From 853377b114c3cd762b39b6914a07f1b996ebe4d1 Mon Sep 17 00:00:00 2001 From: Andrej Petras Date: Fri, 12 Jan 2024 20:59:33 +0100 Subject: [PATCH] test: update tests --- .../permission/common/models/TokenConfig.java | 7 +- .../common/services/ClaimService.java | 33 ++++++ .../common/services/TokenService.java | 94 ++------------- .../permission/common/utils/TokenUtil.java | 61 ++++++++++ .../common/services/ClaimServiceTest.java | 22 ++++ .../common/utils/TokenUtilTest.java | 79 +++++++++++++ .../domain/daos/AbstractDAOTest.java | 2 +- .../domain/daos/PermissionDAOTest.java | 2 + .../di/PermissionDataImportServiceTest.java | 2 +- ...missionRestControllerConfigIssuerTest.java | 107 +++++++++++------- ...sionRestControllerConfigPublicKeyTest.java | 72 ++++++++++++ .../v1/PermissionRestControllerTest.java | 16 ++- 12 files changed, 367 insertions(+), 130 deletions(-) create mode 100644 src/main/java/io/github/onecx/permission/common/services/ClaimService.java create mode 100644 src/main/java/io/github/onecx/permission/common/utils/TokenUtil.java create mode 100644 src/test/java/io/github/onecx/permission/common/services/ClaimServiceTest.java create mode 100644 src/test/java/io/github/onecx/permission/common/utils/TokenUtilTest.java create mode 100644 src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigPublicKeyTest.java diff --git a/src/main/java/io/github/onecx/permission/common/models/TokenConfig.java b/src/main/java/io/github/onecx/permission/common/models/TokenConfig.java index e1d0bef..6930ea2 100644 --- a/src/main/java/io/github/onecx/permission/common/models/TokenConfig.java +++ b/src/main/java/io/github/onecx/permission/common/models/TokenConfig.java @@ -1,9 +1,13 @@ package io.github.onecx.permission.common.models; +import java.util.Optional; + +import io.quarkus.runtime.annotations.StaticInitSafe; import io.smallrye.config.ConfigMapping; import io.smallrye.config.WithDefault; import io.smallrye.config.WithName; +@StaticInitSafe @ConfigMapping(prefix = "onecx.permission") public interface TokenConfig { @@ -17,8 +21,7 @@ public interface TokenConfig { boolean tokenPublicKeyEnabled(); @WithName("token.claim.separator") - @WithDefault(" ") - String tokenClaimSeparator(); + Optional tokenClaimSeparator(); @WithName("token.claim.path") @WithDefault("realm_access/roles") diff --git a/src/main/java/io/github/onecx/permission/common/services/ClaimService.java b/src/main/java/io/github/onecx/permission/common/services/ClaimService.java new file mode 100644 index 0000000..2e782f6 --- /dev/null +++ b/src/main/java/io/github/onecx/permission/common/services/ClaimService.java @@ -0,0 +1,33 @@ +package io.github.onecx.permission.common.services; + +import java.util.regex.Pattern; + +import jakarta.annotation.PostConstruct; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; + +import io.github.onecx.permission.common.models.TokenConfig; + +@ApplicationScoped +public class ClaimService { + + private static final Pattern CLAIM_PATH_PATTERN = Pattern.compile("\\/(?=(?:(?:[^\"]*\"){2})*[^\"]*$)"); + + private static String[] claimPath; + + @Inject + TokenConfig config; + + @PostConstruct + public void init() { + claimPath = splitClaimPath(config.tokenClaimPath()); + } + + public String[] getClaimPath() { + return claimPath; + } + + static String[] splitClaimPath(String claimPath) { + return claimPath.indexOf('/') > 0 ? CLAIM_PATH_PATTERN.split(claimPath) : new String[] { claimPath }; + } +} diff --git a/src/main/java/io/github/onecx/permission/common/services/TokenService.java b/src/main/java/io/github/onecx/permission/common/services/TokenService.java index afe1743..ba42a16 100644 --- a/src/main/java/io/github/onecx/permission/common/services/TokenService.java +++ b/src/main/java/io/github/onecx/permission/common/services/TokenService.java @@ -1,17 +1,11 @@ package io.github.onecx.permission.common.services; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; +import static io.github.onecx.permission.common.utils.TokenUtil.findClaimWithRoles; + import java.util.List; -import