Merge pull request #951 from tinexw/925-bearer-token

Ronald Holshausen · web-flow · commit 079e673b1c57 · 2019-10-27T14:33:24.000+11:00
Support bearer token with JUnit annotations - Fixes gh-925
diff --git a/provider/pact-jvm-provider-junit/README.md b/provider/pact-jvm-provider-junit/README.md
@@ -227,9 +227,9 @@ The following keys may be managed through the environment
 * `pactbroker.port`
 * `pactbroker.scheme`
 * `pactbroker.tags` (comma separated)
-* `pactbroker.auth.scheme`
-* `pactbroker.auth.username`
-* `pactbroker.auth.password`
+* `pactbroker.auth.username` (for basic auth)
+* `pactbroker.auth.password` (for basic auth)
+* `pactbroker.auth.token` (for bearer auth)
 
 
 #### Using tags with the pact broker
@@ -246,7 +246,7 @@ For any other value the latest pact tagged with the specified tag is loaded.
 
 Specifying multiple tags is an OR operation. For example if you specify `tags = {"dev", "prod"}` then both the latest pact file tagged with `dev` and the latest pact file taggged with `prod` is loaded.
 
-#### Using basic auth with the with the pact broker
+#### Using authentication with the with the pact broker
 
 You can use basic authentication with the `@PactBroker` annotation by setting the `authentication` value to a `@PactBrokerAuth`
 annotation. For example:
@@ -256,7 +256,14 @@ annotation. For example:
   authentication = @PactBrokerAuth(username = "test", password = "test"))
 ```
 
-The `username` and `password` values also take Java system property expressions.
+Bearer tokens are also supported. For example:
+
+```java
+@PactBroker(host = "${pactbroker.url:localhost}", port = "1234", tags = {"latest", "prod", "dev"},
+  authentication = @PactBrokerAuth(token = "test"))
+```
+
+The `token`, `username` and `password` values also take Java system property expressions.
 
 Preemptive Authentication can be enabled by setting the `pact.pactbroker.httpclient.usePreemptiveAuthentication` Java
 system property to `true`.
diff --git a/provider/pact-jvm-provider-junit/src/test/groovy/au/com/dius/pact/provider/junit/loader/PactBrokerLoaderSpec.groovy b/provider/pact-jvm-provider-junit/src/test/groovy/au/com/dius/pact/provider/junit/loader/PactBrokerLoaderSpec.groovy
@@ -5,6 +5,7 @@ import au.com.dius.pact.core.pactbroker.IHalClient
 import au.com.dius.pact.core.pactbroker.InvalidHalResponse
 import au.com.dius.pact.core.pactbroker.PactBrokerClient
 import au.com.dius.pact.core.pactbroker.PactBrokerConsumer
+import au.com.dius.pact.core.support.expressions.SystemPropertyResolver
 import au.com.dius.pact.core.support.expressions.ValueResolver
 import au.com.dius.pact.provider.ConsumerInfo
 import spock.lang.Specification
@@ -408,6 +409,104 @@ class PactBrokerLoaderSpec extends Specification {
     1 * brokerClient.fetchConsumers('test') >> []
   }
 
+  def 'Auth: Uses basic auth if no auth is provided'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(PactBrokerAnnotationAuthNotSet.getAnnotation(PactBroker))
+    }
+
+    when:
+    def pactBrokerClient = pactBrokerLoader()
+            .newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    pactBrokerClient.options == ['authentication': ['basic', '', '']]
+  }
+
+  def 'Auth: Uses provided auth scheme if it is provided'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(PactBrokerAnnotationAuthWithSchemeSet.getAnnotation(PactBroker))
+    }
+
+    when:
+    def pactBrokerClient = pactBrokerLoader()
+            .newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    pactBrokerClient.options == ['authentication': ['foobar', 'user', 'pw']]
+  }
+
+  def 'Auth: Uses basic auth if username and password are provided'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(PactBrokerAnnotationWithUsernameAndPassword.getAnnotation(PactBroker))
+    }
+
+    when:
+    def pactBrokerClient = pactBrokerLoader()
+            .newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    pactBrokerClient.options == ['authentication': ['basic', 'user', 'pw']]
+  }
+
+  def 'Auth: Uses basic auth if username and token are provided'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(PactBrokerAnnotationAuthWithUsernameAndToken.getAnnotation(PactBroker))
+    }
+
+    when:
+    def pactBrokerClient = pactBrokerLoader()
+            .newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    pactBrokerClient.options == ['authentication': ['basic', 'user', '']]
