Wired up Spring security, modified test to use accounts.
This commit is contained in:
parent
1acd2fa781
commit
bc27408b83
@ -25,7 +25,6 @@ dependencies {
|
|||||||
implementation 'org.springframework.boot:spring-boot-starter-security'
|
implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||||
implementation 'com.auth0:java-jwt:3.4.0'
|
implementation 'com.auth0:java-jwt:3.4.0'
|
||||||
implementation 'org.openpnp:opencv:3.2.0-0'
|
implementation 'org.openpnp:opencv:3.2.0-0'
|
||||||
// developmentOnly 'org.springframework.boot:spring-boot-devtools'
|
|
||||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||||
testImplementation('org.junit.jupiter:junit-jupiter-api')
|
testImplementation('org.junit.jupiter:junit-jupiter-api')
|
||||||
testRuntimeOnly('org.junit.jupiter:junit-jupiter-engine')
|
testRuntimeOnly('org.junit.jupiter:junit-jupiter-engine')
|
||||||
|
@ -3,6 +3,7 @@ package pl.edu.amu.wmi.bookapi.api;
|
|||||||
import org.apache.coyote.Response;
|
import org.apache.coyote.Response;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import org.springframework.web.multipart.MultipartFile;
|
import org.springframework.web.multipart.MultipartFile;
|
||||||
import pl.edu.amu.wmi.bookapi.api.dto.BookDto;
|
import pl.edu.amu.wmi.bookapi.api.dto.BookDto;
|
||||||
@ -53,7 +54,6 @@ public class BookController {
|
|||||||
|
|
||||||
@PostMapping
|
@PostMapping
|
||||||
public ResponseEntity addBook(@RequestBody BookDto bookDto) {
|
public ResponseEntity addBook(@RequestBody BookDto bookDto) {
|
||||||
System.out.println("Save book");
|
|
||||||
bookService.saveBook(getUserName(), bookDto);
|
bookService.saveBook(getUserName(), bookDto);
|
||||||
return ResponseEntity.ok().build();
|
return ResponseEntity.ok().build();
|
||||||
}
|
}
|
||||||
@ -68,6 +68,8 @@ public class BookController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private String getUserName() {
|
private String getUserName() {
|
||||||
return "admin";
|
String username = SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString();
|
||||||
|
System.out.println("Username - " + username);
|
||||||
|
return username;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,7 @@ package pl.edu.amu.wmi.bookapi.api;
|
|||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import pl.edu.amu.wmi.bookapi.api.dto.MessageDto;
|
import pl.edu.amu.wmi.bookapi.api.dto.MessageDto;
|
||||||
import pl.edu.amu.wmi.bookapi.service.MessageService;
|
import pl.edu.amu.wmi.bookapi.service.MessageService;
|
||||||
@ -21,7 +22,7 @@ public class MessageController {
|
|||||||
public ResponseEntity listThreads() {
|
public ResponseEntity listThreads() {
|
||||||
return ResponseEntity.ok(
|
return ResponseEntity.ok(
|
||||||
messageService.getThreads(
|
messageService.getThreads(
|
||||||
getUserId()
|
getUsername()
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -30,7 +31,7 @@ public class MessageController {
|
|||||||
public ResponseEntity createMessage(@RequestBody MessageDto messageDto) {
|
public ResponseEntity createMessage(@RequestBody MessageDto messageDto) {
|
||||||
messageService.createMessage(
|
messageService.createMessage(
|
||||||
messageDto.getContent(),
|
messageDto.getContent(),
|
||||||
messageDto.getAuthor(),
|
getUsername(),
|
||||||
messageDto.getRecipient()
|
messageDto.getRecipient()
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -39,12 +40,12 @@ public class MessageController {
|
|||||||
|
|
||||||
@GetMapping("/{threadId}")
|
@GetMapping("/{threadId}")
|
||||||
public ResponseEntity getMessagesInThread(@PathVariable String threadId) {
|
public ResponseEntity getMessagesInThread(@PathVariable String threadId) {
|
||||||
return ResponseEntity.ok(messageService.getMessagesInThread(threadId, getUserId()));
|
return ResponseEntity.ok(messageService.getMessagesInThread(threadId, getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private String getUsername() {
|
||||||
private String getUserId() {
|
String username = SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString();
|
||||||
return "admin";
|
System.out.println("Username - " + username);
|
||||||
|
