Final changes

RADAR-base · Jan 13, 2025 · cfaf02c · cfaf02c
1 parent 453cf3a
commit cfaf02c
Show file tree

Hide file tree

Showing 6 changed files with 183 additions and 186 deletions.
diff --git a/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.java b/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.java
diff --git a/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.kt b/src/integrationTest/java/org/radarbase/appserver/auth/ProjectEndpointAuthTest.kt
@@ -0,0 +1,183 @@
+/*
+ *
+ *  *
+ *  *  * Copyright 2018 King's College London
+ *  *  *
+ *  *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  *  * you may not use this file except in compliance with the License.
+ *  *  * You may obtain a copy of the License at
+ *  *  *
+ *  *  *   http://www.apache.org/licenses/LICENSE-2.0
+ *  *  *
+ *  *  * Unless required by applicable law or agreed to in writing, software
+ *  *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  *  * See the License for the specific language governing permissions and
+ *  *  * limitations under the License.
+ *  *  *
+ *  *
+ *
+ */
+package org.radarbase.appserver.auth
+
+import org.junit.jupiter.api.*
+import org.junit.jupiter.api.extension.ExtendWith
+import org.radarbase.appserver.auth.common.MPOAuthHelper
+import org.radarbase.appserver.auth.common.OAuthHelper
+import org.radarbase.appserver.dto.ProjectDto
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.boot.test.web.client.TestRestTemplate
+import org.springframework.boot.test.web.server.LocalServerPort
+import org.springframework.http.*
+import org.springframework.test.context.junit.jupiter.SpringExtension
+import org.springframework.web.client.ResourceAccessException
+
+@ExtendWith(SpringExtension::class)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@TestMethodOrder(MethodOrderer.OrderAnnotation::class)
+class ProjectEndpointAuthTest {
+    @Transient
+    private val restTemplate = TestRestTemplate()
+
+    @LocalServerPort
+    @Transient
+    private val port = 0
+
+    @Test
+    fun unauthorisedCreateProject() {
+        val projectDto = ProjectDto(null, "radar", null, null)
+        val projectEntity = HttpEntity<ProjectDto?>(projectDto, HEADERS)
+
+        var responseEntity: ResponseEntity<ProjectDto?>? = null
+        try {
+            responseEntity =
+                restTemplate.exchange<ProjectDto?>(
+                    createURLWithPort(port, PROJECT_PATH),
+                    HttpMethod.POST,
+                    projectEntity,
+                    ProjectDto::class.java
+                )
+        } catch (_: ResourceAccessException) {
+            Assertions.assertEquals(responseEntity, null)
+        }
+    }
+
+    @Test
+    fun unauthorisedViewProjects() {
+        val projectEntity = HttpEntity<ProjectDto?>(null, HEADERS)
+
+        val responseEntity: ResponseEntity<ProjectDto?> =
+            restTemplate.exchange<ProjectDto?>(
+                createURLWithPort(port, PROJECT_PATH), HttpMethod.GET, projectEntity, ProjectDto::class.java
+            )
+        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.statusCode)
+    }
+
+    @Test
+    fun unauthorisedViewSingleProject() {
+        val projectEntity = HttpEntity<ProjectDto?>(null, HEADERS)
+
+        val responseEntity: ResponseEntity<ProjectDto?> =
+            restTemplate.exchange<ProjectDto?>(
+                createURLWithPort(port, "/projects/radar"),
+                HttpMethod.GET,
+                projectEntity,
+                ProjectDto::class.java
+            )
+        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.statusCode)
+    }
+
+    @Test
+    fun forbiddenViewProjects() {
+        val projectEntity = HttpEntity<ProjectDto?>(null, AUTH_HEADER)
+
+        val responseEntity: ResponseEntity<ProjectDto?> =
+            restTemplate.exchange<ProjectDto?>(
+                createURLWithPort(port, PROJECT_PATH), HttpMethod.GET, projectEntity, ProjectDto::class.java
+            )
+
+        // Only Admins can view the list of all projects
+        Assertions.assertEquals(HttpStatus.FORBIDDEN, responseEntity.statusCode)
+    }
+
+    @Test
+    @Order(1)
+    fun createSingleProjectWithAuth() {
+        val projectDto = ProjectDto(null, "radar", null, null)
+        val projectEntity = HttpEntity<ProjectDto?>(projectDto, AUTH_HEADER)
+
+        val responseEntity: ResponseEntity<ProjectDto?> =
+            restTemplate.exchange<ProjectDto?>(
+                createURLWithPort(port, PROJECT_PATH),
+                HttpMethod.POST,
+                projectEntity,
+                ProjectDto::class.java
+            )
+
+        if (responseEntity.statusCode == HttpStatus.EXPECTATION_FAILED) {
+            // The auth was successful but expectation failed if the project already exits.
+            // Since this is just an auth test we can return.
+            return
+        }
+        Assertions.assertEquals(HttpStatus.CREATED, responseEntity.statusCode)
+    }
+
+    @Order(2)
+    @Test
+    fun getSingleProjectWithAuth() {
+            val projectEntity =
+                HttpEntity<ProjectDto?>(null, AUTH_HEADER)
+
+            val responseEntity: ResponseEntity<ProjectDto?> =
+                restTemplate.exchange<ProjectDto?>(
+                    createURLWithPort(port, "/projects/radar"),
+                    HttpMethod.GET,
+                    projectEntity,
+                    ProjectDto::class.java
+                )
+
+            Assertions.assertEquals(
+                HttpStatus.OK,
+                responseEntity.statusCode
+            )
+        }
+
+    @Order(3)
+    @Test
+    fun getForbiddenProjectWithAuth() {
+            val projectEntity =
+                HttpEntity<ProjectDto?>(null, AUTH_HEADER)
+
+            val responseEntity: ResponseEntity<ProjectDto?> =
+                restTemplate.exchange<ProjectDto?>(
+                    createURLWithPort(port, "/projects/test"),
+                    HttpMethod.GET,
+                    projectEntity,
+                    ProjectDto::class.java
+                )
+
+            // Access denied as the user has only access to the project that it is part of.
+            Assertions.assertEquals(
+                HttpStatus.FORBIDDEN,
+                responseEntity.statusCode
+            )
+        }
+
+    companion object {
+        const val PROJECT_PATH: String = "/projects"
+        private val HEADERS = HttpHeaders()
+        private var AUTH_HEADER: HttpHeaders? = null
+
+        @JvmStatic
+        @BeforeAll
+        fun init() {
+            val oAuthHelper: OAuthHelper = MPOAuthHelper()
+            AUTH_HEADER = HttpHeaders()
+            AUTH_HEADER!!.setBearerAuth(oAuthHelper.getAccessToken())
+        }
+
+        fun createURLWithPort(port: Int, uri: String): String {
+            return "http://localhost:$port$uri"
+        }
+    }
+}
diff --git a/src/main/java/org/radarbase/appserver/mapper/Mapper.kt b/src/main/java/org/radarbase/appserver/mapper/Mapper.kt
@@ -29,7 +29,6 @@ import java.util.stream.Collectors
  *
  * @param <E> the entity object class
  * @param <D> the DTO object class
- * TODO - Use MapStruct for mapping entities and DTOs (http://mapstruct.org/)
  */
 interface Mapper<D, E> {
     fun dtoToEntity(dto: D): E