java.util.regex.Pattern; import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; -import jakarta.json.Json; -import jakarta.json.JsonArray; -import jakarta.json.JsonObject; -import jakarta.json.JsonValue; import org.jose4j.jws.JsonWebSignature; import org.jose4j.jwt.JwtClaims; @@ -21,7 +15,6 @@ import org.jose4j.lang.JoseException; import io.github.onecx.permission.common.models.TokenConfig; -import io.smallrye.jwt.JsonUtils; import io.smallrye.jwt.auth.principal.JWTAuthContextInfo; import io.smallrye.jwt.auth.principal.JWTParser; import io.smallrye.jwt.auth.principal.ParseException; @@ -31,10 +24,6 @@ @ApplicationScoped public class TokenService { - private static final Pattern CLAIM_PATH_PATTERN = Pattern.compile("\\/(?=(?:(?:[^\"]*\"){2})*[^\"]*$)"); - - private static String[] CLAIM_PATH = null; - @Inject JWTAuthContextInfo authContextInfo; @@ -44,6 +33,9 @@ public class TokenService { @Inject JWTParser parser; + @Inject + ClaimService claimService; + public List getTokenRoles(String tokenData) { try { return getRoles(tokenData); @@ -55,9 +47,7 @@ public List getTokenRoles(String tokenData) { private List getRoles(String tokenData) throws JoseException, InvalidJwtException, MalformedClaimException, ParseException { - if (CLAIM_PATH == null) { - CLAIM_PATH = splitClaimPath(config.tokenClaimPath()); - } + var claimPath = claimService.getClaimPath(); if (config.tokenVerified()) { var info = authContextInfo; @@ -72,80 +62,18 @@ private List getRoles(String tokenData) } var token = parser.parse(tokenData, info); - var tmp = token.getClaim(CLAIM_PATH[0]); - JsonValue first; - if (tmp instanceof JsonValue) { - first = (JsonValue) tmp; - } else { - first = replaceClaimValueWithJsonValue(tmp); - } - return findClaimWithRoles(config, first, CLAIM_PATH); + var first = token.getClaim(claimPath[0]); + + return findClaimWithRoles(config, first, claimPath); } else { var jws = (JsonWebSignature) JsonWebStructure.fromCompactSerialization(tokenData); var jwtClaims = JwtClaims.parse(jws.getUnverifiedPayload()); - var tmp = jwtClaims.getClaimValue(CLAIM_PATH[0]); - var first = replaceClaimValueWithJsonValue(tmp); - return findClaimWithRoles(config, first, CLAIM_PATH); - } - } - - private JsonValue replaceClaimValueWithJsonValue(Object value) { - if (value instanceof String) { - return Json.createValue((String) value); - } - return JsonUtils.wrapValue(value); - } - - private static List findClaimWithRoles(TokenConfig config, JsonValue first, String[] path) { - - JsonValue claimValue = findClaimValue(first, path, 1); - - if (claimValue instanceof JsonArray) { - return convertJsonArrayToList((JsonArray) claimValue); - } else if (claimValue != null) { - if (claimValue.toString().isBlank()) { - return Collections.emptyList(); - } - return Arrays.asList(claimValue.toString().split(config.tokenClaimSeparator())); - } else { - return Collections.emptyList(); - } - } - - private static List convertJsonArrayToList(JsonArray claimValue) { - List list = new ArrayList<>(claimValue.size()); - for (int i = 0; i < claimValue.size(); i++) { - String claimValueStr = claimValue.getString(i); - if (claimValueStr == null || claimValueStr.isBlank()) { - continue; - } - list.add(claimValue.getString(i)); - } - return list; - } - - private static String[] splitClaimPath(String claimPath) { - return claimPath.indexOf('/') > 0 ? CLAIM_PATH_PATTERN.split(claimPath) : new String[] { claimPath }; - } - - private static JsonValue findClaimValue(JsonValue json, String[] pathArray, int step) { - if (json == null) { - log.debug("No claim exists at the path '{}' at the path segment '{}'", pathArray, pathArray[step - 1]); - return null; - } - - if (step < pathArray.length) { - if (json instanceof JsonObject) { - JsonValue claimValue = json.asJsonObject().get(pathArray[step].replace("\"", "")); - return findClaimValue(claimValue, pathArray, step + 1); - } else { - log.debug("Claim value at the path '{}' is not a json object. Step: {}", pathArray, step - 1); - } + var first = jwtClaims.getClaimValue(claimPath[0]); + return