chore: use token based authentication

mucsi96 · Dec 24, 2023 · f11285d · f11285d
1 parent 49bff89
commit f11285d
Show file tree

Hide file tree

Showing 10 changed files with 57 additions and 57 deletions.
diff --git a/server/pom.xml b/server/pom.xml
@@ -21,7 +21,7 @@
 		<dependency>
 			<groupId>io.github.mucsi96</groupId>
 			<artifactId>kubetools</artifactId>
-			<version>1.31-SNAPSHOT</version>
+			<version>1.32-SNAPSHOT</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -84,18 +84,22 @@
 			<artifactId>lombok</artifactId>
 			<optional>true</optional>
 		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
     <dependency>
-      <groupId>com.github.tomakehurst</groupId>
-      <artifactId>wiremock</artifactId>
-      <version>3.0.1</version>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-test</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+			<groupId>org.wiremock</groupId>
+			<artifactId>wiremock-standalone</artifactId>
+			<version>3.3.1</version>
+			<scope>test</scope>
+		</dependency>
     <dependency>
       <groupId>org.testcontainers</groupId>
       <artifactId>testcontainers</artifactId>

diff --git a/server/src/main/java/mucsi96/traininglog/core/SecurityConfiguration.java b/server/src/main/java/mucsi96/traininglog/core/SecurityConfiguration.java
@@ -2,7 +2,6 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -14,15 +13,13 @@
 import org.springframework.security.web.SecurityFilterChain;
 
 import io.github.mucsi96.kubetools.security.KubetoolsSecurityConfigurer;
-import io.github.mucsi96.kubetools.security.MockSecurityConfigurer;
 
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity(jsr250Enabled = true)
 public class SecurityConfiguration {
 
   @Bean
-  @Profile("prod")
   SecurityFilterChain securityFilterChain(
       HttpSecurity http,
       KubetoolsSecurityConfigurer kubetoolsSecurityConfigurer) throws Exception {
@@ -32,17 +29,6 @@ SecurityFilterChain securityFilterChain(
         .build();
   }
 
-  @Bean
-  @Profile("!prod")
-  SecurityFilterChain mockSecurityFilterChain(
-      HttpSecurity http,
-      MockSecurityConfigurer mockSecurityConfigurer) throws Exception {
-    return http
-        .securityMatcher("/weight/**", "/ride/**")
-        .with(mockSecurityConfigurer, Customizer.withDefaults())
-        .build();
-  }
-
   @Bean
   public OAuth2AuthorizedClientService oAuth2AuthorizedClientService(
       JdbcOperations jdbcOperations, ClientRegistrationRepository clientRegistrationRepository) {

diff --git a/server/src/main/java/mucsi96/traininglog/strava/StravaConfiguration.java b/server/src/main/java/mucsi96/traininglog/strava/StravaConfiguration.java
@@ -5,7 +5,6 @@
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -30,7 +29,6 @@
 import org.springframework.util.MultiValueMap;
 
 import io.github.mucsi96.kubetools.security.KubetoolsSecurityConfigurer;
-import io.github.mucsi96.kubetools.security.MockSecurityConfigurer;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.Data;
@@ -47,7 +45,6 @@ public class StravaConfiguration {
   private String apiUri;
 
   @Bean
-  @Profile("prod")
   SecurityFilterChain stravaSecurityFilterChain(
       HttpSecurity http,
       KubetoolsSecurityConfigurer kubetoolsSecurityConfigurer) throws Exception {
@@ -60,20 +57,6 @@ SecurityFilterChain stravaSecurityFilterChain(
         .build();
   }
 
-  @Bean
-  @Profile("!prod")
-  SecurityFilterChain mockStravaSecurityFilterChain(
-      HttpSecurity http,
-      MockSecurityConfigurer mockSecurityConfigurer) throws Exception {
-    return http
-        .securityMatcher("/strava/**")
-        .oauth2Client(configurer -> configurer
-        .authorizationCodeGrant(customizer -> customizer
-        .accessTokenResponseClient(stravaAccessTokenResponseClient())))
-        .with(mockSecurityConfigurer, Customizer.withDefaults())
-        .build();
-  }
-
   @Bean
   OAuth2AuthorizedClientManager stravaAuthorizedClientManager(
       ClientRegistrationRepository clientRegistrationRepository,

diff --git a/server/src/main/java/mucsi96/traininglog/withings/WithingsConfiguration.java b/server/src/main/java/mucsi96/traininglog/withings/WithingsConfiguration.java
@@ -7,7 +7,6 @@
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.converter.FormHttpMessageConverter;
 import org.springframework.security.config.Customizer;
@@ -41,7 +40,6 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import io.github.mucsi96.kubetools.security.KubetoolsSecurityConfigurer;
-import io.github.mucsi96.kubetools.security.MockSecurityConfigurer;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.Data;
@@ -57,7 +55,6 @@ public class WithingsConfiguration {
   private String apiUri;
 
