3072_url_based_authentication (SORMAS-Foundation#3090)

* SORMAS-Foundation#3072 centralize authentication provider config and make username case sensitivity dependent on it

* SORMAS-Foundation#3072 fix unit tests and update mockito version

* SORMAS-Foundation#3072 fix unnecessary stubbing exception for new Mockito version

* SORMAS-Foundation#3072 fixed unit tests

Author: vidi42

sormas-api/src/main/java/de/symeda/sormas/api/AuthProvider.java

@@ -19,15 +19,66 @@
 package de.symeda.sormas.api;
 
 /**
- * Authentication provider which can be obtained trough the {@link ConfigFacade#getAuthenticationProvider()} property.
+ * Authentication provider which can be configured trough the {@link ConfigFacade#getAuthenticationProvider()} property.
+ * Once initialized it provides Auth Provider specific authentication configs like:
+ * <ul>
+ *     <li>is user name case sensitive</li>
+ *     <li>is email required</li>
+ * </ul>
  *
  * @author Alex Vidrean
  * @since 13-Aug-20
  */
 public class AuthProvider {
 
-	public static final String KEYCLOAK = "KEYCLOAK";
+    public static final String KEYCLOAK = "KEYCLOAK";
 
-	public static final String SORMAS = "SORMAS";
+    public static final String SORMAS = "SORMAS";
 
+    private static AuthProvider provider;
+
+    private final boolean isUsernameCaseSensitive;
+
+    private final boolean isEmailRequired;
+
+    private final boolean isDefaultProvider;
+
+    private AuthProvider() {
+        String configuredProvider = FacadeProvider.getConfigFacade().getAuthenticationProvider();
+        isUsernameCaseSensitive = SORMAS.equalsIgnoreCase(configuredProvider);
+        isEmailRequired = KEYCLOAK.equalsIgnoreCase(configuredProvider);
+        isDefaultProvider = SORMAS.equalsIgnoreCase(configuredProvider);
+    }
+
+    public static AuthProvider getProvider() {
+        if (provider == null) {
+            synchronized (AuthProvider.class) {
+                if (provider == null) {
+                    provider = new AuthProvider();
+                }
+            }
+        }
+        return provider;
+    }
+
+    /**
+     * Authentication Provider requires usernames to be case sensitive or insensitive
+     */
+    public boolean isUsernameCaseSensitive() {
+        return isUsernameCaseSensitive;
+    }
+
+    /**
+     * Authentication Provider requires emails to be required or optional.
+     */
+    public boolean isEmailRequired() {
+        return isEmailRequired;
+    }
+
+    /**
+     * Current Authentication Provider is the SORMAS default one.
+     */
+    public boolean isDefaultProvider() {
+        return isDefaultProvider;
+    }
 }

sormas-backend/src/main/java/de/symeda/sormas/backend/user/UserService.java

@@ -31,13 +31,15 @@
 import javax.persistence.TypedQuery;
 import javax.persistence.criteria.CriteriaBuilder;
 import javax.persistence.criteria.CriteriaQuery;
+import javax.persistence.criteria.Expression;
 import javax.persistence.criteria.From;
 import javax.persistence.criteria.Join;
 import javax.persistence.criteria.JoinType;
 import javax.persistence.criteria.ParameterExpression;
 import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 
+import de.symeda.sormas.api.AuthProvider;
 import de.symeda.sormas.api.facility.FacilityType;
 import de.symeda.sormas.api.user.JurisdictionLevel;
 import de.symeda.sormas.api.user.UserCriteria;
@@ -84,9 +86,17 @@ public User getByUserName(String userName) {
 		ParameterExpression<String> userNameParam = cb.parameter(String.class, User.USER_NAME);
 		CriteriaQuery<User> cq = cb.createQuery(getElementClass());
 		Root<User> from = cq.from(getElementClass());
-		cq.where(cb.equal(cb.lower(from.get(User.USER_NAME)), userNameParam));
 
