diff --git a/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.java b/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.java new file mode 100644 index 00000000..8bb51398 --- /dev/null +++ b/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.java @@ -0,0 +1,176 @@ +/* + * + * * + * * * Copyright 2018 King's College London + * * * + * * * Licensed under the Apache License, Version 2.0 (the "License"); + * * * you may not use this file except in compliance with the License. + * * * You may obtain a copy of the License at + * * * + * * * http://www.apache.org/licenses/LICENSE-2.0 + * * * + * * * Unless required by applicable law or agreed to in writing, software + * * * distributed under the License is distributed on an "AS IS" BASIS, + * * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * * See the License for the specific language governing permissions and + * * * limitations under the License. + * * * + * * + * + */ + +package org.radarbase.appserver.auth; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.MethodOrderer.OrderAnnotation; +import org.junit.jupiter.api.Order; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestMethodOrder; +import org.junit.jupiter.api.extension.ExtendWith; +import org.radarbase.appserver.auth.common.MPOAuthHelper; +import org.radarbase.appserver.auth.common.OAuthHelper; +import org.radarbase.appserver.dto.ProjectDto; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.boot.test.web.server.LocalServerPort; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.test.context.junit.jupiter.SpringExtension; +import org.springframework.web.client.ResourceAccessException; + +@ExtendWith(SpringExtension.class) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@TestMethodOrder(OrderAnnotation.class) +@SuppressWarnings("PMD.DataflowAnomalyAnalysis") +public class ProjectEndpointAuthTest { + + public static final String PROJECT_PATH = "/projects"; + private static final HttpHeaders HEADERS = new HttpHeaders(); + private static HttpHeaders AUTH_HEADER; + private final transient TestRestTemplate restTemplate = new TestRestTemplate(); + @LocalServerPort private transient int port; + + @BeforeAll + static void init() { + OAuthHelper oAuthHelper = new MPOAuthHelper(); + AUTH_HEADER = new HttpHeaders(); + AUTH_HEADER.setBearerAuth(oAuthHelper.getAccessToken()); + } + + public static String createURLWithPort(int port, String uri) { + return "http://localhost:" + port + uri; + } + + @Test + public void unauthorisedCreateProject() { + + ProjectDto projectDto = new ProjectDto(null, "radar", null, null); + HttpEntity projectEntity = new HttpEntity<>(projectDto, HEADERS); + + ResponseEntity responseEntity = null; + try { + responseEntity = + restTemplate.exchange( + createURLWithPort(port, PROJECT_PATH), + HttpMethod.POST, + projectEntity, + ProjectDto.class); + } catch (ResourceAccessException e) { + assertEquals(responseEntity, null); + } + } + + @Test + public void unauthorisedViewProjects() { + + HttpEntity projectEntity = new HttpEntity<>(null, HEADERS); + + ResponseEntity responseEntity = + restTemplate.exchange( + createURLWithPort(port, PROJECT_PATH), HttpMethod.GET, projectEntity, ProjectDto.class); + assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode()); + } + + @Test + public void unauthorisedViewSingleProject() { + + HttpEntity projectEntity = new HttpEntity<>(null, HEADERS); + + ResponseEntity responseEntity = + restTemplate.exchange( + createURLWithPort(port, "/projects/radar"), + HttpMethod.GET, + projectEntity, + ProjectDto.class); + assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode()); + } + + @Test + public void forbiddenViewProjects() { + HttpEntity projectEntity = new HttpEntity<>(null, AUTH_HEADER); + + ResponseEntity responseEntity = + restTemplate.exchange( + createURLWithPort(port, PROJECT_PATH), HttpMethod.GET, projectEntity, ProjectDto.class); + + // Only Admins can view the list of all projects + assertEquals(HttpStatus.FORBIDDEN, responseEntity.getStatusCode()); + } + + @Test + @Order(1) + public void createSingleProjectWithAuth() { + ProjectDto projectDto = new ProjectDto(null, "radar", null, null); + HttpEntity projectEntity = new HttpEntity<>(projectDto, AUTH_HEADER); + + ResponseEntity responseEntity = + restTemplate.exchange( + createURLWithPort(port, PROJECT_PATH), + HttpMethod.POST, + projectEntity, + ProjectDto.class); + + if (responseEntity.getStatusCode().equals(HttpStatus.EXPECTATION_FAILED)) { + // The auth was successful but expectation failed if the project already exits. + // Since this is just an auth test we can return. + return; + } + assertEquals(HttpStatus.CREATED, responseEntity.getStatusCode()); + } + + @Test + @Order(2) + public void getSingleProjectWithAuth() { + HttpEntity projectEntity = new HttpEntity<>(null, AUTH_HEADER); + + ResponseEntity responseEntity = + restTemplate.exchange( + createURLWithPort(port, "/projects/radar"), + HttpMethod.GET, + projectEntity, + ProjectDto.class); + + assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); + } + + @Test + @Order(3) + public void getForbiddenProjectWithAuth() { + HttpEntity projectEntity = new HttpEntity<>(null, AUTH_HEADER); + + ResponseEntity responseEntity = + restTemplate.exchange( + createURLWithPort(port, "/projects/test"), + HttpMethod.GET, + projectEntity, + ProjectDto.class); + + // Access denied as the user has only access to the project that it is part of. + assertEquals(HttpStatus.FORBIDDEN, responseEntity.getStatusCode()); + } +} \ No newline at end of file diff --git a/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.kt b/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.kt deleted file mode 100644 index 7c47aa86..00000000 --- a/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.kt +++ /dev/null @@ -1,182 +0,0 @@ -/* - * - * * - * * * Copyright 2018 King's College London - * * * - * * * Licensed under the Apache License, Version 2.0 (the "License"); - * * * you may not use this file except in compliance with the License. - * * * You may obtain a copy of the License at - * * * - * * * http://www.apache.org/licenses/LICENSE-2.0 - * * * - * * * Unless required by applicable law or agreed to in writing, software - * * * distributed under the License is distributed on an "AS IS" BASIS, - * * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * * See the License for the specific language governing permissions and - * * * limitations under the License. - * * * - * * - * - */ -package org.radarbase.appserver.auth - -import org.junit.jupiter.api.