hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

migrate from CAS to Oauth2-JWT Auth (#197)

Browse Source 
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/197
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
2025-09-08 15:27:28 +02:00
parent bc06001ce9
commit d7a78d0a79
125 changed files with 1537 additions and 1549 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.aliases
+10 -6
View File
@@ -74,11 +74,15 @@ function importLegacyData() {
alias gw-importHostingAssets='importLegacyData importHostingAssets'
function gradlewBootRun() {
local port=${1:-8080}
shift
local serverPort=${1:-8080}; shift
local managementPort=${2:-$((serverPort + 1))}; shift
local additional_args="$@"
echo gw bootRun --args="--spring.profiles.active=dev,fakeCasAuthenticator,complete,test-data --server.port=${port} ${additional_args}"
./gradlew bootRun --args="--spring.profiles.active=dev,fakeCasAuthenticator,complete,test-data --server.port=${port} ${additional_args}"
unset HSADMINNG_JWT_ISSUER
unset HSADMINNG_JWT_JWKS_URL
unset HSADMINNG_JWT_TOKEN_URL
set -x
./gradlew bootRun --args="--spring.profiles.active=dev,fake-jwt,complete,test-data --server.port=${serverPort} --management.server.port=${managementPort} ${additional_args}"
set +x
}
alias gw-bootRun=gradlewBootRun
@@ -97,7 +101,7 @@ alias pg-sql-restore='gunzip --stdout | docker exec -i hsadmin-ng-postgres psql
alias fp='grep -r '@Accepts' src | sed -e 's/^.*@/@/g' | sort -u | wc -l'
alias gw-spotless='./gradlew spotlessApply -x pitest -x test -x :processResources'
alias gw-spotless='./gradlew compile spotlessApply -x pitest -x test -x :processResources'
alias gw-check='. .aliases; . .tc-environment; gw test check -x pitest'
# HOWTO: run all 'normal' tests (by default without scenario+import-tests): `gw-test`
@@ -143,7 +147,7 @@ function _gwTest() {
alias gw-test=_gwTest
alias howto=bin/howto
alias cas-curl=bin/cas-curl
alias jwt-curl=bin/jwt-curl
# etc/docker-compose.yml limits CPUs+MEM and includes a PostgreSQL config for analysing slow queries
alias gw-importHostingAssets-in-docker-compose='
.tc-environment
+2 -1
View File
@@ -3,6 +3,7 @@ source .unset-environment
export HSADMINNG_POSTGRES_RESTRICTED_USERNAME=restricted
export HSADMINNG_POSTGRES_ADMIN_USERNAME=admin
export HSADMINNG_SUPERUSER=import-superuser@hostsharing.net
export HSADMINNG_CAS_SERVER=
export HSADMINNG_OFFICE_DATA_SQL_FILE
export HSADMINNG_JWT_TOKEN_URL=http://localhost:8080/fake-jwt/token
export LANG=en_US.UTF-8
.unset-environment
+6 -1
View File
@@ -5,5 +5,10 @@ unset HSADMINNG_POSTGRES_RESTRICTED_USERNAME
unset HSADMINNG_SUPERUSER
unset HSADMINNG_MIGRATION_DATA_PATH
unset HSADMINNG_OFFICE_DATA_SQL_FILE
unset HSADMINNG_CAS_SERVER=
unset HSADMINNG_JWT_ISSUER
unset HSADMINNG_JWT_JWKS_URL
unset HSADMINNG_JWT_USERNAME
unset HSADMINNG_JWT_PASSWORD
unset HSADMINNG_JWT_TOKEN_URL
README.md
+61 -35
View File
@@ -87,13 +87,10 @@ If you have at least Docker and the Java JDK installed in appropriate versions a
# if the container has been built already and you want to keep the data, run this:
pg-sql-start
Next, compile and run the application on `localhost:8080` and the management server on `localhost:8081`:
Next, compile and run the application with in dev-mode with all modules, test-data and fake-JWT-authentication::
# this disables CAS-authentication, for using the REST-API with CAS-authentication, see `bin/cas-curl`.
export HSADMINNG_CAS_SERVER=
# this runs the application with test-data and all modules:
gw bootRun --args='--spring.profiles.active=dev,fakeCasAuthenticator,complete,test-data'
# on `localhost:8080` and the management server on `localhost:8081`:
gw-bootRun
# there is also an alias which takes an optional port as an argument:
gw-bootRun 8888
@@ -101,53 +98,75 @@ Next, compile and run the application on `localhost:8080` and the management ser
The meaning of these profiles is:
- **dev**: the PostgreSQL users are created via Liquibase
- **fakeCasAuthenticator**: The username is simply taken from whatever is after "Bearer " in the "Authorization" header.
- **fake-jwt**: the app starts with a build-in fake OAuth2/JWT server
- **complete**: all modules are started
- **test-data**: some test data inserted
Now we can access the REST API, e.g. using curl:
Now we can access the REST API, e.g. using curl. But you need to use JWT authentication.
To make this a bit easier to handle, we use `bin/jwt-curl` (or `jwt-curl` alias).
# the following command should reply with "pong":
curl -f -s http://localhost:8080/api/ping
Make sure you replace `8080` with the port you used to run the application.`
# the following command does not need authentication and should reply with "pinged ...".
curl http://localhost:8080/api/ping
# but when you try endpoints which need authentication, you will get a 401 error:
curl http://localhost:8080/api/pong
# For the follinging commands we need to be authenticated by a valid JWT token.
# To make JWT handling a bit easier, there is a wrapper scropt `jwt-curl`.
# Make sure the following variable is set to the fake JWT issuer:
export HSADMINNG_JWT_TOKEN_URL=http://localhost:8080/fake-jwt/token
# optionally, you can set the username and password to in env-vars as well:
export HSADMINNG_JWT_USERNAME=superuser-alex@hostsharing.net
export HSADMINNG_JWT_PASSWORD=whatever-as-its-not-checked-by-fake-jwt-auth
# also optionally, you can login explicitly:
jwt-curl login
# now, the following command should reply with "ponged ... superuser-alex@hostsharing.net":
jwt-curl GET http://localhost:8080/api/pong
# the following command should return a JSON array with just all customers:
curl -f -s\
-H 'Authorization: Bearer superuser-alex@hostsharing.net' \
http://localhost:8080/api/test/customers \
jwt-curl GET http://localhost:8080/api/test/customers \
| jq # just if `jq` is installed, to prettyprint the output
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
curl -f -s\
-H 'Authorization: Bearer superuser-alex@hostsharing.net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN' \
http://localhost:8080/api/test/packages \
jwt-curl ASSUME 'rbactest.customer#yyy:ADMIN'
jwt-curl GET http://localhost:8080/api/test/packages \
| jq
jwt-curl UNASSUME
# add a new customer
curl -f -s\
-H 'Authorization: Bearer superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
jwt-curl POST \
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
-X POST http://localhost:8080/api/test/customers \
http://localhost:8080/api/test/customers \
| jq
If you wonder who 'superuser-alex@hostsharing.net' and 'superuser-fran@hostsharing.net' are and where the data comes from:
Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.
Also try for example 'admin@xxx.example.com' or 'unknown@example.org'.
Alex and Fran are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.
Also, for example, try 'admin@xxx.example.com' or 'unknown@example.org'.
If you want a formatted JSON output, you can pipe the result to `jq` or similar.
And to see the full, currently implemented, API, open http://localhost:8080/swagger-ui/index.html).
For a locally running app without CAS-authentication (export HSADMINNG_CAS_SERVER=''),
authorize using the name of the subject (e.g. "superuser-alex@hostsharing.net" in case of test-data).
Otherwise, use a valid CAS-ticket.
And to see the full, currently implemented, API, open http://localhost:8080/swagger-ui/index.html.
If you want to run the application with real CAS-Authentication:
If you want to run the application with real (OAuth2) JWT-authentication:
# set the CAS-SERVER-Root, also see `bin/cas-curl`.
export HSADMINNG_CAS_SERVER=https://login.hostsharing.net # or whatever your CAS-Server-URL you want to use
# set the JWT-issuer URI, e.g.
export HSADMINNG_JWT_ISSUER=https://login.hshsngdev.hs-example.de/realms/HSAdminDEV
# run the application against the real CAS authenticator
gw bootRun --args='--spring.profiles.active=dev,realCasAuthenticator,complete,test-data'
# and the JWT JWKS callback URI:
export HSADMINNG_JWT_JWKS_URL=https://login.hshsngdev.hs-example.de/realms/HSAdminDEV/.well-known/openid-configuration
# as well as the JWT token endpoint URI:
export HSADMINNG_JWT_TOKEN_URL=https://login.hshsngdev.hs-example.de/realms/HSAdminDEV/protocol/openid-connect/token
# run the application against the specified JWT authenticator, do NOT add the 'fake-jwt' profile:
gw bootRun --args='--spring.profiles.active=dev,complete,test-data'
Also run `bin/jwt-curl` (or the alias `jwt-curl`) without any parameters to see the available commands.
### PostgreSQL Server
@@ -156,7 +175,7 @@ You might amend the port and user settings in `src/main/resources/application.ym
But the easiest way to run PostgreSQL is via Docker.
Initially, pull an image compatible to current PostgreSQL version of Hostsharing:
Initially, pull an image compatible to the current PostgreSQL version of Hostsharing:
docker pull postgres:15.5-bookworm
@@ -674,7 +693,7 @@ howto
Add `--args='--spring.profiles.active=...` with the wanted profile selector:
```sh
gw bootRun --args='--spring.profiles.active=fakeCasAuthenticator,external-db,only-prod-schema,without-test-data'
gw bootRun --args='--spring.profiles.active=external-db,only-prod-schema,without-test-data'
```
These profiles mean:
@@ -712,7 +731,7 @@ If it's selected, just hit the *bug*-symbol next to it.
If you frequently need to run with a fresh database and a clean build, you can use this:
```sh
export HSADMINNG_CAS_SERVER=
# replace `gw bootRun` by the proper command as described above
gw clean && pg-sql-reset && sleep 5 && gw bootRun' 2>&1 | tee log
```
@@ -851,9 +870,16 @@ This port can be changed in
Or on the command line, add ` --server.port=...` to the `--args` parameter of the `bootRun` task, e.g.:
```sh
gw bootRun --args='--spring.profiles.active=dev,fakeCasAuthenticator,complete,test-data --server.port=8888'
gw bootRun --args='--spring.profiles.active=dev,fake-jwt,complete,test-data --server.port=8888'
```
or, for local development, simply:
```sh
gw-bootRun 8888
```
### How to Use a Persistent Database for Integration Tests?
Usually, the `DataJpaTest` integration tests run against a database in a temporary docker container.
@@ -888,7 +914,7 @@ Therefore, during initial development, it's good approach just to amend the exis
```shell
pg-sql-reset
gw bootRun
gw bootRun # with the proper command line arguments
```
<big>**&#9888;**</big>
bin/cas-curl
-261
View File
@@ -1,261 +0,0 @@
#!/bin/bash
if [ "$2" == "--show-password" ]; then
HSADMINNG_CAS_SHOW_PASSWORD=yes
shift
else
HSADMINNG_CAS_SHOW_PASSWORD=
fi
if [ "$1" == "--trace" ]; then
function trace() {
echo "$*" >&2
}
function doCurl() {
set -x
if [ -z "$HSADMINNG_CAS_ASSUME" ]; then
curl --fail-with-body \
--header "Authorization: $HSADMINNG_CAS_TICKET" \
"$@"
else
curl --fail-with-body \
--header "Authorization: $HSADMINNG_CAS_TICKET" \
--header "assumed-roles: $HSADMINNG_CAS_ASSUME" \
"$@"
fi
set +x
}
shift
else
function trace() {
: # noop
}
function doCurl() {
curl --fail-with-body --header "Authorization: $HSADMINNG_CAS_TICKET" "$@"
}
fi
export HSADMINNG_CAS_ASSUME_HEADER
if [ -f ~/.cas-curl-assume ]; then
HSADMINNG_CAS_ASSUME="$(cat ~/.cas-curl-assume)"
else
HSADMINNG_CAS_ASSUME=
fi
if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \
[ -z "$HSADMINNG_CAS_SERVICE_ID" ]; then
cat >&2 <<EOF
ERROR: environment incomplete
please set the following environment variables:
export HSADMINNG_CAS_LOGIN=https://login.hostsharing.net/cas/v1/tickets
export HSADMINNG_CAS_VALIDATE=https://login.hostsharing.net/cas/proxyValidate
export HSADMINNG_CAS_USERNAME=<<optionally, your username, or leave empty after '='>>
export HSADMINNG_CAS_PASSWORD=<<optionally, your password, or leave empty after '='>>
export HSADMINNG_CAS_SERVICE_ID=https://hsadminng.hostsharing.net:443/
EOF
exit 1
fi
function casCurlDocumentation() {
cat <<EOF
curl-wrapper utilizing CAS-authentication for hsadmin-ng
usage: $0 [--trace] [--show-password] <<command>> [parameters]
commands:
EOF
# filters out help texts (containing double-# and following lines with leading single-#) from the commands itself
# (the '' makes sure that this line is not found, just the lines with actual help texts)
sed -n '/#''#/ {x; p; x; s/#''#//; p; :a; n; /^[[:space:]]*#/!b; s/^[[:space:]]*#//; p; ba}' <$0
}
function casLogin() {
# ticket granting ticket exists and not expired?
if find ~/.cas-login-tgt -type f -size +0c -mmin -60 2>/dev/null | grep -q .; then
return
fi
if [ -z "$HSADMINNG_CAS_USERNAME" ]; then
read -e -p "Username: " HSADMINNG_CAS_USERNAME
fi
if [ -z "$HSADMINNG_CAS_PASSWORD" ]; then
read -s -e -p "Password: " HSADMINNG_CAS_PASSWORD
fi
if [ "$HSADMINNG_CAS_SHOW_PASSWORD" == "--show-password" ]; then
HSADMINNG_CAS_PASSWORD_DISPLAY=$HSADMINNG_CAS_PASSWORD
else
HSADMINNG_CAS_PASSWORD_DISPLAY="<<password hidden - use --show-password to show>>"
fi
# Do NOT use doCurl here! We do neither want to print the password nor pass a CAS service ticket.
trace "+ curl --fail-with-body -s -i -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d \"username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD_DISPLAY\" \
$HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D -"
HSADMINNG_CAS_TGT=`curl --fail-with-body -s -i -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD" \
$HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D - \
| grep -i "^Location: " | sed -e 's/^Location: //' -e 's/\\r//'`
if [ -z "$HSADMINNG_CAS_TGT" ]; then
echo "ERROR: could not get ticket granting ticket" >&2
cat ~/.cas-login-tgt.response >&2
exit 1
fi
echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt
trace "$HSADMINNG_CAS_TGT"
}
function casLogout() {
rm -f ~/.cas-login-tgt
}
function casTicket() {
HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
exit 1
fi
trace "CAS-TGT: $HSADMINNG_CAS_TGT"
trace "fetching CAS service ticket"
trace "curl -s -d \"service=$HSADMINNG_CAS_SERVICE_ID\" $HSADMINNG_CAS_TGT"
HSADMINNG_CAS_TICKET=$(curl -s -d "service=$HSADMINNG_CAS_SERVICE_ID" $HSADMINNG_CAS_TGT)
if [[ -z "$HSADMINNG_CAS_TICKET" ]]; then
echo "ERROR: cannot get CAS service ticket" >&2
exit 1
fi
echo $HSADMINNG_CAS_TICKET
}
function casTgt() {
HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
exit 1
fi
echo "CAS-TGT: $HSADMINNG_CAS_TGT"
}
function casValidate() {
HSADMINNG_CAS_TICKET=`casTicket`
trace "validating CAS-TICKET: $HSADMINNG_CAS_TICKET"