-		TypedQuery<User> q = em.createQuery(cq).setParameter(userNameParam, userName.toLowerCase());
+		Expression<String> userNameExpression = from.get(User.USER_NAME);
+		String userNameParamValue = userName;
+		if (!AuthProvider.getProvider().isUsernameCaseSensitive()) {
+			userNameExpression = cb.lower(userNameExpression);
+			userNameParamValue = userName.toLowerCase();
+		}
+
+		cq.where(cb.equal(userNameExpression, userNameParam));
+
+		TypedQuery<User> q = em.createQuery(cq).setParameter(userNameParam, userNameParamValue);
 
 		User entity = q.getResultList().stream().findFirst().orElse(null);
 		return entity;
@@ -259,13 +269,22 @@ public boolean isLoginUnique(String uuid, String userName) {
 		ParameterExpression<String> userNameParam = cb.parameter(String.class, User.USER_NAME);
 		CriteriaQuery<User> cq = cb.createQuery(getElementClass());
 		Root<User> from = cq.from(getElementClass());
-		cq.where(cb.equal(from.get(User.USER_NAME), userNameParam));
 
-		TypedQuery<User> q = em.createQuery(cq).setParameter(userNameParam, userName);
+
+		Expression<String> userNameExpression = from.get(User.USER_NAME);
+		String userNameParamValue = userName;
+		if (!AuthProvider.getProvider().isUsernameCaseSensitive()) {
+			userNameExpression = cb.lower(userNameExpression);
+			userNameParamValue = userName.toLowerCase();
+		}
+
+		cq.where(cb.equal(userNameExpression, userNameParam));
+
+		TypedQuery<User> q = em.createQuery(cq).setParameter(userNameParam, userNameParamValue);
 
 		User entity = q.getResultList().stream().findFirst().orElse(null);
 
-		return entity == null || (entity != null && entity.getUuid().equals(uuid));
+		return entity == null || entity.getUuid().equals(uuid);
 	}
 
 	public String resetPassword(String userUuid) {

sormas-backend/src/test/java/de/symeda/sormas/backend/sormastosormas/SormasToSormasFacadeEjbTest.java

@@ -331,16 +331,16 @@ public void testShareCase() throws SormasToSormasException, JsonProcessingExcept
 
 		Mockito.when(MockProducer.getSormasToSormasClient().post(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.any()))
 			.thenAnswer(invocation -> {
-				assertThat(invocation.getArgumentAt(0, String.class), is(SECOND_SERVER_REST_URL));
-				assertThat(invocation.getArgumentAt(1, String.class), is("/sormasToSormas/case"));
+				assertThat(invocation.getArgument(0, String.class), is(SECOND_SERVER_REST_URL));
+				assertThat(invocation.getArgument(1, String.class), is("/sormasToSormas/case"));
 
-				String authToken = invocation.getArgumentAt(2, String.class);
+				String authToken = invocation.getArgument(2, String.class);
 				assertThat(authToken, startsWith("Basic "));
 				String credentials = new String(Base64.getDecoder().decode(authToken.replace("Basic ", "")), StandardCharsets.UTF_8);
 				// uses password from server-list.csv from `serveraccessdefault` package
 				assertThat(credentials, is(StartupShutdownService.SORMAS_TO_SORMAS_USER_NAME + ":" + SECOND_SERVER_REST_PASSWORD));
 
-				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgumentAt(3, SormasToSormasEncryptedDataDto.class);
+				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgument(3, SormasToSormasEncryptedDataDto.class);
 				assertThat(encryptedData.getOrganizationId(), is(DEFAULT_SERVER_ACCESS_CN));
 
 				SormasToSormasCaseDto sharedCase = decryptSharesData(encryptedData.getData(), SormasToSormasCaseDto.class);
@@ -397,7 +397,7 @@ public void testShareCaseWithContacts()
 
