diff --git a/src/main/java/uk/nhs/hee/tis/trainee/forms/config/InterceptorConfiguration.java b/src/main/java/uk/nhs/hee/tis/trainee/forms/config/InterceptorConfiguration.java index 550ed604..feabfd76 100644 --- a/src/main/java/uk/nhs/hee/tis/trainee/forms/config/InterceptorConfiguration.java +++ b/src/main/java/uk/nhs/hee/tis/trainee/forms/config/InterceptorConfiguration.java @@ -40,7 +40,8 @@ public class InterceptorConfiguration implements WebMvcConfigurer { // trainee ID verification to LTFT, COJ and FormR endpoints for now. protected static final String[] TRAINEE_ID_APIS = { "/api/coj", - "/api/formr-partas", "/api/formr-partbs", "/api/formr-parta/**", "/api/formr-partb/**", + "/api/formr-parta", "/api/formr-partas", "/api/formr-parta/**", + "/api/formr-partb", "/api/formr-partbs", "/api/formr-partb/**", "/api/ltft", "/api/ltft/**" }; @Override diff --git a/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartAResourceTest.java b/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartAResourceTest.java index 0d9ae7f0..9a5ff08d 100644 --- a/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartAResourceTest.java +++ b/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartAResourceTest.java @@ -130,6 +130,8 @@ void postShouldNotCreateFormWhenTokenIsInvalid() throws Exception { @Test void postShouldNotCreateFormWhenFormExists() throws Exception { + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(post("/api/formr-parta") .contentType(TestUtil.APPLICATION_JSON_UTF8) .content(TestUtil.convertObjectToJsonBytes(dto)) @@ -312,6 +314,7 @@ void getShouldNotReturnTraineesFormsWhenTokenHasNoTraineeId() throws Exception { @Test void getShouldReturnTraineesFormsWhenTokenHasTraineeId() throws Exception { when(service.getFormRPartAs()).thenReturn(Collections.singletonList(simpleDto)); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); mockMvc.perform(get("/api/formr-partas") .contentType(TestUtil.APPLICATION_JSON_UTF8) @@ -347,6 +350,8 @@ void getByIdShouldNotReturnFormWhenTokenHasNoTraineeId() throws Exception { @Test void getByIdShouldNotReturnFormWhenFormIsNotTrainees() throws Exception { when(service.getFormRPartAById(DEFAULT_ID)).thenReturn(null); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(get("/api/formr-parta/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) @@ -356,6 +361,8 @@ void getByIdShouldNotReturnFormWhenFormIsNotTrainees() throws Exception { @Test void getByIdShouldReturnFormWhenFormIsTrainees() throws Exception { when(service.getFormRPartAById(DEFAULT_ID)).thenReturn(dto); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(get("/api/formr-parta/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) @@ -390,6 +397,8 @@ void deleteByIdShouldNotDeleteFormWhenTokenHasNoTraineeId() throws Exception { @Test void deleteByIdShouldReturnNotFoundWhenFormIsNotDeleted() throws Exception { when(service.deleteFormRPartAById(DEFAULT_ID)).thenReturn(false); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(delete("/api/formr-parta/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) @@ -399,6 +408,8 @@ void deleteByIdShouldReturnNotFoundWhenFormIsNotDeleted() throws Exception { @Test void deleteByIdShouldReturnNoContentWhenFormIsDeleted() throws Exception { when(service.deleteFormRPartAById(DEFAULT_ID)).thenReturn(true); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(delete("/api/formr-parta/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) diff --git a/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartBResourceTest.java b/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartBResourceTest.java index b1ddf6ef..c487ce23 100644 --- a/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartBResourceTest.java +++ b/src/test/java/uk/nhs/hee/tis/trainee/forms/api/FormRPartBResourceTest.java @@ -130,6 +130,8 @@ void postShouldNotCreateFormWhenTokenIsInvalid() throws Exception { @Test void postShouldNotCreateFormWhenFormExists() throws Exception { + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(post("/api/formr-partb") .contentType(TestUtil.APPLICATION_JSON_UTF8) .content(TestUtil.convertObjectToJsonBytes(dto)) @@ -312,6 +314,7 @@ void getShouldNotReturnTraineesFormsWhenTokenHasNoTraineeId() throws Exception { @Test void getShouldReturnTraineesFormsWhenTokenHasTraineeId() throws Exception { when(service.getFormRPartBs()).thenReturn(Collections.singletonList(simpleDto)); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); mockMvc.perform(get("/api/formr-partbs") .contentType(TestUtil.APPLICATION_JSON_UTF8) @@ -346,6 +349,8 @@ void getByIdShouldNotReturnFormWhenTokenHasNoTraineeId() throws Exception { @Test void getByIdShouldNotReturnFormWhenFormIsNotTrainees() throws Exception { when(service.getFormRPartBById(DEFAULT_ID)).thenReturn(null); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(get("/api/formr-partb/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) @@ -355,6 +360,8 @@ void getByIdShouldNotReturnFormWhenFormIsNotTrainees() throws Exception { @Test void getByIdShouldReturnFormWhenFormIsTrainees() throws Exception { when(service.getFormRPartBById(DEFAULT_ID)).thenReturn(dto); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(get("/api/formr-partb/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) @@ -389,6 +396,8 @@ void deleteByIdShouldNotDeleteFormWhenTokenHasNoTraineeId() throws Exception { @Test void deleteByIdShouldReturnNotFoundWhenFormIsNotDeleted() throws Exception { when(service.deleteFormRPartBById(DEFAULT_ID)).thenReturn(false); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(delete("/api/formr-partb/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) @@ -398,6 +407,8 @@ void deleteByIdShouldReturnNotFoundWhenFormIsNotDeleted() throws Exception { @Test void deleteByIdShouldReturnNoContentWhenFormIsDeleted() throws Exception { when(service.deleteFormRPartBById(DEFAULT_ID)).thenReturn(true); + when(traineeIdentity.getTraineeId()).thenReturn(DEFAULT_TRAINEE_TIS_ID); + mockMvc.perform(delete("/api/formr-partb/" + DEFAULT_ID) .contentType(TestUtil.APPLICATION_JSON_UTF8) .header(HttpHeaders.AUTHORIZATION, AUTH_TOKEN)) diff --git a/src/test/java/uk/nhs/hee/tis/trainee/forms/interceptor/TraineeIdentityInterceptorIntegrationTest.java b/src/test/java/uk/nhs/hee/tis/trainee/forms/interceptor/TraineeIdentityInterceptorIntegrationTest.java index eeebd1e8..46e5fb30 100644 --- a/src/test/java/uk/nhs/hee/tis/trainee/forms/interceptor/TraineeIdentityInterceptorIntegrationTest.java +++ b/src/test/java/uk/nhs/hee/tis/trainee/forms/interceptor/TraineeIdentityInterceptorIntegrationTest.java @@ -71,9 +71,10 @@ class TraineeIdentityInterceptorIntegrationTest { private TraineeIdentityInterceptor interceptor; @ParameterizedTest - @ValueSource(strings = {"/api/coj", "/api/formr-partas", "/api/formr-partbs", - "/api/formr-parta/xxx", "/api/formr-parta/xxx/yyy", "/api/formr-partb/xxx", - "/api/formr-partb/xxx/yyy", "/api/ltft", "/api/ltft/xxx", "/api/ltft/xxx/yyy"}) + @ValueSource(strings = {"/api/coj", + "/api/formr-parta","/api/formr-partas", "/api/formr-parta/xxx", "/api/formr-parta/xxx/yyy", + "/api/formr-partb", "/api/formr-partbs", "/api/formr-partb/xxx", "/api/formr-partb/xxx/yyy", + "/api/ltft", "/api/ltft/xxx", "/api/ltft/xxx/yyy"}) void shouldAddTraineeIdToRequest(String apiPath) throws Exception { mockMvc.perform(get(apiPath) .header(HttpHeaders.AUTHORIZATION, TestJwtUtil.generateTokenForTisId(ID_1))) @@ -84,9 +85,10 @@ void shouldAddTraineeIdToRequest(String apiPath) throws Exception { } @ParameterizedTest - @ValueSource(strings = {"/api/coj", "/api/formr-partas", "/api/formr-partbs", - "/api/formr-parta/xxx", "/api/formr-parta/xxx/yyy", "/api/formr-partb/xxx", - "/api/formr-partb/xxx/yyy", "/api/ltft", "/api/ltft/xxx", "/api/ltft/xxx/yyy"}) + @ValueSource(strings = {"/api/coj", + "/api/formr-parta","/api/formr-partas", "/api/formr-parta/xxx", "/api/formr-parta/xxx/yyy", + "/api/formr-partb", "/api/formr-partbs", "/api/formr-partb/xxx", "/api/formr-partb/xxx/yyy", + "/api/ltft", "/api/ltft/xxx", "/api/ltft/xxx/yyy"}) void shouldAddNewTraineeIdOnEachRequest(String apiPath) throws Exception { mockMvc.perform(get(apiPath) .header(HttpHeaders.AUTHORIZATION, TestJwtUtil.generateTokenForTisId(ID_1))) @@ -102,7 +104,8 @@ void shouldAddNewTraineeIdOnEachRequest(String apiPath) throws Exception { } @ParameterizedTest - @ValueSource(strings = {"/api", "/api/xxx", "/api/xxx/yyy"}) + @ValueSource(strings = {"/api", "/api/xxx", "/api/xxx/yyy", "/api/feature-flags", + "/api/form-relocate/xxx"}) void shouldNotAddTraineeIdToNonInterceptedRequests(String apiPath) throws Exception { mockMvc.perform(get(apiPath) .header(HttpHeaders.AUTHORIZATION, TestJwtUtil.generateTokenForTisId(ID_1)))