return username;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,16 @@
|
|||||||
package pl.edu.amu.wmi.bookapi.api;
|
package pl.edu.amu.wmi.bookapi.api;
|
||||||
|
|
||||||
import org.springframework.dao.DuplicateKeyException;
|
import org.springframework.dao.DuplicateKeyException;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.crypto.bcrypt.*;
|
import org.springframework.security.crypto.bcrypt.*;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import pl.edu.amu.wmi.bookapi.exceptions.RegisterException;
|
import pl.edu.amu.wmi.bookapi.exceptions.RegisterException;
|
||||||
import pl.edu.amu.wmi.bookapi.models.*;
|
import pl.edu.amu.wmi.bookapi.models.*;
|
||||||
import pl.edu.amu.wmi.bookapi.repositories.*;
|
import pl.edu.amu.wmi.bookapi.repositories.*;
|
||||||
|
|
||||||
|
import javax.security.auth.login.LoginException;
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/users")
|
@RequestMapping("/users")
|
||||||
public class UserController {
|
public class UserController {
|
||||||
@ -26,8 +29,14 @@ public class UserController {
|
|||||||
user.setPassword(bCryptPasswordEncoder.encode(user.getPassword()));
|
user.setPassword(bCryptPasswordEncoder.encode(user.getPassword()));
|
||||||
try {
|
try {
|
||||||
userRepository.save(user);
|
userRepository.save(user);
|
||||||
|
System.out.println("hello");
|
||||||
} catch (DuplicateKeyException e) {
|
} catch (DuplicateKeyException e) {
|
||||||
throw new RegisterException("Login already in use");
|
throw new RegisterException("Login already in use");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PostMapping("/sign-in")
|
||||||
|
public void signIn(@RequestBody UserDocument user) throws LoginException {
|
||||||
|
Object princ = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,12 +2,10 @@ package pl.edu.amu.wmi.bookapi.api.dto;
|
|||||||
|
|
||||||
public class MessageDto {
|
public class MessageDto {
|
||||||
private String content;
|
private String content;
|
||||||
private String author;
|
|
||||||
private String recipient;
|
private String recipient;
|
||||||
|
|
||||||
public MessageDto(String content, String author, String recipient) {
|
public MessageDto(String content, String recipient) {
|
||||||
this.content = content;
|
this.content = content;
|
||||||
this.author = author;
|
|
||||||
this.recipient = recipient;
|
this.recipient = recipient;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -19,14 +17,6 @@ public class MessageDto {
|
|||||||
this.content = content;
|
this.content = content;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getAuthor() {
|
|
||||||
return author;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setAuthor(String author) {
|
|
||||||
this.author = author;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getRecipient() {
|
public String getRecipient() {
|
||||||
return recipient;
|
return recipient;
|
||||||
}
|
}
|
||||||
|
@ -8,5 +8,5 @@ import java.util.List;
|
|||||||
|
|
||||||
public interface BookRepository extends MongoRepository<BookDocument, String>, BookRepositoryCustom {
|
public interface BookRepository extends MongoRepository<BookDocument, String>, BookRepositoryCustom {
|
||||||
List<BookDocument> findAllByOwnerUsername(String ownerUsername);
|
List<BookDocument> findAllByOwnerUsername(String ownerUsername);
|
||||||
|
void deleteByIdAndOwnerUsername(String id, String ownerUsername);
|
||||||
}
|
}
|
||||||
|
@ -27,6 +27,7 @@ public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilte
|
|||||||
public static final String TOKEN_PREFIX = "Bearer ";
|
public static final String TOKEN_PREFIX = "Bearer ";
|
||||||
public static final String HEADER_STRING = "Authorization";
|
public static final String HEADER_STRING = "Authorization";
|
||||||
public static final String SIGN_UP_URL = "/users/sign-up";
|
public static final String SIGN_UP_URL = "/users/sign-up";
|
||||||
|
public static final String LOG_IN_URL = "/users/login";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Authentication attemptAuthentication(HttpServletRequest req,
|
public Authentication attemptAuthentication(HttpServletRequest req,
|
||||||
|