# Do NOT use doCurl here! We do not pass a CAS service ticket.
trace curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE_ID}
HSADMINNG_CAS_USER=`curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE_ID} | grep -oPm1 "(?<=<cas:user>)[^<]+"`
if [ -z "$HSADMINNG_CAS_USER" ]; then
echo "validation failed" >&2
exit 1
fi
echo "CAS-User: $HSADMINNG_CAS_USER"
}
case "${1,,}" in
# -- generic commands --------------------------------------------------------------------------
""|"-h"|"--help"|"help") ## prints documentation about commands and options
casCurlDocumentation
exit
;;
"env") ## prints all related HSADMINNG_CAS_... environment variables; use '--show-password' to show the password as well
# example: cas-curl env --show-password
echo "HSADMINNG_CAS_LOGIN: $HSADMINNG_CAS_LOGIN"
echo "HSADMINNG_CAS_VALIDATE: $HSADMINNG_CAS_VALIDATE"
echo "HSADMINNG_CAS_USERNAME: $HSADMINNG_CAS_USERNAME"
if [ "$2" == "--show-password" ]; then
echo "HSADMINNG_CAS_PASSWORD: $HSADMINNG_CAS_PASSWORD"
elif [ -z "$HSADMINNG_CAS_PASSWORD" ]; then
echo "HSADMINNG_CAS_PASSWORD: <<not given>>"
else
echo "HSADMINNG_CAS_PASSWORD: <<given, but hidden - add --show-password to show>>"
fi
echo "HSADMINNG_CAS_SERVICE_ID: $HSADMINNG_CAS_SERVICE_ID"
;;
# --- authentication-related commands ------------------------------------------------------------
"login") ## reads username+password and fetches ticket granting ticket (bypasses HSADMINNG_CAS_USERNAME+HSADMINNG_CAS_PASSWORD)
# example: cas-curl login
casLogout
export HSADMINNG_CAS_USERNAME=
export HSADMINNG_CAS_PASSWORD=
casLogin
;;
"assume") ## assumes the given comma-separated roles
# example using object-id-name: cas-curl assume 'hs_office.relation#ExampleMandant-with-PARTNER-ExamplePartner:AGENT'
# example using object-uuid: cas-curl assume 'hs_office.relation#1d3bc468-c5c8-11ef-9d0d-4751ecfda2b7:AGENT'
shift
if [ -z "$1" ]; then
echo "ERROR: requires comma-separated list of roles to assume" >&2
exit 1
fi
echo "$1" >~/.cas-curl-assume
;;
"unassume") ## do not assume any particular role anymore, use the plain user as RBAC subject
rm ~/.cas-curl-assume
;;
"tgt") ## prints the current ticket granting ticket
casTgt
;;
"validate") ## validates current ticket granting ticket and prints currently logged in user
casValidate
;;
"logout") ## logout, deletes ticket granting ticket
casLogout
;;
# --- HTTP-commands ----------------------------------------------------------------------
"get") ## HTTP GET, add URL as parameter
# example: cas-curl GET http://localhost:8080/api/hs/office/partners/P-10003 | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift
casLogin
HSADMINNG_CAS_TICKET=`casTicket`
doCurl "$*"
;;
"post") ## HTTP POST, add curl options to specify the request body and the URL as last parameter
# example: cas-curl POST \
# -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
# http://localhost:8080/api/test/customers | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift
casLogin
HSADMINNG_CAS_TICKET=`casTicket`
doCurl --header "Content-Type: application/json" -X POST "$@"
;;
"patch") ## HTTP PATCH, add curl options to specify the request body and the URL as last parameterparameter
# example: cas-curl PATCH \
# -d '{ "reference":80002 }' \
# http://localhost:8080/api/test/customers/ae90ac2a-4728-4ca9-802e-a0d0108b2324 | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift
casLogin
HSADMINNG_CAS_TICKET=`casTicket`
doCurl --header "Content-Type: application/json" -X POST "$*"
;;
"delete") ## HTTP DELETE, add curl options to specify the request body and the URL as last parameter
# example: cas-curl DELETE http://localhost:8080/api/hs/office/persons/ae90ac2a-4728-4ca9-802e-a0d0108b2324
shift
casLogin
HSADMINNG_CAS_TICKET=`casTicket`
curl -X POST "$@"
;;
*)
cat >&2 <<EOF
unknown command: '$1'
valid commands: help, login, logout, validate, get, post, patch, delete
EOF
exit 1
;;
esac
bin/jwt-curl
Executable
+279
View File
@@ -0,0 +1,279 @@
#!/bin/bash
if [ "$1" == "--show-password" ]; then
HSADMINNG_JWT_SHOW_PASSWORD=yes
shift
else
HSADMINNG_JWT_SHOW_PASSWORD=
fi
if [ "$1" == "--trace" ]; then
function trace() {
echo "$*" >&2
}
function doCurl() {
set -x
if [ -z "$HSADMINNG_JWT_ASSUME" ]; then
curl --fail-with-body \
--header "Authorization: Bearer $HSADMINNG_JWT_TOKEN" \
"$@"
else
curl --fail-with-body \
--header "Authorization: Bearer $HSADMINNG_JWT_TOKEN" \
--header "assumed-roles: $HSADMINNG_JWT_ASSUME" \
"$@"
fi
set +x
echo
}
shift
else
function trace() {
: # noop
}
function doCurl() {
if [ -z "$HSADMINNG_JWT_ASSUME" ]; then
curl --fail-with-body --header "Authorization: Bearer $HSADMINNG_JWT_TOKEN" "$@"
else
curl --fail-with-body \
--header "Authorization: Bearer $HSADMINNG_JWT_TOKEN" \
--header "assumed-roles: $HSADMINNG_JWT_ASSUME" \
"$@"
echo
fi
}
fi
export HSADMINNG_JWT_ASSUME_HEADER
if [ -f ~/.cas-curl-assume ]; then
HSADMINNG_JWT_ASSUME="$(cat ~/.cas-curl-assume)"
else
HSADMINNG_JWT_ASSUME=
fi
if [ -z "$HSADMINNG_JWT_TOKEN_URL" ]; then
cat >&2 <<EOF
ERROR: environment incomplete
please set the following environment variables:
export HSADMINNG_JWT_TOKEN_URL=https://login.hostsharing.net/oauth/token
export HSADMINNG_JWT_USERNAME=<<optionally, your username, or leave empty after '='>>
export HSADMINNG_JWT_PASSWORD=<<optionally, your password, or leave empty after '='>>
EOF
exit 1
fi
function jwtCurlDocumentation() {
cat <<EOF
curl-wrapper utilizing JWT-authentication for hsadmin-ng
usage: $0 [--trace] [--show-password] <<command>> [parameters]
commands:
EOF
# filters out help texts (containing double-# and following lines with leading single-#) from the commands itself
# (the '' makes sure that this line is not found, just the lines with actual help texts)
sed -n '/#''#/ {x; p; x; s/#''#//; p; :a; n; /^[[:space:]]*#/!b; s/^[[:space:]]*#//; p; ba}' <$0
}
function jwtLogin() {
# JWT token exists and not expired?
if [ -f ~/.jwt-token ]; then
# Check if token is still valid (simple expiry check - you might want to add JWT parsing for more precise validation)
if find ~/.jwt-token -type f -size +0c -mmin -55 2>/dev/null | grep -q .; then
HSADMINNG_JWT_TOKEN=$(<~/.jwt-token)
return
fi
fi
if [ -z "$HSADMINNG_JWT_USERNAME" ]; then
read -e -p "Username: " HSADMINNG_JWT_USERNAME
fi
if [ -z "$HSADMINNG_JWT_PASSWORD" ]; then
read -s -e -p "Password: " HSADMINNG_JWT_PASSWORD
fi
if [ "$HSADMINNG_JWT_SHOW_PASSWORD" == "yes" ]; then
HSADMINNG_JWT_PASSWORD_DISPLAY=$HSADMINNG_JWT_PASSWORD
else
HSADMINNG_JWT_PASSWORD_DISPLAY="<<password hidden - use --show-password to show>>"
fi
# OAuth2 Resource Owner Password Credentials Grant (public client)
trace "+ curl --fail-with-body --show-error -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d \"grant_type=password&username=$HSADMINNG_JWT_USERNAME&password=$HSADMINNG_JWT_PASSWORD_DISPLAY\" \
$HSADMINNG_JWT_TOKEN_URL -o ~/.jwt-token.response"
JWT_RESPONSE=$(curl --fail-with-body --show-error -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=password&username=$HSADMINNG_JWT_USERNAME&password=$HSADMINNG_JWT_PASSWORD" \
$HSADMINNG_JWT_TOKEN_URL 2>&1 | tee ~/.jwt-token.response)
# Extract access token from JSON response
HSADMINNG_JWT_TOKEN=$(echo "$JWT_RESPONSE" | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
if [ -z "$HSADMINNG_JWT_TOKEN" ]; then
echo "ERROR: could not get JWT access token: $JWT_RESPONSE" >&2
echo >&2
exit 1
fi
echo "$HSADMINNG_JWT_TOKEN" > ~/.jwt-token
trace "JWT Token acquired (length: ${#HSADMINNG_JWT_TOKEN})"
}
function jwtLogout() {
rm -f ~/.jwt-token ~/.jwt-token.response
}
function jwtValidate() {
if [ ! -f ~/.jwt-token ]; then
echo "ERROR: no JWT token found, please login first" >&2
exit 1
fi
HSADMINNG_JWT_TOKEN=$(<~/.jwt-token)
# Simple JWT validation - decode payload (base64 decode the middle part)
JWT_PAYLOAD=$(echo "$HSADMINNG_JWT_TOKEN" | cut -d'.' -f2)
# Add padding if needed for base64 decoding
case $((${#JWT_PAYLOAD} % 4)) in
2) JWT_PAYLOAD="${JWT_PAYLOAD}==" ;;
3) JWT_PAYLOAD="${JWT_PAYLOAD}=" ;;
esac
if command -v base64 >/dev/null 2>&1; then
JWT_DECODED=$(echo "$JWT_PAYLOAD" | base64 -d 2>/dev/null)
if [ $? -eq 0 ]; then
OAUTH_USER=$(echo "$JWT_DECODED" | grep -o '"sub":"[^"]*' | cut -d'"' -f4)
if [ -z "$OAUTH_USER" ]; then
OAUTH_USER=$(echo "$JWT_DECODED" | grep -o '"preferred_username":"[^"]*' | cut -d'"' -f4)
fi
if [ -z "$OAUTH_USER" ]; then
OAUTH_USER=$(echo "$JWT_DECODED" | grep -o '"username":"[^"]*' | cut -d'"' -f4)
fi
if [ -n "$OAUTH_USER" ]; then
echo "OAuth User: $OAUTH_USER"
# Check expiry
EXP=$(echo "$JWT_DECODED" | grep -o '"exp":[0-9]*' | cut -d':' -f2)
if [ -n "$EXP" ]; then
CURRENT_TIME=$(date +%s)
if [ "$EXP" -lt "$CURRENT_TIME" ]; then
echo "WARNING: JWT token has expired" >&2
else
echo "Token expires: $(date -d "@$EXP" 2>/dev/null || date -r "$EXP" 2>/dev/null || echo "unknown")"
fi
fi
else
echo "Could not extract user from JWT token" >&2
fi
else
echo "Could not decode JWT token" >&2
fi
else
echo "JWT token present but cannot validate (base64 command not available)" >&2
fi
}
function jwtToken() {
if [ ! -f ~/.jwt-token ]; then
echo "ERROR: no JWT token found, please login first" >&2
exit 1
fi
HSADMINNG_JWT_TOKEN=$(<~/.jwt-token)
echo "$HSADMINNG_JWT_TOKEN"
}
case "${1,,}" in
# -- generic commands --------------------------------------------------------------------------
""|"-h"|"--help"|"help") ## prints documentation about commands and options
jwtCurlDocumentation
exit
;;
"env") ## prints all related HSADMINNG_JWT_... environment variables; use '--show-password' to show the password as well
# example: jwt-curl -show-password env
echo "export HSADMINNG_JWT_TOKEN_URL=$HSADMINNG_JWT_TOKEN_URL"
echo "export HSADMINNG_JWT_USERNAME=$HSADMINNG_JWT_USERNAME"
if [ "$HSADMINNG_JWT_SHOW_PASSWORD" == "yes" ]; then
echo "export HSADMINNG_JWT_PASSWORD=$HSADMINNG_JWT_PASSWORD"
elif [ -z "$HSADMINNG_JWT_PASSWORD" ]; then
echo "export HSADMINNG_JWT_PASSWORD=#<<not given>>"
else
echo "export HSADMINNG_JWT_PASSWORD=#<<given, but hidden - add --show-password to show>>"
fi
;;
# --- authentication-related commands ------------------------------------------------------------
"login") ## reads username+password and fetches JWT access token (bypasses HSADMINNG_JWT_USERNAME+HSADMINNG_JWT_PASSWORD)
# example: jwt-curl login
jwtLogout
export HSADMINNG_JWT_USERNAME=
export HSADMINNG_JWT_PASSWORD=
jwtLogin
;;
"assume") ## assumes the given comma-separated roles
# example using object-id-name: jwt-curl assume 'hs_office.relation#ExampleMandant-with-PARTNER-ExamplePartner:AGENT'
# example using object-uuid: jwt-curl assume 'hs_office.relation#1d3bc468-c5c8-11ef-9d0d-4751ecfda2b7:AGENT'
shift
if [ -z "$1" ]; then
echo "ERROR: requires comma-separated list of roles to assume" >&2
exit 1
fi
echo "$1" >~/.cas-curl-assume
;;
"unassume") ## do not assume any particular role anymore, use the plain user as RBAC subject
rm -f ~/.cas-curl-assume
;;
"token") ## prints the current JWT access token
jwtToken
;;
"validate") ## validates current JWT token and prints currently logged in user
jwtValidate
;;
"logout") ## logout, deletes JWT token
jwtLogout
;;
# --- HTTP-commands ----------------------------------------------------------------------
"get") ## HTTP GET, add URL as parameter
# example: jwt-curl GET http://localhost:8080/api/hs/office/partners/P-10003 | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift
jwtLogin
doCurl "$*"
;;
"post") ## HTTP POST, add curl options to specify the request body and the URL as last parameter
# example: jwt-curl POST \
# -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
# http://localhost:8080/api/test/customers | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift
jwtLogin
doCurl --header "Content-Type: application/json" -X POST "$@"
;;
"patch") ## HTTP PATCH, add curl options to specify the request body and the URL as last parameterparameter
# example: jwt-curl PATCH \
# -d '{ "reference":80002 }' \
# http://localhost:8080/api/test/customers/ae90ac2a-4728-4ca9-802e-a0d0108b2324 | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift
jwtLogin
doCurl --header "Content-Type: application/json" -X POST "$*"
;;
# --- unknown command --------------------------------------------------------------------
*)
cat >&2 <<EOF
unknown command: '$1'
valid commands: help, login, logout, validate, get, post, patch, delete
EOF
exit 1
;;
esac
build.gradle.kts
+4
View File
@@ -92,6 +92,7 @@ dependencies {
implementation("org.springframework.boot:spring-boot-starter-validation")
implementation("org.springframework.boot:spring-boot-starter-actuator")
implementation("org.springframework.boot:spring-boot-starter-security")
implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.6")
implementation("com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.11.0")
implementation("org.postgresql:postgresql")
@@ -346,6 +347,9 @@ configure<JacocoPluginExtension> {
tasks.named<JacocoReport>("jacocoTestReport") {
dependsOn(tasks.named("test")) // Depends on the main test task
dependsOn(tasks.named("compileJava")) // Add explicit dependency on compileJava
dependsOn(tasks.named("openApiGenerate")) // Add explicit dependency on openApiGenerate
reports {
xml.required.set(true) // Common requirement for CI/CD
csv.required.set(false)
src/main/java/net/hostsharing/hsadminng/config/BaseWebSecurityConfig.java
+78
View File
@@ -0,0 +1,78 @@
package net.hostsharing.hsadminng.config;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
import lombok.SneakyThrows;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.SecurityFilterChain;
import jakarta.servlet.http.HttpServletResponse;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.RSA_KEY;
@Configuration
@EnableWebSecurity
// securitySchemes should work in OpenAPI yaml, but the Spring templates seem not to support it
@SecurityScheme(
name = "bearerAuth",
type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "JWT"
)
public abstract class BaseWebSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(
// only list endpoints implemented in libraries here
"/swagger-ui/**",
"/v3/api-docs/**",
"/actuator/**",
"/fake-jwt/**"
// otherwise use @PreAuthorize annotation at the controller class / endpoint method level
).permitAll()
.requestMatchers("/api/**").permitAll() // controlled at method level
.anyRequest().denyAll()
)
.oauth2ResourceServer(oauth ->
oauth.jwt(Customizer.withDefaults()))
.csrf(AbstractHttpConfigurer::disable)
.cors(AbstractHttpConfigurer::disable)
.exceptionHandling(exception -> exception
.authenticationEntryPoint((request, response, authException) ->
// For unknown reason Spring security returns 403 FORBIDDEN for a BadCredentialsException.