 		Mockito.when(MockProducer.getSormasToSormasClient().post(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.any()))
 			.thenAnswer(invocation -> {
-				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgumentAt(3, SormasToSormasEncryptedDataDto.class);
+				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgument(3, SormasToSormasEncryptedDataDto.class);
 				SormasToSormasCaseDto sharedCase = decryptSharesData(encryptedData.getData(), SormasToSormasCaseDto.class);
 
 				assertThat(sharedCase.getAssociatedContacts().size(), is(1));
@@ -435,16 +435,16 @@ public void testShareContact() throws SormasToSormasException, JsonProcessingExc
 
 		Mockito.when(MockProducer.getSormasToSormasClient().post(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.any()))
 			.thenAnswer(invocation -> {
-				assertThat(invocation.getArgumentAt(0, String.class), is(SECOND_SERVER_REST_URL));
-				assertThat(invocation.getArgumentAt(1, String.class), is("/sormasToSormas/contact"));
+				assertThat(invocation.getArgument(0, String.class), is(SECOND_SERVER_REST_URL));
+				assertThat(invocation.getArgument(1, String.class), is("/sormasToSormas/contact"));
 
-				String authToken = invocation.getArgumentAt(2, String.class);
+				String authToken = invocation.getArgument(2, String.class);
 				assertThat(authToken, startsWith("Basic "));
 				String credentials = new String(Base64.getDecoder().decode(authToken.replace("Basic ", "")), StandardCharsets.UTF_8);
 				// uses password from server-list.csv from `serveraccessdefault` package
 				assertThat(credentials, is(StartupShutdownService.SORMAS_TO_SORMAS_USER_NAME + ":" + SECOND_SERVER_REST_PASSWORD));
 
-				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgumentAt(3, SormasToSormasEncryptedDataDto.class);
+				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgument(3, SormasToSormasEncryptedDataDto.class);
 				SormasToSormasContactDto sharedContact = decryptSharesData(encryptedData.getData(), SormasToSormasContactDto.class);
 
 				assertThat(sharedContact.getPerson().getFirstName(), is(person.getFirstName()));
@@ -496,7 +496,7 @@ public void testShareCaseWithPseudonymizePersonalData()
 
 		Mockito.when(MockProducer.getSormasToSormasClient().post(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.any()))
 			.thenAnswer(invocation -> {
-				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgumentAt(3, SormasToSormasEncryptedDataDto.class);
+				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgument(3, SormasToSormasEncryptedDataDto.class);
 				SormasToSormasCaseDto sharedCase = decryptSharesData(encryptedData.getData(), SormasToSormasCaseDto.class);
 
 				assertThat(sharedCase.getPerson().getFirstName(), is("Confidential"));
@@ -532,7 +532,7 @@ public void testShareCaseWithPseudonymizeSensitiveData()
 
 		Mockito.when(MockProducer.getSormasToSormasClient().post(Matchers.anyString(), Matchers.anyString(), Matchers.anyString(), Matchers.any()))
 			.thenAnswer(invocation -> {
-				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgumentAt(3, SormasToSormasEncryptedDataDto.class);
+				SormasToSormasEncryptedDataDto encryptedData = invocation.getArgument(3, SormasToSormasEncryptedDataDto.class);
 				SormasToSormasCaseDto sharedCase = decryptSharesData(encryptedData.getData(), SormasToSormasCaseDto.class);
 
 				assertThat(sharedCase.getPerson().getFirstName(), is("Confidential"));

sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java

@@ -5,12 +5,15 @@
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.nullValue;
 import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.*;
 
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import de.symeda.sormas.api.AuthProvider;
+import de.symeda.sormas.api.FacadeProvider;
 import org.junit.Test;
 
 import de.symeda.sormas.api.user.UserCriteria;
@@ -22,6 +25,8 @@
 import de.symeda.sormas.backend.TestDataCreator.RDCFEntities;
 import de.symeda.sormas.backend.region.Region;
 import de.symeda.sormas.backend.region.RegionService;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
 
 public class UserFacadeEjbTest extends AbstractBeanTest {
 
@@ -77,6 +82,12 @@ public void testGetIndexListFilteredAndOrderedByAddress() {
 	@Test
 	public void testGetValidLoginRoles() {
 
