remove secrets from credentials (#198)
Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/198 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
+1
-40
@@ -27,7 +27,6 @@ import jakarta.persistence.PersistenceContext;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
|
||||
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.LEGAL_PERSON;
|
||||
@@ -36,9 +35,6 @@ import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.hamcrest.Matchers.nullValue;
|
||||
|
||||
@Tag("generalIntegrationTest")
|
||||
@Transactional
|
||||
@@ -136,14 +132,11 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
"familyName": null
|
||||
},
|
||||
"nickname": "test-subject1",
|
||||
"totpSecrets": null,
|
||||
"phonePassword": null,
|
||||
"emailAddress": null,
|
||||
"smsNumber": null,
|
||||
"active": false,
|
||||
"globalUid": null,
|
||||
"globalGid": null,
|
||||
"onboardingToken": null,
|
||||
"contexts": [
|
||||
{
|
||||
"uuid": "33333333-3333-3333-3333-333333333333",
|
||||
@@ -166,8 +159,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
"onlyForNaturalPersons": false,
|
||||
"publicAccess": true
|
||||
}
|
||||
],
|
||||
"lastUsed": null
|
||||
]
|
||||
}
|
||||
"""));
|
||||
// @formatter:on
|
||||
@@ -369,37 +361,6 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
class MarkCredentialsAsUsed {
|
||||
|
||||
@Test
|
||||
void markCredentialsAsUsed() {
|
||||
// given
|
||||
val testPerson = givenNaturalPerson("selfregistered-user-drew@hostsharing.org");
|
||||
val credentialsEntity = givenNewCredentials("selfregistered-user-drew@hostsharing.org",
|
||||
"test-subject2",
|
||||
testPerson, builder -> {
|
||||
builder.onboardingToken("some-onboarding-token");
|
||||
builder.loginContexts(contextRepo.findAll().stream()
|
||||
.filter(HsCredentialsContext::isPublicAccess).collect(Collectors.toSet()));
|
||||
});
|
||||
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
|
||||
.port(port)
|
||||
.when()
|
||||
.post("http://localhost/api/hs/accounts/credentials/" + credentialsEntity.getUuid() + "/used")
|
||||
.then().log().all().assertThat()
|
||||
.statusCode(200)
|
||||
.contentType("application/json")
|
||||
.body("uuid", is(credentialsEntity.getUuid().toString()))
|
||||
.body("onboardingToken", is(nullValue()))
|
||||
.body("lastUsed", is(not(nullValue())));
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
|
||||
// Helper methods
|
||||
private HsOfficePersonRealEntity givenLegalPerson(final String executingSubjectName) {
|
||||
return jpaAttempt.transacted(() -> {
|
||||
|
||||
-19
@@ -33,15 +33,11 @@ class HsCredentialsEntityPatcherUnitTest extends PatchUnitTestBase<
|
||||
|
||||
private static final Boolean INITIAL_ACTIVE = true;
|
||||
private static final String INITIAL_EMAIL_ADDRESS = "initial@example.com";
|
||||
private static final List<String> INITIAL_TOTP_SECRETS = List.of("initial_2fa");
|
||||
private static final String INITIAL_SMS_NUMBER = "initial_sms";
|
||||
private static final String INITIAL_PHONE_PASSWORD = "initial_phone_pw";
|
||||
|
||||
private static final Boolean PATCHED_ACTIVE = false;
|
||||
private static final String PATCHED_EMAIL_ADDRESS = "patched@example.com";
|
||||
private static final List<String> PATCHED_TOTP_SECRETS = List.of("patched_2fa");
|
||||
private static final String PATCHED_SMS_NUMBER = "patched_sms";
|
||||
private static final String PATCHED_PHONE_PASSWORD = "patched_phone_pw";
|
||||
|
||||
// Contexts
|
||||
private static final UUID CONTEXT_UUID_1 = UUID.randomUUID();
|
||||
@@ -102,9 +98,7 @@ class HsCredentialsEntityPatcherUnitTest extends PatchUnitTestBase<
|
||||
entity.setUuid(INITIAL_CREDENTIALS_UUID);
|
||||
entity.setActive(INITIAL_ACTIVE);
|
||||
entity.setEmailAddress(INITIAL_EMAIL_ADDRESS);
|
||||
entity.setTotpSecrets(INITIAL_TOTP_SECRETS);
|
||||
entity.setSmsNumber(INITIAL_SMS_NUMBER);
|
||||
entity.setPhonePassword(INITIAL_PHONE_PASSWORD);
|
||||
// Ensure loginContexts is a mutable set for the patcher
|
||||
entity.setLoginContexts(new HashSet<>(initialContextEntities));
|
||||
return entity;
|
||||
@@ -137,25 +131,12 @@ class HsCredentialsEntityPatcherUnitTest extends PatchUnitTestBase<
|
||||
PATCHED_EMAIL_ADDRESS,
|
||||
HsCredentialsEntity::setEmailAddress,
|
||||
PATCHED_EMAIL_ADDRESS),
|
||||
new SimpleProperty<>(
|
||||
"totpSecret",
|
||||
CredentialsPatchResource::setTotpSecrets,
|
||||
PATCHED_TOTP_SECRETS,
|
||||
HsCredentialsEntity::setTotpSecrets,
|
||||
PATCHED_TOTP_SECRETS)
|
||||
.notNullable(),
|
