api: /auth

author: Vitaly Takmazov 2017-10-13 11:46:09 +0300
committer: Vitaly Takmazov 2017-10-13 11:46:09 +0300
commit: ffe9ea5db1956ab7570d467ce8388aac8a474fe0 (patch)
tree: b1557ca7f1a5dbf440b7e72c73b34730b37ddc63 /juick-api
parent: 5439a0fa2fd0d778561e20f089af7dd9de7a5511 (diff)
2 files changed, 37 insertions, 4 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java
index 35bd229b..4881d841 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Users.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java
@@ -24,10 +24,7 @@ import com.juick.service.UserService;
 import com.juick.server.util.UserUtils;
 import com.juick.server.util.WebUtils;
 import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import javax.inject.Inject;
 import java.util.ArrayList;
@@ -41,6 +38,11 @@ public class Users {
     @Inject
     private UserService userService;
 
+    @RequestMapping(value = "/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+    public String getAuthToken() {
+        return userService.getHashByUID(UserUtils.getCurrentUser().getUid());
+    }
+
     @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
     public List<User> doGetUsers(
             @RequestParam(value = "uname", required = false) List<String> unames,
diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
index 075ea6e3..fc71c755 100644
--- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
+++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
@@ -17,6 +17,7 @@
 
 package com.juick.api.tests;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.juick.Message;
 import com.juick.Tag;
 import com.juick.User;
@@ -46,6 +47,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@@ -55,6 +57,8 @@ import javax.inject.Inject;
 import java.time.Instant;
 import java.util.*;
 
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.is;
 import static org.mockito.Mockito.when;
@@ -99,6 +103,8 @@ public class MessagesTests {
     private UserService userService;
     @Inject
     private TagService tagService;
+    @Inject
+    private ObjectMapper jsonMapper;
 
     private User ugnich, freefd;
     String ugnichName, ugnichPassword, freefdName, freefdPassword;
@@ -138,6 +144,9 @@ public class MessagesTests {
         mockMvc.perform(get("/"))
                 .andExpect(status().is4xxClientError());
 
+        mockMvc.perform(get("/auth"))
+                .andExpect(status().is4xxClientError());
+
         mockMvc.perform(get("/home"))
                 .andExpect(status().is4xxClientError());
 
@@ -297,4 +306,26 @@ public class MessagesTests {
         mockMvc.perform(get("/thread").param("mid", "999999999")
         .with(httpBasic(ugnichName, ugnichPassword))).andExpect(status().is4xxClientError());
     }
+    @Test
+    public void performRequestsWithIssuedToken() throws Exception {
+        User user = MockUtils.mockUser(1, ugnichName, ugnichPassword);
+        String testHash = "12345";
+        when(userService.getFullyUserByName(ugnichName))
+                .thenReturn(user);
+        when(userService.getUserByName(ugnichName))
+                .thenReturn(user);
+        when(userService.getUserByHash(testHash)).thenReturn(user);
+        when(userService.getHashByUID(user.getUid())).thenReturn(testHash);
+        mockMvc.perform(get("/home")).andExpect(status().isUnauthorized());
+        mockMvc.perform(get("/auth"))
+                .andExpect(status().isUnauthorized());
+        mockMvc.perform(get("/auth").with(httpBasic(ugnichName, "wrongpassword")))
+                .andExpect(status().isUnauthorized());
+        MvcResult result = mockMvc.perform(get("/auth").with(httpBasic(ugnichName, ugnichPassword)))
+                .andExpect(status().isOk())
+                .andReturn();
+        String hash = jsonMapper.readValue(result.getResponse().getContentAsString(), String.class);
+        assertThat(hash, equalTo(testHash));
+        mockMvc.perform(get("/home").param("hash", hash)).andExpect(status().isNotFound());
+    }
 }
author	Vitaly Takmazov	2017-10-13 11:46:09 +0300
committer	Vitaly Takmazov	2017-10-13 11:46:09 +0300
commit	ffe9ea5db1956ab7570d467ce8388aac8a474fe0 (patch)
tree	b1557ca7f1a5dbf440b7e72c73b34730b37ddc63 /juick-api
parent	5439a0fa2fd0d778561e20f089af7dd9de7a5511 (diff)