+		AuthProvider authProvider = mock(AuthProvider.class);
+
+		MockedStatic<AuthProvider> mockAuthProvider = mockStatic(AuthProvider.class);
+		mockAuthProvider.when(AuthProvider::getProvider).thenReturn(authProvider);
+		when(authProvider.isUsernameCaseSensitive()).thenReturn(true);
+
 		RDCF rdcf = creator.createRDCF();
 		UserDto user = creator.createUser(rdcf, UserRole.SURVEILLANCE_SUPERVISOR);
 		String password = getUserFacade().resetPassword(user.getUuid());

sormas-base/pom.xml

@@ -60,8 +60,8 @@
 
 			<dependency>
 				<groupId>org.mockito</groupId>
-				<artifactId>mockito-core</artifactId>
-				<version>1.10.19</version>
+				<artifactId>mockito-inline</artifactId>
+				<version>3.5.13</version>
 				<scope>test</scope>
 			</dependency>
 
@@ -411,7 +411,7 @@
 
 		<dependency>
 			<groupId>org.mockito</groupId>
-			<artifactId>mockito-core</artifactId>
+			<artifactId>mockito-inline</artifactId>
 		</dependency>
 
 	</dependencies>

sormas-ui/src/main/java/de/symeda/sormas/ui/user/UserController.java

@@ -53,12 +53,6 @@
 
 public class UserController {
 
-	public final boolean isSormasAuthentication;
-
-	public UserController() {
-		isSormasAuthentication = FacadeProvider.getConfigFacade().getAuthenticationProvider().equalsIgnoreCase(AuthProvider.SORMAS);
-	}
-
 	public void create() {
 		CommitDiscardWrapperComponent<UserEditForm> userCreateComponent = getUserCreateComponent();
 		Window window = VaadinUiUtil.showModalPopupWindow(userCreateComponent, I18nProperties.getString(Strings.headingCreateNewUser));
@@ -180,7 +174,7 @@ public boolean isLoginUnique(String uuid, String userName) {
 	}
 
 	public void makeInitialPassword(String userUuid) {
-		if (isSormasAuthentication) {
+		if (AuthProvider.getProvider().isDefaultProvider()) {
 			String newPassword = FacadeProvider.getUserFacade().resetPassword(userUuid);
 			showPasswordResetInternalSuccessPopup(newPassword);
 		} else {
@@ -191,7 +185,7 @@ public void makeInitialPassword(String userUuid) {
 	public void makeNewPassword(String userUuid) {
 		String newPassword = FacadeProvider.getUserFacade().resetPassword(userUuid);
 
-		if (isSormasAuthentication) {
+		if (AuthProvider.getProvider().isDefaultProvider()) {
 			showPasswordResetInternalSuccessPopup(newPassword);
 		} else {
 			showPasswordResetExternalSuccessPopup();
@@ -312,6 +306,6 @@ public void setFlagIcons(ComboBox cbLanguage) {
 	}
 
 	public boolean isEmailRequired() {
-		return !isSormasAuthentication;
+		return AuthProvider.getProvider().isEmailRequired();
 	}
 }

sormas-ui/src/test/java/de/symeda/sormas/ui/importer/InfrastructureImporterTest.java

@@ -11,7 +11,6 @@
 import com.opencsv.exceptions.CsvValidationException;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.mockito.runners.MockitoJUnitRunner;
 
 import de.symeda.sormas.api.facility.FacilityCriteria;
 import de.symeda.sormas.api.importexport.InvalidColumnException;
@@ -29,8 +28,11 @@
 import de.symeda.sormas.ui.AbstractBeanTest;
 import de.symeda.sormas.ui.TestDataCreator;
 import de.symeda.sormas.ui.TestDataCreator.RDCF;
+import org.mockito.junit.MockitoJUnitRunner;
 
-@RunWith(MockitoJUnitRunner.class)
+//Using Silent Runner to ignore unnecessary stubbing exception
+//which is a side effect of extending AbstractBeanTest
+@RunWith(MockitoJUnitRunner.Silent.class)
 public class InfrastructureImporterTest extends AbstractBeanTest {
 
 	@Test