findClaimWithRoles(config, first, claimPath); } - return json; } public static class TokenException extends RuntimeException { diff --git a/src/main/java/io/github/onecx/permission/common/utils/TokenUtil.java b/src/main/java/io/github/onecx/permission/common/utils/TokenUtil.java new file mode 100644 index 0000000..480e2d2 --- /dev/null +++ b/src/main/java/io/github/onecx/permission/common/utils/TokenUtil.java @@ -0,0 +1,61 @@ +package io.github.onecx.permission.common.utils; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import jakarta.json.JsonArray; +import jakarta.json.JsonObject; +import jakarta.json.JsonValue; + +import io.github.onecx.permission.common.models.TokenConfig; +import io.smallrye.jwt.JsonUtils; + +public final class TokenUtil { + + private TokenUtil() { + } + + public static List findClaimWithRoles(TokenConfig config, Object value, String[] path) { + JsonValue first = JsonUtils.wrapValue(value); + JsonValue claimValue = findClaimValue(first, path, 1); + + if (claimValue instanceof JsonArray) { + return convertJsonArrayToList((JsonArray) claimValue); + } else if (claimValue != null) { + if (claimValue.toString().isBlank()) { + return Collections.emptyList(); + } + return Arrays.asList(claimValue.toString().split(config.tokenClaimSeparator().orElse(" "))); + } else { + return Collections.emptyList(); + } + } + + static List convertJsonArrayToList(JsonArray claimValue) { + List list = new ArrayList<>(claimValue.size()); + for (int i = 0; i < claimValue.size(); i++) { + String claimValueStr = claimValue.getString(i); + if (claimValueStr.isBlank()) { + continue; + } + list.add(claimValue.getString(i)); + } + return list; + } + + private static JsonValue findClaimValue(JsonValue json, String[] pathArray, int step) { + if (json == null) { + return null; + } + if (step < pathArray.length) { + if (json instanceof JsonObject) { + JsonValue claimValue = json.asJsonObject().get(pathArray[step].replace("\"", "")); + return findClaimValue(claimValue, pathArray, step + 1); + } + } + return json; + } + +} diff --git a/src/test/java/io/github/onecx/permission/common/services/ClaimServiceTest.java b/src/test/java/io/github/onecx/permission/common/services/ClaimServiceTest.java new file mode 100644 index 0000000..076e181 --- /dev/null +++ b/src/test/java/io/github/onecx/permission/common/services/ClaimServiceTest.java @@ -0,0 +1,22 @@ +package io.github.onecx.permission.common.services; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; + +import io.github.onecx.permission.test.AbstractTest; +import io.quarkus.test.junit.QuarkusTest; + +@QuarkusTest +class ClaimServiceTest extends AbstractTest { + + @Test + void claimPathTest() { + + var out = ClaimService.splitClaimPath("realms/roles"); + assertThat(out).isNotNull().hasSize(2).containsExactly("realms", "roles"); + + out = ClaimService.splitClaimPath("groups"); + assertThat(out).isNotNull().hasSize(1); + } +} diff --git a/src/test/java/io/github/onecx/permission/common/utils/TokenUtilTest.java b/src/test/java/io/github/onecx/permission/common/utils/TokenUtilTest.java new file mode 100644 index 0000000..0c31c29 --- /dev/null +++ b/src/test/java/io/github/onecx/permission/common/utils/TokenUtilTest.java @@ -0,0 +1,79 @@ +package io.github.onecx.permission.common.utils; + +import static org.assertj.core.api.Assertions.assertThat; + +import java.util.Optional; + +import jakarta.json.Json; +import jakarta.json.JsonValue; + +import org.junit.jupiter.api.Test; + +import io.github.onecx.permission.common.models.TokenConfig; +import io.github.onecx.permission.test.AbstractTest; +import io.quarkus.test.junit.QuarkusTest; + +@QuarkusTest +class TokenUtilTest extends AbstractTest { + + @Test + void tokenUtilityTest() { + + var config = new TokenConfig() { + @Override + public boolean tokenVerified() { + return false; + } + + @Override + public String tokenPublicKeyLocationSuffix() { + return null; + } + + @Override + public boolean tokenPublicKeyEnabled() { + return false; + } + + @Override + public Optional tokenClaimSeparator() { + return