From 2eba2544adc40ecfc8fc4da64a4ea81f30c47c6e Mon Sep 17 00:00:00 2001 From: Yas Asghari <100201381+yasasghari@users.noreply.github.com> Date: Thu, 29 Feb 2024 10:52:15 +0100 Subject: [PATCH] create JWT tokens for integration tests --- .../ApplicationStatusController.java | 4 ++ .../service/JwtAuthService.java | 22 ++++++++++- ...cationStatusControllerIntegrationTest.java | 38 ++++++++++++------- .../ApplicationStatusIntegrationTest.java | 6 +-- 4 files changed, 51 insertions(+), 19 deletions(-) diff --git a/src/main/java/com/example/applicationstatusservice/controller/ApplicationStatusController.java b/src/main/java/com/example/applicationstatusservice/controller/ApplicationStatusController.java index b3254bd..b6e3b5f 100644 --- a/src/main/java/com/example/applicationstatusservice/controller/ApplicationStatusController.java +++ b/src/main/java/com/example/applicationstatusservice/controller/ApplicationStatusController.java @@ -72,6 +72,9 @@ public String applicationPage() { public ResponseEntity handleApplicationStatus(@RequestHeader("Authorization") String header, @RequestBody ApplicationStatusDTO applicationStatusDTO, HttpServletRequest request) { //IP address of the machine requesting to set/update application status. String IP = request.getRemoteAddr(); + + String jwtToken = header.replace("Bearer ", ""); + System.out.println("token" + jwtToken); //Error messages in case of an invalid person_id or an invalid status or an invalid JWT token. String jwtTokenErrorMessage = jwtAuthService.jwtAuth(header); String personIdErrorMessage = applicationStatusService.isPersonIdValid(applicationStatusDTO.getPerson_id()); @@ -79,6 +82,7 @@ public ResponseEntity handleApplicationStatus(@RequestHeader("Authorizat //Validation process to make sure person_id and status received is correct. if ("UNAUTHORIZED".equals(jwtTokenErrorMessage)) { + System.out.println("token invalid"); logger.error("The person with IP address: {} has unauthorized access with the provided JWT token ", IP); return new ResponseEntity<>(new ErrorDTO(jwtTokenErrorMessage), HttpStatus.BAD_REQUEST); } else if ("INVALID_DATA".equals(personIdErrorMessage)) { diff --git a/src/main/java/com/example/applicationstatusservice/service/JwtAuthService.java b/src/main/java/com/example/applicationstatusservice/service/JwtAuthService.java index eb522e0..db363b0 100644 --- a/src/main/java/com/example/applicationstatusservice/service/JwtAuthService.java +++ b/src/main/java/com/example/applicationstatusservice/service/JwtAuthService.java @@ -8,7 +8,6 @@ import org.apache.logging.log4j.Logger; import org.springframework.stereotype.Service; import org.springframework.beans.factory.annotation.Value; - import javax.crypto.spec.SecretKeySpec; import java.nio.charset.StandardCharsets; @@ -27,7 +26,7 @@ public class JwtAuthService { /** * Config variable JWT secret from Heroku. */ - @Value("${JWT_SECRET}") + @Value("${JWT_SECRET:FKi2FTPuzT6XzXZnDjR4Z2X5Uu2+C3yNq3BgtHJvd4g=}") private String JWT_SECRET; /** @@ -48,14 +47,33 @@ public String jwtAuth(String header) { Claims claims = parseJwtClaims.getBody(); Integer roleValue = claims.get("role", Integer.class); if (roleValue != null && roleValue.equals(1)) { + System.out.println("role 1"); logger.info("Authorized user"); return "AUTHORIZED"; } else { logger.info("Unauthorized user"); + System.out.println("role isnt 1"); return "UNAUTHORIZED"; } } catch (Exception e) { + System.out.println("deep shit"); return "UNAUTHORIZED"; } } + + /** + * Creates JWT tokens to use during integration testing. + * @return JWT tokens encoded using HS256 algorithm. + */ + public String jwtCreateTestTokens(){ + SecretKeySpec keyTest = new SecretKeySpec(JWT_SECRET.getBytes(), + SignatureAlgorithm.HS256.getJcaName()); + return Jwts.builder() + .claim("usage", "login") + .claim("id", 