@ -43,8 +43,6 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
|
|||||||
.build()
|
.build()
|
||||||
.verify(token.replace(TOKEN_PREFIX, ""))
|
.verify(token.replace(TOKEN_PREFIX, ""))
|
||||||
.getSubject();
|
.getSubject();
|
||||||
|
|
||||||
System.out.println();
|
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
|
return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
|
||||||
}
|
}
|
||||||
|
@ -25,22 +25,28 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
|
|||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http.cors().and().csrf().disable()
|
http.cors().and().csrf().disable()
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
.antMatchers(HttpMethod.GET, "/api/books", "/api/messages/", "/api/messages/*", "/api/books/public").permitAll()
|
// .antMatchers(HttpMethod.GET, "/api/books", "/api/messages/", "/api/messages/*", "/api/books/public").permitAll()
|
||||||
.antMatchers(HttpMethod.DELETE, "/api/books/*").permitAll()
|
// .antMatchers(HttpMethod.DELETE, "/api/books/*").permitAll()
|
||||||
.antMatchers(HttpMethod.PATCH, "/api/books/*").permitAll()
|
// .antMatchers(HttpMethod.PATCH, "/api/books/*").permitAll()
|
||||||
.antMatchers(HttpMethod.POST,
|
.antMatchers(HttpMethod.POST,
|
||||||
SIGN_UP_URL,
|
SIGN_UP_URL).permitAll()
|
||||||
"/api/books",
|
|
||||||
"/api/books/image",
|
|
||||||
"/api/messages").permitAll()
|
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
.and()
|
.and()
|
||||||
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
|
.addFilter(
|
||||||
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
|
this.getConfiguredJwtAuthenticationFilter()
|
||||||
// this disables session creation on Spring Security
|
)
|
||||||
|
.addFilter(
|
||||||
|
new JWTAuthorizationFilter(authenticationManager())
|
||||||
|
)
|
||||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private JWTAuthenticationFilter getConfiguredJwtAuthenticationFilter() throws Exception{
|
||||||
|
JWTAuthenticationFilter jwtFilter = new JWTAuthenticationFilter(authenticationManager());
|
||||||
|
jwtFilter.setFilterProcessesUrl("/users/login");
|
||||||
|
return jwtFilter;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configure(AuthenticationManagerBuilder auth) throws Exception {
|
public void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||||
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
|
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
|
||||||
|
@ -22,7 +22,7 @@ public class BookService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void deleteBook(String userName, String bookId) {
|
public void deleteBook(String userName, String bookId) {
|
||||||
bookRepository.deleteById(bookId);
|
bookRepository.deleteByIdAndOwnerUsername(bookId, userName);
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<BookDocument> findAllForUser(String userName) {
|
public List<BookDocument> findAllForUser(String userName) {
|
||||||
|
@ -13,6 +13,7 @@ import org.springframework.data.mongodb.core.MongoTemplate;
|
|||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import pl.edu.amu.wmi.bookapi.fixtures.IntegrationTestUtil;
|
import pl.edu.amu.wmi.bookapi.fixtures.IntegrationTestUtil;
|
||||||
import pl.edu.amu.wmi.bookapi.fixtures.api.BookControllerRequest;
|
import pl.edu.amu.wmi.bookapi.fixtures.api.BookControllerRequest;
|
||||||
|
import pl.edu.amu.wmi.bookapi.fixtures.api.UserControllerRequests;
|
||||||
import pl.edu.amu.wmi.bookapi.models.BookDocument;
|
import pl.edu.amu.wmi.bookapi.models.BookDocument;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -37,65 +38,113 @@ public class BookControllerInt {
|
|||||||
IntegrationTestUtil testUtil;
|
IntegrationTestUtil testUtil;
|
||||||
|
|
||||||
private BookControllerRequest bookRequests;
|
private BookControllerRequest bookRequests;
|
||||||
|
private UserControllerRequests userRequests;
|
||||||
|
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
void cleanCollections() {
|
void cleanCollections() {
|
||||||
this.bookRequests = new BookControllerRequest(mvc, new ObjectMapper());
|
this.bookRequests = new BookControllerRequest(mvc, new ObjectMapper());
|