   @Bean
-  @Profile("prod")
   SecurityFilterChain withingsSecurityFilterChain(
       HttpSecurity http,
       KubetoolsSecurityConfigurer kubetoolsSecurityConfigurer) throws Exception {
@@ -70,20 +67,6 @@ SecurityFilterChain withingsSecurityFilterChain(
         .build();
   }
 
-  @Bean
-  @Profile("!prod")
-  SecurityFilterChain mockWithingsSecurityFilterChain(
-      HttpSecurity http,
-      MockSecurityConfigurer mockSecurityConfigurer) throws Exception {
-    return http
-        .securityMatcher("/withings/**")
-        .oauth2Client(configurer -> configurer
-            .authorizationCodeGrant(customizer -> customizer
-                .accessTokenResponseClient(withingsAccessTokenResponseClient())))
-        .with(mockSecurityConfigurer, Customizer.withDefaults())
-        .build();
-  }
-
   @Bean
   OAuth2AuthorizedClientManager withingsAuthorizedClientManager(
       ClientRegistrationRepository clientRegistrationRepository,

diff --git a/server/src/test/java/mucsi96/traininglog/RideControllerTests.java b/server/src/test/java/mucsi96/traininglog/RideControllerTests.java
@@ -79,6 +79,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_today_ride_stats() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
@@ -94,6 +95,7 @@ public void returns_today_ride_stats() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_one_week_ride_stats() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
@@ -109,6 +111,7 @@ public void returns_one_week_ride_stats() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_all_time_ride_stats() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(

diff --git a/server/src/test/java/mucsi96/traininglog/StravaControllerTests.java b/server/src/test/java/mucsi96/traininglog/StravaControllerTests.java
@@ -108,6 +108,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void redirects_to_strava_request_authorization_page() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
@@ -128,6 +129,7 @@ public void redirects_to_strava_request_authorization_page() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void requests_access_token_after_consent_is_granted() throws Exception {
     mockStravaServer.stubFor(WireMock.post("/oauth/token").willReturn(
         WireMock.aResponse()
@@ -153,7 +155,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception {
         .andReturn().getResponse();
 
     assertThat(response2.getStatus()).isEqualTo(302);
-    assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/strava/authorize");
+    assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/strava/authorize?continue");
 
     List<LoggedRequest> requests = mockStravaServer
         .findAll(WireMock.postRequestedFor(WireMock.urlEqualTo("/oauth/token")));
@@ -176,6 +178,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void requests_new_access_token_if_its_expired() throws Exception {
     mockStravaServer.stubFor(WireMock.post("/oauth/token").willReturn(
         WireMock.aResponse()
@@ -228,6 +231,7 @@ public void requests_new_access_token_if_its_expired() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_not_authorized_if_refresh_token_is_invalid() throws Exception {
     mockStravaServer.stubFor(WireMock.post("/oauth/token").willReturn(
         WireMock.aResponse()
@@ -260,6 +264,7 @@ public void returns_not_authorized_if_refresh_token_is_invalid() throws Exceptio
   }
 
   @Test
+  @WithMockUserRoles
   public void pulls_todays_weight_from_strava_to_database() throws Exception {
     authorizeStravaOAuth2Client();
     mockStravaServer.stubFor(WireMock
@@ -291,7 +296,7 @@ public void pulls_todays_weight_from_strava_to_database() throws Exception {
     Optional<Ride> ride = rideRepository.findAll().stream().findFirst();
     assertThat(ride.isPresent()).isTrue();
     assertThat(ride.get().getCreatedAt().format(DateTimeFormatter.ISO_ZONED_DATE_TIME))
-        .isEqualTo("2018-02-16T14:52:54Z[Etc/UTC]");
+        .isEqualTo("2018-02-16T14:52:54Z");
     assertThat(ride.get().getName()).isEqualTo("Happy Friday");
     assertThat(ride.get().getMovingTime()).isEqualTo(4207);
     assertThat(ride.get().getDistance()).isEqualTo(28099.0f);