// But it should return 401 UNAUTHORIZED.
response.sendError(HttpServletResponse.SC_UNAUTHORIZED)
)
)
.build();
}
@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri:http://localhost:${server.port}/fake-jwt/.well-known/jwks.json}")
private String jwkSetUri;
@Bean
@Profile("!fake-jwt")
public JwtDecoder jwtDecoder() {
return NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build();
}
@Bean
@Profile("fake-jwt")
@SneakyThrows
public JwtDecoder fakeJwtDecoder() {
// For fake-jwt profile, use the same RSA key as JwtFakeBearer
return NimbusJwtDecoder.withPublicKey(RSA_KEY.toRSAPublicKey()).build();
}
}
src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java
-36
View File
@@ -1,36 +0,0 @@
package net.hostsharing.hsadminng.config;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
// Do NOT use @Component (or similar) here, this would register the filter directly.
// But we need to register it in the SecurityFilterChain created by WebSecurityConfig.
// The bean gets created in net.hostsharing.hsadminng.config.WebSecurityConfig.authenticationFilter.
@AllArgsConstructor
public class CasAuthenticationFilter extends OncePerRequestFilter {
private CasAuthenticator authenticator;
@Override
@SneakyThrows
protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
if (request.getHeader("authorization") != null) {
final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(request);
final var currentSubject = authenticator.authenticate(request);
final var authentication = new UsernamePasswordAuthenticationToken(currentSubject, null, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
filterChain.doFilter(authenticatedRequest, response);
} else {
filterChain.doFilter(request, response);
}
}
}
src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java
-8
View File
@@ -1,8 +0,0 @@
package net.hostsharing.hsadminng.config;
import jakarta.servlet.http.HttpServletRequest;
public interface CasAuthenticator {
String authenticate(final HttpServletRequest httpRequest);
}
src/main/java/net/hostsharing/hsadminng/config/FakeCasAuthenticator.java
-14
View File
@@ -1,14 +0,0 @@
package net.hostsharing.hsadminng.config;
import lombok.SneakyThrows;
import jakarta.servlet.http.HttpServletRequest;
public class FakeCasAuthenticator implements CasAuthenticator {
@Override
@SneakyThrows
public String authenticate(final HttpServletRequest httpRequest) {
return httpRequest.getHeader("Authorization").replaceAll("^Bearer ", "");
}
}
src/main/java/net/hostsharing/hsadminng/config/FakeJwtController.java
+40
View File
@@ -0,0 +1,40 @@
package net.hostsharing.hsadminng.config;
import io.micrometer.core.annotation.Timed;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Profile;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import java.util.Map;
@RestController
@Profile("fake-jwt")
@NoSecurityRequirement
@Slf4j
public class FakeJwtController {
@PostMapping(value = "/fake-jwt/token", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@Timed("app.config.jwt.token")
public ResponseEntity<Map<String, Object>> token(
@RequestParam String username,
@RequestParam String password,
@RequestParam(defaultValue = "openid profile") String scope) {
log.info("Fake JWT: Issuing token for user: {}", username);
// Accept any username/password for local testing
String token = JwtFakeBearer.bearer(username).replace("Bearer ", "");
return ResponseEntity.ok(Map.of(
"access_token", token,
"token_type", "Bearer",
"expires_in", 3600,
"scope", scope
));
}
}
src/main/java/net/hostsharing/hsadminng/config/JsonObjectMapperConfiguration.java
+4 -5
View File
@@ -11,18 +11,16 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
@Configuration
public class JsonObjectMapperConfiguration {
public static ObjectMapper build() {
return new JsonObjectMapperConfiguration().customObjectMapper().build();
return new JsonObjectMapperConfiguration().customObjectMapper();
}
@Bean
@Primary
public Jackson2ObjectMapperBuilder customObjectMapper() {
// HOWTO: add JSON converters and specify other JSON mapping configurations
public ObjectMapper customObjectMapper() {
return new Jackson2ObjectMapperBuilder()
.modules(new JsonNullableModule(), new JavaTimeModule())
.featuresToEnable(
@@ -30,6 +28,7 @@ public class JsonObjectMapperConfiguration {
DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS,
DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES
)
.featuresToDisable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
.featuresToDisable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
.build();
}
}
src/main/java/net/hostsharing/hsadminng/config/JwtFakeBearer.java
+42
View File
@@ -0,0 +1,42 @@
package net.hostsharing.hsadminng.config;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import lombok.SneakyThrows;
import lombok.val;
import java.util.Date;
/**
* Provides a fake JWT bearer generator.
*/
public class JwtFakeBearer {
public static final RSAKey RSA_KEY = generateRSAKey(2048, "test-key");
@SneakyThrows
public static String bearer(final String subject) {
val claims = new JWTClaimsSet.Builder()
.subject(subject)
.issuer("http://test-issuer")
.audience("api")
.expirationTime(new Date(System.currentTimeMillis() + 3600_000))
.build();
val signed = new SignedJWT(
new JWSHeader.Builder(JWSAlgorithm.RS256)
.keyID(RSA_KEY.getKeyID()).build(), claims);
signed.sign(new RSASSASigner(RSA_KEY.toPrivateKey()));
return "Bearer " + signed.serialize();
}
@SneakyThrows
private static RSAKey generateRSAKey(final int size, final String keyID) {
return new RSAKeyGenerator(size).keyID(keyID).generate();
}
}
src/main/java/net/hostsharing/hsadminng/config/RealCasAuthenticator.java
-86
View File
@@ -1,86 +0,0 @@
package net.hostsharing.hsadminng.config;
import io.micrometer.core.annotation.Timed;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import jakarta.servlet.http.HttpServletRequest;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.IOException;
// HOWTO add logger
@Slf4j
@RequiredArgsConstructor
public class RealCasAuthenticator implements CasAuthenticator {
@Value("${hsadminng.cas.server}")
private String casServerUrl;
@Value("${hsadminng.cas.service}")
private String serviceUrl;
private final MessageTranslator messageTranslator;
private final RestTemplate restTemplate = new RestTemplate();
@SneakyThrows
@Timed("app.cas.authenticate")
public String authenticate(final HttpServletRequest httpRequest) {
final var ticket = httpRequest.getHeader("authorization").replaceAll("^Bearer ", "");
final var serviceTicket = ticket.startsWith("TGT-")
? fetchServiceTicket(ticket)
: ticket;
final var userName = extractUserName(verifyServiceTicket(serviceTicket));
// HOWTO log some message for a certain log level (trace, debug, info, warn, error)
log.debug("CAS-user: {}", userName);
return userName;
}
private String fetchServiceTicket(final String ticketGrantingTicket) {
final var tgtUrl = casServerUrl + "/cas/v1/tickets/" + ticketGrantingTicket;
final var restTemplate = new RestTemplate();
final var formData = new LinkedMultiValueMap<String, String>();
formData.add("service", serviceUrl);
return restTemplate.postForObject(tgtUrl, formData, String.class);
}
private Document verifyServiceTicket(final String serviceTicket) throws SAXException, IOException, ParserConfigurationException {
if ( !serviceTicket.startsWith("ST-") ) {
throwBadCredentialsException("auth.unknown-authorization-ticket");
}
final var url = casServerUrl + "/cas/p3/serviceValidate" +
"?service=" + serviceUrl +
"&ticket=" + serviceTicket;
final var response = restTemplate.getForObject(url, String.class);
return DocumentBuilderFactory.newInstance().newDocumentBuilder()
.parse(new java.io.ByteArrayInputStream(response.getBytes()));
}
private String extractUserName(final Document verification) {
if (verification.getElementsByTagName("cas:authenticationSuccess").getLength() == 0) {
throwBadCredentialsException("auth.cas-service-ticket-could-not-be-verified");
}
return verification.getElementsByTagName("cas:user").item(0).getTextContent();
}
private void throwBadCredentialsException(final String messageKey) {
final var translatedMessage = messageTranslator.translate(messageKey);
throw new BadCredentialsException(translatedMessage);
}
}
src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
+3 -68
View File
@@ -1,77 +1,12 @@
package net.hostsharing.hsadminng.config;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFilter;
import jakarta.servlet.http.HttpServletResponse;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true) // Add this annotation
// TODO.impl: securitySchemes should work in OpenAPI yaml, but the Spring templates seem not to support it
@SecurityScheme(type = SecuritySchemeType.HTTP, name = "casTicket", scheme = "bearer", bearerFormat = "CAS ticket", description = "CAS ticket", in = SecuritySchemeIn.HEADER)
public class WebSecurityConfig {
@Lazy
@Autowired
private CasAuthenticationFilter authenticationFilter;
@Autowired
private MessageTranslator messageTranslator;
@Bean
@Profile("!test")
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(
// only list endpoints implemented in libraries here
"/swagger-ui/**",
"/v3/api-docs/**",
"/actuator/**"
// otherwise use @PreAuthorize annotation at the controller class / endpoint method level
).permitAll()
.requestMatchers("/api/**").permitAll() // controlled at method level
.anyRequest().denyAll()
)
.addFilterBefore(authenticationFilter, AuthenticationFilter.class)
.csrf(AbstractHttpConfigurer::disable)
.exceptionHandling(exception -> exception
.authenticationEntryPoint((request, response, authException) ->
// For unknown reasons Spring security returns 403 FORBIDDEN for a BadCredentialsException.
// But it should return 401 UNAUTHORIZED.
response.sendError(HttpServletResponse.SC_UNAUTHORIZED)
)
)
.build();
}
@Bean
@Profile("realCasAuthenticator")
public CasAuthenticator realCasServiceTicketValidator() {
return new RealCasAuthenticator(messageTranslator);
}
@Bean
@Profile("fakeCasAuthenticator")
public CasAuthenticator fakeCasServiceTicketValidator() {
return new FakeCasAuthenticator();
}
@Bean
public CasAuthenticationFilter authenticationFilter(final CasAuthenticator authenticator) {
return new CasAuthenticationFilter(authenticator);
}
@Profile("!test")
@EnableMethodSecurity // this does not work with @WebMvcTest, see WebSecurityConfigForWebMvcTests
public class WebSecurityConfig extends BaseWebSecurityConfig {
}
src/main/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsContextsController.java
+1 -4
View File
@@ -5,19 +5,17 @@ import java.util.List;
import io.micrometer.core.annotation.Timed;
import lombok.val;
import net.hostsharing.hsadminng.config.NoSecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.accounts.generated.api.v1.api.ContextsApi;
import net.hostsharing.hsadminng.accounts.generated.api.v1.model.ContextResource;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RestController;
@RestController
@PreAuthorize("isAuthenticated()")
@NoSecurityRequirement
public class HsCredentialsContextsController implements ContextsApi {
@@ -33,7 +31,6 @@ public class HsCredentialsContextsController implements ContextsApi {
@Override
@Transactional(readOnly = true)
@Timed("app.credentials.contexts.getListOfLoginContexts")
@PreAuthorize("permitAll()")
public ResponseEntity<List<ContextResource>> getListOfContexts(final String assumedRoles) {
if (SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
context.assumeRoles(assumedRoles);
src/main/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsController.java
+2 -2
View File
@@ -14,7 +14,7 @@ import net.hostsharing.hsadminng.accounts.generated.api.v1.model.ContextResource
import net.hostsharing.hsadminng.accounts.generated.api.v1.model.CurrentLoginUserResource;
import net.hostsharing.hsadminng.accounts.generated.api.v1.model.RbacSubjectResource;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.accounts.generated.api.v1.api.CredentialsApi;
import net.hostsharing.hsadminng.accounts.generated.api.v1.model.CredentialsInsertResource;
import net.hostsharing.hsadminng.accounts.generated.api.v1.model.CredentialsPatchResource;
@@ -42,7 +42,7 @@ import static java.util.Optional.of;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsCredentialsController implements CredentialsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java
+2 -2
View File
@@ -4,7 +4,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.api.HsBookingItemsApi;
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemInsertResource;
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemPatchResource;
@@ -35,7 +35,7 @@ import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateR
@RestController
@Profile("!only-prod-schema")
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsBookingItemController implements HsBookingItemsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.booking.project;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorRepository;
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.api.HsBookingProjectsApi;
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingProjectInsertResource;
@@ -25,7 +25,7 @@ import java.util.function.BiConsumer;
@RestController
@Profile("!only-prod-schema")
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsBookingProjectController implements HsBookingProjectsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java
+2 -2
View File
@@ -7,7 +7,7 @@ import net.hostsharing.hsadminng.hs.hosting.asset.validators.HostingAssetEntityS
import net.hostsharing.hsadminng.hs.hosting.asset.validators.HostingAssetEntityValidatorRegistry;
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.api.HsHostingAssetsApi;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetInsertResource;
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetPatchResource;
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetResource;
@@ -32,7 +32,7 @@ import java.util.function.BiConsumer;
@RestController
@Profile("!only-prod-schema")
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsHostingAssetController implements HsHostingAssetsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetPropsController.java
-4
View File
@@ -7,7 +7,6 @@ import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.api.HsHostingAssetP
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetTypeResource;
import org.springframework.context.annotation.Profile;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
@@ -16,12 +15,10 @@ import java.util.Map;
@RestController
@Profile("!only-prod-schema")
@PreAuthorize("isAuthenticated()")
@NoSecurityRequirement
public class HsHostingAssetPropsController implements HsHostingAssetPropsApi {
@Override
@PreAuthorize("permitAll()")
@Timed("app.hosting.assets.api.getListOfHostingAssetTypes")
public ResponseEntity<List<String>> getListOfHostingAssetTypes() {
final var resource = HostingAssetEntityValidatorRegistry.types().stream()
@@ -31,7 +28,6 @@ public class HsHostingAssetPropsController implements HsHostingAssetPropsApi {
}
@Override
@PreAuthorize("permitAll()")
@Timed("app.hosting.assets.api.getListOfHostingAssetTypeProps")
public ResponseEntity<List<Object>> getListOfHostingAssetTypeProps(
final HsHostingAssetTypeResource assetType) {
src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeBankAccountsApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeBankAccountInsertResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeBankAccountResource;
@@ -21,7 +21,7 @@ import java.util.UUID;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java
+2 -2
View File
@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.contact;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeContactsApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactInsertResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactPatchResource;
@@ -23,7 +23,7 @@ import static net.hostsharing.hsadminng.errors.Validate.validate;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeContactController implements HsOfficeContactsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java
+2 -2
View File
@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.coopassets;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.errors.MultiValidationException;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeCoopAssetsApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopAssetsTransactionInsertResource;
@@ -40,7 +40,7 @@ import static net.hostsharing.hsadminng.lambda.WithNonNull.withNonNull;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAssetsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java
+2 -2
View File
@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.coopshares;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.errors.MultiValidationException;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeCoopSharesApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeCoopSharesTransactionInsertResource;
@@ -31,7 +31,7 @@ import static net.hostsharing.hsadminng.hs.validation.UuidResolver.resolve;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopSharesApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.office.debitor;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountRepository;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeDebitorsApi;
@@ -35,7 +35,7 @@ import static net.hostsharing.hsadminng.repr.TaggedNumber.cropTag;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.office.membership;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeMembershipsApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeMembershipInsertResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeMembershipPatchResource;
@@ -27,7 +27,7 @@ import static net.hostsharing.hsadminng.repr.TaggedNumber.cropTag;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java
+2 -2
View File
@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.partner;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.errors.ReferenceNotFoundException;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactFromResourceConverter;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
@@ -39,7 +39,7 @@ import static net.hostsharing.hsadminng.repr.TaggedNumber.cropTag;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficePartnerController implements HsOfficePartnersApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java
+2 -2
View File
@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.person;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficePersonsApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficePersonInsertResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficePersonPatchResource;
@@ -20,7 +20,7 @@ import java.util.UUID;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficePersonController implements HsOfficePersonsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.office.relation;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.errors.Validate;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
@@ -29,7 +29,7 @@ import static net.hostsharing.hsadminng.mapper.KeyValueMap.from;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeRelationController implements HsOfficeRelationsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.office.sepamandate;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountRepository;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeSepaMandatesApi;
@@ -27,7 +27,7 @@ import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateR
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/ping/PingController.java
-4
View File
@@ -6,19 +6,16 @@ import net.hostsharing.hsadminng.config.NoSecurityRequirement;
import net.hostsharing.hsadminng.generated.api.v1.api.TestApi;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.RestController;
@RestController
@PreAuthorize("isAuthenticated()")
@NoSecurityRequirement
public class PingController implements TestApi {
@Autowired
private MessageTranslator messageTranslator;
@PreAuthorize("permitAll()")
@Timed("app.api.ping")
public ResponseEntity<String> ping() {
// HOWTO translate text with placeholders - also see in resource files i18n/messages_*.properties.
