From ab87188de28ae266aebf03fb429880cf293c6ee9 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Fri, 9 Feb 2024 17:12:21 +0300 Subject: API: accept authorization cookie --- src/main/java/com/juick/config/SecurityConfig.java | 3 +++ src/test/java/com/juick/server/tests/ServerTests.java | 11 +++++++++++ 2 files changed, 14 insertions(+) (limited to 'src') diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index 030cdcc2..a7007648 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -223,6 +223,9 @@ public class SecurityConfig { .exceptionHandling(exceptionHandling -> exceptionHandling .authenticationEntryPoint(apiAuthenticationEntryPoint())) .csrf(AbstractHttpConfigurer::disable) + .rememberMe(rememberMe -> rememberMe + .rememberMeCookieDomain(webDomain).key(rememberMeKey) + .rememberMeServices(hashCookieServices())) .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults())); return http.build(); } diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java index 13f8b1f2..e74e8c6f 100644 --- a/src/test/java/com/juick/server/tests/ServerTests.java +++ b/src/test/java/com/juick/server/tests/ServerTests.java @@ -1770,6 +1770,17 @@ public class ServerTests { .andExpect(content().string(containsString(hash))); } + @Test + public void apiRequestsShouldAuthorizeWithCookie() throws Exception { + String hash = userService.getHashByUID(ugnich.getUid()); + MvcResult hashLoginResult = mockMvc.perform(get("/?show=my&hash=" + hash)).andExpect(status().isOk()) + .andExpect(model().attribute("visitor", hasProperty("authHash", equalTo(hash)))) + .andExpect(content().string(containsString(hash))).andReturn(); + Cookie rememberMeFromHash = hashLoginResult.getResponse().getCookie("juick-remember-me"); + mockMvc.perform(get("/api/me").cookie(rememberMeFromHash)) + .andExpect(status().isOk()); + } + @Test public void nonExistentBlogShouldReturn404() throws Exception { mockMvc.perform(get("/ololoe/")).andExpect(status().isNotFound()); -- cgit v1.2.3