public void testPermissionsCorrectInTokenWhenMultiplePermittableGroupsInRole()

in component-test/src/main/java/TestAuthentication.java [121:171]

• 40 lines of code
• 1 McCabe index (conditional complexity)

  public void testPermissionsCorrectInTokenWhenMultiplePermittableGroupsInRole() throws InterruptedException {
    try (final AutoUserContext ignore = loginAdmin()) {
      final PermittableEndpoint horusEndpoint = buildPermittableEndpoint("horus");
      final PermittableGroup horusGroup = buildPermittableGroup("horus_Group", horusEndpoint);
      getTestSubject().createPermittableGroup(horusGroup);

      final PermittableEndpoint maatEndpoint = buildPermittableEndpoint("maat");
      final PermittableGroup maatGroup = buildPermittableGroup("maat_Group", maatEndpoint);
      getTestSubject().createPermittableGroup(maatGroup);

      Assert.assertTrue(eventRecorder.wait(OPERATION_POST_PERMITTABLE_GROUP, horusGroup.getIdentifier()));
      Assert.assertTrue(eventRecorder.wait(OPERATION_POST_PERMITTABLE_GROUP, maatGroup.getIdentifier()));

      final Permission horusGroupPermission = new Permission(horusGroup.getIdentifier(), Collections.singleton(AllowedOperation.READ));
      final Permission maatGroupPermission = new Permission(maatGroup.getIdentifier(), AllowedOperation.ALL);
      final Role compositeRole = new Role("composite_role", Arrays.asList(horusGroupPermission, maatGroupPermission));
      getTestSubject().createRole(compositeRole);

      Assert.assertTrue(eventRecorder.wait(OPERATION_POST_ROLE, compositeRole.getIdentifier()));

      final UserWithPassword user = new UserWithPassword("user_with_composite_role", compositeRole.getIdentifier(), "asdfasdfasdf");
      getTestSubject().createUser(user);

      Assert.assertTrue(eventRecorder.wait(OPERATION_POST_USER, user.getIdentifier()));

      final Authentication passwordChangeOnlyAuthentication = getTestSubject().login(user.getIdentifier(), user.getPassword());
      try (final AutoUserContext ignore2 = new AutoUserContext(user.getIdentifier(), passwordChangeOnlyAuthentication.getAccessToken()))
      {
        getTestSubject().changeUserPassword(user.getIdentifier(), new Password(user.getPassword()));

        Assert.assertTrue(eventRecorder.wait(OPERATION_PUT_USER_PASSWORD, user.getIdentifier()));
      }

      final Authentication authentication = getTestSubject().login(user.getIdentifier(), user.getPassword());
      final TokenContent tokenContent = SystemSecurityEnvironment
          .getTokenContent(authentication.getAccessToken(), getPublicKey());
      final Set<TokenPermission> tokenPermissions = new HashSet<>(tokenContent.getTokenPermissions());

      final Set<TokenPermission> expectedTokenPermissions= new HashSet<>();
      Collections.addAll(expectedTokenPermissions,
              new TokenPermission(horusEndpoint.getPath(), Collections.singleton(AllowedOperation.READ)),
              new TokenPermission(maatEndpoint.getPath(), Collections.singleton(AllowedOperation.READ)),
              new TokenPermission("identity-v1/users/{useridentifier}/password",
                  Sets.newHashSet(AllowedOperation.READ, AllowedOperation.CHANGE, AllowedOperation.DELETE)),
              new TokenPermission("identity-v1/users/{useridentifier}/permissions", Sets.newHashSet(AllowedOperation.READ)),
              new TokenPermission("identity-v1/token/_current", Collections.singleton(AllowedOperation.DELETE)));

      Assert.assertTrue("Expected: " + expectedTokenPermissions + "\nActual: " + tokenPermissions,
              tokenPermissions.containsAll(expectedTokenPermissions));
    }
  }