@@ -26,7 +23,6 @@ public class PingController implements TestApi {
return ResponseEntity.ok(translatedMessage + "\n");
}
@PreAuthorize("isAuthenticated()")
@Timed("app.api.pong")
public ResponseEntity<String> pong() {
final var userName = SecurityContextHolder.getContext().getAuthentication().getName();
src/main/java/net/hostsharing/hsadminng/context/Context.java → src/main/java/net/hostsharing/hsadminng/rbac/context/Context.java
+25 -2
View File
@@ -1,7 +1,8 @@
package net.hostsharing.hsadminng.context;
package net.hostsharing.hsadminng.rbac.context;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
import lombok.val;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -9,6 +10,7 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.request.RequestContextHolder;
import jakarta.persistence.EntityExistsException;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import jakarta.servlet.http.HttpServletRequest;
@@ -74,7 +76,7 @@ public class Context {
""");
query.setParameter("currentTask", shortenToMaxLength(currentTask, 127));
query.setParameter("currentRequest", currentRequest);
query.setParameter("currentSubject", currentSubject);
query.setParameter("currentSubject", subjectName(currentSubject));
query.setParameter("assumedRoles", assumedRoles != null ? assumedRoles : "");
query.executeUpdate();
}
@@ -119,6 +121,27 @@ public class Context {
.orElse("unknown");
}
private String subjectName(final String nameOrUuid) {
if (nameOrUuid == null) {
return null;
}
// TODO.impl: maybe it should be the other way around: UUID as the default and just optionally the name
try {
val authenticatedUuid = UUID.fromString(nameOrUuid);
val subjectName = findSubjectNameByUuid(authenticatedUuid)
.orElseThrow(() -> new EntityExistsException("Subject not found"));
return subjectName;
} catch (final IllegalArgumentException e) {
return nameOrUuid;
}
}
private Optional<String> findSubjectNameByUuid(final UUID authenticatedUuid) {
return Optional.ofNullable(em.createNativeQuery("SELECT name FROM rbac.subject s WHERE s.uuid=:uuid")
.setParameter("uuid", authenticatedUuid)
.getSingleResult()).map(Object::toString);
}
private String toTask(final HttpServletRequest request) {
if (isRequestScopeAvailable()) {
return request.getMethod() + " " + request.getRequestURI();
src/main/java/net/hostsharing/hsadminng/rbac/context/RbacContextController.java
+1 -2
View File
@@ -2,7 +2,6 @@ package net.hostsharing.hsadminng.rbac.context;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.rbac.generated.api.v1.api.RbacContextApi;
import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacContextResource;
@@ -23,7 +22,7 @@ import java.util.UUID;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class RbacContextController implements RbacContextApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.rbac.grant;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.rbac.generated.api.v1.api.RbacGrantsApi;
import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacGrantResource;
@@ -20,7 +20,7 @@ import java.util.UUID;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class RbacGrantController implements RbacGrantsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.rbac.grant;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.rbac.role;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.rbac.generated.api.v1.api.RbacRolesApi;
import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacRoleResource;
@@ -16,7 +16,7 @@ import java.util.List;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class RbacRoleController implements RbacRolesApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectController.java
+2 -2
View File
@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.rbac.subject;
import io.micrometer.core.annotation.Timed;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.rbac.generated.api.v1.api.RbacSubjectsApi;
import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacSubjectPermissionResource;
@@ -19,7 +19,7 @@ import java.util.UUID;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class RbacSubjectController implements RbacSubjectsApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java
+2 -2
View File
@@ -1,7 +1,7 @@
package net.hostsharing.hsadminng.rbac.test.cust;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.test.generated.api.v1.api.TestCustomersApi;
import net.hostsharing.hsadminng.test.generated.api.v1.model.TestCustomerResource;
@@ -18,7 +18,7 @@ import java.util.List;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class TestCustomerController implements TestCustomersApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java
+2 -2
View File
@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.rbac.test.pac;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.mapper.OptionalFromJson;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.test.generated.api.v1.api.TestPackagesApi;
import net.hostsharing.hsadminng.test.generated.api.v1.model.TestPackageResource;
import net.hostsharing.hsadminng.test.generated.api.v1.model.TestPackageUpdateResource;
@@ -18,7 +18,7 @@ import java.util.UUID;
@RestController
@PreAuthorize("isAuthenticated()")
@SecurityRequirement(name = "casTicket")
@SecurityRequirement(name = "bearerAuth")
public class TestPackageController implements TestPackagesApi {
@Autowired
src/main/java/net/hostsharing/hsadminng/repr/Stringify.java
+5 -9
View File
@@ -147,15 +147,11 @@ public final class Stringify<B> {
@SuppressWarnings("unchecked")
PropertyValue(final B object, final Property<B, ?> prop) {
// FIXME: simplify
final var typedProp = (Property<B, V>) prop;
final var value = typedProp.getValue(object);
final var stringifiedValue = value instanceof Stringifyable stringifyable
? stringifyable.toShortString()
: Objects.toString(value);
this.prop = typedProp;
this.value = (V) value;
this.stringValue = stringifiedValue;
this.prop = (Property<B, V>) prop;
this.value = (V) this.prop.getValue(object);
this.stringValue = this.value instanceof Stringifyable s
? s.toShortString()
: Objects.toString(this.value);
}
boolean notNullAndNotEmpty() {
src/main/resources/application.yml
+21 -3
View File
@@ -54,12 +54,16 @@ spring:
liquibase:
contexts: ${spring.profiles.active}
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ${HSADMINNG_JWT_ISSUER:}
jwk-set-uri: ${HSADMINNG_JWT_JWKS_URL:}
hsadminng:
postgres:
leakproof:
cas:
server: https://login.hostsharing.net/cas # use empty string to bypass CAS-validation and directly use current-subject
service: https://hsadminng.hostsharing.net:443 # TODO.conf: deployment target + matching CAS service ID
metrics:
distribution:
@@ -78,3 +82,17 @@ logging:
# HOWTO configure logging, e.g. logging to a separate file, see:
# https://docs.spring.io/spring-boot/reference/features/logging.html
---
spring:
config:
activate:
on-profile: fake-jwt
security:
oauth2:
resourceserver:
jwt:
issuer-uri: "http://localhost:${server.port}/fake-jwt"
jwk-set-uri: "http://localhost:${server.port}/fake-jwt/.well-known/jwks.json"
src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java
+1
View File
@@ -384,6 +384,7 @@ public class ArchitectureTest {
classes().that(belongToProductionClasses()
.and(are(annotatedWith(RestController.class))))
.should(havePreAuthorizeWithValue("isAuthenticated()"))
.orShould().beAnnotatedWith(NoSecurityRequirement.class)
.because("Every REST controller should require authentication by default, use @PreAuthorize(...) to override this at the endpoint method level.");
private static ArchCondition<JavaClass> havePreAuthorizeWithValue(String expectedValue) {
src/test/java/net/hostsharing/hsadminng/config/CasAuthenticationFilterIntegrationTest.java
-109
View File
@@ -1,109 +0,0 @@
package net.hostsharing.hsadminng.config;
import com.github.tomakehurst.wiremock.WireMockServer;
import net.hostsharing.hsadminng.test.LogbackLogPattern;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.logging.LogLevel;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.system.CapturedOutput;
import org.springframework.boot.test.system.OutputCaptureExtension;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.TestPropertySource;
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
import static com.github.tomakehurst.wiremock.client.WireMock.get;
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.config.HttpHeadersBuilder.headers;
import static org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric;
import static org.assertj.core.api.Assertions.assertThat;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@TestPropertySource(properties = {
"server.port=0",
"hsadminng.cas.server=http://localhost:8088",
"logging.level.root=DEBUG"
})
@ActiveProfiles({"wiremock", "realCasAuthenticator"}) // IMPORTANT: To test prod config, do NOT use test profile!
@Tag("generalIntegrationTest")
@ExtendWith(OutputCaptureExtension.class)
class CasAuthenticationFilterIntegrationTest {
@Value("${local.server.port}")
private int serverPort;
@Value("${hsadminng.cas.service}")
private String serviceUrl;
@Autowired
private TestRestTemplate restTemplate;
@Autowired
private WireMockServer wireMockServer;
@Test
public void shouldAcceptRequestWithValidCasTicket(final CapturedOutput capturedOutput) {
// given
final var username = "test-user-" + randomAlphanumeric(4);
wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=ST-valid"))
.willReturn(aResponse()
.withStatus(200)
.withBody("""
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>%{username}</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
""".replace("%{username}", username)
)));
// when
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/pong",
HttpMethod.GET,
new HttpEntity<>(null, headers(entry("Authorization", "ST-valid"))),
String.class
);
// then
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody()).startsWith("ponged " + username);
// HOWTO assert log messages
assertThat(capturedOutput.getOut()).containsPattern(
LogbackLogPattern.of(LogLevel.DEBUG, RealCasAuthenticator.class, "CAS-user: " + username));
}
@Test
public void shouldRejectRequestWithInvalidCasTicket() {
// given
wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=invalid"))
.willReturn(aResponse()
.withStatus(200)
.withBody("""
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code="INVALID_REQUEST"></cas:authenticationFailure>
</cas:serviceResponse>
""")));
// when
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/ping",
HttpMethod.GET,
new HttpEntity<>(null, headers(entry("Authorization", "invalid"))),
String.class
);
// then
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
}
src/test/java/net/hostsharing/hsadminng/config/CustomActuatorEndpointAcceptanceTest.java
+3 -4
View File
@@ -10,12 +10,11 @@ import org.springframework.test.context.ActiveProfiles;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
@Tag("generalIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class }
)
@ActiveProfiles("test")
@Tag("generalIntegrationTest")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class CustomActuatorEndpointAcceptanceTest {
@LocalManagementPort
src/test/java/net/hostsharing/hsadminng/config/DisableSecurityConfig.java
-27
View File
@@ -1,27 +0,0 @@
package net.hostsharing.hsadminng.config;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
@TestConfiguration
public class DisableSecurityConfig {
@Bean
@Profile("test")
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
@Profile("test")
public CasAuthenticator fakeAuthenticator() {
return new FakeCasAuthenticator();
}
}
src/test/java/net/hostsharing/hsadminng/config/JwtAuthenticationFilterIntegrationTest.java
+77
View File
@@ -0,0 +1,77 @@
package net.hostsharing.hsadminng.config;
import lombok.val;
import net.hostsharing.hsadminng.HsadminNgApplication;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.system.OutputCaptureExtension;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.TestPropertySource;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.config.HttpHeadersBuilder.headers;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static org.assertj.core.api.Assertions.assertThat;
@Tag("generalIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = HsadminNgApplication.class)
@TestPropertySource(properties = {
"server.port=0",
"logging.level.root=DEBUG"
})
@ActiveProfiles("fake-jwt")
@ExtendWith(OutputCaptureExtension.class)
class JwtAuthenticationFilterIntegrationTest {
@Value("${local.server.port}")
private int serverPort;
@Autowired
private TestRestTemplate restTemplate;
@Test
public void shouldAcceptRequestWithValidJwt() {
// given
val givenSubject = "some-subject";
val bearer = bearer(givenSubject);
// when
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/pong",
HttpMethod.GET,
new HttpEntity<>(null, headers(entry("Authorization", bearer))),
String.class
);
// then
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody()).startsWith("ponged " + givenSubject);
}
@Test
public void shouldRejectRequestWithInvalidJwt() {
// given
val givenInvalidBearer = "Bearer invalid";
// when
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/pong",
HttpMethod.GET,
new HttpEntity<>(null, headers(entry("Authorization", givenInvalidBearer))),
String.class
);
// then
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
}
src/test/java/net/hostsharing/hsadminng/config/MessageTranslatorUnitTest.java → src/test/java/net/hostsharing/hsadminng/config/MessageTranslatorIntegrationTest.java
-6
View File
@@ -7,11 +7,8 @@ import org.junit.jupiter.params.provider.EnumSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.web.context.WebApplicationContext;
import net.hostsharing.hsadminng.context.Context;
import java.util.Locale;
import static org.assertj.core.api.Assertions.assertThat;
@@ -29,9 +26,6 @@ class MessageTranslatorIntegrationTest {
@Autowired
private WebApplicationContext webApplicationContext;
@MockitoBean
private Context contextMock; // avoiding dependency issues
@AllArgsConstructor
enum TestCases {
ENGLISH_KNOWN(Locale.ENGLISH, "test.ponged-{0}--in-your-language",
src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigForWebMvcTests.java
+13
View File
@@ -0,0 +1,13 @@
package net.hostsharing.hsadminng.config;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Profile;
@TestConfiguration
// @EnableMethodSecurity breaks RestTests, endpoints won't be reachable anymore, all return 404
// that's the reason why this class even exists in the first place
@Profile("test")
public class WebSecurityConfigForWebMvcTests extends BaseWebSecurityConfig {
}
src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
+34 -131
View File
@@ -1,12 +1,9 @@
package net.hostsharing.hsadminng.config;
import java.util.Map;
import com.github.tomakehurst.wiremock.WireMockServer;
import org.junit.jupiter.api.BeforeEach;
import lombok.val;
import org.jetbrains.annotations.NotNull;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.context.SpringBootTest;
@@ -18,134 +15,57 @@ import org.springframework.http.HttpStatus;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.TestPropertySource;
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
import static com.github.tomakehurst.wiremock.client.WireMock.equalTo;
import static com.github.tomakehurst.wiremock.client.WireMock.get;
import static com.github.tomakehurst.wiremock.client.WireMock.post;
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
import java.util.Map;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static org.assertj.core.api.Assertions.assertThat;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@TestPropertySource(properties = {"management.port=0", "server.port=0", "hsadminng.cas.server=http://localhost:8088"})
@ActiveProfiles({"wiremock", "realCasAuthenticator"}) // IMPORTANT: To test prod config, do NOT use test profile!
