From 93026ea3ad613196398d5384336f2de74efc4436 Mon Sep 17 00:00:00 2001 From: laurenkrugen-navapbc <126501259+laurenkrugen-navapbc@users.noreply.github.com> Date: Tue, 26 Mar 2024 10:32:51 -0700 Subject: [PATCH] BCDA-7415: update test cov (#168) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## đŸŽĢ Ticket https://jira.cms.gov/browse/BCDA-7415 ## 🛠 Changes - adding additional tests - removed code comment ## ℹī¸ Context for reviewers Bumping test coverage for quality gate. ## ✅ Acceptance Validation new and current tests pass. ## 🔒 Security Implications - [ ] This PR adds a new software dependency or dependencies. - [ ] This PR modifies or invalidates one or more of our security controls. - [ ] This PR stores or transmits data that was not stored or transmitted before. - [ ] This PR requires additional review of its security implications for other reasons. If any security implications apply, add Jason Ashbaugh (GitHub username: StewGoin) as a reviewer and do not merge this PR without his approval. --- ssas/service/public/api.go | 2 +- ssas/service/public/api_test.go | 63 +++++++++++++++++++++++++++++++++ ssas/service/public/tokens.go | 2 -- 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/ssas/service/public/api.go b/ssas/service/public/api.go index 44607a1..ef34cef 100644 --- a/ssas/service/public/api.go +++ b/ssas/service/public/api.go @@ -101,7 +101,7 @@ func ResetSecret(w http.ResponseWriter, r *http.Request) { } if !contains(rd.AllowedGroupIDs, rd.GroupID) || sys.GroupID != rd.GroupID { - logger.Error() + logger.Error("group id not allowed or does not match system group id") service.JSONError(w, http.StatusUnauthorized, "invalid_client_metadata", "Invalid group") return } diff --git a/ssas/service/public/api_test.go b/ssas/service/public/api_test.go index 1d0e0b0..0111717 100644 --- a/ssas/service/public/api_test.go +++ b/ssas/service/public/api_test.go @@ -24,6 +24,7 @@ import ( "github.com/golang-jwt/jwt/v4" "github.com/pborman/uuid" "github.com/sirupsen/logrus" + "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" m "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" @@ -180,6 +181,68 @@ func (s *APITestSuite) TestResetSecretNoSystem() { assert.Nil(s.T(), err) } +func (s *APITestSuite) TestResetSecretBadRegData() { + + groupID := "T23234" + group := ssas.Group{GroupID: groupID} + if err := s.db.Create(&group).Error; err != nil { + s.FailNow("unable to create group: " + err.Error()) + } + + body := strings.NewReader(`{"client_id":"abcd1234"}`) + req, err := http.NewRequest("PUT", "/reset", body) + if err != nil { + s.T().Fail() + } + req = req.WithContext(context.WithValue(req.Context(), ssas.CtxLoggerKey, s.logEntry)) + + logger := ssas.GetLogger(ssas.Logger) + logHook := test.NewLocal(logger) + + req = addRegDataContext(s, req, "", []string{groupID}) + handler := http.Handler(service.GetTransactionID(service.NewCtxLogger(http.HandlerFunc(ResetSecret)))) + handler.ServeHTTP(s.rr, req) + assert.Equal(s.T(), http.StatusUnauthorized, s.rr.Code) + assert.Contains(s.T(), s.rr.Body.String(), "Unauthorized") + + entries := logHook.AllEntries() + assert.Contains(s.T(), entries[0].Data, "transaction_id") + + err = ssas.CleanDatabase(group) + assert.Nil(s.T(), err) +} + +func (s *APITestSuite) TestRegisterSystemBadReg() { + + groupID := "T23234" + group := ssas.Group{GroupID: groupID} + if err := s.db.Create(&group).Error; err != nil { + s.FailNow("unable to create group: " + err.Error()) + } + + body := strings.NewReader(`{"client_id":"abcd1234"}`) + req, err := http.NewRequest("PUT", "/reset", body) + if err != nil { + s.T().Fail() + } + req = req.WithContext(context.WithValue(req.Context(), ssas.CtxLoggerKey, s.logEntry)) + + logger := ssas.GetLogger(ssas.Logger) + logHook := test.NewLocal(logger) + + req = addRegDataContext(s, req, "", []string{groupID}) + handler := http.Handler(service.GetTransactionID(service.NewCtxLogger(http.HandlerFunc(RegisterSystem)))) + handler.ServeHTTP(s.rr, req) + assert.Equal(s.T(), http.StatusUnauthorized, s.rr.Code) + assert.Contains(s.T(), s.rr.Body.String(), "Unauthorized") + + entries := logHook.AllEntries() + assert.Contains(s.T(), entries[0].Data, "transaction_id") + + err = ssas.CleanDatabase(group) + assert.Nil(s.T(), err) +} + func (s *APITestSuite) TestResetSecretEmpty() { groupID := "T23234" diff --git a/ssas/service/public/tokens.go b/ssas/service/public/tokens.go index 3124dc3..ab141a2 100644 --- a/ssas/service/public/tokens.go +++ b/ssas/service/public/tokens.go @@ -112,8 +112,6 @@ func tokenValidity(tokenString string, requiredTokenType string) error { if service.TokenBlacklist.IsTokenBlacklisted(c.Id) { err = fmt.Errorf("token has been revoked") - // tknEvent.Help = err.Error() - // ssas.OperationFailed(tknEvent) ssas.Logger.Error(err) return err }