From f11285d6156bbeee973f2deadf333efd263682cf Mon Sep 17 00:00:00 2001 From: Igor Bari Date: Sun, 24 Dec 2023 13:03:59 +0000 Subject: [PATCH] chore: use token based authentication --- server/pom.xml | 14 +++++++++----- .../traininglog/core/SecurityConfiguration.java | 14 -------------- .../traininglog/strava/StravaConfiguration.java | 17 ----------------- .../withings/WithingsConfiguration.java | 17 ----------------- .../traininglog/RideControllerTests.java | 3 +++ .../traininglog/StravaControllerTests.java | 9 +++++++-- .../traininglog/WeightControllerTests.java | 3 +++ .../mucsi96/traininglog/WithMockUserRoles.java | 12 ++++++++++++ ...WithMockUserRolesSecurityContextFactory.java | 15 +++++++++++++++ .../traininglog/WithingsControllerTests.java | 10 ++++++++-- 10 files changed, 57 insertions(+), 57 deletions(-) create mode 100644 server/src/test/java/mucsi96/traininglog/WithMockUserRoles.java create mode 100644 server/src/test/java/mucsi96/traininglog/WithMockUserRolesSecurityContextFactory.java diff --git a/server/pom.xml b/server/pom.xml index 3bb1bd0..469bbaa 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -21,7 +21,7 @@ io.github.mucsi96 kubetools - 1.31-SNAPSHOT + 1.32-SNAPSHOT org.springframework.boot @@ -84,18 +84,22 @@ lombok true - org.springframework.boot spring-boot-starter-test test - com.github.tomakehurst - wiremock - 3.0.1 + org.springframework.security + spring-security-test test + + org.wiremock + wiremock-standalone + 3.3.1 + test + org.testcontainers testcontainers diff --git a/server/src/main/java/mucsi96/traininglog/core/SecurityConfiguration.java b/server/src/main/java/mucsi96/traininglog/core/SecurityConfiguration.java index 996454a..360c605 100644 --- a/server/src/main/java/mucsi96/traininglog/core/SecurityConfiguration.java +++ b/server/src/main/java/mucsi96/traininglog/core/SecurityConfiguration.java @@ -2,7 +2,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; import org.springframework.jdbc.core.JdbcOperations; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; @@ -14,7 +13,6 @@ import org.springframework.security.web.SecurityFilterChain; import io.github.mucsi96.kubetools.security.KubetoolsSecurityConfigurer; -import io.github.mucsi96.kubetools.security.MockSecurityConfigurer; @Configuration @EnableWebSecurity @@ -22,7 +20,6 @@ public class SecurityConfiguration { @Bean - @Profile("prod") SecurityFilterChain securityFilterChain( HttpSecurity http, KubetoolsSecurityConfigurer kubetoolsSecurityConfigurer) throws Exception { @@ -32,17 +29,6 @@ SecurityFilterChain securityFilterChain( .build(); } - @Bean - @Profile("!prod") - SecurityFilterChain mockSecurityFilterChain( - HttpSecurity http, - MockSecurityConfigurer mockSecurityConfigurer) throws Exception { - return http - .securityMatcher("/weight/**", "/ride/**") - .with(mockSecurityConfigurer, Customizer.withDefaults()) - .build(); - } - @Bean public OAuth2AuthorizedClientService oAuth2AuthorizedClientService( JdbcOperations jdbcOperations, ClientRegistrationRepository clientRegistrationRepository) { diff --git a/server/src/main/java/mucsi96/traininglog/strava/StravaConfiguration.java b/server/src/main/java/mucsi96/traininglog/strava/StravaConfiguration.java index fa9fb67..3f0d393 100644 --- a/server/src/main/java/mucsi96/traininglog/strava/StravaConfiguration.java +++ b/server/src/main/java/mucsi96/traininglog/strava/StravaConfiguration.java @@ -5,7 +5,6 @@ import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; import org.springframework.core.convert.converter.Converter; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -30,7 +29,6 @@ import org.springframework.util.MultiValueMap; import io.github.mucsi96.kubetools.security.KubetoolsSecurityConfigurer; -import io.github.mucsi96.kubetools.security.MockSecurityConfigurer; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.Data; @@ -47,7 +45,6 @@ public class StravaConfiguration { private String