||||||
|
this.userRequests = new UserControllerRequests(mvc, new ObjectMapper());
|
||||||
testUtil.cleanCollections();
|
testUtil.cleanCollections();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void should_add_a_book() throws Exception {
|
void should_add_a_book() throws Exception {
|
||||||
this.bookRequests.addBook("admin", "12345", "auth", "title")
|
userRequests.registerUser("a-1", "p-1");
|
||||||
|
String bearer = userRequests.loginAsUserAndReturnAuthorizationHeader("a-1", "p-1");
|
||||||
|
|
||||||
|
this.bookRequests.addBook(bearer, "12345", "auth", "title")
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
assertEquals(mongoTemplate.findAll(BookDocument.class).get(0).getEan(), "12345");
|
assertEquals(mongoTemplate.findAll(BookDocument.class).get(0).getEan(), "12345");
|
||||||
|
assertEquals(mongoTemplate.findAll(BookDocument.class).get(0).getOwnerUsername(), "a-1");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void should_list_books_for_user() throws Exception {
|
void should_list_books_for_user() throws Exception {
|
||||||
this.bookRequests.addBook("admin", "12345", "auth", "title")
|
userRequests.registerUser("a","b");
|
||||||
|
String user1 = userRequests.loginAsUserAndReturnAuthorizationHeader("a", "b");
|
||||||
|
|
||||||
|
userRequests.registerUser("b","b");
|
||||||
|
String user2 = userRequests.loginAsUserAndReturnAuthorizationHeader("b", "b");
|
||||||
|
|
||||||
|
this.bookRequests.addBook(user1, "12345", "auth", "title")
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
this.bookRequests.addBook("admin", "12345", "auth", "title")
|
this.bookRequests.addBook(user1, "12345", "auth", "title")
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
bookRequests.getBooksForUser("admin")
|
this.bookRequests.addBook(user2, "12345", "auth", "title")
|
||||||
|
.andExpect(status().isOk());
|
||||||
|
|
||||||
|
bookRequests.getBooksForUser(user1)
|
||||||
.andExpect(status().isOk())
|
.andExpect(status().isOk())
|
||||||
.andExpect(jsonPath("$.*.ownerUsername", equalTo(List.of("admin", "admin"))));
|
.andExpect(jsonPath("$.*.ownerUsername", equalTo(List.of("a", "a"))));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void should_delete_a_book() throws Exception {
|
void should_delete_a_book() throws Exception {
|
||||||
this.bookRequests.addBook("admin", "12345", "auth", "title")
|
userRequests.registerUser("a","b");
|
||||||
|
String user1 = userRequests.loginAsUserAndReturnAuthorizationHeader("a", "b");
|
||||||
|
|
||||||
|
userRequests.registerUser("b","b");
|
||||||
|
String user2 = userRequests.loginAsUserAndReturnAuthorizationHeader("b", "b");
|
||||||
|
|
||||||
|
|
||||||
|
this.bookRequests.addBook(user1, "12345", "auth", "title")
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
|
|
||||||
BookDocument foundBook = mongoTemplate.findAll(BookDocument.class).get(0);
|
BookDocument foundBook = mongoTemplate.findAll(BookDocument.class).get(0);
|
||||||
assertEquals(foundBook.getEan(), "12345");
|
assertEquals(foundBook.getEan(), "12345");
|
||||||
this.bookRequests.deleteBook("admin", foundBook.getId());
|
|
||||||
|
// Should not allow other users to delete books
|
||||||
|
this.bookRequests.deleteBook(user2, foundBook.getId());
|
||||||
|
assertEquals(1, mongoTemplate.findAll(BookDocument.class).size());
|
||||||
|
|
||||||
|
this.bookRequests.deleteBook(user1, foundBook.getId());
|
||||||
assertEquals(0, mongoTemplate.findAll(BookDocument.class).size());
|
assertEquals(0, mongoTemplate.findAll(BookDocument.class).size());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void should_list_all_books() throws Exception {
|
void should_list_all_books() throws Exception {
|
||||||
this.bookRequests.addBook("admin1", "123451", "auth1", "title1")
|
userRequests.registerUser("a-1", "p-1");
|
||||||
|
String bearer1 = userRequests.loginAsUserAndReturnAuthorizationHeader("a-1", "p-1");
|
||||||
|
|
||||||
|
userRequests.registerUser("a-2", "p-1");
|
||||||
|
String bearer2 = userRequests.loginAsUserAndReturnAuthorizationHeader("a-1", "p-1");
|
||||||
|
|
||||||
|
userRequests.registerUser("a-3", "p-1");
|
||||||
|