||||
new JsonNullableProperty<>(
|
||||
"smsNumber",
|
||||
CredentialsPatchResource::setSmsNumber,
|
||||
PATCHED_SMS_NUMBER,
|
||||
HsCredentialsEntity::setSmsNumber,
|
||||
PATCHED_SMS_NUMBER),
|
||||
new JsonNullableProperty<>(
|
||||
"phonePassword",
|
||||
CredentialsPatchResource::setPhonePassword,
|
||||
PATCHED_PHONE_PASSWORD,
|
||||
HsCredentialsEntity::setPhonePassword,
|
||||
PATCHED_PHONE_PASSWORD),
|
||||
new SimpleProperty<>(
|
||||
"contexts",
|
||||
CredentialsPatchResource::setContexts,
|
||||
|
||||
+1
-6
@@ -36,11 +36,8 @@ public class CreateCredentials extends BaseCredentialsUseCase<CreateCredentials>
|
||||
"person.uuid": ${Person: %{personGivenName} %{personFamilyName}},
|
||||
"nickname": ${nickname},
|
||||
"active": %{active},
|
||||
"totpSecrets": @{totpSecrets},
|
||||
"emailAddress": ${emailAddress},
|
||||
"phonePassword": ${phonePassword},
|
||||
"smsNumber": ${smsNumber},
|
||||
"onboardingToken": ${onboardingToken},
|
||||
"globalUid": %{globalUid},
|
||||
"globalGid": %{globalGid},
|
||||
"contexts": @{resolvedContexts}
|
||||
@@ -58,9 +55,7 @@ public class CreateCredentials extends BaseCredentialsUseCase<CreateCredentials>
|
||||
.expecting(OK).expecting(JSON),
|
||||
path("uuid").contains("%{newCredentials}"),
|
||||
path("nickname").contains("%{nickname}"),
|
||||
path("person.uuid").contains("%{Person: %{personGivenName} %{personFamilyName}}"),
|
||||
path("totpSecrets").contains("@{totpSecrets}"),
|
||||
path("onboardingToken").contains("%{onboardingToken}")
|
||||
path("person.uuid").contains("%{Person: %{personGivenName} %{personFamilyName}}")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
-5
@@ -75,9 +75,7 @@ class CredentialsScenarioTests extends ScenarioTest {
|
||||
.given("nickname", "firby-susan")
|
||||
// initial credentials
|
||||
.given("active", true)
|
||||
.given("totpSecrets", Array.of("initialSecret"))
|
||||
.given("emailAddress", "susan.firby@example.com")
|
||||
.given("phonePassword", "securePass123")
|
||||
.given("smsNumber", "+49123456789")
|
||||
.given("globalUid", 21011)
|
||||
.given("globalGid", 21011)
|
||||
@@ -85,7 +83,6 @@ class CredentialsScenarioTests extends ScenarioTest {
|
||||
"contexts", Array.of(
|
||||
Pair.of("HSADMIN", "prod")
|
||||
))
|
||||
.given("onboardingToken", "fake-unboarding-token")
|
||||
.doRun()
|
||||
.keep();
|
||||
}
|
||||
@@ -99,9 +96,7 @@ class CredentialsScenarioTests extends ScenarioTest {
|
||||
.given("credentialsUuid", "%{Credentials@hsadmin: firby-susan}")
|
||||
// updated credentials
|
||||
.given("active", false)
|
||||
.given("totpSecrets", Array.of("initialSecret", "additionalSecret"))
|
||||
.given("emailAddress", "susan.firby@example.org")
|
||||
.given("phonePassword", "securePass987")
|
||||
.given("smsNumber", "+49987654321")
|
||||
.given(
|
||||
"contexts", Array.of(
|
||||
|
||||
+1
-6
@@ -27,16 +27,12 @@ public class UpdateCredentials extends BaseCredentialsUseCase<UpdateCredentials>
|
||||
httpPatch("/api/hs/accounts/credentials/%{credentialsUuid}", usingJsonBody("""
|
||||
{
|
||||
"active": %{active},
|
||||
"totpSecrets": @{totpSecrets},
|
||||
"emailAddress": ${emailAddress},
|
||||
"phonePassword": ${phonePassword},
|
||||
"smsNumber": ${smsNumber},
|
||||
"contexts": @{resolvedContexts}
|
||||
}
|
||||
"""))
|
||||
.reportWithResponse().expecting(HttpStatus.OK).expecting(ContentType.JSON)
|
||||
.extractValue("nickname", "nickname")
|
||||
.extractValue("totpSecrets", "totpSecrets")
|
||||
);
|
||||
|
||||
return null;
|
||||
@@ -49,8 +45,7 @@ public class UpdateCredentials extends BaseCredentialsUseCase<UpdateCredentials>
|
||||
() -> httpGet("/api/hs/accounts/credentials/%{credentialsUuid}")
|
||||
.expecting(OK).expecting(JSON),
|
||||
path("uuid").contains("%{newCredentials}"),
|
||||
path("nickname").contains("%{nickname}"),
|
||||
path("totpSecrets").contains("%{totpSecrets}")
|
||||
path("nickname").contains("%{nickname}")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
+1
-1
@@ -31,12 +31,12 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.startsWith;
|
||||
|
||||
@Transactional
|
||||
@Tag("officeIntegrationTest")
|
||||
@SpringBootTest(
|
||||
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
|
||||
classes = HsadminNgApplication.class)
|
||||
@ActiveProfiles("fake-jwt")
|
||||
@Transactional
|
||||
class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCleanup {
|
||||
|
||||
@LocalServerPort
|
||||
|
||||
Reference in New Issue
Block a user