apiUri; @Bean - @Profile("prod") SecurityFilterChain stravaSecurityFilterChain( HttpSecurity http, KubetoolsSecurityConfigurer kubetoolsSecurityConfigurer) throws Exception { @@ -60,20 +57,6 @@ SecurityFilterChain stravaSecurityFilterChain( .build(); } - @Bean - @Profile("!prod") - SecurityFilterChain mockStravaSecurityFilterChain( - HttpSecurity http, - MockSecurityConfigurer mockSecurityConfigurer) throws Exception { - return http - .securityMatcher("/strava/**") - .oauth2Client(configurer -> configurer - .authorizationCodeGrant(customizer -> customizer - .accessTokenResponseClient(stravaAccessTokenResponseClient()))) - .with(mockSecurityConfigurer, Customizer.withDefaults()) - .build(); - } - @Bean OAuth2AuthorizedClientManager stravaAuthorizedClientManager( ClientRegistrationRepository clientRegistrationRepository, diff --git a/server/src/main/java/mucsi96/traininglog/withings/WithingsConfiguration.java b/server/src/main/java/mucsi96/traininglog/withings/WithingsConfiguration.java index 0de072d..71b44df 100644 --- a/server/src/main/java/mucsi96/traininglog/withings/WithingsConfiguration.java +++ b/server/src/main/java/mucsi96/traininglog/withings/WithingsConfiguration.java @@ -7,7 +7,6 @@ import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; import org.springframework.core.convert.converter.Converter; import org.springframework.http.converter.FormHttpMessageConverter; import org.springframework.security.config.Customizer; @@ -41,7 +40,6 @@ import com.fasterxml.jackson.databind.ObjectMapper; import io.github.mucsi96.kubetools.security.KubetoolsSecurityConfigurer; -import io.github.mucsi96.kubetools.security.MockSecurityConfigurer; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.Data; @@ -57,7 +55,6 @@ public class WithingsConfiguration { private String apiUri; @Bean - @Profile("prod") SecurityFilterChain withingsSecurityFilterChain( HttpSecurity http, KubetoolsSecurityConfigurer kubetoolsSecurityConfigurer) throws Exception { @@ -70,20 +67,6 @@ SecurityFilterChain withingsSecurityFilterChain( .build(); } - @Bean - @Profile("!prod") - SecurityFilterChain mockWithingsSecurityFilterChain( - HttpSecurity http, - MockSecurityConfigurer mockSecurityConfigurer) throws Exception { - return http - .securityMatcher("/withings/**") - .oauth2Client(configurer -> configurer - .authorizationCodeGrant(customizer -> customizer - .accessTokenResponseClient(withingsAccessTokenResponseClient()))) - .with(mockSecurityConfigurer, Customizer.withDefaults()) - .build(); - } - @Bean OAuth2AuthorizedClientManager withingsAuthorizedClientManager( ClientRegistrationRepository clientRegistrationRepository, diff --git a/server/src/test/java/mucsi96/traininglog/RideControllerTests.java b/server/src/test/java/mucsi96/traininglog/RideControllerTests.java index 00ef34e..2a9f3e1 100644 --- a/server/src/test/java/mucsi96/traininglog/RideControllerTests.java +++ b/server/src/test/java/mucsi96/traininglog/RideControllerTests.java @@ -79,6 +79,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception { } @Test + @WithMockUserRoles public void returns_today_ride_stats() throws Exception { MockHttpServletResponse response = mockMvc .perform( @@ -94,6 +95,7 @@ public void returns_today_ride_stats() throws Exception { } @Test + @WithMockUserRoles public void returns_one_week_ride_stats() throws Exception { MockHttpServletResponse response = mockMvc .perform( @@ -109,6 +111,7 @@ public void returns_one_week_ride_stats() throws Exception { } @Test + @WithMockUserRoles public void returns_all_time_ride_stats() throws Exception { MockHttpServletResponse response = mockMvc .perform( diff --git a/server/src/test/java/mucsi96/traininglog/StravaControllerTests.java b/server/src/test/java/mucsi96/traininglog/StravaControllerTests.java index faab9aa..90d0482 100644 --- a/server/src/test/java/mucsi96/traininglog/StravaControllerTests.java +++ b/server/src/test/java/mucsi96/traininglog/StravaControllerTests.java @@ -108,6 +108,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception { } @Test + @WithMockUserRoles public void redirects_to_strava_request_authorization_page() throws Exception { MockHttpServletResponse response = mockMvc .perform( @@ -128,6 +129,7 @@ public void redirects_to_strava_request_authorization_page() throws Exception { } @Test + @WithMockUserRoles public void requests_access_token_after_consent_is_granted() throws Exception { mockStravaServer.stubFor(WireMock.post("/oauth/token").willReturn( WireMock.aResponse() @@ -153,7 +155,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception { .andReturn().getResponse(); assertThat(response2.getStatus()).isEqualTo(302); - assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/strava/authorize"); + assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/strava/authorize?continue"); List requests = mockStravaServer .findAll(WireMock.postRequestedFor(WireMock.urlEqualTo("/oauth/token"))); @@ -176,6 +178,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception { } @Test + @WithMockUserRoles public void requests_new_access_token_if_its_expired() throws Exception { mockStravaServer.stubFor(WireMock.post("/oauth/token").willReturn( WireMock.aResponse() @@ -228,6 +231,7 @@ public void requests_new_access_token_if_its_expired() throws Exception { } @Test + @WithMockUserRoles public void returns_not_authorized_if_refresh_token_is_invalid() throws Exception { mockStravaServer.stubFor(WireMock.post("/oauth/token").willReturn( WireMock.aResponse() @@ -260,6 +264,7 @@ public void returns_not_authorized_if_refresh_token_is_invalid() throws Exceptio } @Test + @WithMockUserRoles public void pulls_todays_weight_from_strava_to_database() throws Exception { authorizeStravaOAuth2Client(); mockStravaServer.stubFor(WireMock @@ -291,7 +296,7 @@ public void pulls_todays_weight_from_strava_to_database() throws Exception { Optional ride = rideRepository.findAll().stream().findFirst(); assertThat(ride.isPresent()).isTrue(); assertThat(ride.get().getCreatedAt().format(DateTimeFormatter.ISO_ZONED_DATE_TIME)) - .isEqualTo("2018-02-16T14:52:54Z[Etc/UTC]"); + .isEqualTo("2018-02-16T14:52:54Z"); assertThat(ride.get().getName()).isEqualTo("Happy Friday"); assertThat(ride.get().getMovingTime()).isEqualTo(4207); assertThat(ride.get().getDistance()).isEqualTo(28099.0f); diff --git a/server/src/test/java/mucsi96/traininglog/WeightControllerTests.java b/server/src/test/java/mucsi96/traininglog/WeightControllerTests.java index 49bc975..c14d0f3 100644 --- a/server/src/test/java/mucsi96/traininglog/WeightControllerTests.java +++ b/server/src/test/java/mucsi96/traininglog/WeightControllerTests.java @@ -70,6 +70,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception { } @Test + @WithMockUserRoles public void returns_today_weight_measurement() throws Exception { MockHttpServletResponse response = mockMvc .perform( @@ -87,6 +88,7 @@ public void returns_today_weight_measurement() throws Exception { } @Test + @WithMockUserRoles public void returns_one_week_weight_measurements() throws Exception { MockHttpServletResponse response = mockMvc .perform( @@ -111,6 +113,7 @@ public void returns_one_week_weight_measurements() throws Exception { } @Test + @WithMockUserRoles public void returns_all_time_weight_measurements() throws Exception { MockHttpServletResponse response = mockMvc .perform( diff --git a/server/src/test/java/mucsi96/traininglog/WithMockUserRoles.java b/server/src/test/java/mucsi96/traininglog/WithMockUserRoles.java new file mode 100644 index 0000000..044c848 --- /dev/null +++ b/server/src/test/java/mucsi96/traininglog/WithMockUserRoles.java @@ -0,0 +1,12 @@ +package mucsi96.traininglog; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +import org.springframework.security.test.context.support.WithSecurityContext; + +@Retention(RetentionPolicy.RUNTIME) +@WithSecurityContext(factory = WithMockUserRolesSecurityContextFactory.class) +public @interface WithMockUserRoles { + String[] value() default { "user" }; +} diff --git a/server/src/test/java/mucsi96/traininglog/WithMockUserRolesSecurityContextFactory.java b/server/src/test/java/mucsi96/traininglog/WithMockUserRolesSecurityContextFactory.java new file mode 100644 index 0000000..b12c18e --- /dev/null +++ b/server/src/test/java/mucsi96/traininglog/WithMockUserRolesSecurityContextFactory.java @@ -0,0 +1,15 @@ +package mucsi96.traininglog; + +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.test.context.support.WithSecurityContextFactory; + +import io.github.mucsi96.kubetools.security.TestSecurityConfigurer; + +public class WithMockUserRolesSecurityContextFactory implements WithSecurityContextFactory { + + @Override + public SecurityContext createSecurityContext(WithMockUserRoles mockUser) { + return TestSecurityConfigurer.createSecurityContext(mockUser.value()); + } + +} diff --git a/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java b/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java index d87efbf..2ed37f0 100644 --- a/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java +++ b/server/src/test/java/mucsi96/traininglog/WithingsControllerTests.java @@ -96,6 +96,7 @@ private void authorizeWithingsOAuth2Client() { } @Test + @WithMockUserRoles public void returns_not_authorized_if_authorized_client_is_not_found() throws Exception { MockHttpServletResponse response = mockMvc .perform( @@ -121,6 +122,7 @@ public void returns_forbidden_if_user_has_no_user_role() throws Exception { } @Test + @WithMockUserRoles public void redirects_to_withings_request_authorization_page() throws Exception { MockHttpServletResponse response = mockMvc .perform( @@ -141,6 +143,7 @@ public void redirects_to_withings_request_authorization_page() throws Exception } @Test + @WithMockUserRoles public void requests_access_token_after_consent_is_granted() throws Exception { mockWithingsServer.stubFor(WireMock.post("/v2/oauth2").willReturn( WireMock.aResponse() @@ -166,7 +169,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception { .andReturn().getResponse(); assertThat(response2.getStatus()).isEqualTo(302); - assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/withings/authorize"); + assertThat(response2.getRedirectedUrl()).isEqualTo("http://localhost/withings/authorize?continue"); List requests = mockWithingsServer .findAll(WireMock.postRequestedFor(WireMock.urlEqualTo("/v2/oauth2"))); @@ -190,6 +193,7 @@ public void requests_access_token_after_consent_is_granted() throws Exception { } @Test + @WithMockUserRoles public void requests_new_access_token_if_its_expired() throws Exception { mockWithingsServer.stubFor(WireMock.post("/v2/oauth2").willReturn( WireMock.aResponse() @@ -230,6 +234,7 @@ public void requests_new_access_token_if_its_expired() throws Exception { } @Test + @WithMockUserRoles public void returns_not_authorized_if_refresh_token_is_invalid() throws Exception { mockWithingsServer.stubFor(WireMock.post("/v2/oauth2").willReturn( WireMock.aResponse() @@ -262,6 +267,7 @@ public void returns_not_authorized_if_refresh_token_is_invalid() throws Exceptio } @Test + @WithMockUserRoles public void pulls_todays_weight_from_withings_to_database() throws Exception { authorizeWithingsOAuth2Client(); mockWithingsServer.stubFor(WireMock @@ -281,7 +287,7 @@ public void pulls_todays_weight_from_withings_to_database() throws Exception { Optional weight = weightRepository.findAll().stream().findFirst(); assertThat(weight.isPresent()).isTrue(); assertThat(weight.get().getCreatedAt().format(DateTimeFormatter.ISO_ZONED_DATE_TIME)) - .isEqualTo("2020-07-08T22:16:40Z[Etc/UTC]"); + .isEqualTo("2020-07-08T22:16:40Z"); assertThat(weight.get().getWeight()).isEqualTo(65.8f); assertThat(weight.get().getFatRatio()).isEqualTo(32.3f); assertThat(weight.get().getFatMassWeight()).isEqualTo(21.8f);