From a1dfdabfa7a43b28d827458a0b4c5f6a2a1a9013 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Sun, 27 Nov 2016 17:13:27 +0300
Subject: juick-api: red tests for cors and hash authentication

---
 .../java/com/juick/api/configuration/ApiMvcConfiguration.java  |  3 ++-
 .../src/main/java/com/juick/api/controllers/Messages.java      |  8 +++-----
 juick-api/src/test/java/com/juick/api/tests/MessagesTests.java | 10 ++++++++++
 3 files changed, 15 insertions(+), 6 deletions(-)

(limited to 'juick-api')

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
index 8e0087d7..e3a49c6c 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiMvcConfiguration.java
@@ -42,6 +42,7 @@ public class ApiMvcConfiguration extends WebMvcConfigurationSupport {
 
     @Override
     protected void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**");
+        registry.addMapping("/**")
+                .allowedOrigins("*");
     }
 }
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
index 78c8ecc6..f8e892e7 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
@@ -17,10 +17,7 @@ import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.*;
 import rocks.xmpp.addr.Jid;
 import rocks.xmpp.core.stanza.model.Message;
 
@@ -34,6 +31,7 @@ import java.util.List;
  * @author ugnich
  */
 @Controller
+@CrossOrigin
 @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class Messages {
     private static final Logger logger = LoggerFactory.getLogger(Messages.class);
@@ -78,6 +76,7 @@ public class Messages {
     @RequestMapping("/messages")
     public ResponseEntity<List<com.juick.Message>> getMessages(
             HttpServletRequest request,
+            @RequestParam(required = false) String hash,
             @RequestParam(required = false) String uname,
             @RequestParam(defaultValue = "0") int before_mid,
             @RequestParam(required = false) String popular,
@@ -90,7 +89,6 @@ public class Messages {
             return FORBIDDEN;
 
         if (vuid == 0) {
-            String hash = request.getParameter("hash");
             if (hash != null && hash.length() == 16)
                 vuid = userService.getUIDbyHash(hash);
         }
diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
index 788582a0..6996adb9 100644
--- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
+++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java
@@ -9,6 +9,7 @@ import com.juick.api.configuration.ApiSecurityConfig;
 import com.juick.configuration.DataConfiguration;
 import com.juick.service.MessagesService;
 import com.juick.service.UserService;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -72,6 +73,7 @@ public class MessagesTests {
     public void setUp() {
         mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext)
                 .apply(SecurityMockMvcConfigurers.springSecurity())
+                .dispatchOptions(true)
                 .build();
     }
 
@@ -107,9 +109,17 @@ public class MessagesTests {
 
         mockMvc.perform(get("/home").with(httpBasic(ugnichName, uginchPassword)))
                 .andExpect(status().isOk())
+                .andExpect(header().string("Access-Control-Allow-Origin", "*"))
+                .andExpect(header().string("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE"))
+                .andExpect(header().string("Access-Control-Allow-Headers", "*"))
                 .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8))
                 .andExpect(jsonPath("$", hasSize(1)))
                 .andExpect(jsonPath("$[0].mid", is(1)))
                 .andExpect(jsonPath("$[0].body", is(msgText)));
+        String hash = RandomStringUtils.random(16);
+        when(userService.getHashByUID(1)).thenReturn(hash);
+        mockMvc.perform(get("/messages")
+                .param("hash", hash))
+                .andExpect(status().isOk());
     }
 }
-- 
cgit v1.2.3