diff --git a/server/src/test/java/mucsi96/traininglog/WeightControllerTests.java b/server/src/test/java/mucsi96/traininglog/WeightControllerTests.java
@@ -70,6 +70,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_today_weight_measurement() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
@@ -87,6 +88,7 @@ public void returns_today_weight_measurement() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_one_week_weight_measurements() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
@@ -111,6 +113,7 @@ public void returns_one_week_weight_measurements() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_all_time_weight_measurements() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(

diff --git a/server/src/test/java/mucsi96/traininglog/WithMockUserRoles.java b/server/src/test/java/mucsi96/traininglog/WithMockUserRoles.java
@@ -0,0 +1,12 @@
+package mucsi96.traininglog;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+import org.springframework.security.test.context.support.WithSecurityContext;
+
+@Retention(RetentionPolicy.RUNTIME)
+@WithSecurityContext(factory = WithMockUserRolesSecurityContextFactory.class)
+public @interface WithMockUserRoles {
+    String[] value() default { "user" };
+}
diff --git a/server/src/test/java/mucsi96/traininglog/WithMockUserRolesSecurityContextFactory.java b/server/src/test/java/mucsi96/traininglog/WithMockUserRolesSecurityContextFactory.java
@@ -0,0 +1,15 @@
+package mucsi96.traininglog;
+
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.test.context.support.WithSecurityContextFactory;
+
+import io.github.mucsi96.kubetools.security.TestSecurityConfigurer;
+
+public class WithMockUserRolesSecurityContextFactory implements WithSecurityContextFactory<WithMockUserRoles> {
+
+    @Override
+    public SecurityContext createSecurityContext(WithMockUserRoles mockUser) {
+        return TestSecurityConfigurer.createSecurityContext(mockUser.value());
+    }
+
+}
diff --git a/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java b/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java
@@ -96,6 +96,7 @@ private void authorizeWithingsOAuth2Client() {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_not_authorized_if_authorized_client_is_not_found() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
@@ -121,6 +122,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void redirects_to_withings_request_authorization_page() throws Exception {
     MockHttpServletResponse response = mockMvc
         .perform(
@@ -141,6 +143,7 @@ public void redirects_to_withings_request_authorization_page() throws Exception
   }
 
   @Test
+  @WithMockUserRoles
   public void requests_access_token_after_consent_is_granted() throws Exception {
     mockWithingsServer.stubFor(WireMock.post("/v2/oauth2").willReturn(
         WireMock.aResponse()
@@ -166,7 +169,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception {
         .andReturn().getResponse();
 
     assertThat(response2.getStatus()).isEqualTo(302);
-    assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/withings/authorize");
+    assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/withings/authorize?continue");
 
     List<LoggedRequest> requests = mockWithingsServer
         .findAll(WireMock.postRequestedFor(WireMock.urlEqualTo("/v2/oauth2")));
@@ -190,6 +193,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void requests_new_access_token_if_its_expired() throws Exception {
     mockWithingsServer.stubFor(WireMock.post("/v2/oauth2").willReturn(
         WireMock.aResponse()
@@ -230,6 +234,7 @@ public void requests_new_access_token_if_its_expired() throws Exception {
   }
 
   @Test
+  @WithMockUserRoles
   public void returns_not_authorized_if_refresh_token_is_invalid() throws Exception {
     mockWithingsServer.stubFor(WireMock.post("/v2/oauth2").willReturn(
         WireMock.aResponse()
@@ -262,6 +267,7 @@ public void returns_not_authorized_if_refresh_token_is_invalid() throws Exceptio
   }
 
   @Test
+  @WithMockUserRoles
   public void pulls_todays_weight_from_withings_to_database() throws Exception {
     authorizeWithingsOAuth2Client();
     mockWithingsServer.stubFor(WireMock
@@ -281,7 +287,7 @@ public void pulls_todays_weight_from_withings_to_database() throws Exception {
     Optional<Weight> weight = weightRepository.findAll().stream().findFirst();
     assertThat(weight.isPresent()).isTrue();
     assertThat(weight.get().getCreatedAt().format(DateTimeFormatter.ISO_ZONED_DATE_TIME))
-        .isEqualTo("2020-07-08T22:16:40Z[Etc/UTC]");
+        .isEqualTo("2020-07-08T22:16:40Z");
     assertThat(weight.get().getWeight()).isEqualTo(65.8f);
     assertThat(weight.get().getFatRatio()).isEqualTo(32.3f);
     assertThat(weight.get().getFatMassWeight()).isEqualTo(21.8f);