@Tag("generalIntegrationTest")
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@TestPropertySource(properties = { "management.port=0", "server.port=0" })
@ActiveProfiles("fake-jwt") // IMPORTANT: In this test, want to test the prod config, do NOT use test profile!
class WebSecurityConfigIntegrationTest {
public static final String GIVEN_FAKE_SUBJECT = "fake-user-name";
@Value("${local.server.port}")
private int serverPort;
@Value("${local.management.port}")
private int managementPort;
@Value("${hsadminng.cas.service}")
private String serviceUrl;
@Autowired
private TestRestTemplate restTemplate;
@Autowired
private WireMockServer wireMockServer;
@BeforeEach
void setUp() {
wireMockServer.stubFor(get(anyUrl())
.willReturn(aResponse()
.withStatus(200)
.withBody("""
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure/>
</cas:serviceResponse>
""")));
}
@Test
void accessToApiWithValidServiceTicketSouldBePermitted() {
// given
givenCasTicketValidationResponse("ST-fake-cas-ticket", "fake-user-name");
// http request
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/pong",
HttpMethod.GET,
httpHeaders(entry("Authorization", "Bearer ST-fake-cas-ticket")),
String.class
);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody()).startsWith("ponged fake-user-name");
}
@Test
void accessToApiWithValidTicketGrantingTicketShouldBePermitted() {
// given
givenCasServiceTicketForTicketGrantingTicket("TGT-fake-cas-ticket", "ST-fake-cas-ticket");
givenCasTicketValidationResponse("ST-fake-cas-ticket", "fake-user-name");
// http request
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/pong",
HttpMethod.GET,
httpHeaders(entry("Authorization", "Bearer TGT-fake-cas-ticket")),
String.class
);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody()).startsWith("ponged fake-user-name");
}
@Test
void accessToOpenApiWithInvalidTicketGrantingTicketShouldBePermitted() {
// given
givenCasServiceTicketForTicketGrantingTicket("TGT-fake-cas-ticket", "ST-fake-cas-ticket");
givenCasTicketValidationResponse("ST-fake-cas-ticket", "fake-user-name");
// http request
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/ping",
HttpMethod.GET,
httpHeaders(entry("Authorization", "Bearer TGT-WRONG-cas-ticket")),
String.class
);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
@Test
void accessToOpenApiWithoutTokenShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
"http://localhost:" + this.serverPort + "/api/ping", String.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
void accessToProtectedApiWithValidTokenShouldBePermitted() {
// given
givenCasTicketValidationResponse("ST-fake-cas-ticket", "fake-user-name");
void accessToApiWithValidJwtShouldBePermitted() {
// when
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/pong",
val result = restTemplate.exchange(
serverUrl("/api/pong"),
HttpMethod.GET,
httpHeaders(entry("Authorization", "Bearer ST-fake-cas-ticket")),
httpHeaders(entry("Authorization", bearer(GIVEN_FAKE_SUBJECT))),
String.class
);
// then
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody()).startsWith("ponged " + GIVEN_FAKE_SUBJECT);
}
@Test
void accessToOpenApiWithoutTokenShouldBePermitted() {
val result = this.restTemplate.getForEntity(
serverUrl("/api/ping"), String.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
void accessToProtectedApiWithInvalidTokenShouldBeDenied() {
// given
givenCasTicketValidationResponse("ST-fake-cas-ticket", "fake-user-name");
// when
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/pong",
val result = restTemplate.exchange(
serverUrl("/api/pong"),
HttpMethod.GET,
httpHeaders(entry("Authorization", "Bearer ST-WRONG-cas-ticket")),
httpHeaders(entry("Authorization", "Bearer INVALID-JWT")),
String.class
);
@@ -155,59 +75,42 @@ class WebSecurityConfigIntegrationTest {
@Test
void accessToActuatorShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
val result = this.restTemplate.getForEntity(
"http://localhost:" + this.managementPort + "/actuator", Map.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
void accessToSwaggerUiShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
"http://localhost:" + this.serverPort + "/swagger-ui/index.html", String.class);
val result = this.restTemplate.getForEntity(
serverUrl("/swagger-ui/index.html"), String.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
void accessToApiDocsEndpointShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
"http://localhost:" + this.serverPort + "/v3/api-docs/swagger-config", String.class);
val result = this.restTemplate.getForEntity(
serverUrl("/v3/api-docs/swagger-config"), String.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody()).contains("\"configUrl\":\"/v3/api-docs/swagger-config\"");
}
@Test
void accessToActuatorEndpointShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
val result = this.restTemplate.getForEntity(
"http://localhost:" + this.managementPort + "/actuator/health", Map.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody().get("status")).isEqualTo("UP");
}
private void givenCasServiceTicketForTicketGrantingTicket(final String ticketGrantingTicket, final String serviceTicket) {
wireMockServer.stubFor(post(urlEqualTo("/cas/v1/tickets/" + ticketGrantingTicket))
.withFormParam("service", equalTo(serviceUrl))
.willReturn(aResponse()
.withStatus(201)
.withBody(serviceTicket)));
}
private void givenCasTicketValidationResponse(final String casToken, final String userName) {
wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=" + casToken))
.willReturn(aResponse()
.withStatus(200)
.withBody("""
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>${userName}</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
""".replace("${userName}", userName))));
private @NotNull String serverUrl(final String path) {
return "http://localhost:" + this.serverPort + path;
}
@SafeVarargs
private HttpEntity<?> httpHeaders(final Map.Entry<String, String>... headerValues) {
final var headers = new HttpHeaders();
for ( Map.Entry<String, String> headerValue: headerValues ) {
val headers = new HttpHeaders();
for (Map.Entry<String, String> headerValue : headerValues) {
headers.add(headerValue.getKey(), headerValue.getValue());
}
return new HttpEntity<>(headers);
src/test/java/net/hostsharing/hsadminng/errors/RestResponseEntityExceptionHandlerRestTest.java
+7 -5
View File
@@ -1,9 +1,8 @@
package net.hostsharing.hsadminng.errors;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.config.JsonObjectMapperConfiguration;
import net.hostsharing.hsadminng.config.MessageTranslator;
import org.junit.jupiter.api.Tag;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
@@ -21,9 +20,12 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(controllers = RestResponseEntityExceptionHandlerRestTest.TestController.class)
@Import({JsonObjectMapperConfiguration.class, MessageTranslator.class, DisableSecurityConfig.class, RestResponseEntityExceptionHandler.class, RestResponseEntityExceptionHandlerRestTest.TestConfig.class})
@Tag("generalIntegrationTest")
@ActiveProfiles("test")
@Import({ JsonObjectMapperConfiguration.class,
MessageTranslator.class,
RestResponseEntityExceptionHandler.class,
RestResponseEntityExceptionHandlerRestTest.TestConfig.class,
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
class RestResponseEntityExceptionHandlerRestTest {
@TestConfiguration
src/test/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsContextRbacRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.accounts;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Tag;
src/test/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsContextRealRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.accounts;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.context.ContextBasedTest;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import org.junit.jupiter.api.Tag;
src/test/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsContextsControllerRestTest.java
+12 -7
View File
@@ -1,6 +1,7 @@
package net.hostsharing.hsadminng.hs.accounts;
import static java.util.Collections.emptyList;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
@@ -13,12 +14,13 @@ import java.util.List;
import java.util.Map;
import java.util.UUID;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import net.hostsharing.hsadminng.config.JsonObjectMapperConfiguration;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
@@ -37,8 +39,11 @@ import jakarta.persistence.EntityManagerFactory;
import jakarta.persistence.SynchronizationType;
@WebMvcTest(HsCredentialsContextsController.class)
@Import({ StrictMapper.class, JsonObjectMapperConfiguration.class, DisableSecurityConfig.class, MessageTranslator.class})
@ActiveProfiles("test")
@Import({ StrictMapper.class,
MessageTranslator.class,
JsonObjectMapperConfiguration.class,
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
class HsCredentialsContextsControllerRestTest {
@Autowired
@@ -85,7 +90,7 @@ class HsCredentialsContextsControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/accounts/contexts")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
.andDo(print())
@@ -105,7 +110,7 @@ class HsCredentialsContextsControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/accounts/contexts")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("Bearer superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
.andDo(print())
@@ -147,7 +152,7 @@ class HsCredentialsContextsControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/accounts/contexts")
.header("Authorization", "Bearer drew@hostsharing.org")
.header("Authorization", bearer("drew@hostsharing.org"))
.accept(MediaType.APPLICATION_JSON))
.andDo(print())
src/test/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsControllerAcceptanceTest.java
+14 -16
View File
@@ -3,9 +3,7 @@ package net.hostsharing.hsadminng.hs.accounts;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import lombok.val;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.accounts.HsCredentialsEntity.HsCredentialsEntityBuilder;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
@@ -31,6 +29,7 @@ import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.LEGAL_PERSON;
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATURAL_PERSON;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
@@ -41,18 +40,17 @@ import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.nullValue;
@Tag("generalIntegrationTest")
@Transactional
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT
)
@ActiveProfiles("test")
@Tag("generalIntegrationTest")
@ActiveProfiles("fake-jwt")
// too complex database interaction for just a RestTest, thus a fully integrated test
class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
private Integer port;
Integer port;
@Autowired
Context context;
@@ -93,7 +91,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/accounts/current")
@@ -120,7 +118,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer " + credentialsEntity.getSubject().getName())
.header("Authorization", bearer(credentialsEntity.getSubject().getName()))
.port(port)
.when()
.get("http://localhost/api/hs/accounts/credentials/" + credentialsEntity.getUuid())
@@ -188,7 +186,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON)
.body("""
@@ -228,7 +226,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON)
.body("""
@@ -268,7 +266,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON)
.body("""
@@ -314,7 +312,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON)
.body("""
@@ -350,7 +348,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON)
.body("""
@@ -388,7 +386,7 @@ class HsCredentialsControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.post("http://localhost/api/hs/accounts/credentials/" + credentialsEntity.getUuid() + "/used")
src/test/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsRepositoryIntegrationTest.java
+1 -2
View File
@@ -1,9 +1,8 @@
package net.hostsharing.hsadminng.hs.accounts;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType;
src/test/java/net/hostsharing/hsadminng/hs/accounts/scenarios/CredentialsScenarioTests.java
+9 -31
View File
@@ -1,43 +1,19 @@
package net.hostsharing.hsadminng.hs.accounts.scenarios;
import lombok.SneakyThrows;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.hs.scenarios.Produces;
import net.hostsharing.hsadminng.hs.scenarios.Requires;
import net.hostsharing.hsadminng.hs.scenarios.ScenarioTest;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.test.IgnoreOnFailureExtension;
import org.apache.commons.lang3.tuple.Pair;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.ClassOrderer;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestClassOrder;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.api.TestMethodOrder;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.ActiveProfiles;
@Tag("scenarioTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class },
properties = {
"spring.datasource.url=${HSADMINNG_POSTGRES_JDBC_URL:jdbc:tc:postgresql:15.5-bookworm:///scenariosTC}",
"spring.datasource.username=${HSADMINNG_POSTGRES_ADMIN_USERNAME:ADMIN}",
"spring.datasource.password=${HSADMINNG_POSTGRES_ADMIN_PASSWORD:password}",
"hsadminng.superuser=${HSADMINNG_SUPERUSER:superuser-alex@hostsharing.net}"
}
)
@ActiveProfiles("test")
@TestClassOrder(ClassOrderer.OrderAnnotation.class)
@ExtendWith(IgnoreOnFailureExtension.class)
class CredentialsScenarioTests extends ScenarioTest {
@SneakyThrows
@@ -105,9 +81,10 @@ class CredentialsScenarioTests extends ScenarioTest {
.given("smsNumber", "+49123456789")
.given("globalUid", 21011)
.given("globalGid", 21011)
.given("contexts", Array.of(
Pair.of("HSADMIN", "prod")
))
.given(
"contexts", Array.of(
Pair.of("HSADMIN", "prod")
))
.given("onboardingToken", "fake-unboarding-token")
.doRun()
.keep();
@@ -126,10 +103,11 @@ class CredentialsScenarioTests extends ScenarioTest {
.given("emailAddress", "susan.firby@example.org")
.given("phonePassword", "securePass987")
.given("smsNumber", "+49987654321")
.given("contexts", Array.of(
Pair.of("HSADMIN", "prod"),
Pair.of("SSH", "internal")
))
.given(
"contexts", Array.of(
Pair.of("HSADMIN", "prod"),
Pair.of("SSH", "internal")
))
.doRun();
}
}
src/test/java/net/hostsharing/hsadminng/hs/accounts/scenarios/CurrentLoginUser.java
+2 -1
View File
@@ -6,6 +6,7 @@ import net.hostsharing.hsadminng.hs.scenarios.UseCase;
import static io.restassured.http.ContentType.JSON;
import static net.hostsharing.hsadminng.hs.scenarios.ScenarioTest.bearerTemplate;
import static net.hostsharing.hsadminng.hs.scenarios.ScenarioTest.resolve;
import static net.hostsharing.hsadminng.hs.scenarios.TemplateResolver.Resolver.DROP_COMMENTS;
import static org.assertj.core.api.Assertions.assertThat;
@@ -33,7 +34,7 @@ public class CurrentLoginUser extends UseCase<CurrentLoginUser> {
"Current Login User", () ->
httpGet(
"/api/hs/accounts/current", req -> req
.header("Authorization", resolve("Bearer %{subjectName}", DROP_COMMENTS))
.header("Authorization", bearerTemplate("%{subjectName}"))
)
.expecting(OK).expecting(JSON).expectObject()
.extractValue("subject.name", "returnedSubjectName")
src/test/java/net/hostsharing/hsadminng/hs/accounts/scenarios/FetchRbacContext.java
+2 -1
View File
@@ -7,6 +7,7 @@ import net.hostsharing.hsadminng.hs.scenarios.UseCase;
import java.util.List;
import static io.restassured.http.ContentType.JSON;
import static net.hostsharing.hsadminng.hs.scenarios.ScenarioTest.bearerTemplate;
import static net.hostsharing.hsadminng.hs.scenarios.ScenarioTest.resolve;
import static net.hostsharing.hsadminng.hs.scenarios.ScenarioTest.resolveJsonArray;
import static net.hostsharing.hsadminng.hs.scenarios.TemplateResolver.Resolver.DROP_COMMENTS;
@@ -27,7 +28,7 @@ public class FetchRbacContext extends UseCase<FetchRbacContext> {
"RBAC Context", () ->
httpGet(
"/api/rbac/context", req -> req
.header("Authorization", resolve("Bearer %{subjectName}", DROP_COMMENTS))
.header("Authorization", bearerTemplate("%{subjectName}"))
.header("assumed-roles", resolve("%{assumedRoles}", DROP_COMMENTS))
)
.expecting(OK).expecting(JSON).expectObject()
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java
+16 -17
View File
@@ -12,7 +12,6 @@ import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRealRepository;
import net.hostsharing.hsadminng.hs.hosting.asset.validators.Dns;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.jetbrains.annotations.NotNull;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.ClassOrderer;
@@ -36,6 +35,7 @@ import java.util.UUID;
import static java.util.Map.entry;
import static java.util.Optional.ofNullable;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_WEBSPACE;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.UNIX_USER;
@@ -43,14 +43,13 @@ import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.matchesRegex;
@Tag("bookingIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class}
)
@ActiveProfiles("test")
@Transactional
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
@TestClassOrder(ClassOrderer.OrderAnnotation.class) // fail early on fetching problems
@Tag("bookingIntegrationTest")
@Transactional
class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -87,7 +86,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/booking/items?projectUuid=" + givenProject.getUuid())
@@ -151,7 +150,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -201,7 +200,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -271,7 +270,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -361,7 +360,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -454,7 +453,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@@ -488,7 +487,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@@ -506,7 +505,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN")
.port(port)
.when()
@@ -550,7 +549,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT")
.contentType(ContentType.JSON)
.body("""
@@ -605,7 +604,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
@@ -624,7 +623,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java
+12 -9
View File
@@ -3,25 +3,25 @@ package net.hostsharing.hsadminng.hs.booking.item;
import io.hypersistence.utils.hibernate.type.range.Range;
import net.hostsharing.hsadminng.config.JsonObjectMapperConfiguration;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemInsertResource;
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemResource;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealEntity;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealRepository;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.rbac.context.Context;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.http.MediaType;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@@ -32,20 +32,24 @@ import java.time.LocalDate;
import java.util.Map;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.matchesRegex;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(HsBookingItemController.class)
@Import({StrictMapper.class, JsonObjectMapperConfiguration.class, DisableSecurityConfig.class, MessageTranslator.class})
@ActiveProfiles("test")
@Import({StrictMapper.class,
JsonObjectMapperConfiguration.class,
MessageTranslator.class,
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
class HsBookingItemControllerRestTest {
@Autowired
@@ -77,7 +81,6 @@ class HsBookingItemControllerRestTest {
public EntityManager entityManager() {
return mock(EntityManager.class);
}
}
@BeforeEach
@@ -107,7 +110,7 @@ class HsBookingItemControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/booking/items")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -158,7 +161,7 @@ class HsBookingItemControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/booking/items")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,7 +1,7 @@
package net.hostsharing.hsadminng.hs.booking.item;
import io.hypersistence.utils.hibernate.type.range.Range;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealRepository;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java