5) + .claim("username", "MaxwellBailey") + .claim("role", 1) + .signWith(keyTest) + .compact(); + } } diff --git a/src/test/java/com/example/applicationstatusservice/ApplicationStatusControllerIntegrationTest.java b/src/test/java/com/example/applicationstatusservice/ApplicationStatusControllerIntegrationTest.java index 5f3676c..4c8346f 100644 --- a/src/test/java/com/example/applicationstatusservice/ApplicationStatusControllerIntegrationTest.java +++ b/src/test/java/com/example/applicationstatusservice/ApplicationStatusControllerIntegrationTest.java @@ -4,6 +4,7 @@ import com.example.applicationstatusservice.model.dto.ApplicationStatusDTO; import com.example.applicationstatusservice.model.dto.PersonDTO; import com.example.applicationstatusservice.repository.PersonRepository; +import com.example.applicationstatusservice.service.JwtAuthService; import com.example.applicationstatusservice.service.PersonService; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -18,7 +19,6 @@ import org.testcontainers.containers.PostgreSQLContainer; import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Testcontainers; - import static org.junit.jupiter.api.Assertions.assertEquals; /** @@ -53,6 +53,14 @@ public class ApplicationStatusControllerIntegrationTest { @Autowired private ApplicationStatusController applicationStatusController; + /** + * JwtAuthService is an autowired instance containing logic for authentication + * and authorization of jwt tokens. + * {@code @Autowired} provides automatic dependency injection. + */ + @Autowired + private JwtAuthService jwtAuthService; + /** * PersonService is an autowired instance containing business-logic for person-related operations. * {@code @Autowired} provides automatic dependency injection. @@ -66,9 +74,6 @@ public class ApplicationStatusControllerIntegrationTest { @Autowired PersonRepository personRepository; - String testToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2FnZSI6ImxvZ2luIiwiaWQiOjUsInJvbGUiOjEsInVzZXJuYW1lIjoiTWF4d2VsbEJhaWxleSIsImV4cCI6MTcwOTE1NjE2MSwiaWF0IjoxNzA5MTUyNTYxfQ.sevPgpuRvgWU2nDjORn3KYSIJwC_5IvWkWDuOcHKz-0"; - String testHeader = "Bearer " + testToken; - /** * The method sets the property JDBC URL spring.datasource.url * dynamically for the postgreSQL container. @@ -109,7 +114,8 @@ void saveAPerson() { void personIdValid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - + String testToken = jwtAuthService.jwtCreateTestTokens(); + String testHeader = "Bearer " + testToken; ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(5L, "Pending"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.OK, resp.getStatusCode()); @@ -122,7 +128,8 @@ void personIdValid() throws Exception { void personIdInvalid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - + String testToken = jwtAuthService.jwtCreateTestTokens(); + String testHeader = "Bearer " + testToken; ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(4000L, "Pending"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.BAD_REQUEST, resp.getStatusCode()); @@ -135,7 +142,8 @@ void personIdInvalid() throws Exception { void statusPendingValid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - + String testToken = jwtAuthService.jwtCreateTestTokens(); + String testHeader = "Bearer " + testToken; ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(9L, "Pending"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.OK, resp.getStatusCode()); @@ -148,7 +156,8 @@ void statusPendingValid() throws Exception { void statusAcceptValid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - + String testToken = jwtAuthService.jwtCreateTestTokens(); + String testHeader = "Bearer " + testToken; ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(1L, "Accept"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.OK, resp.getStatusCode()); @@ -161,7 +170,8 @@ void statusAcceptValid() throws Exception { void statusRejectValid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - + String testToken = jwtAuthService.jwtCreateTestTokens(); + String testHeader = "Bearer " + testToken; ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(3L, "Reject"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.OK, resp.getStatusCode()); @@ -174,7 +184,8 @@ void statusRejectValid() throws Exception { void statusInvalid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - + String testToken = jwtAuthService.jwtCreateTestTokens(); + String testHeader = "Bearer " + testToken; ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(4L, "random"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.BAD_REQUEST, resp.getStatusCode()); @@ -187,7 +198,8 @@ void statusInvalid() throws Exception { void jwtTokenValid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - + String testToken = jwtAuthService.jwtCreateTestTokens(); + String testHeader = "Bearer " + testToken; ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(6L, "Pending"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.OK, resp.getStatusCode()); @@ -201,10 +213,8 @@ void jwtTokenValid() throws Exception { void jwtTokenInValid() throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); req.addHeader("X-Forwarded-For", "127.0.0.1"); - - String testToken = "yJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2FnZSI6ImxvZ2luIiwiaWQiOjUsInJvbGUiOjEsInVzZXJuYW1lIjoiTWF4d2VsbEJhaWxleSIsImV4cCI6MTcwOTE1NjE2MSwiaWF0IjoxNzA5MTUyNTYxfQ.sevPgpuRvgWU2nDjORn3KYSIJwC_5IvWkWDuOcHKz-0"; + String testToken = "INVALID_TOKEN"; String testHeader = "Bearer " + testToken; - ApplicationStatusDTO applicationStatusDTO = new ApplicationStatusDTO(4L, "Pending"); ResponseEntity resp = applicationStatusController.handleApplicationStatus(testHeader, applicationStatusDTO, req); assertEquals(HttpStatus.BAD_REQUEST, resp.getStatusCode()); diff --git a/src/test/java/com/example/applicationstatusservice/ApplicationStatusIntegrationTest.java b/src/test/java/com/example/applicationstatusservice/ApplicationStatusIntegrationTest.java index 21a0fe8..a89b9a5 100644 --- a/src/test/java/com/example/applicationstatusservice/ApplicationStatusIntegrationTest.java +++ b/src/test/java/com/example/applicationstatusservice/ApplicationStatusIntegrationTest.java @@ -53,7 +53,7 @@ public class ApplicationStatusIntegrationTest { private ApplicationStatusService applicationStatusService; /** - * ApplicationStatusService is an autowired instance containing logic for authentication + * JwtAuthService is an autowired instance containing logic for authentication * and authorization of jwt tokens. * {@code @Autowired} provides automatic dependency injection. */ @@ -172,7 +172,7 @@ void statusInvalid() throws Exception { */ @Test void jwtTokenValid() throws Exception { - String testToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2FnZSI6ImxvZ2luIiwiaWQiOjUsInJvbGUiOjEsInVzZXJuYW1lIjoiTWF4d2VsbEJhaWxleSIsImV4cCI6MTcwOTE1NjE2MSwiaWF0IjoxNzA5MTUyNTYxfQ.sevPgpuRvgWU2nDjORn3KYSIJwC_5IvWkWDuOcHKz-0"; + String testToken = jwtAuthService.jwtCreateTestTokens(); String testHeader = "Bearer " + testToken; assertEquals("AUTHORIZED", jwtAuthService.jwtAuth(testHeader)); } @@ -182,7 +182,7 @@ void jwtTokenValid() throws Exception { */ @Test void jwtTokenInValid() throws Exception { - String testToken = "yJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2FnZSI6ImxvZ2luIiwiaWQiOjUsInJvbGUiOjEsInVzZXJuYW1lIjoiTWF4d2VsbEJhaWxleSIsImV4cCI6MTcwOTE1NjE2MSwiaWF0IjoxNzA5MTUyNTYxfQ.sevPgpuRvgWU2nDjORn3KYSIJwC_5IvWkWDuOcHKz-0"; + String testToken = "INVALID_TOKEN"; String testHeader = "Bearer " + testToken; assertEquals("UNAUTHORIZED", jwtAuthService.jwtAuth(testHeader)); }