* -import org.junit.jupiter.api.extension.ExtendWith -import org.radarbase.appserver.auth.common.MPOAuthHelper -import org.radarbase.appserver.auth.common.OAuthHelper -import org.radarbase.appserver.dto.ProjectDto -import org.springframework.boot.test.context.SpringBootTest -import org.springframework.boot.test.web.client.TestRestTemplate -import org.springframework.boot.test.web.server.LocalServerPort -import org.springframework.http.* -import org.springframework.test.context.junit.jupiter.SpringExtension -import org.springframework.web.client.ResourceAccessException - -@ExtendWith(SpringExtension::class) -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) -@TestMethodOrder(MethodOrderer.OrderAnnotation::class) -class ProjectEndpointAuthTest { - @Transient - private val restTemplate = TestRestTemplate() - - @LocalServerPort - @Transient - private val port = 0 - - @Test - fun unauthorisedCreateProject() { - val projectDto = ProjectDto(null, "radar", null, null) - val projectEntity = HttpEntity(projectDto, HEADERS) - - var responseEntity: ResponseEntity? = null - try { - responseEntity = - restTemplate.exchange( - createURLWithPort(port, PROJECT_PATH), - HttpMethod.POST, - projectEntity, - ProjectDto::class.java - ) - } catch (_: ResourceAccessException) { - Assertions.assertEquals(responseEntity, null) - } - } - - @Test - fun unauthorisedViewProjects() { - val projectEntity = HttpEntity(null, HEADERS) - - val responseEntity: ResponseEntity = - restTemplate.exchange( - createURLWithPort(port, PROJECT_PATH), HttpMethod.GET, projectEntity, ProjectDto::class.java - ) - Assertions.assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.statusCode) - } - - @Test - fun unauthorisedViewSingleProject() { - val projectEntity = HttpEntity(null, HEADERS) - - val responseEntity: ResponseEntity = - restTemplate.exchange( - createURLWithPort(port, "/projects/radar"), - HttpMethod.GET, - projectEntity, - ProjectDto::class.java - ) - Assertions.assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.statusCode) - } - - @Test - fun forbiddenViewProjects() { - val projectEntity = HttpEntity(null, AUTH_HEADER) - - val responseEntity: ResponseEntity = - restTemplate.exchange( - createURLWithPort(port, PROJECT_PATH), HttpMethod.GET, projectEntity, ProjectDto::class.java - ) - - // Only Admins can view the list of all projects - Assertions.assertEquals(HttpStatus.FORBIDDEN, responseEntity.statusCode) - } - - @Test - @Order(1) - fun createSingleProjectWithAuth() { - val projectDto = ProjectDto(null, "radar", null, null) - val projectEntity = HttpEntity(projectDto, AUTH_HEADER) - - val responseEntity: ResponseEntity = restTemplate.exchange( - createURLWithPort(port, PROJECT_PATH), - HttpMethod.POST, - projectEntity, - ProjectDto::class.java - ) - - if (responseEntity.statusCode == HttpStatus.EXPECTATION_FAILED) { - // The auth was successful but expectation failed if the project already exits. - // Since this is just an auth test we can return. - return - } - Assertions.assertEquals(HttpStatus.CREATED, responseEntity.statusCode) - } - - @Order(2) - @Test - fun singleProjectWithAuth() { - val projectEntity = - HttpEntity(null, AUTH_HEADER) - - val responseEntity: ResponseEntity = - restTemplate.exchange( - createURLWithPort(port, "/projects/radar"), - HttpMethod.GET, - projectEntity, - ProjectDto::class.java - ) - Assertions.assertEquals( - HttpStatus.OK, - responseEntity.statusCode - ) - } - - @Order(3) - @Test - fun forbiddenProjectWithAuth() { - val projectEntity = - HttpEntity(null, AUTH_HEADER) - - val responseEntity: ResponseEntity = - restTemplate.exchange( - createURLWithPort(port, "/projects/test"), - HttpMethod.GET, - projectEntity, - ProjectDto::class.java - ) - - // Access denied as the user has only access to the project that it is part of. - Assertions.assertEquals( - HttpStatus.FORBIDDEN, - responseEntity.statusCode - ) - } - - companion object { - const val PROJECT_PATH: String = "/projects" - private val HEADERS = HttpHeaders() - private var AUTH_HEADER: HttpHeaders? = null - - @JvmStatic - @BeforeAll - fun init() { - val oAuthHelper: OAuthHelper = MPOAuthHelper() - AUTH_HEADER = HttpHeaders() - AUTH_HEADER!!.setBearerAuth(oAuthHelper.getAccessToken()) - } - - @JvmStatic - fun createURLWithPort(port: Int, uri: String): String { - return "http://localhost:$port$uri" - } - } -} diff --git a/src/integrationTest/resources/application.properties b/src/integrationTest/resources/application.properties index 43c35cac..23ca2c01 100644 --- a/src/integrationTest/resources/application.properties +++ b/src/integrationTest/resources/application.properties @@ -101,4 +101,4 @@ security.github.client.timeout=10 security.github.client.maxContentLength=1000000 security.github.cache.size=10000 security.github.cache.duration=3600 -security.github.cache.retryDuration=60 +security.github.cache.retryDuration=60 \ No newline at end of file