Optional.empty(); + } + + @Override + public String tokenClaimPath() { + return null; + } + }; + + var tmp = TokenUtil.findClaimWithRoles(config, null, new String[] { "test" }); + assertThat(tmp).isNotNull().isEmpty(); + + var value = Json.createValue(32); + tmp = TokenUtil.findClaimWithRoles(config, value, new String[] { "test1", "test2" }); + assertThat(tmp).isNotNull().containsExactly("32"); + + JsonValue emptyValue = new JsonValue() { + @Override + public ValueType getValueType() { + return null; + } + + @Override + public String toString() { + return " "; + } + }; + + tmp = TokenUtil.findClaimWithRoles(config, emptyValue, new String[] { "test1", "test2" }); + assertThat(tmp).isNotNull().isEmpty(); + + var list = Json.createArrayBuilder(); + list.add("s1"); + list.add(" "); + list.add(""); + + tmp = TokenUtil.findClaimWithRoles(config, list.build(), new String[] { "test1", "test2" }); + assertThat(tmp).isNotNull().containsExactly("s1"); + } +} diff --git a/src/test/java/io/github/onecx/permission/domain/daos/AbstractDAOTest.java b/src/test/java/io/github/onecx/permission/domain/daos/AbstractDAOTest.java index 2beac49..098ccf9 100644 --- a/src/test/java/io/github/onecx/permission/domain/daos/AbstractDAOTest.java +++ b/src/test/java/io/github/onecx/permission/domain/daos/AbstractDAOTest.java @@ -11,7 +11,7 @@ import io.github.onecx.permission.test.AbstractTest; import io.quarkus.test.InjectMock; -public abstract class AbstractDAOTest extends AbstractTest { +abstract class AbstractDAOTest extends AbstractTest { @InjectMock EntityManager em; diff --git a/src/test/java/io/github/onecx/permission/domain/daos/PermissionDAOTest.java b/src/test/java/io/github/onecx/permission/domain/daos/PermissionDAOTest.java index a83494f..1441271 100644 --- a/src/test/java/io/github/onecx/permission/domain/daos/PermissionDAOTest.java +++ b/src/test/java/io/github/onecx/permission/domain/daos/PermissionDAOTest.java @@ -14,6 +14,8 @@ class PermissionDAOTest extends AbstractDAOTest { @Test void methodExceptionTests() { + methodExceptionTests(() -> dao.findAllPermissionForUser(null), + PermissionDAO.ErrorKeys.ERROR_FIND_ALL_PERMISSION_FOR_USER); methodExceptionTests(() -> dao.findPermissionForUser(null, null), PermissionDAO.ErrorKeys.ERROR_FIND_PERMISSION_FOR_USER); methodExceptionTests(() -> dao.loadByAppId(null), diff --git a/src/test/java/io/github/onecx/permission/domain/di/PermissionDataImportServiceTest.java b/src/test/java/io/github/onecx/permission/domain/di/PermissionDataImportServiceTest.java index 7358634..43d76f5 100644 --- a/src/test/java/io/github/onecx/permission/domain/di/PermissionDataImportServiceTest.java +++ b/src/test/java/io/github/onecx/permission/domain/di/PermissionDataImportServiceTest.java @@ -24,7 +24,7 @@ @QuarkusTest @WithDBData(value = "data/test-internal.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true) -public class PermissionDataImportServiceTest extends AbstractTest { +class PermissionDataImportServiceTest extends AbstractTest { @Inject PermissionDataImportV1 service; diff --git a/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigIssuerTest.java b/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigIssuerTest.java index 6d9a894..0448e0b 100644 --- a/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigIssuerTest.java +++ b/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigIssuerTest.java @@ -1,45 +1,72 @@ package io.github.onecx.permission.rs.external.v1; +import static io.restassured.RestAssured.given; +import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON; +import static org.assertj.core.api.Assertions.assertThat; +import static org.jboss.resteasy.reactive.RestResponse.Status.OK; + +import jakarta.inject.Inject; + +import org.eclipse.microprofile.config.Config; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; +import org.tkit.quarkus.test.WithDBData; + +import gen.io.github.onecx.permission.rs.external.v1.model.ApplicationPermissionsDTOV1; +import gen.io.github.onecx.permission.rs.external.v1.model.PermissionRequestDTOV1; +import