String bearer3 = userRequests.loginAsUserAndReturnAuthorizationHeader("a-1", "p-1");
|
||||||
|
|
||||||
|
userRequests.registerUser("a-4", "p-1");
|
||||||
|
String bearer4 = userRequests.loginAsUserAndReturnAuthorizationHeader("a-1", "p-1");
|
||||||
|
|
||||||
|
|
||||||
|
this.bookRequests.addBook(bearer1, "123451", "auth1", "title1")
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
this.bookRequests.addBook("admin2", "123452", "auth2", "title2")
|
this.bookRequests.addBook(bearer2, "123452", "auth2", "title2")
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
this.bookRequests.addBook("admin3", "123453", "auth3", "title3")
|
this.bookRequests.addBook(bearer3, "123453", "auth3", "title3")
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
|
|
||||||
this.bookRequests.getAllBooks()
|
this.bookRequests.getAllBooks(bearer4)
|
||||||
.andExpect(status().isOk())
|
.andExpect(status().isOk())
|
||||||
.andExpect(jsonPath("$").isArray());
|
.andExpect(jsonPath("$").isArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void should_update_a_book() throws Exception {
|
void should_update_a_book() throws Exception {
|
||||||
this.bookRequests.addBook("admin", "12345", "1", "2")
|
userRequests.registerUser("a-1", "p-1");
|
||||||
.andDo(print());
|
String bearer = userRequests.loginAsUserAndReturnAuthorizationHeader("a-1", "p-1");
|
||||||
|
|
||||||
|
userRequests.registerUser("a-2", "p-1");
|
||||||
|
String otherUser = userRequests.loginAsUserAndReturnAuthorizationHeader("a-2", "p-1");
|
||||||
|
|
||||||
|
this.bookRequests.addBook(bearer, "12345", "1", "2")
|
||||||
|
.andExpect(status().isOk());
|
||||||
|
|
||||||
BookDocument foundBook = mongoTemplate.findAll(BookDocument.class).get(0);
|
BookDocument foundBook = mongoTemplate.findAll(BookDocument.class).get(0);
|
||||||
String bookId = foundBook.getId();
|
String bookId = foundBook.getId();
|
||||||
|
|
||||||
ObjectMapper objectMapper = new ObjectMapper();
|
ObjectMapper objectMapper = new ObjectMapper();
|
||||||
|
|
||||||
this.bookRequests.updateBook(bookId, "admin",
|
this.bookRequests.updateBook(bookId, bearer,
|
||||||
"{\n" +
|
"{\n" +
|
||||||
" \"ean\": " + objectMapper.writeValueAsString("ean") + ",\n" +
|
" \"ean\": " + objectMapper.writeValueAsString("ean") + ",\n" +
|
||||||
" \"author\": " + objectMapper.writeValueAsString("author") + ",\n" +
|
" \"author\": " + objectMapper.writeValueAsString("author") + ",\n" +
|
||||||
@ -109,15 +158,25 @@ public class BookControllerInt {
|
|||||||
assertEquals("title", foundBookAfterUpdate.getTitle());
|
assertEquals("title", foundBookAfterUpdate.getTitle());
|
||||||
|
|
||||||
// And should allow for partial update
|
// And should allow for partial update
|
||||||
this.bookRequests.updateBook(bookId, "admin",
|
this.bookRequests.updateBook(bookId, bearer,
|
||||||
"{\n" +
|
"{\n" +
|
||||||
" \"ean\": " + objectMapper.writeValueAsString("ean-1-modified") + "\n" +
|
"\"ean\": " + objectMapper.writeValueAsString("ean-1-modified") + "\n" +
|
||||||
"}").andExpect(status().isOk());
|
"}").andExpect(status().isOk());
|
||||||
|
|
||||||
BookDocument foundBookAfterPartialUpdate = mongoTemplate.findAll(BookDocument.class).get(0);
|
BookDocument foundBookAfterPartialUpdate = mongoTemplate.findAll(BookDocument.class).get(0);
|
||||||
|
|
||||||
assertEquals("ean-1-modified", foundBookAfterPartialUpdate.getEan());
|
assertEquals("ean-1-modified", foundBookAfterPartialUpdate.getEan());
|
||||||
assertEquals("author", foundBookAfterPartialUpdate.getAuthor());
|
assertEquals("author", foundBookAfterPartialUpdate.getAuthor());
|
||||||
assertEquals("title", foundBookAfterPartialUpdate.getTitle());
|
assertEquals("title", foundBookAfterPartialUpdate.getTitle());
|
||||||
|
|
||||||
|
// And should not allow other users to modify book
|
||||||
|
|
||||||
|
this.bookRequests.updateBook(bookId, otherUser, "{\n" +
|
||||||
|
"\"ean\": " + objectMapper.writeValueAsString("abc") + "\n" +
|
||||||
|
"}");
|
||||||
|
BookDocument foundBookAfterOtherUserUpdate = mongoTemplate.findAll(BookDocument.class).get(0);
|
||||||
|
|
||||||
|
