diff options
-rw-r--r-- | juick-api/src/main/java/com/juick/api/controllers/Users.java | 10 | ||||
-rw-r--r-- | juick-api/src/test/java/com/juick/api/tests/MessagesTests.java | 31 |
2 files changed, 37 insertions, 4 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java index 35bd229b..4881d841 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Users.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java @@ -24,10 +24,7 @@ import com.juick.service.UserService; import com.juick.server.util.UserUtils; import com.juick.server.util.WebUtils; import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import javax.inject.Inject; import java.util.ArrayList; @@ -41,6 +38,11 @@ public class Users { @Inject private UserService userService; + @RequestMapping(value = "/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) + public String getAuthToken() { + return userService.getHashByUID(UserUtils.getCurrentUser().getUid()); + } + @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List<User> doGetUsers( @RequestParam(value = "uname", required = false) List<String> unames, diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java index 075ea6e3..fc71c755 100644 --- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java +++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java @@ -17,6 +17,7 @@ package com.juick.api.tests; +import com.fasterxml.jackson.databind.ObjectMapper; import com.juick.Message; import com.juick.Tag; import com.juick.User; @@ -46,6 +47,7 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.servlet.config.annotation.EnableWebMvc; @@ -55,6 +57,8 @@ import javax.inject.Inject; import java.time.Instant; import java.util.*; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; import static org.mockito.Mockito.when; @@ -99,6 +103,8 @@ public class MessagesTests { private UserService userService; @Inject private TagService tagService; + @Inject + private ObjectMapper jsonMapper; private User ugnich, freefd; String ugnichName, ugnichPassword, freefdName, freefdPassword; @@ -138,6 +144,9 @@ public class MessagesTests { mockMvc.perform(get("/")) .andExpect(status().is4xxClientError()); + mockMvc.perform(get("/auth")) + .andExpect(status().is4xxClientError()); + mockMvc.perform(get("/home")) .andExpect(status().is4xxClientError()); @@ -297,4 +306,26 @@ public class MessagesTests { mockMvc.perform(get("/thread").param("mid", "999999999") .with(httpBasic(ugnichName, ugnichPassword))).andExpect(status().is4xxClientError()); } + @Test + public void performRequestsWithIssuedToken() throws Exception { + User user = MockUtils.mockUser(1, ugnichName, ugnichPassword); + String testHash = "12345"; + when(userService.getFullyUserByName(ugnichName)) + .thenReturn(user); + when(userService.getUserByName(ugnichName)) + .thenReturn(user); + when(userService.getUserByHash(testHash)).thenReturn(user); + when(userService.getHashByUID(user.getUid())).thenReturn(testHash); + mockMvc.perform(get("/home")).andExpect(status().isUnauthorized()); + mockMvc.perform(get("/auth")) + .andExpect(status().isUnauthorized()); + mockMvc.perform(get("/auth").with(httpBasic(ugnichName, "wrongpassword"))) + .andExpect(status().isUnauthorized()); + MvcResult result = mockMvc.perform(get("/auth").with(httpBasic(ugnichName, ugnichPassword))) + .andExpect(status().isOk()) + .andReturn(); + String hash = jsonMapper.readValue(result.getResponse().getContentAsString(), String.class); + assertThat(hash, equalTo(testHash)); + mockMvc.perform(get("/home").param("hash", hash)).andExpect(status().isNotFound()); + } } |