+12 -13
View File
@@ -6,7 +6,6 @@ import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
@@ -20,17 +19,17 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.matchesRegex;
@Tag("bookingIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
classes = HsadminNgApplication.class)
@Transactional
@Tag("bookingIntegrationTest")
@ActiveProfiles("fake-jwt")
class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -62,7 +61,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects?debitorUuid=" + givenDebitor.getUuid())
@@ -93,7 +92,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -133,7 +132,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@@ -156,7 +155,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@@ -172,7 +171,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer person-TuckerJack@example.com")
.header("Authorization", bearer("person-TuckerJack@example.com"))
.header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
.port(port)
.when()
@@ -198,7 +197,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -237,7 +236,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())
@@ -255,7 +254,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.booking.project;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorRepository;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java
+117 -115
View File
@@ -14,7 +14,6 @@ import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.ClassOrderer;
import org.junit.jupiter.api.Nested;
@@ -34,6 +33,7 @@ import java.util.UUID;
import java.util.function.Supplier;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.EMAIL_ALIAS;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_WEBSPACE;
@@ -43,14 +43,13 @@ import static net.hostsharing.hsadminng.test.JsonMatcher.strictlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.matchesRegex;
@Tag("hostingIntegrationTest")
@Transactional
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
@TestClassOrder(ClassOrderer.OrderAnnotation.class) // fail early on fetching problems
@Tag("hostingIntegrationTest")
class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -89,12 +88,12 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.findAny().orElseThrow();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.given()
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.when()
.get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE")
.then().log().all().assertThat()
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
@@ -107,7 +106,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
}
]
"""));
// @formatter:on
// @formatter:on
}
@Test
@@ -118,15 +117,15 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting.asset#fir01:AGENT")
.port(port)
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", "hs_hosting.asset#fir01:AGENT")
.port(port)
.when()
. get("http://localhost/api/hs/hosting/assets?type=" + EMAIL_ALIAS)
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
[
{
"type": "EMAIL_ALIAS",
@@ -154,7 +153,8 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
void globalAdmin_canAddBookedAsset() {
context.define("superuser-alex@hostsharing.net");
final var givenBookingItem = newBookingItem("D-1000111 default project",
final var givenBookingItem = newBookingItem(
"D-1000111 default project",
HsBookingItemType.MANAGED_WEBSPACE, "separate ManagedWebspace BI",
Map.ofEntries(
entry("SSD", 50),
@@ -166,9 +166,9 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
"bookingItem.uuid": "%s",
"type": "MANAGED_WEBSPACE",
@@ -178,13 +178,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
"config": {}
}
""".formatted(givenBookingItem.getUuid(), givenParentAsset.getUuid()))
.port(port)
.port(port)
.when()
.post("http://localhost/api/hs/hosting/assets")
.post("http://localhost/api/hs/hosting/assets")
.then().log().all().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
.statusCode(201)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
{
"type": "MANAGED_WEBSPACE",
"identifier": "fir10",
@@ -194,9 +194,9 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
}
}
"""
.replace("{lastUnixUserId}", expectedUnixUserId.toString())
))
.header("Location", matchesRegex("http://localhost:[1-9][0-9]*/api/hs/hosting/assets/[^/]*"))
.replace("{lastUnixUserId}", expectedUnixUserId.toString())
))
.header("Location", matchesRegex("http://localhost:[1-9][0-9]*/api/hs/hosting/assets/[^/]*"))
.extract().header("Location"); // @formatter:on
// the new asset can be accessed under the generated UUID
@@ -206,7 +206,8 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
toCleanup(HsHostingAssetRbacEntity.class, newWebspaceUuid);
// and a default user got created
final var webspaceUnixUser = em.createQuery("SELECT ha FROM HsHostingAssetRealEntity ha WHERE ha.parentAsset.uuid=:webspaceUUID")
final var webspaceUnixUser = em.createQuery(
"SELECT ha FROM HsHostingAssetRealEntity ha WHERE ha.parentAsset.uuid=:webspaceUUID")
.setParameter("webspaceUUID", newWebspaceUuid)
.getSingleResult();
assertThat(webspaceUnixUser).isNotNull().extracting(Object::toString)
@@ -227,10 +228,10 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN")
.contentType(ContentType.JSON)
.body("""
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN")
.contentType(ContentType.JSON)
.body("""
{
"parentAsset.uuid": "%s",
"type": "UNIX_USER",
@@ -239,13 +240,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
"config": {}
}
""".formatted(givenParentAsset.getUuid()))
.port(port)
.port(port)
.when()
.post("http://localhost/api/hs/hosting/assets")
.post("http://localhost/api/hs/hosting/assets")
.then().log().all().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
.statusCode(201)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
{
"type": "UNIX_USER",
"identifier": "fir01-temp",
@@ -253,7 +254,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
"config": {}
}
"""))
.header("Location", matchesRegex("http://localhost:[1-9][0-9]*/api/hs/hosting/assets/[^/]*"))
.header("Location", matchesRegex("http://localhost:[1-9][0-9]*/api/hs/hosting/assets/[^/]*"))
.extract().header("Location"); // @formatter:on
// finally, the new asset can be accessed under the generated UUID
@@ -270,18 +271,18 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var givenProject = realProjectRepo.findByCaption("D-1000111 default project").stream()
.findAny().orElseThrow();
final var bookingItem = givenSomeTemporaryBookingItem(() ->
HsBookingItemRealEntity.builder()
.project(givenProject)
.type(HsBookingItemType.DOMAIN_SETUP)
.caption("some temp domain setup booking item")
.resources(Map.ofEntries(
entry("domainName", "example.com")))
.build()
HsBookingItemRealEntity.builder()
.project(givenProject)
.type(HsBookingItemType.DOMAIN_SETUP)
.caption("some temp domain setup booking item")
.resources(Map.ofEntries(
entry("domainName", "example.com")))
.build()
);
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -327,9 +328,9 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
"bookingItem.uuid": "%s",
"type": "MANAGED_SERVER",
@@ -338,13 +339,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
"config": { "monit_max_ssd_usage": 0, "monit_max_cpu_usage": 101, "extra": 42 }
}
""".formatted(givenBookingItem.getUuid()))
.port(port)
.port(port)
.when()
.post("http://localhost/api/hs/hosting/assets")
.post("http://localhost/api/hs/hosting/assets")
.then().log().all().assertThat()
.statusCode(400)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
.statusCode(400)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
{
"statusPhrase": "Bad Request",
"message": "ERROR: [400] [
@@ -364,12 +365,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
assertThat(givenHostingAsset.getBookingItem().getResources().get("Multi"))
.as("precondition failed")
.isEqualTo(1);
final var preExistingUnixUserCount = realAssetRepo.findAllByCriteria(null, givenHostingAsset.getUuid(), UNIX_USER).size();
final var preExistingUnixUserCount = realAssetRepo.findAllByCriteria(null, givenHostingAsset.getUuid(), UNIX_USER)
.size();
final var UNIX_USER_PER_MULTI_OPTION = 25;
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
for (int n = 0; n < UNIX_USER_PER_MULTI_OPTION-preExistingUnixUserCount; ++n) {
for (int n = 0; n < UNIX_USER_PER_MULTI_OPTION - preExistingUnixUserCount; ++n) {
toCleanup(realAssetRepo.save(
HsHostingAssetRealEntity.builder()
.type(UNIX_USER)
@@ -382,9 +384,9 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.contentType(ContentType.JSON)
.body("""
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
"parentAsset.uuid": "%s",
"type": "UNIX_USER",
@@ -393,13 +395,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
"config": { }
}
""".formatted(givenHostingAsset.getUuid()))
.port(port)
.port(port)
.when()
.post("http://localhost/api/hs/hosting/assets")
.post("http://localhost/api/hs/hosting/assets")
.then().log().all().assertThat()
.statusCode(400)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
.statusCode(400)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
{
"statusPhrase": "Bad Request",
"message": "ERROR: [400] ['D-1000111:D-1000111 default project:separate ManagedWebspace.resources.Multi=1 allows at maximum 25 unix users, but 26 found]"
@@ -420,12 +422,12 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.findAny().orElseThrow().getUuid();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.given()
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
.then().log().all().assertThat()
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
@@ -445,12 +447,12 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.findAny().orElseThrow();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.given()
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
.then().log().body().assertThat()
.then().log().body().assertThat()
.statusCode(404); // @formatter:on
}
@@ -462,13 +464,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.findAny().orElseThrow().getUuid();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer person-TuckerJack@example.com")
.given()
.header("Authorization", bearer("person-TuckerJack@example.com"))
.header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
.port(port)
.when()
.when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
.then().log().all().assertThat()
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", lenientlyEquals("""
@@ -507,8 +509,8 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var alarmContactUuid = givenContact().getUuid();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.given()
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -521,9 +523,9 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
}
""".formatted(alarmContactUuid))
.port(port)
.when()
.when()
.patch("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.then().log().all().assertThat()
.then().log().all().assertThat()
.statusCode(200)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
@@ -545,7 +547,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
}
}
"""));
// @formatter:on
// @formatter:on
// finally, the asset is actually updated
em.clear();
@@ -556,13 +558,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.isEqualTo("contact-admin@secondcontact.example.com");
assertThat(asset.getConfig().toString())
.isEqualToIgnoringWhitespace("""
{
"monit_max_cpu_usage": 90,
"monit_max_ram_usage": 70,
"monit_max_ssd_usage": 85,
"monit_min_free_ssd": 5
}
""");
{
"monit_max_cpu_usage": 90,
"monit_max_ram_usage": 70,
"monit_max_ssd_usage": 85,
"monit_min_free_ssd": 5
}
""");
return true;
});
}
@@ -581,10 +583,10 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
//.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN")
.contentType(ContentType.JSON)
.body("""
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
//.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN")
.contentType(ContentType.JSON)
.body("""
{
"caption" : "some patched test-unix-user",
"config": {
@@ -594,13 +596,13 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
}
}
""")
.port(port)
.port(port)
.when()
.patch("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.patch("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.then().log().all().assertThat()
.statusCode(200)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
.statusCode(200)
.contentType(ContentType.JSON)
.body("", lenientlyEquals("""
{
"type": "UNIX_USER",
"identifier": "fir01-temp",
@@ -628,12 +630,12 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
.matches(asset -> {
assertThat(asset.getCaption()).isEqualTo("some patched test-unix-user");
assertThat(asset.getConfig().toString()).isEqualToIgnoringWhitespace("""
{
"password": "$6$Jr5w/Y8zo8pCkqg7$/rePRbvey3R6Sz/02YTlTQcRt5qdBPTj2h5.hz.rB8NfIoND8pFOjeB7orYcPs9JNf3JDxPP2V.6MQlE5BwAY/",
"shell": "/bin/bash",
"totpKey": "0x1234567890abcdef0123456789abcdef"
}
""");
{
"password": "$6$Jr5w/Y8zo8pCkqg7$/rePRbvey3R6Sz/02YTlTQcRt5qdBPTj2h5.hz.rB8NfIoND8pFOjeB7orYcPs9JNf3JDxPP2V.6MQlE5BwAY/",
"shell": "/bin/bash",
"totpKey": "0x1234567890abcdef0123456789abcdef"
}
""");
return true;
});
}
@@ -663,12 +665,12 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
))
.build());
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.given()
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.then().log().body().assertThat()
.then().log().body().assertThat()
.statusCode(204); // @formatter:on
// then the given assets is gone
@@ -695,12 +697,12 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
))
.build());
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.given()
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.when()
.delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
.then().log().all().assertThat()
.then().log().all().assertThat()
.statusCode(404); // @formatter:on
// then the given asset is still there
@@ -739,7 +741,8 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
context.define("superuser-alex@hostsharing.net");
final var project = realProjectRepo.findByCaption(projectCaption).getFirst();
final var resources = switch (bookingItemType) {
case MANAGED_SERVER -> Map.<String, Object>ofEntries(entry("CPU", 1),
case MANAGED_SERVER -> Map.<String, Object>ofEntries(
entry("CPU", 1),
entry("RAM", 20),
entry("SSD", 25),
entry("Traffic", 250));
@@ -783,9 +786,8 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
}).returnedValue();
}
private Integer nextUnixUserId() {
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class)
final Object result = em.createNativeQuery("select nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class)
.getSingleResult();
return (Integer) result + 1;
}
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java
+11 -7
View File
@@ -7,12 +7,12 @@ import com.fasterxml.jackson.databind.SerializationFeature;
import lombok.SneakyThrows;
import net.hostsharing.hsadminng.config.JsonObjectMapperConfiguration;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealRepository;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.rbac.context.Context;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
@@ -38,6 +38,7 @@ import java.util.Optional;
import java.util.UUID;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.booking.item.TestHsBookingItem.CLOUD_SERVER_BOOKING_ITEM_REAL_ENTITY;
import static net.hostsharing.hsadminng.hs.booking.item.TestHsBookingItem.MANAGED_SERVER_BOOKING_ITEM_REAL_ENTITY;
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetTestEntities.MANAGED_SERVER_HOSTING_ASSET_REAL_TEST_ENTITY;
@@ -49,13 +50,16 @@ import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(HsHostingAssetController.class)
@Import({ StrictMapper.class, JsonObjectMapperConfiguration.class, DisableSecurityConfig.class, MessageTranslator.class })
@ActiveProfiles("test")
@Import({ StrictMapper.class,
JsonObjectMapperConfiguration.class,
MessageTranslator.class,
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
public class HsHostingAssetControllerRestTest {
@Autowired
@@ -592,7 +596,7 @@ public class HsHostingAssetControllerRestTest {
// when
final var result = mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/hosting/assets?type="+testCase.name())
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
// then
@@ -662,7 +666,7 @@ public class HsHostingAssetControllerRestTest {
// when
final var result = mockMvc.perform(MockMvcRequestBuilders
.patch("/api/hs/hosting/assets/" + givenDomainHttpSetupUuid)
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetPropsControllerAcceptanceTest.java
+3 -6
View File
@@ -2,8 +2,6 @@ package net.hostsharing.hsadminng.hs.hosting.asset;
import io.restassured.RestAssured;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@@ -12,12 +10,11 @@ import org.springframework.test.context.ActiveProfiles;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
@Tag("hostingIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Tag("hostingIntegrationTest")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsHostingAssetPropsControllerAcceptanceTest {
@LocalServerPort
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.hosting.asset;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealRepository;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType;
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/factories/DomainSetupHostingAssetFactoryUnitTest.java
+1 -1
View File
@@ -56,7 +56,7 @@ class DomainSetupHostingAssetFactoryUnitTest {
private EntityManagerWrapper emw = emwFake;
@Spy
private ObjectMapper jsonMapper = new JsonObjectMapperConfiguration().customObjectMapper().build();
private ObjectMapper jsonMapper = new JsonObjectMapperConfiguration().customObjectMapper();
@Spy
private StrictMapper StrictMapper = new StrictMapper(emw);
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/factories/HsBookingItemCreatedListenerUnitTest.java
+1 -1
View File
@@ -39,7 +39,7 @@ class HsBookingItemCreatedListenerUnitTest {
private EntityManagerWrapper emw = emwFake;
@Spy
private ObjectMapper jsonMapper = new JsonObjectMapperConfiguration().customObjectMapper().build();
private ObjectMapper jsonMapper = new JsonObjectMapperConfiguration().customObjectMapper();
@Spy
private StrictMapper StrictMapper = new StrictMapper(emw);
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/factories/ManagedWebspaceHostingAssetFactoryUnitTest.java
+1 -1
View File
@@ -52,7 +52,7 @@ class ManagedWebspaceHostingAssetFactoryUnitTest {
private EntityManagerWrapper emw = emwFake;
@Spy
private ObjectMapper jsonMapper = new JsonObjectMapperConfiguration().customObjectMapper().build();
private ObjectMapper jsonMapper = new JsonObjectMapperConfiguration().customObjectMapper();
@Spy
private StrictMapper StrictMapper = new StrictMapper(emw);
src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java
+1 -1
View File
@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.migration;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.SneakyThrows;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hash.HashGenerator;
import net.hostsharing.hsadminng.hash.HashGenerator.Algorithm;
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorEntity;
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java
+21 -17
View File
@@ -3,13 +3,17 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.apache.commons.lang3.RandomStringUtils;
import org.json.JSONException;
import org.junit.jupiter.api.*;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.server.LocalServerPort;
@@ -20,19 +24,19 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Transactional
@Tag("officeIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -58,7 +62,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts")
@@ -124,7 +128,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -163,7 +167,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -184,7 +188,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -200,7 +204,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer bankaccount-admin@firstbankaccount.example.com")