io.github.onecx.permission.common.models.TokenConfig; +import io.github.onecx.permission.common.services.ClaimService; +import io.github.onecx.permission.rs.external.v1.controllers.PermissionRestController; import io.github.onecx.permission.test.AbstractTest; +import io.quarkus.test.InjectMock; +import io.quarkus.test.common.http.TestHTTPEndpoint; +import io.quarkus.test.junit.QuarkusTest; +import io.quarkus.test.keycloak.client.KeycloakTestClient; +import io.smallrye.config.SmallRyeConfig; + +@QuarkusTest +@TestHTTPEndpoint(PermissionRestController.class) +@WithDBData(value = "data/test-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true) +class PermissionRestControllerConfigIssuerTest extends AbstractTest { + + @InjectMock + TokenConfig tokenConfig; + + @InjectMock + ClaimService claimService; + + @Inject + Config config; + + @BeforeEach + void beforeEach() { + Mockito.when(claimService.getClaimPath()).thenReturn(new String[] { "groups" }); + var tmp = config.unwrap(SmallRyeConfig.class).getConfigMapping(TokenConfig.class); + Mockito.when(tokenConfig.tokenClaimSeparator()).thenReturn(tmp.tokenClaimSeparator()); + Mockito.when(tokenConfig.tokenClaimPath()).thenReturn(tmp.tokenClaimPath()); + Mockito.when(tokenConfig.tokenVerified()).thenReturn(true); + Mockito.when(tokenConfig.tokenPublicKeyLocationSuffix()).thenReturn(tmp.tokenPublicKeyLocationSuffix()); + Mockito.when(tokenConfig.tokenPublicKeyEnabled()).thenReturn(true); + } + + @Test + void skipTokenVerified() { + + KeycloakTestClient keycloakClient = new KeycloakTestClient(); + var accessToken = keycloakClient.getAccessToken("bob"); + + var dto = given() + .contentType(APPLICATION_JSON) + .body(new PermissionRequestDTOV1().token(accessToken)) + .post("/application/app1") + .then() + .statusCode(OK.getStatusCode()) + .extract() + .body().as(ApplicationPermissionsDTOV1.class); -//@QuarkusTest -//@TestHTTPEndpoint(PermissionRestController.class) -//@WithDBData(value = "data/test-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true) -public class PermissionRestControllerConfigIssuerTest extends AbstractTest { - // - // @InjectMock - // TokenConfig tokenConfig; - // - // @Inject - // Config config; - // - // @BeforeEach - // void beforeEach() { - // var tmp = config.unwrap(SmallRyeConfig.class).getConfigMapping(TokenConfig.class); - // Mockito.when(tokenConfig.tokenClaimSeparator()).thenReturn(tmp.tokenClaimSeparator()); - // Mockito.when(tokenConfig.tokenClaimPath()).thenReturn("groups"); - // Mockito.when(tokenConfig.tokenVerified()).thenReturn(true); - // Mockito.when(tokenConfig.tokenPublicKeyLocationSuffix()).thenReturn(tmp.tokenPublicKeyLocationSuffix()); - // Mockito.when(tokenConfig.tokenPublicKeyEnabled()).thenReturn(true); - // } - // - // @Test - // void skipTokenVerified() { - // - // KeycloakTestClient keycloakClient = new KeycloakTestClient(); - // var accessToken = keycloakClient.getAccessToken("bob"); - // - // var dto = given() - // .contentType(APPLICATION_JSON) - // .body(new PermissionRequestDTOV1().token(accessToken)) - // .post("/application/app1") - // .then() - // .statusCode(OK.getStatusCode()) - // .extract() - // .body().as(ApplicationPermissionsDTOV1.class); - // - // assertThat(dto).isNotNull(); - // assertThat(dto.getPermissions()).isNotNull().hasSize(1); - // assertThat(dto.getPermissions().get("o1")).isNotNull().hasSize(1).containsExactly("a3"); - // } + assertThat(dto).isNotNull(); + assertThat(dto.getPermissions()).isNotNull().hasSize(1); + assertThat(dto.getPermissions().get("o1")).isNotNull().hasSize(1).containsExactly("a3"); + } } diff --git a/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigPublicKeyTest.java b/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigPublicKeyTest.java new file mode 100644 index 0000000..2942522 --- /dev/null +++ b/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerConfigPublicKeyTest.java @@ -0,0 +1,72 @@ +package io.github.onecx.permission.rs.external.v1; + +import static io.restassured.RestAssured.given; +import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON; +import