assertEquals("ean-1-modified", foundBookAfterOtherUserUpdate.getEan());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -14,6 +14,7 @@ import org.springframework.test.web.servlet.MockMvc;
|
|||||||
import pl.edu.amu.wmi.bookapi.fixtures.IntegrationTestUtil;
|
import pl.edu.amu.wmi.bookapi.fixtures.IntegrationTestUtil;
|
||||||
import pl.edu.amu.wmi.bookapi.fixtures.api.BookControllerRequest;
|
import pl.edu.amu.wmi.bookapi.fixtures.api.BookControllerRequest;
|
||||||
import pl.edu.amu.wmi.bookapi.fixtures.api.MessageControllerRequests;
|
import pl.edu.amu.wmi.bookapi.fixtures.api.MessageControllerRequests;
|
||||||
|
import pl.edu.amu.wmi.bookapi.fixtures.api.UserControllerRequests;
|
||||||
import pl.edu.amu.wmi.bookapi.models.MessageDocument;
|
import pl.edu.amu.wmi.bookapi.models.MessageDocument;
|
||||||
import pl.edu.amu.wmi.bookapi.models.ThreadDocument;
|
import pl.edu.amu.wmi.bookapi.models.ThreadDocument;
|
||||||
|
|
||||||
@ -36,19 +37,24 @@ public class MessageControllerInt {
|
|||||||
IntegrationTestUtil testUtil;
|
IntegrationTestUtil testUtil;
|
||||||
|
|
||||||
private MessageControllerRequests messageControllerRequests;
|
private MessageControllerRequests messageControllerRequests;
|
||||||
|
private UserControllerRequests userControllerRequests;
|
||||||
|
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
void cleanCollections() {
|
void cleanCollections() {
|
||||||
this.messageControllerRequests = new MessageControllerRequests(mvc, new ObjectMapper());
|
this.messageControllerRequests = new MessageControllerRequests(mvc, new ObjectMapper());
|
||||||
|
this.userControllerRequests = new UserControllerRequests(mvc, new ObjectMapper());
|
||||||
testUtil.cleanCollections();
|
testUtil.cleanCollections();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void should_start_new_thread_if_does_not_exist() throws Exception {
|
void should_start_new_thread_if_does_not_exist() throws Exception {
|
||||||
|
userControllerRequests.registerUser("a","b");
|
||||||
|
String user1 = userControllerRequests.loginAsUserAndReturnAuthorizationHeader("a", "b");
|
||||||
|
|
||||||
messageControllerRequests.postMessage(
|
messageControllerRequests.postMessage(
|
||||||
"content",
|
"content",
|
||||||
"id-1",
|
"id-1",
|
||||||
"id-2"
|
user1
|
||||||
).andExpect(status().isOk());;
|
).andExpect(status().isOk());;
|
||||||
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
||||||
assertEquals(1, mongoTemplate.findAll(MessageDocument.class).size());
|
assertEquals(1, mongoTemplate.findAll(MessageDocument.class).size());
|
||||||
@ -56,18 +62,27 @@ public class MessageControllerInt {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void if_thread_exists_it_should_not_create_new() throws Exception {
|
void if_thread_exists_it_should_not_create_new() throws Exception {
|
||||||
|
userControllerRequests.registerUser("a","b");
|
||||||
|
String user1 = userControllerRequests.loginAsUserAndReturnAuthorizationHeader("a", "b");
|
||||||
|
|
||||||
|
userControllerRequests.registerUser("b","b");
|
||||||
|
String user2 = userControllerRequests.loginAsUserAndReturnAuthorizationHeader("b", "b");
|
||||||
|
|
||||||
|
userControllerRequests.registerUser("c","b");
|
||||||
|
String user3 = userControllerRequests.loginAsUserAndReturnAuthorizationHeader("c", "b");
|
||||||
|
|
||||||
messageControllerRequests.postMessage(
|
messageControllerRequests.postMessage(
|
||||||
"content",
|
"content",
|
||||||
"id-1",
|
"b",
|
||||||
"id-2"
|
user1
|
||||||
).andExpect(status().isOk());
|
).andExpect(status().isOk());
|
||||||
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
||||||
assertEquals(1, mongoTemplate.findAll(MessageDocument.class).size());
|
assertEquals(1, mongoTemplate.findAll(MessageDocument.class).size());
|
||||||
|
|
||||||
messageControllerRequests.postMessage(
|
messageControllerRequests.postMessage(
|
||||||
"content",
|
"content",
|
||||||
"id-1",
|
"a",
|
||||||
"id-2"
|
user2
|
||||||
).andExpect(status().isOk());;
|
).andExpect(status().isOk());;
|
||||||
|
|
||||||
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
||||||
@ -75,8 +90,8 @@ public class MessageControllerInt {