.header("Authorization", bearer("bankaccount-admin@firstbankaccount.example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -228,7 +232,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -266,7 +270,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@@ -283,7 +287,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
.header("Authorization", bearer("selfregistered-test-user@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@@ -304,7 +308,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java
+9 -7
View File
@@ -1,27 +1,29 @@
package net.hostsharing.hsadminng.hs.office.bankaccount;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.rbac.context.Context;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EnumSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.context.annotation.Import;
import org.springframework.http.MediaType;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static org.hamcrest.Matchers.is;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(HsOfficeBankAccountController.class)
@Import({DisableSecurityConfig.class, MessageTranslator.class})
@ActiveProfiles("test")
@Import({ MessageTranslator.class,
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
class HsOfficeBankAccountControllerRestTest {
@Autowired
@@ -69,7 +71,7 @@ class HsOfficeBankAccountControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/bankaccounts")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -116,7 +118,7 @@ class HsOfficeBankAccountControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/bankaccounts")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.bankaccount;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java
+16 -17
View File
@@ -3,10 +3,9 @@ package net.hostsharing.hsadminng.hs.office.contact;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.apache.commons.lang3.RandomStringUtils;
import org.json.JSONException;
import org.junit.jupiter.api.AfterEach;
@@ -27,6 +26,7 @@ import java.util.UUID;
import java.util.concurrent.ThreadLocalRandom;
import static java.util.Map.entry;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@@ -34,13 +34,12 @@ import static org.hamcrest.Matchers.hasEntry;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Transactional
@Tag("officeIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -69,7 +68,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts")
@@ -107,7 +106,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -156,7 +155,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -177,7 +176,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -192,7 +191,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.header("Authorization", bearer("contact-admin@firstcontact.example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -224,7 +223,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -282,7 +281,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -328,7 +327,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@@ -348,7 +347,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
.header("Authorization", bearer("selfregistered-test-user@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@@ -369,7 +368,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.contact;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java
+22 -26
View File
@@ -3,13 +3,10 @@ package net.hostsharing.hsadminng.hs.office.coopassets;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.config.MessagesResourceConfig;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
@@ -27,6 +24,7 @@ import java.math.BigDecimal;
import java.time.LocalDate;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.DEPOSIT;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
@@ -34,14 +32,12 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.startsWith;
@Tag("officeIntegrationTest")
@Transactional
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class,
MessagesResourceConfig.class, MessageTranslator.class}
)
@ActiveProfiles("test")
@Transactional
@Tag("officeIntegrationTest")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -70,14 +66,14 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions")
.then().log().all().assertThat()
.statusCode(200)
.contentType("application/json")
.body("", hasSize(3*6)); // @formatter:on
.body("", hasSize(3 * 6)); // @formatter:on
}
@Test
@@ -88,7 +84,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="+givenMembership.getUuid())
@@ -211,7 +207,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="
@@ -244,7 +240,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -290,18 +286,18 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
// TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...)
context.define("superuser-alex@hostsharing.net");
return coopAssetsTransactionRepo.save(HsOfficeCoopAssetsTransactionEntity.builder()
.transactionType(DEPOSIT)
.valueDate(LocalDate.of(2022, 10, 20))
.membership(givenMembership)
.assetValue(new BigDecimal("256.00"))
.reference("test ref")
.transactionType(DEPOSIT)
.valueDate(LocalDate.of(2022, 10, 20))
.membership(givenMembership)
.assetValue(new BigDecimal("256.00"))
.reference("test ref")
.build());
}).assertSuccessful().assertNotNull().returnedValue();
}).assertSuccessful().assertNotNull().returnedValue();
toCleanup(HsOfficeCoopAssetsTransactionEntity.class, givenTransaction.getUuid());
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -357,7 +353,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON)
.body("""
@@ -398,7 +394,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("Authorization", "Bearer superuser-alex@hostsharing.net")
.given().header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@@ -421,7 +417,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given().header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.given().header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@@ -439,7 +435,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer person-FirstGmbH@example.com")
.header("Authorization", bearer("person-FirstGmbH@example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java
+11 -10
View File
@@ -2,15 +2,16 @@ package net.hostsharing.hsadminng.hs.office.coopassets;
import net.hostsharing.hsadminng.config.JsonObjectMapperConfiguration;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRealEntity;
import net.hostsharing.hsadminng.config.MessagesResourceConfig;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
import net.hostsharing.hsadminng.rbac.test.JsonBuilder;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import net.hostsharing.hsadminng.test.TestUuidGenerator;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@@ -37,6 +38,7 @@ import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsT
import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.DISBURSAL;
import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.REVERSAL;
import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.TRANSFER;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.JsonBuilder.jsonObject;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
@@ -54,8 +56,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
MessagesResourceConfig.class,
MessageTranslator.class,
JsonObjectMapperConfiguration.class,
DisableSecurityConfig.class })
@ActiveProfiles("test")
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
class HsOfficeCoopAssetsTransactionControllerRestTest {
// If you need to run just a single test-case in this data-driven test-method, set SINGLE_TEST_CASE_EXECUTION to true!
@@ -662,7 +664,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopassetstransactions")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("Accept-Language", "de")
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
@@ -838,7 +840,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopassetstransactions")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
.accept(MediaType.APPLICATION_JSON))
@@ -857,7 +859,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/coopassetstransactions/" + SOME_REVERTED_TRANSFER_ASSET_TX_ENTITY.getUuid())
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON))
// then
@@ -873,7 +875,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/coopassetstransactions/" + UNAVAILABLE_UUID)
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON))
// then
@@ -899,7 +901,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/coopassetstransactions")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON))
// then
@@ -950,5 +952,4 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
private String suffixOf(final String memberNumber) {
return memberNumber.substring("M-".length() + 5);
}
}
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.coopassets;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java
+34 -26
View File
@@ -3,12 +3,10 @@ package net.hostsharing.hsadminng.hs.office.coopshares;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
@@ -22,21 +20,22 @@ import org.springframework.transaction.annotation.Transactional;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.time.LocalDate;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.startsWith;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = {HsadminNgApplication.class, DisableSecurityConfig.class, MessageTranslator.class, JpaAttempt.class})
@ActiveProfiles("test")
@Transactional
@Tag("officeIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@Autowired
@@ -76,7 +75,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions")
@@ -94,7 +93,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid())
@@ -158,7 +157,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid() + "&fromValueDate=2020-01-01&toValueDate=2021-12-31")
@@ -191,7 +190,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON).body("""
{
@@ -240,18 +239,18 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
// TODO.impl: introduce something like transactedAsSuperuser / transactedAs("...", ...)
context.define("superuser-alex@hostsharing.net");
return coopSharesTransactionRepo.save(HsOfficeCoopSharesTransactionEntity.builder()
.transactionType(HsOfficeCoopSharesTransactionType.SUBSCRIPTION)
.valueDate(LocalDate.of(2022, 10, 20))
.membership(givenMembership)
.shareCount(13)
.reference("test ref")
.build());
.transactionType(HsOfficeCoopSharesTransactionType.SUBSCRIPTION)
.valueDate(LocalDate.of(2022, 10, 20))
.membership(givenMembership)
.shareCount(13)
.reference("test ref")
.build());
}).assertSuccessful().assertNotNull().returnedValue();
toCleanup(HsOfficeCoopSharesTransactionEntity.class, givenTransaction.getUuid());
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -294,7 +293,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
// finally, the new coopAssetsTransaction can be accessed under the generated UUID
final var newShareTxUuid = UUID.fromString(
location.substring(location.lastIndexOf('/') + 1));
location.substring(location.lastIndexOf('/') + 1));
assertThat(newShareTxUuid).isNotNull();
toCleanup(HsOfficeCoopSharesTransactionEntity.class, newShareTxUuid);
}
@@ -307,7 +306,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("Accept-Language", "de")
.contentType(ContentType.JSON)
.body("""
@@ -344,11 +343,14 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void globalAdmin_withoutAssumedRole_canGetArbitraryCoopShareTransaction() {
context.define("superuser-alex@hostsharing.net");
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
null,
LocalDate.of(2010, 3, 15),
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
@@ -366,11 +368,14 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void normalUser_canNotGetUnrelatedCoopShareTransaction() {
context.define("superuser-alex@hostsharing.net");
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
null,
LocalDate.of(2010, 3, 15),
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
.then().log().body()
@@ -381,11 +386,14 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
@Test
void partnerPersonUser_canGetRelatedCoopShareTransaction() {
context.define("superuser-alex@hostsharing.net");
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid();
final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
null,
LocalDate.of(2010, 3, 15),
LocalDate.of(2010, 3, 15)).get(0).getUuid();
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer person-FirstGmbH@example.com")
.header("Authorization", bearer("person-FirstGmbH@example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java
+9 -8
View File
@@ -2,11 +2,12 @@ package net.hostsharing.hsadminng.hs.office.coopshares;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.config.MessagesResourceConfig;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.rbac.test.JsonBuilder;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EnumSource;
import org.springframework.beans.factory.annotation.Autowired;
@@ -21,6 +22,7 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import java.util.UUID;
import java.util.function.Function;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.JsonBuilder.jsonObject;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
@@ -28,10 +30,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(HsOfficeCoopSharesTransactionController.class)
@Import({DisableSecurityConfig.class,
MessagesResourceConfig.class,
MessageTranslator.class})
@ActiveProfiles("test")
@Import({ MessagesResourceConfig.class,
MessageTranslator.class,
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
class HsOfficeCoopSharesTransactionControllerRestTest {
@Autowired
@@ -126,7 +128,7 @@ class HsOfficeCoopSharesTransactionControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/coopsharestransactions")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("Accept-Language", "de")
.contentType(MediaType.APPLICATION_JSON)
.content(testCase.givenRequestBody())
@@ -138,5 +140,4 @@ class HsOfficeCoopSharesTransactionControllerRestTest {
.andExpect(jsonPath("statusPhrase", is("Bad Request")))
.andExpect(jsonPath("message", containsString(testCase.expectedErrorMessage)));
}
}
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.coopshares;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
+21 -22
View File
@@ -3,16 +3,15 @@ package net.hostsharing.hsadminng.hs.office.debitor;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountRepository;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRbacRepository;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealRepository;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
@@ -28,6 +27,7 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
import static net.hostsharing.hsadminng.rbac.role.RbacRoleType.ADMIN;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
@@ -38,13 +38,12 @@ import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@Tag("officeIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
classes = HsadminNgApplication.class)
@ActiveProfiles({ "fake-jwt"})
@Transactional
@Tag("officeIntegrationTest")
class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanup {
private static final int LOWEST_TEMP_DEBITOR_SUFFIX = 90;
@@ -93,7 +92,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -120,7 +119,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/D-1000212")
@@ -151,7 +150,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors")
@@ -306,7 +305,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors?partnerNumber=P-10002")
@@ -351,7 +350,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -396,7 +395,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -447,7 +446,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -482,7 +481,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -513,7 +512,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -578,7 +577,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -593,7 +592,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.header("Authorization", bearer("contact-admin@firstcontact.example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -623,7 +622,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -705,7 +704,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
// @formatter:on
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", givenDebitor.getDebitorRel().getContact().roleId(ADMIN) )
.contentType(ContentType.JSON)
.body("""
@@ -734,7 +733,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -753,7 +752,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer contact-admin@tenthcontact.example.com")
.header("Authorization", bearer("contact-admin@tenthcontact.example.com"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -772,7 +771,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.debitor;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountRepository;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRealRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
+21 -20
View File
@@ -4,11 +4,10 @@ import io.hypersistence.utils.hibernate.type.range.Range;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRealRepository;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.json.JSONException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Nested;
@@ -25,20 +24,22 @@ import jakarta.persistence.PersistenceContext;
import java.time.LocalDate;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.ACTIVE;
import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.CANCELLED;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@Tag("officeIntegrationTest")
@Transactional
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Transactional
@Tag("officeIntegrationTest")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCleanup {
private static final String TEMP_MEMBER_NUMBER_SUFFIX = "90";
@@ -72,7 +73,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships")
@@ -118,7 +119,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.queryParam("partnerUuid", partner.getUuid() )
@@ -146,7 +147,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.queryParam("partnerNumber", "P-10002" )
@@ -183,7 +184,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -226,7 +227,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@@ -252,7 +253,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@@ -267,7 +268,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
.port(port)
.when()
@@ -299,7 +300,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -343,7 +344,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
// when
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", givenPartnerAdmin)
.contentType(ContentType.JSON)
.body("""
@@ -378,7 +379,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())
@@ -396,7 +397,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
.port(port)
.when()
@@ -415,7 +416,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java
+16 -14
View File
@@ -3,14 +3,15 @@ package net.hostsharing.hsadminng.hs.office.membership;
import io.hypersistence.utils.hibernate.type.range.Range;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.config.MessagesResourceConfig;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionRepository;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRbacEntity;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRealEntity;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRealRepository;
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
@@ -30,6 +31,7 @@ import java.util.Optional;
import java.util.UUID;
import static io.hypersistence.utils.hibernate.type.range.Range.localDateRange;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.hasSize;
@@ -42,8 +44,9 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(HsOfficeMembershipController.class)
@Import({ StrictMapper.class, DisableSecurityConfig.class, MessagesResourceConfig.class, MessageTranslator.class})
@ActiveProfiles("test")
@Import({ StrictMapper.class, MessagesResourceConfig.class, MessageTranslator.class,
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
public class HsOfficeMembershipControllerRestTest {
private static final HsOfficePartnerRealEntity PARTNER_12345 = HsOfficePartnerRealEntity.builder()
