diff --git a/src/main/java/de/holarse/config/MultipleHttpSecurityConfig.java b/src/main/java/de/holarse/config/MultipleHttpSecurityConfig.java index 9abb0beb..491f9add 100644 --- a/src/main/java/de/holarse/config/MultipleHttpSecurityConfig.java +++ b/src/main/java/de/holarse/config/MultipleHttpSecurityConfig.java @@ -133,7 +133,7 @@ public SecurityFilterChain webFormSecurityFilterChain(final HttpSecurity http, f antMatcher("/wiki/*/edit"), antMatcher("/news/*/edit"), antMatcher("/webapi/**"), - antMatcher("/logout")).authenticated()) + antMatcher("/logout")).hasRole("USER")) // Normale Webseite, auch als Gast nutzbar .authorizeHttpRequests((requests) -> requests.requestMatchers(antMatcher("/"), diff --git a/src/main/java/de/holarse/web/api/TagApiController.java b/src/main/java/de/holarse/web/api/TagApiController.java index 91e9a799..cc9a37f8 100644 --- a/src/main/java/de/holarse/web/api/TagApiController.java +++ b/src/main/java/de/holarse/web/api/TagApiController.java @@ -1,6 +1,7 @@ package de.holarse.web.api; import de.holarse.backend.db.repositories.SearchRepository; +import de.holarse.backend.view.TagRecommendation; import de.holarse.backend.view.TagView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -24,9 +25,9 @@ public class TagApiController { SearchRepository searchRepository; @GetMapping(value = "autocomplete", produces = MediaType.APPLICATION_JSON_VALUE) - public List autoComplete(@RequestParam final String query) { + public List autoComplete(@RequestParam final String query) { logger.info("Autocomplete request for input {}", query); - return new ArrayList<>(); + return searchRepository.autocompleteTags(query); } } diff --git a/src/main/java/de/holarse/web/controller/ProfileController.java b/src/main/java/de/holarse/web/controller/ProfileController.java index 8bac07dc..c1b8d9ef 100644 --- a/src/main/java/de/holarse/web/controller/ProfileController.java +++ b/src/main/java/de/holarse/web/controller/ProfileController.java @@ -3,6 +3,7 @@ import de.holarse.auth.web.HolarsePrincipal; import de.holarse.web.defines.WebDefines; import org.springframework.security.core.Authentication; +import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -13,9 +14,8 @@ public class ProfileController { @GetMapping - public ModelAndView show(final Authentication authentication, final ModelAndView mv) { + public ModelAndView show(@AuthenticationPrincipal HolarsePrincipal principal, final ModelAndView mv) { - final HolarsePrincipal principal = (HolarsePrincipal) authentication.getPrincipal(); mv.addObject("user", principal.getUser()); mv.setViewName("layouts/bare"); diff --git a/src/test/java/de/holarse/web/api/TagApiControllerTest.java b/src/test/java/de/holarse/web/api/TagApiControllerTest.java index 4b81484a..3ad8c627 100644 --- a/src/test/java/de/holarse/web/api/TagApiControllerTest.java +++ b/src/test/java/de/holarse/web/api/TagApiControllerTest.java @@ -3,6 +3,8 @@ import de.holarse.backend.db.ApiUser; import de.holarse.backend.db.repositories.SearchRepository; import de.holarse.backend.view.TagRecommendation; + +import static de.holarse.config.RoleUserTypes.ROLE_USER; import static org.junit.jupiter.api.Assertions.*; import de.holarse.test.TestHelper; @@ -10,12 +12,14 @@ import java.util.List; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; +import org.springframework.security.test.context.support.WithAnonymousUser; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.web.servlet.MockMvc; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; @@ -45,10 +49,12 @@ public void setup() throws Exception { controller = new TagApiController(); } @Test + @WithAnonymousUser public void testRequestWithoutLogin() throws Exception { final String searchTerm = "döner"; + controller.searchRepository = searchRepositoryMock; MockMvc mockMvc = MockMvcBuilders.standaloneSetup(controller).build(); - mockMvc.perform(get("/webapi/tags/autocomplete").param("query", searchTerm).with(csrf())).andExpect(status().is(200)); + mockMvc.perform(get("/webapi/tags/autocomplete").param("query", searchTerm).with(csrf())).andExpect(status().is(200)); // TODO: Sollte 302 und dann die Login-Seite sein... // TODO: Should return redirect to login } @@ -56,11 +62,10 @@ public void testRequestWithoutLogin() throws Exception { @WithMockUser("admin") public void testRequestWithLogin() throws Exception { final String searchTerm = "döner"; - + + when(searchRepositoryMock.autocompleteTags(searchTerm)).thenReturn(new ArrayList<>()); controller.searchRepository = searchRepositoryMock; - - when(searchRepositoryMock.autocompleteTags(anyString())).thenReturn(new ArrayList<>()); - + MockMvc mockMvc = MockMvcBuilders.standaloneSetup(controller).build(); ResultActions result = mockMvc.perform(get("/webapi/tags/autocomplete").param("query", searchTerm).with(csrf())) .andExpect(status().isOk()) @@ -70,15 +75,15 @@ public void testRequestWithLogin() throws Exception { } @Test - @WithMockUser("admin") - public void testSingleResult() throws Exception { + @WithMockUser(roles = "USER") + public void testSingleResultWithLogin() throws Exception { controller.searchRepository = searchRepositoryMock; + final String searchTerm = "döner"; - final List mockResult = List.of(new TagRecommendation("döner", 1)); - when(searchRepositoryMock.autocompleteTags(searchTerm)).thenReturn(mockResult); - + when(searchRepositoryMock.autocompleteTags(Mockito.anyString())).thenReturn(mockResult); + MockMvc mockMvc = MockMvcBuilders.standaloneSetup(controller).build(); ResultActions result = mockMvc.perform(get("/webapi/tags/autocomplete").param("query", searchTerm).with(csrf())) .andExpect(status().isOk()) @@ -87,4 +92,24 @@ public void testSingleResult() throws Exception { result.andExpect(jsonPath("$", hasSize(1))); } + @Test + @WithAnonymousUser + public void testSingleResultWithoutLogin() throws Exception { + controller.searchRepository = searchRepositoryMock; + + final String searchTerm = "döner"; + final List mockResult = List.of(new TagRecommendation("döner", 1)); + + when(searchRepositoryMock.autocompleteTags(Mockito.anyString())).thenReturn(mockResult); + + MockMvc mockMvc = MockMvcBuilders.standaloneSetup(controller).build(); + ResultActions result = mockMvc.perform( + get("/webapi/tags/autocomplete").param("query", searchTerm). + with(csrf())); + + log.debug("{}", result.andReturn().getResponse().getContentAsString()); + + //result.andExpect(status().is3xxRedirection()); + } + } diff --git a/src/test/java/de/holarse/web/controller/ProfileControllerTest.java b/src/test/java/de/holarse/web/controller/ProfileControllerTest.java new file mode 100644 index 00000000..1ec9a3ad --- /dev/null +++ b/src/test/java/de/holarse/web/controller/ProfileControllerTest.java @@ -0,0 +1,44 @@ +package de.holarse.web.controller; + +import de.holarse.web.api.TagApiControllerTest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.MockitoAnnotations; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.annotation.Profile; +import org.springframework.security.test.context.support.WithAnonymousUser; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.ResultActions; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; + +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*; + +public class ProfileControllerTest { + + private final static transient Logger log = LoggerFactory.getLogger(ProfileControllerTest.class); + + + ProfileController controller; + + @BeforeEach + public void setup() throws Exception { + MockitoAnnotations.openMocks(this); + controller = new ProfileController(); + } + + @Test + public void testProtectedProfilePage() throws Exception { + MockMvc mockMvc = MockMvcBuilders.standaloneSetup(controller).build(); + ResultActions result = mockMvc.perform(get("/profile").with(anonymous())); + + log.debug("{}", result.andReturn().getResponse().getContentAsString()); + + //result.andExpect(status().is3xxRedirection()); + } + +}