|
|||||||
|
|
||||||
messageControllerRequests.postMessage(
|
messageControllerRequests.postMessage(
|
||||||
"content",
|
"content",
|
||||||
"id-1",
|
"b",
|
||||||
"id-5"
|
user3
|
||||||
).andExpect(status().isOk());
|
).andExpect(status().isOk());
|
||||||
|
|
||||||
assertEquals(2, mongoTemplate.findAll(ThreadDocument.class).size());
|
assertEquals(2, mongoTemplate.findAll(ThreadDocument.class).size());
|
||||||
@ -85,10 +100,14 @@ public class MessageControllerInt {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void it_should_allow_to_send_a_message() throws Exception {
|
void it_should_allow_to_send_a_message() throws Exception {
|
||||||
|
userControllerRequests.registerUser("a","b");
|
||||||
|
String user1 = userControllerRequests.loginAsUserAndReturnAuthorizationHeader("a", "b");
|
||||||
|
|
||||||
messageControllerRequests.postMessage(
|
messageControllerRequests.postMessage(
|
||||||
"content",
|
"content",
|
||||||
"id-1",
|
"id-5",
|
||||||
"id-5"
|
user1
|
||||||
|
|
||||||
).andExpect(status().isOk());
|
).andExpect(status().isOk());
|
||||||
|
|
||||||
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
assertEquals(1, mongoTemplate.findAll(ThreadDocument.class).size());
|
||||||
|
@ -14,6 +14,7 @@ import pl.edu.amu.wmi.bookapi.fixtures.api.*;
|
|||||||
import pl.edu.amu.wmi.bookapi.models.UserDocument;
|
import pl.edu.amu.wmi.bookapi.models.UserDocument;
|
||||||
|
|
||||||
import static org.junit.Assert.*;
|
import static org.junit.Assert.*;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||||
|
|
||||||
@SpringBootTest
|
@SpringBootTest
|
||||||
@ -54,4 +55,12 @@ public class UserControllerInt{
|
|||||||
.andExpect(status().is4xxClientError());
|
.andExpect(status().is4xxClientError());
|
||||||
assertEquals(mongoTemplate.findAll(UserDocument.class).size(), 1);
|
assertEquals(mongoTemplate.findAll(UserDocument.class).size(), 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void should_return_jwt_as_header_when_loggin_in() throws Exception {
|
||||||
|
userRequests.registerUser("a","b")
|
||||||
|
.andExpect(status().isOk());
|
||||||
|
|
||||||
|
String authHeader = userRequests.loginAsUserAndReturnAuthorizationHeader("a","b");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
|
|||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.test.web.servlet.ResultActions;
|
import org.springframework.test.web.servlet.ResultActions;
|
||||||
import pl.edu.amu.wmi.bookapi.models.BookDocument;
|
|
||||||
|
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
|
||||||
@ -19,31 +18,35 @@ public class BookControllerRequest {
|
|||||||
this.objectMapper = objectMapper;
|
this.objectMapper = objectMapper;
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions getBooksForUser(String userName) throws Exception {
|
public ResultActions getBooksForUser(String bearer) throws Exception {
|
||||||
return mvc.perform(get("/api/books"));
|
return mvc.perform(get("/api/books").header("Authorization", bearer));
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions getAllBooks() throws Exception {
|
public ResultActions getAllBooks(String bearer) throws Exception {
|
||||||
return mvc.perform(get("/api/books/public"));
|
return mvc.perform(get("/api/books/public")
|
||||||
|
.header("Authorization", bearer));
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions updateBook(String bookId, String userId, String jsonBody) throws Exception {
|
public ResultActions updateBook(String bookId, String bearer, String jsonBody) throws Exception {
|
||||||
return mvc.perform(patch("/api/books/" + bookId)
|
return mvc.perform(patch("/api/books/" + bookId)
|
||||||
|
.header("Authorization", bearer)
|
||||||
.contentType(MediaType.APPLICATION_JSON)
|
.contentType(MediaType.APPLICATION_JSON)
|
||||||
.content(jsonBody));
|
.content(jsonBody));
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions deleteBook(String userName, String bookId) throws Exception {
|
public ResultActions deleteBook(String bearer, String bookId) throws Exception {
|
||||||
return mvc.perform(delete("/api/books/" + bookId));
|
return mvc.perform(delete("/api/books/" + bookId)