static org.assertj.core.api.Assertions.assertThat; +import static org.jboss.resteasy.reactive.RestResponse.Status.OK; + +import jakarta.inject.Inject; + +import org.eclipse.microprofile.config.Config; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; +import org.tkit.quarkus.test.WithDBData; + +import gen.io.github.onecx.permission.rs.external.v1.model.ApplicationPermissionsDTOV1; +import gen.io.github.onecx.permission.rs.external.v1.model.PermissionRequestDTOV1; +import io.github.onecx.permission.common.models.TokenConfig; +import io.github.onecx.permission.common.services.ClaimService; +import io.github.onecx.permission.rs.external.v1.controllers.PermissionRestController; +import io.github.onecx.permission.test.AbstractTest; +import io.quarkus.test.InjectMock; +import io.quarkus.test.common.http.TestHTTPEndpoint; +import io.quarkus.test.junit.QuarkusTest; +import io.quarkus.test.keycloak.client.KeycloakTestClient; +import io.smallrye.config.SmallRyeConfig; + +@QuarkusTest +@TestHTTPEndpoint(PermissionRestController.class) +@WithDBData(value = "data/test-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true) +class PermissionRestControllerConfigPublicKeyTest extends AbstractTest { + + @InjectMock + TokenConfig tokenConfig; + + @InjectMock + ClaimService claimService; + + @Inject + Config config; + + @BeforeEach + void beforeEach() { + Mockito.when(claimService.getClaimPath()).thenReturn(new String[] { "groups" }); + var tmp = config.unwrap(SmallRyeConfig.class).getConfigMapping(TokenConfig.class); + Mockito.when(tokenConfig.tokenClaimSeparator()).thenReturn(tmp.tokenClaimSeparator()); + Mockito.when(tokenConfig.tokenClaimPath()).thenReturn(tmp.tokenClaimPath()); + Mockito.when(tokenConfig.tokenVerified()).thenReturn(true); + Mockito.when(tokenConfig.tokenPublicKeyLocationSuffix()).thenReturn(tmp.tokenPublicKeyLocationSuffix()); + Mockito.when(tokenConfig.tokenPublicKeyEnabled()).thenReturn(false); + } + + @Test + void skipTokenVerified() { + + KeycloakTestClient keycloakClient = new KeycloakTestClient(); + var accessToken = keycloakClient.getAccessToken("bob"); + + var dto = given() + .contentType(APPLICATION_JSON) + .body(new PermissionRequestDTOV1().token(accessToken)) + .post("/application/app1") + .then() + .statusCode(OK.getStatusCode()) + .extract() + .body().as(ApplicationPermissionsDTOV1.class); + + assertThat(dto).isNotNull(); + assertThat(dto.getPermissions()).isNotNull().hasSize(1); + assertThat(dto.getPermissions().get("o1")).isNotNull().hasSize(1).containsExactly("a3"); + } +} diff --git a/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerTest.java b/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerTest.java index c003211..de66a63 100644 --- a/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerTest.java +++ b/src/test/java/io/github/onecx/permission/rs/external/v1/PermissionRestControllerTest.java @@ -3,8 +3,7 @@ import static io.restassured.RestAssured.given; import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON; import static org.assertj.core.api.Assertions.assertThat; -import static org.jboss.resteasy.reactive.RestResponse.Status.BAD_REQUEST; -import static org.jboss.resteasy.reactive.RestResponse.Status.OK; +import static org.jboss.resteasy.reactive.RestResponse.Status.*; import java.util.List; @@ -21,7 +20,7 @@ @QuarkusTest @TestHTTPEndpoint(PermissionRestController.class) @WithDBData(value = "data/test-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true) -public class PermissionRestControllerTest extends AbstractTest { +class PermissionRestControllerTest extends AbstractTest { @Test void getApplicationPermissionsTest() { @@ -60,6 +59,17 @@ void getApplicationPermissionsNoBodyTest() { } + @Test + void getApplicationPermissionsWrongTongTest() { + + given() + .contentType(APPLICATION_JSON) + .body(new PermissionRequestDTOV1().token("this-is-not-token")) + .post("/application/app1") + .then() + .statusCode(INTERNAL_SERVER_ERROR.getStatusCode()); + } + @Test void getWorkspacePermissionsTest() {