aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Users.java10
-rw-r--r--juick-api/src/test/java/com/juick/api/tests/MessagesTests.java31
2 files changed, 37 insertions, 4 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java
index 35bd229b..4881d841 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Users.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java
@@ -24,10 +24,7 @@ import com.juick.service.UserService;
import com.juick.server.util.UserUtils;
import com.juick.server.util.WebUtils;
import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
import javax.inject.Inject;
import java.util.ArrayList;
@@ -41,6 +38,11 @@ public class Users {
@Inject
private UserService userService;
+ @RequestMapping(value = "/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ public String getAuthToken() {
+ return userService.getHashByUID(UserUtils.getCurrentUser().getUid());
+ }
+
@RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public List<User> doGetUsers(
@RequestParam(value = "uname", required = false) List<String> unames,
diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
index 075ea6e3..fc71c755 100644
--- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
+++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
@@ -17,6 +17,7 @@
package com.juick.api.tests;
+import com.fasterxml.jackson.databind.ObjectMapper;
import com.juick.Message;
import com.juick.Tag;
import com.juick.User;
@@ -46,6 +47,7 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@@ -55,6 +57,8 @@ import javax.inject.Inject;
import java.time.Instant;
import java.util.*;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.is;
import static org.mockito.Mockito.when;
@@ -99,6 +103,8 @@ public class MessagesTests {
private UserService userService;
@Inject
private TagService tagService;
+ @Inject
+ private ObjectMapper jsonMapper;
private User ugnich, freefd;
String ugnichName, ugnichPassword, freefdName, freefdPassword;
@@ -138,6 +144,9 @@ public class MessagesTests {
mockMvc.perform(get("/"))
.andExpect(status().is4xxClientError());
+ mockMvc.perform(get("/auth"))
+ .andExpect(status().is4xxClientError());
+
mockMvc.perform(get("/home"))
.andExpect(status().is4xxClientError());
@@ -297,4 +306,26 @@ public class MessagesTests {
mockMvc.perform(get("/thread").param("mid", "999999999")
.with(httpBasic(ugnichName, ugnichPassword))).andExpect(status().is4xxClientError());
}
+ @Test
+ public void performRequestsWithIssuedToken() throws Exception {
+ User user = MockUtils.mockUser(1, ugnichName, ugnichPassword);
+ String testHash = "12345";
+ when(userService.getFullyUserByName(ugnichName))
+ .thenReturn(user);
+ when(userService.getUserByName(ugnichName))
+ .thenReturn(user);
+ when(userService.getUserByHash(testHash)).thenReturn(user);
+ when(userService.getHashByUID(user.getUid())).thenReturn(testHash);
+ mockMvc.perform(get("/home")).andExpect(status().isUnauthorized());
+ mockMvc.perform(get("/auth"))
+ .andExpect(status().isUnauthorized());
+ mockMvc.perform(get("/auth").with(httpBasic(ugnichName, "wrongpassword")))
+ .andExpect(status().isUnauthorized());
+ MvcResult result = mockMvc.perform(get("/auth").with(httpBasic(ugnichName, ugnichPassword)))
+ .andExpect(status().isOk())
+ .andReturn();
+ String hash = jsonMapper.readValue(result.getResponse().getContentAsString(), String.class);
+ assertThat(hash, equalTo(testHash));
+ mockMvc.perform(get("/home").param("hash", hash)).andExpect(status().isNotFound());
+ }
}