+  }
+
+  def 'Auth: Uses bearer auth if token is provided'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(PactBrokerAnnotationWithOnlyToken.getAnnotation(PactBroker))
+    }
+
+    when:
+    def pactBrokerClient = pactBrokerLoader()
+            .newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    pactBrokerClient.options == ['authentication': ['bearer', 'token-value']]
+  }
+
+  def 'Auth: Uses bearer auth if token and password are provided'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(PactBrokerAnnotationWithPasswordAndToken.getAnnotation(PactBroker))
+    }
+
+    when:
+    def pactBrokerClient = pactBrokerLoader()
+            .newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    pactBrokerClient.options == ['authentication': ['bearer', 'token-value']]
+  }
+
+  def 'Auth: Fails if neither token nor username is provided'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(PactBrokerAnnotationEmptyAuth.getAnnotation(PactBroker))
+    }
+
+    when:
+    pactBrokerLoader().newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    IllegalArgumentException exception = thrown(IllegalArgumentException)
+    exception.message == 'Invalid pact authentication specified. Either username or token must be set.'
+  }
+
   @PactBroker(host = 'pactbroker.host', port = '1000')
   static class FullPactBrokerAnnotation {
 
@@ -428,4 +527,45 @@ class PactBrokerLoaderSpec extends Specification {
 
   }
 
+  @PactBroker(host = 'pactbroker.host')
+  static class PactBrokerAnnotationAuthNotSet {
+
+  }
+
+  @PactBroker(host = 'pactbroker.host',
+      authentication = @PactBrokerAuth(scheme = 'foobar', username = 'user', password = 'pw'))
+  static class PactBrokerAnnotationAuthWithSchemeSet {
+
+  }
+
+  @PactBroker(host = 'pactbroker.host',
+      authentication = @PactBrokerAuth(username = 'user', password =  'pw'))
+  static class PactBrokerAnnotationWithUsernameAndPassword {
+
+  }
+
+  @PactBroker(host = 'pactbroker.host',
+      authentication = @PactBrokerAuth(username = 'user', token = 'ignored'))
+  static class PactBrokerAnnotationAuthWithUsernameAndToken {
+
+  }
+
+  @PactBroker(host = 'pactbroker.host',
+      authentication = @PactBrokerAuth(password = 'pw', token = 'token-value'))
+  static class PactBrokerAnnotationWithPasswordAndToken {
+
+  }
+
+  @PactBroker(host = 'pactbroker.host',
+      authentication = @PactBrokerAuth(token = 'token-value'))
+  static class PactBrokerAnnotationWithOnlyToken {
+
+  }
+
+  @PactBroker(host = 'pactbroker.host',
+          authentication = @PactBrokerAuth)
+  static class PactBrokerAnnotationEmptyAuth {
+
+  }
+
 }
diff --git a/provider/pact-jvm-provider-junit/src/test/kotlin/au/com/dius/pact/provider/junit/PactBrokerAnnotationDefaultsTest.kt b/provider/pact-jvm-provider-junit/src/test/kotlin/au/com/dius/pact/provider/junit/PactBrokerAnnotationDefaultsTest.kt
@@ -100,8 +100,8 @@ class PactBrokerAnnotationDefaultsTest {
     }
 
     @Test
-    fun `default auth scheme is basic`() {
-        assertThat(parseExpression(annotation.authentication.scheme), `is`("basic"))
+    fun `default auth scheme is legacy`() {
+        assertThat(parseExpression(annotation.authentication.scheme), `is`("legacy"))
     }
 
     @Test
@@ -132,6 +132,17 @@ class PactBrokerAnnotationDefaultsTest {
         assertThat(parseListExpression(annotation.authentication.password), contains("myPass"))
     }
 
+    @Test
+    fun `default auth token is empty`() {
+        assertThat(parseExpression(annotation.authentication.token), `is`(""))
+    }
+
+    @Test
+    fun `can set auth token`() {
+        props.setProperty("pactbroker.auth.token", "myToken")
+        assertThat(parseListExpression(annotation.authentication.token), contains("myToken"))
+    }
+
     @PactBroker
     class SampleBrokerClass
 }
diff --git a/provider/pact-jvm-provider/src/main/java/au/com/dius/pact/provider/junit/loader/PactBroker.java b/provider/pact-jvm-provider/src/main/java/au/com/dius/pact/provider/junit/loader/PactBroker.java
@@ -50,8 +50,8 @@
   /**
    * Authentication to use with the pact broker, by default no authentication is used
    */
-  PactBrokerAuth authentication() default @PactBrokerAuth(scheme = "${pactbroker.auth.scheme:basic}",
-    username = "${pactbroker.auth.username:}", password = "${pactbroker.auth.password:}");
