From a1dfdabfa7a43b28d827458a0b4c5f6a2a1a9013 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Sun, 27 Nov 2016 17:13:27 +0300 Subject: juick-api: red tests for cors and hash authentication --- .../java/com/juick/api/configuration/ApiMvcConfiguration.java | 3 ++- .../src/main/java/com/juick/api/controllers/Messages.java | 8 +++----- juick-api/src/test/java/com/juick/api/tests/MessagesTests.java | 10 ++++++++++ 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java index 8e0087d7..e3a49c6c 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java @@ -42,6 +42,7 @@ public class ApiMvcConfiguration extends WebMvcConfigurationSupport { @Override protected void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**"); + registry.addMapping("/**") + .allowedOrigins("*"); } } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java index 78c8ecc6..f8e892e7 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java @@ -17,10 +17,7 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.*; import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; @@ -34,6 +31,7 @@ import java.util.List; * @author ugnich */ @Controller +@CrossOrigin @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public class Messages { private static final Logger logger = LoggerFactory.getLogger(Messages.class); @@ -78,6 +76,7 @@ public class Messages { @RequestMapping("/messages") public ResponseEntity> getMessages( HttpServletRequest request, + @RequestParam(required = false) String hash, @RequestParam(required = false) String uname, @RequestParam(defaultValue = "0") int before_mid, @RequestParam(required = false) String popular, @@ -90,7 +89,6 @@ public class Messages { return FORBIDDEN; if (vuid == 0) { - String hash = request.getParameter("hash"); if (hash != null && hash.length() == 16) vuid = userService.getUIDbyHash(hash); } diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java index 788582a0..6996adb9 100644 --- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java +++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java @@ -9,6 +9,7 @@ import com.juick.api.configuration.ApiSecurityConfig; import com.juick.configuration.DataConfiguration; import com.juick.service.MessagesService; import com.juick.service.UserService; +import org.apache.commons.lang3.RandomStringUtils; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -72,6 +73,7 @@ public class MessagesTests { public void setUp() { mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) .apply(SecurityMockMvcConfigurers.springSecurity()) + .dispatchOptions(true) .build(); } @@ -107,9 +109,17 @@ public class MessagesTests { mockMvc.perform(get("/home").with(httpBasic(ugnichName, uginchPassword))) .andExpect(status().isOk()) + .andExpect(header().string("Access-Control-Allow-Origin", "*")) + .andExpect(header().string("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE")) + .andExpect(header().string("Access-Control-Allow-Headers", "*")) .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8)) .andExpect(jsonPath("$", hasSize(1))) .andExpect(jsonPath("$[0].mid", is(1))) .andExpect(jsonPath("$[0].body", is(msgText))); + String hash = RandomStringUtils.random(16); + when(userService.getHashByUID(1)).thenReturn(hash); + mockMvc.perform(get("/messages") + .param("hash", hash)) + .andExpect(status().isOk()); } } -- cgit v1.2.3