ui.url")))
.andExpect(cookie().exists("Authorization-cookie")) .andExpect(cookie().exists("Authorization-cookie"))
.andReturn(); .andReturn();
verify(orcidClientMock).getAccessToken(CODE); verify(orcidClientMock).getAccessToken(CODE);
verifyNoMoreInteractions(orcidClientMock); verifyNoMoreInteractions(orcidClientMock);
@@ -557,8 +554,8 @@ public class OrcidLoginFilterIT extends AbstractControllerIntegrationTest {
private String getItemIdByProfileId(String token, String id) throws SQLException, Exception { private String getItemIdByProfileId(String token, String id) throws SQLException, Exception {
MvcResult result = getClient(token).perform(get("/api/eperson/profiles/{id}/item", id)) MvcResult result = getClient(token).perform(get("/api/eperson/profiles/{id}/item", id))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andReturn(); .andReturn();
return JsonPath.read(result.getResponse().getContentAsString(), "$.id"); return JsonPath.read(result.getResponse().getContentAsString(), "$.id");
} }