diff --git a/src/main/java/org/radarbase/appserver/service/ManagementPortalService.kt b/src/main/java/org/radarbase/appserver/service/ManagementPortalService.kt
@@ -21,5 +21,4 @@
 package org.radarbase.appserver.service
 
 class ManagementPortalService
-// TODO WIP - Add MP client and get subjects and projects info if missing in any request.
 
diff --git a/src/main/java/org/radarbase/appserver/service/UserService.kt b/src/main/java/org/radarbase/appserver/service/UserService.kt
@@ -171,8 +171,6 @@ class UserService(
      * @throws InvalidUserDetailsException If a user with the same subject ID already exists in the specified project.
      */
     fun saveUserInProject(userDto: FcmUserDto): FcmUserDto {
-        // TODO: Future -- If any value is null get them using the MP api using others. (eg only subject
-        // id, then get project id and source ids from MP)
         // TODO: Make the above pluggable so can use others or none.
         logger.debug("Saving user: {}", userDto)
 

diff --git a/src/main/java/org/radarbase/appserver/service/scheduler/AdminEmailNotifierScheduler.kt b/src/main/java/org/radarbase/appserver/service/scheduler/AdminEmailNotifierScheduler.kt
@@ -27,9 +27,3 @@ package org.radarbase.appserver.service.scheduler
  */
 class AdminEmailNotifierScheduler
 
-
-// TODO: Add a scheduler that checks everyday if a user is inactive for a long time (lastOpened >
-// 30 days) and send a warning email to the study/project admin.
-// TODO: We can also add the functionality to remind the users to open the app by sending a push
-// notification.
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -21,5 +21,4 @@
		package org.radarbase.appserver.service

		class ManagementPortalService
		// TODO WIP - Add MP client and get subjects and projects info if missing in any request.