@@ -112,7 +115,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships?partnerNumber=P-12345")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
// then
@@ -134,7 +137,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships?partnerNumber=P-12345")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -199,7 +202,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/" + givenUuid)
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
// then
@@ -218,7 +221,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/" + UUID.randomUUID())
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
// then
@@ -236,7 +239,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/M-1234501")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
// then
@@ -255,7 +258,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/memberships/M-0000000")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.accept(MediaType.APPLICATION_JSON))
// then
@@ -273,7 +276,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -303,7 +306,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -331,7 +334,7 @@ public class HsOfficeMembershipControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/memberships")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -366,5 +369,4 @@ public class HsOfficeMembershipControllerRestTest {
}
}
}
}
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,7 +1,7 @@
package net.hostsharing.hsadminng.hs.office.membership;
import io.hypersistence.utils.hibernate.type.range.Range;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRealRepository;
import net.hostsharing.hsadminng.mapper.Array;
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
+54 -27
View File
@@ -13,8 +13,10 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealReposito
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.*;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.server.LocalServerPort;
@@ -23,18 +25,20 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@Tag("officeIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Tag("officeIntegrationTest")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanup {
private static final UUID GIVEN_NON_EXISTING_UUID = UUID.fromString("00000000-0000-0000-0000-000000000000");
@@ -66,7 +70,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/partners")
@@ -94,13 +98,19 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
void globalAdmin_withoutAssumedRole_canPostNewPartner() {
context.define("superuser-alex@hostsharing.net");
final var givenMandantPerson = personRealRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow();
final var givenMandantPerson = personRealRepo.findPersonByOptionalNameLike("Hostsharing eG")
.stream()
.findFirst()
.orElseThrow();
final var givenPerson = personRealRepo.findPersonByOptionalNameLike("Winkler").stream().findFirst().orElseThrow();
final var givenContact = contactRealRepo.findContactByOptionalCaptionLike("fourth").stream().findFirst().orElseThrow();
final var givenContact = contactRealRepo.findContactByOptionalCaptionLike("fourth")
.stream()
.findFirst()
.orElseThrow();
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -159,7 +169,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -195,7 +205,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -238,7 +248,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -270,7 +280,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -285,7 +295,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.header("Authorization", bearer("contact-admin@firstcontact.example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -316,7 +326,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -384,7 +394,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -411,7 +421,12 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
// and an ex-partner-relation got created
final var newPartnerPersonUuid = givenPartner.getPartnerRel().getHolder().getUuid();
assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(newPartnerPersonUuid, EX_PARTNER, null, null, null))
assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(
newPartnerPersonUuid,
EX_PARTNER,
null,
null,
null))
.map(HsOfficeRelation::toShortString)
.contains("rel(anchor='NP Winkler, Paul', type=EX_PARTNER, holder='UF Erben Bessler')");
}
@@ -424,7 +439,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -449,7 +464,9 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
// finally, the partner details and only the partner details are actually updated
assertThat(partnerRepo.findByUuid(givenPartner.getUuid())).isPresent().get()
.matches(partner -> {
assertThat(partner.getPartnerRel().getContact().getCaption()).isEqualTo(givenPartner.getPartnerRel().getContact().getCaption());
assertThat(partner.getPartnerRel().getContact().getCaption()).isEqualTo(givenPartner.getPartnerRel()
.getContact()
.getCaption());
assertThat(partner.getDetails().getRegistrationOffice()).isEqualTo("Temp Registergericht Leer");
assertThat(partner.getDetails().getRegistrationNumber()).isEqualTo("333333");
assertThat(partner.getDetails().getBirthName()).isEqualTo("Maja Schmidt");
@@ -472,7 +489,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@@ -492,7 +509,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer contact-admin@fourthcontact.example.com")
.header("Authorization", bearer("contact-admin@fourthcontact.example.com"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@@ -511,7 +528,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@@ -528,9 +545,18 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
final String contactName) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
final var givenMandantPerson = personRealRepo.findPersonByOptionalNameLike("Hostsharing eG").stream().findFirst().orElseThrow();
final var givenPerson = personRealRepo.findPersonByOptionalNameLike(partnerHolderName).stream().findFirst().orElseThrow();
final var givenContact = contactRealRepo.findContactByOptionalCaptionLike(contactName).stream().findFirst().orElseThrow();
final var givenMandantPerson = personRealRepo.findPersonByOptionalNameLike("Hostsharing eG")
.stream()
.findFirst()
.orElseThrow();
final var givenPerson = personRealRepo.findPersonByOptionalNameLike(partnerHolderName)
.stream()
.findFirst()
.orElseThrow();
final var givenContact = contactRealRepo.findContactByOptionalCaptionLike(contactName)
.stream()
.findFirst()
.orElseThrow();
final var partnerRel = new HsOfficeRelationRealEntity();
partnerRel.setType(HsOfficeRelationType.PARTNER);
@@ -541,6 +567,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
return partnerRel;
}).assertSuccessful().returnedValue();
}
private HsOfficePartnerRbacEntity givenSomeTemporaryPartnerBessler(final Integer partnerNumber) {
return jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net");
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java
+11 -9
View File
@@ -1,8 +1,8 @@
package net.hostsharing.hsadminng.hs.office.partner;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.config.WebSecurityConfigForWebMvcTests;
import net.hostsharing.hsadminng.config.MessageTranslator;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactFromResourceConverter;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealEntity;
@@ -11,6 +11,7 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealReposito
import net.hostsharing.hsadminng.mapper.StrictMapper;
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
import net.hostsharing.hsadminng.config.MessagesResourceConfig;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
@@ -32,6 +33,7 @@ import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.equalTo;
import static org.mockito.ArgumentMatchers.any;
@@ -46,8 +48,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
MessagesResourceConfig.class,
MessageTranslator.class,
HsOfficeContactFromResourceConverter.class,
DisableSecurityConfig.class })
@ActiveProfiles("test")
WebSecurityConfigForWebMvcTests.class })
@ActiveProfiles({"fake-jwt", "test"})
class HsOfficePartnerControllerRestTest {
static final UUID GIVEN_MANDANTE_UUID = UUID.randomUUID();
@@ -112,7 +114,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/partners")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.header("Accept-Language", "de")
.contentType(MediaType.APPLICATION_JSON)
.content("""
@@ -147,7 +149,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.post("/api/hs/office/partners")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.content("""
{
@@ -190,7 +192,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/partners/P-12345")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))
@@ -207,7 +209,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.get("/api/hs/office/partners/P-12345")
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))
@@ -235,7 +237,7 @@ class HsOfficePartnerControllerRestTest {
// when
mockMvc.perform(MockMvcRequestBuilders
.delete("/api/hs/office/partners/" + givenPartnerUuid)
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(MediaType.APPLICATION_JSON)
.accept(MediaType.APPLICATION_JSON))
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRbacRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.partner;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java
+18 -17
View File
@@ -3,10 +3,9 @@ package net.hostsharing.hsadminng.hs.office.person;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Nested;
@@ -22,17 +21,19 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@Tag("officeIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Tag("officeIntegrationTest")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -61,7 +62,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/persons")
@@ -81,7 +82,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -119,7 +120,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -142,7 +143,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -159,7 +160,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer person-ErbenBesslerMelBessler@example.com")
.header("Authorization", bearer("person-ErbenBesslerMelBessler@example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -188,7 +189,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -230,7 +231,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -274,7 +275,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@@ -293,7 +294,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
.header("Authorization", bearer("selfregistered-test-user@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@@ -313,7 +314,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRbacRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.person;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRealRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.person;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.mapper.Array;
import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository;
import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRealRelationRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.relation;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java
+26 -26
View File
@@ -2,14 +2,13 @@ package net.hostsharing.hsadminng.hs.office.relation;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeRelationTypeResource;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
@@ -22,19 +21,20 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.Map;
import java.util.UUID;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.hasEntry;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Transactional
@Tag("officeIntegrationTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithCleanup {
public static final UUID GIVEN_NON_EXISTING_HOLDER_PERSON_UUID = UUID.fromString("00000000-0000-0000-0000-000000000000");
@@ -68,7 +68,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/relations?personUuid=%s&relationType=%s"
@@ -126,7 +126,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/relations?personUuid=%s"
@@ -183,7 +183,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/relations?personData=firby&contactData=Contact-Admin@FirstContact.Example.COM")
@@ -235,7 +235,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -280,7 +280,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -348,7 +348,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -380,7 +380,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -413,7 +413,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -447,7 +447,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@@ -470,7 +470,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@@ -486,7 +486,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer contact-admin@firstcontact.example.com")
.header("Authorization", bearer("contact-admin@firstcontact.example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -529,7 +529,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -572,7 +572,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -591,7 +591,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer contact-admin@seventhcontact.example.com")
.header("Authorization", bearer("contact-admin@seventhcontact.example.com"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -610,7 +610,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
+1 -1
View File
@@ -1,6 +1,6 @@
package net.hostsharing.hsadminng.hs.office.relation;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.rbac.context.Context;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRealRepository;
import net.hostsharing.hsadminng.lambda.Reducer;
src/test/java/net/hostsharing/hsadminng/hs/office/scenarios/HsOfficeScenarioTests.java
+2 -25
View File
@@ -1,7 +1,6 @@
package net.hostsharing.hsadminng.hs.office.scenarios;
import lombok.SneakyThrows;
import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRbacEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRbacRepository;
import net.hostsharing.hsadminng.hs.office.scenarios.contact.AddPhoneNumberToContactData;
@@ -43,39 +42,16 @@ import net.hostsharing.hsadminng.hs.scenarios.Produces;
import net.hostsharing.hsadminng.hs.scenarios.Requires;
import net.hostsharing.hsadminng.hs.scenarios.ScenarioTest;
import net.hostsharing.hsadminng.lambda.Reducer;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import net.hostsharing.hsadminng.test.IgnoreOnFailureExtension;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.ClassOrderer;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestClassOrder;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.api.TestMethodOrder;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.ActiveProfiles;
@Tag("scenarioTest")
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class },
properties = {
"spring.datasource.url=${HSADMINNG_POSTGRES_JDBC_URL:jdbc:tc:postgresql:15.5-bookworm:///scenariosTC}",
"spring.datasource.username=${HSADMINNG_POSTGRES_ADMIN_USERNAME:ADMIN}",
"spring.datasource.password=${HSADMINNG_POSTGRES_ADMIN_PASSWORD:password}",
"hsadminng.superuser=${HSADMINNG_SUPERUSER:superuser-alex@hostsharing.net}"
}
)
@ActiveProfiles("test")
@TestClassOrder(ClassOrderer.OrderAnnotation.class)
@ExtendWith(IgnoreOnFailureExtension.class)
class HsOfficeScenarioTests extends ScenarioTest {
@Autowired
@@ -702,7 +678,8 @@ class HsOfficeScenarioTests extends ScenarioTest {
@Test
@Order(6010)
@Requires("Debitor: D-3101100 - Michelle Matthieu") // which should also get updated
@Requires("Debitor: D-3101100 - Michelle Matthieu")
// which should also get updated
void shouldReplaceDeceasedPartnerByCommunityOfHeirs() {
new ReplaceDeceasedPartnerWithCommunityOfHeirs(scenarioTest)
.given("partnerNumber", "P-31011")
src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java
+27 -24
View File
@@ -8,7 +8,6 @@ import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountReposi
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
import net.hostsharing.hsadminng.config.DisableSecurityConfig;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
@@ -26,18 +25,20 @@ import java.time.LocalDate;
import java.util.UUID;
import static java.util.Optional.ofNullable;
import static net.hostsharing.hsadminng.config.JwtFakeBearer.bearer;
import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
@Tag("officeIntegrationTest")
@Transactional
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = { HsadminNgApplication.class, DisableSecurityConfig.class, JpaAttempt.class }
)
@ActiveProfiles("test")
@Transactional
@Tag("officeIntegrationTest")
classes = HsadminNgApplication.class)
@ActiveProfiles("fake-jwt")
class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCleanup {
@LocalServerPort
@@ -66,7 +67,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates")
@@ -107,7 +108,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates?iban=DE02120300000000202051")
@@ -145,7 +146,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -186,7 +187,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -211,7 +212,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -241,7 +242,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -275,7 +276,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -305,7 +306,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -322,7 +323,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer bankaccount-admin@FirstGmbH.example.com")
.header("Authorization", bearer("bankaccount-admin@FirstGmbH.example.com"))
.port(port)
.when()
.get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -354,7 +355,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -383,7 +384,8 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
context.define("superuser-alex@hostsharing.net");
assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent().get()
.matches(mandate -> {
assertThat(mandate.getDebitor().toString()).isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type=DEBITOR, holder='LP First GmbH'), fir)");
assertThat(mandate.getDebitor().toString()).isEqualTo(
"debitor(D-1000111: rel(anchor='LP First GmbH', type=DEBITOR, holder='LP First GmbH'), fir)");
assertThat(mandate.getBankAccount().toShortString()).isEqualTo("First GmbH");
assertThat(mandate.getReference()).isEqualTo("temp ref CAT Z - patched");
assertThat(mandate.getValidFrom()).isEqualTo("2020-06-05");
@@ -400,7 +402,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -425,7 +427,8 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
assertThat(sepaMandateRepo.findByUuid(givenSepaMandate.getUuid())).isPresent().get()
.matches(mandate -> {
assertThat(mandate.getDebitor().toString())
.isEqualTo("debitor(D-1000111: rel(anchor='LP First GmbH', type=DEBITOR, holder='LP First GmbH'), fir)");
.isEqualTo(
"debitor(D-1000111: rel(anchor='LP First GmbH', type=DEBITOR, holder='LP First GmbH'), fir)");
assertThat(mandate.getBankAccount().toShortString()).isEqualTo("First GmbH");
assertThat(mandate.getReference()).isEqualTo("temp ref CAT Z");
assertThat(mandate.getValidity().asString()).isEqualTo("[2022-11-01,2023-01-01)");
@@ -441,7 +444,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
final var location = RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.contentType(ContentType.JSON)
.body("""
{
@@ -475,7 +478,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer superuser-alex@hostsharing.net")
.header("Authorization", bearer("superuser-alex@hostsharing.net"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@@ -493,7 +496,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer bankaccount-admin@FirstGmbH.example.com")
.header("Authorization", bearer("bankaccount-admin@FirstGmbH.example.com"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@@ -511,7 +514,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
RestAssured // @formatter:off
.given()
.header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
.header("Authorization", bearer("selfregistered-user-drew@hostsharing.org"))
.port(port)
.when()
.delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())

Some files were not shown because too many files have changed in this diff Show More