+  PactBrokerAuth authentication() default @PactBrokerAuth(scheme = "${pactbroker.auth.scheme:legacy}",
+    username = "${pactbroker.auth.username:}", password = "${pactbroker.auth.password:}", token = "${pactbroker.auth.token:}");
 
   /**
    * Override the default value resolver for resolving the values in the expressions
diff --git a/provider/pact-jvm-provider/src/main/java/au/com/dius/pact/provider/junit/loader/PactBrokerAuth.java b/provider/pact-jvm-provider/src/main/java/au/com/dius/pact/provider/junit/loader/PactBrokerAuth.java
@@ -15,17 +15,29 @@
 public @interface PactBrokerAuth {
 
   /**
-   * Authentication scheme to use. The default is basic.
+   * Authentication scheme to use.
+   *
+   * @deprecated Does no longer need to be set explicitly. It is now automatically set to
+   * <ul>
+   *     <li><b>Basic</b> if username is set.</li>
+   *     <li><b>Bearer</b> if token is set.</li>
+   * </ul>
    */
-  String scheme() default "Basic";
+  @Deprecated
+  String scheme() default "";
 
   /**
-   * Username to use for authentication
+   * Username to use for basic authentication
    */
-  String username();
+  String username() default "";
 
   /**
-   * Password to use for authentication
+   * Password to use for basic authentication
    */
-  String password();
+  String password() default "";
+
+  /**
+   * Token to use for bearer token authentication
+   */
+  String token() default "";
 }
diff --git a/provider/pact-jvm-provider/src/main/java/au/com/dius/pact/provider/junit/loader/PactBrokerLoader.java b/provider/pact-jvm-provider/src/main/java/au/com/dius/pact/provider/junit/loader/PactBrokerLoader.java
@@ -179,13 +179,41 @@ Pact loadPact(ConsumerInfo consumer, Map options) {
   }
 
   PactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
-    HashMap options = new HashMap();
-    if (this.authentication != null && !this.authentication.scheme().equalsIgnoreCase("none")) {
-      options.put("authentication", Arrays.asList(parseExpression(this.authentication.scheme(), resolver),
-          parseExpression(this.authentication.username(), resolver),
-          parseExpression(this.authentication.password(), resolver)));
+    if (this.authentication == null || this.authentication.scheme().equalsIgnoreCase("none")) {
+      LOGGER.debug("Authentication: None");
+      return new PactBrokerClient(url.toString(), Collections.emptyMap());
     }
-    return new PactBrokerClient(url.toString(), options);
+
+    String scheme = parseExpression(this.authentication.scheme(), resolver);
+    if (StringUtils.isNotEmpty(scheme)) {
+      // Legacy behavior (before support for bearer token was added):
+      // If scheme was not explicitly set, basic was always used.
+      // If it was explicitly set, the given value was used together with username and password
+      String schemeToUse = scheme.equals("legacy") ? "basic": scheme;
+      LOGGER.debug("Authentication: {}", schemeToUse);
+      Map<String, List<String>> options = Collections.singletonMap("authentication", Arrays.asList(schemeToUse,
+              parseExpression(this.authentication.username(), resolver),
+              parseExpression(this.authentication.password(), resolver)));
+      return new PactBrokerClient(url.toString(), options);
+    }
+
+    // Check if username is set. If yes, use basic auth.
+    String username = parseExpression(this.authentication.username(), resolver);
+    if (StringUtils.isNotEmpty(username)) {
+      LOGGER.debug("Authentication: Basic");
+      Map<String, List<String>> options = Collections.singletonMap("authentication", Arrays.asList("basic", username, parseExpression(this.authentication.password(), resolver)));
+      return new PactBrokerClient(url.toString(), options);
+    }
+
+    // Check if token is set. If yes, use bearer auth.
+    String token = parseExpression(this.authentication.token(), resolver);
+    if (StringUtils.isNotEmpty(token)) {
+      LOGGER.debug("Authentication: Bearer");
+      Map<String, List<String>> options = Collections.singletonMap("authentication", Arrays.asList("bearer", token));
+      return new PactBrokerClient(url.toString(), options);
+    }
+
+    throw new IllegalArgumentException("Invalid pact authentication specified. Either username or token must be set.");
   }
 
   public boolean isFailIfNoPactsFound() {
