From ab87188de28ae266aebf03fb429880cf293c6ee9 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Fri, 9 Feb 2024 17:12:21 +0300
Subject: API: accept authorization cookie

---
 src/main/java/com/juick/config/SecurityConfig.java    |  3 +++
 src/test/java/com/juick/server/tests/ServerTests.java | 11 +++++++++++
 2 files changed, 14 insertions(+)

(limited to 'src')

diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index 030cdcc2..a7007648 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -223,6 +223,9 @@ public class SecurityConfig {
                 .exceptionHandling(exceptionHandling -> exceptionHandling
                         .authenticationEntryPoint(apiAuthenticationEntryPoint()))
                 .csrf(AbstractHttpConfigurer::disable)
+                .rememberMe(rememberMe -> rememberMe
+                        .rememberMeCookieDomain(webDomain).key(rememberMeKey)
+                        .rememberMeServices(hashCookieServices()))
                 .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
         return http.build();
     }
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index 13f8b1f2..e74e8c6f 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -1770,6 +1770,17 @@ public class ServerTests {
                 .andExpect(content().string(containsString(hash)));
     }
 
+    @Test
+    public void apiRequestsShouldAuthorizeWithCookie() throws Exception {
+        String hash = userService.getHashByUID(ugnich.getUid());
+        MvcResult hashLoginResult = mockMvc.perform(get("/?show=my&hash=" + hash)).andExpect(status().isOk())
+                .andExpect(model().attribute("visitor", hasProperty("authHash", equalTo(hash))))
+                .andExpect(content().string(containsString(hash))).andReturn();
+        Cookie rememberMeFromHash = hashLoginResult.getResponse().getCookie("juick-remember-me");
+        mockMvc.perform(get("/api/me").cookie(rememberMeFromHash))
+                .andExpect(status().isOk());
+    }
+
     @Test
     public void nonExistentBlogShouldReturn404() throws Exception {
         mockMvc.perform(get("/ololoe/")).andExpect(status().isNotFound());
-- 
cgit v1.2.3