@@ -1804,6 +1804,102 @@ private boolean tokenClaimsEqual(String token1, String token2) {
18041804 }
18051805 }
18061806
1807+ @ Test
1808+ public void testShibbolethStaffMappedToStaffAndMembers () throws Exception {
1809+ context .turnOffAuthorisationSystem ();
1810+
1811+ GroupBuilder .createGroup (context )
1812+ .withName ("Staff" )
1813+ .build ();
1814+ GroupBuilder .createGroup (context )
1815+ .withName ("Member" )
1816+ .build ();
1817+
1818+ configurationService .setProperty ("plugin.sequence.org.dspace.authenticate.AuthenticationMethod" , SHIB_ONLY );
1819+ configurationService .setProperty ("authentication-shibboleth.role.staff" , "Staff, Member" );
1820+ configurationService .setProperty ("authentication-shibboleth.default-roles" , "staff" );
1821+ configurationService .setProperty ("authentication-shibboleth.netid-header" , "mail" );
1822+ configurationService .setProperty ("authentication-shibboleth.email-header" , "mail" );
1823+
1824+ context .restoreAuthSystemState ();
1825+
1826+ String shibToken = getClient ().perform (post ("/api/authn/login" )
1827+ .requestAttr ("mail" , eperson .getEmail ())
1828+ .requestAttr ("SHIB-SCOPED-AFFILIATION" , "staff" ))
1829+ .andExpect (status ().isOk ())
1830+ .andReturn ().getResponse ().getHeader (AUTHORIZATION_HEADER ).replace (AUTHORIZATION_TYPE , "" );
1831+
1832+ getClient (shibToken ).perform (get ("/api/authn/status" ).param ("projection" , "full" ))
1833+ .andExpect (status ().isOk ())
1834+ .andExpect (jsonPath ("$.okay" , is (true )))
1835+ .andExpect (jsonPath ("$.authenticated" , is (true )))
1836+ .andExpect (jsonPath ("$.authenticationMethod" , is ("shibboleth" )))
1837+ .andExpect (jsonPath ("$._embedded.specialGroups._embedded.specialGroups" ,
1838+ Matchers .containsInAnyOrder (
1839+ matchGroupWithName ("Staff" ),
1840+ matchGroupWithName ("Member" )
1841+ )
1842+ ));
1843+
1844+ getClient (shibToken ).perform (get ("/api/authn/status/specialGroups" ).param ("projection" , "full" ))
1845+ .andExpect (status ().isOk ())
1846+ .andExpect (jsonPath ("$._embedded.specialGroups" ,
1847+ Matchers .containsInAnyOrder (
1848+ matchGroupWithName ("Staff" ),
1849+ matchGroupWithName ("Member" )
1850+ )
1851+ ));
1852+ }
1853+
1854+ @ Test
1855+ public void testPasswordLoginNotMappedToStaffAndMembers () throws Exception {
1856+ context .turnOffAuthorisationSystem ();
1857+
1858+ GroupBuilder .createGroup (context )
1859+ .withName ("Staff" )
1860+ .build ();
1861+ GroupBuilder .createGroup (context )
1862+ .withName ("Member" )
1863+ .build ();
1864+ GroupBuilder .createGroup (context )
1865+ .withName ("specialGroupPwd" )
1866+ .build ();
1867+
1868+
1869+ configurationService .setProperty ("plugin.sequence.org.dspace.authenticate.AuthenticationMethod" ,
1870+ "org.dspace.authenticate.PasswordAuthentication, org.dspace.authenticate.ShibAuthentication" );
1871+ configurationService .setProperty ("authentication-shibboleth.role.staff" , "Staff, Member" );
1872+ configurationService .setProperty ("authentication-shibboleth.default-roles" , "staff" );
1873+ configurationService .setProperty ("authentication-shibboleth.netid-header" , "mail" );
1874+ configurationService .setProperty ("authentication-shibboleth.email-header" , "mail" );
1875+ configurationService .setProperty ("authentication-password.login.specialgroup" , "specialGroupPwd" );
1876+
1877+ context .restoreAuthSystemState ();
1878+
1879+ String passwordToken = getAuthToken (eperson .getEmail (), password );
1880+
1881+ getClient (passwordToken ).perform (get ("/api/authn/status" ).param ("projection" , "full" ))
1882+ .andExpect (status ().isOk ())
1883+ .andExpect (jsonPath ("$.okay" , is (true )))
1884+ .andExpect (jsonPath ("$.authenticated" , is (true )))
1885+ .andExpect (jsonPath ("$.authenticationMethod" , is ("password" )))
1886+ .andExpect (jsonPath ("$._embedded.specialGroups._embedded.specialGroups" ,
1887+ Matchers .containsInAnyOrder (
1888+ matchGroupWithName ("specialGroupPwd" )
1889+ )
1890+ ));
1891+
1892+ getClient (passwordToken ).perform (get ("/api/authn/status/specialGroups" ).param ("projection" , "full" ))
1893+ .andExpect (status ().isOk ())
1894+ .andExpect (jsonPath ("$._embedded.specialGroups" ,
1895+ Matchers .containsInAnyOrder (
1896+ matchGroupWithName ("specialGroupPwd" )
1897+ )
1898+ ));
1899+ }
1900+
1901+
1902+
18071903 private OrcidTokenResponseDTO buildOrcidTokenResponse (String orcid , String accessToken ) {
18081904 OrcidTokenResponseDTO token = new OrcidTokenResponseDTO ();
18091905 token .setAccessToken (accessToken );
0 commit comments