|
||||||
|
.header("Authorization", bearer));
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions addBook(
|
public ResultActions addBook(
|
||||||
String userName,
|
String bearer,
|
||||||
String ean,
|
String ean,
|
||||||
String author,
|
String author,
|
||||||
String title
|
String title
|
||||||
) throws Exception {
|
) throws Exception {
|
||||||
return mvc.perform(post(URI.create("/api/books"))
|
return mvc.perform(post(URI.create("/api/books"))
|
||||||
|
.header("Authorization", bearer)
|
||||||
.contentType(MediaType.APPLICATION_JSON)
|
.contentType(MediaType.APPLICATION_JSON)
|
||||||
.content("{\n" +
|
.content("{\n" +
|
||||||
" \"ean\": " + objectMapper.writeValueAsString(ean) + ",\n" +
|
" \"ean\": " + objectMapper.writeValueAsString(ean) + ",\n" +
|
||||||
|
@ -17,27 +17,22 @@ public class MessageControllerRequests {
|
|||||||
this.objectMapper = objectMapper;
|
this.objectMapper = objectMapper;
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions getThreads(String userId) throws Exception {
|
public ResultActions getThreads(String bearer) throws Exception {
|
||||||
return mvc.perform(get("/api/messages"));
|
return mvc.perform(get("/api/messages")
|
||||||
|
.header("Authorization", bearer));
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions getMessages(String userId, String threadId) throws Exception {
|
public ResultActions getMessages(String bearer, String threadId) throws Exception {
|
||||||
return mvc.perform(get("/api/messages" + threadId));
|
return mvc.perform(get("/api/messages" + threadId)
|
||||||
|
.header("Authorization", bearer));
|
||||||
}
|
}
|
||||||
|
|
||||||
public ResultActions postMessage(String content, String author, String recipient) throws Exception {
|
public ResultActions postMessage(String content, String recipient, String bearer) throws Exception {
|
||||||
System.out.println("Content");
|
|
||||||
System.out.println("{\n" +
|
|
||||||
"\"content\": " + objectMapper.writeValueAsString(content) + ",\n" +
|
|
||||||
"\"author\": " + objectMapper.writeValueAsString(author) + ",\n" +
|
|
||||||
"\"recipient\": " + objectMapper.writeValueAsString(recipient) + "\n" +
|
|
||||||
"}");
|
|
||||||
|
|
||||||
return mvc.perform(post("/api/messages")
|
return mvc.perform(post("/api/messages")
|
||||||
|
.header("Authorization", bearer)
|
||||||
.contentType(MediaType.APPLICATION_JSON)
|
.contentType(MediaType.APPLICATION_JSON)
|
||||||
.content("{\n" +
|
.content("{\n" +
|
||||||
"\"content\": " + objectMapper.writeValueAsString(content) + ",\n" +
|
"\"content\": " + objectMapper.writeValueAsString(content) + ",\n" +
|
||||||
"\"author\": " + objectMapper.writeValueAsString(author) + ",\n" +
|
|
||||||
"\"recipient\": " + objectMapper.writeValueAsString(recipient) + "\n" +
|
"\"recipient\": " + objectMapper.writeValueAsString(recipient) + "\n" +
|
||||||
"}")
|
"}")
|
||||||
);
|
);
|
||||||
|
@ -8,6 +8,8 @@ import org.springframework.test.web.servlet.ResultActions;
|
|||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
|
||||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||||
|
|
||||||
public class UserControllerRequests {
|
public class UserControllerRequests {
|
||||||
|
|
||||||
@ -28,4 +30,20 @@ public class UserControllerRequests {
|
|||||||
"}"));
|
"}"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ResultActions loginUser(String userName, String password) throws Exception {
|
||||||
|
return mvc.perform(post(URI.create("/users/login"))
|
||||||
|
.contentType(MediaType.APPLICATION_JSON)
|
||||||
|
.content("{\n" +
|
||||||
|
" \"username\": " + objectMapper.writeValueAsString(userName) + ",\n" +
|
||||||
|
" \"password\": " + objectMapper.writeValueAsString(password) + "\n" +
|
||||||
|
"}"))
|
||||||
|
.andDo(print());
|
||||||
|
}
|
||||||
|
|
||||||
|
public String loginAsUserAndReturnAuthorizationHeader(String username, String password) throws Exception {
|
||||||
|
return loginUser(username, password)
|
||||||
|
.andExpect(status().isOk())
|
||||||
|
.andReturn().getResponse().getHeader("Authorization");
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user