Resolving Jim's Suggestions

Improve comments for auth functions, and return the Dummy user for get bio-model ID.
virtualcell · Jan 15, 2025 · 0a10c28 · 0a10c28
1 parent 51b85e6
commit 0a10c28
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 13 deletions.
diff --git a/vcell-rest/src/main/java/org/vcell/restq/db/UserRestDB.java b/vcell-rest/src/main/java/org/vcell/restq/db/UserRestDB.java
@@ -46,11 +46,8 @@ public UserRestDB(AgroalConnectionFactory agroalConnectionFactory) throws DataAc
 
     /**
      * Get the users identity from the requests that they make, usually this is a JWT token, placed within the
-     * HTTP Authorization header. If defaultGuest is true, then null will be returned for anonymous users and guests, otherwise
-     * and error will be thrown about the user being unauthenticated.
-     * Tokens generated by the old API for guest users will have no effect on this function because the securityIdentity
-     * is something only our designated Auth0 provider can create.
-     * @throws DataAccessException
+     * HTTP Authorization header. If allowAnonymous is true, then null will be returned for anonymous users, otherwise
+     * an error will be thrown about the user being unauthenticated.
      */
     public enum UserRequirement{
         ALLOW_ANONYMOUS,

diff --git a/vcell-rest/src/main/java/org/vcell/restq/handlers/BioModelResource.java b/vcell-rest/src/main/java/org/vcell/restq/handlers/BioModelResource.java
@@ -11,6 +11,7 @@
 import org.eclipse.microprofile.openapi.annotations.Operation;
 import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
 import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
+import org.vcell.restq.Main;
 import org.vcell.restq.db.BioModelRestDB;
 import org.vcell.restq.db.UserRestDB;
 import org.vcell.restq.models.BioModel;
@@ -45,6 +46,9 @@ public BioModelResource(BioModelRestDB bioModelRestDB, UserRestDB userRestDB) {
     @Produces(MediaType.APPLICATION_JSON)
     public BioModel getBioModelInfo(@PathParam("bioModelID") String bioModelID) throws SQLException, DataAccessException, ExpressionException {
         User vcellUser = userRestDB.getUserFromIdentity(securityIdentity, UserRestDB.UserRequirement.ALLOW_ANONYMOUS);
+        if (vcellUser == null) {
+            vcellUser = Main.DUMMY_USER;
+        }
         try {
             BioModelRep bioModelRep = bioModelRestDB.getBioModelRep(new KeyValue(bioModelID), vcellUser);
             return BioModel.fromBioModelRep(bioModelRep);

diff --git a/vcell-rest/src/test/java/org/vcell/restq/apiclient/UsersApiTest.java b/vcell-rest/src/test/java/org/vcell/restq/apiclient/UsersApiTest.java
@@ -171,14 +171,15 @@ public void testOldAPITokenGeneration() throws ApiException {
     }
 
     /**
-     * If there is no user mapping for the client or the user does not have an JWT token in the Authorization header for HTTP,
-     * throw 401. If the user is a guest, return a token with the user id "vcellguest" and the user key "140220477".
-     * @throws ApiException
+     * If there is no user mapping for the client or the user does not have a JWT token in the Authorization header for HTTP,
+     * throw 401.
+     * If the user is anonymous to Auth0 they must ask for a Guest token.
+     * A token with the user id "vcellguest" and the user key "140220477".
      */
     @Test
     public void testOldAPITokenGenerationForGuest() throws ApiException {
-        ApiClient defaultUser = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort);
-        UsersResourceApi usersResourceApi = new UsersResourceApi(defaultUser);
+        ApiClient anonymous = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort);
+        UsersResourceApi usersResourceApi = new UsersResourceApi(anonymous);
 
         Assertions.assertThrowsExactly(ApiException.class, () -> usersResourceApi.getLegacyApiToken(), "Should throw 401 since only clients with role user can call it.");
 
@@ -191,13 +192,13 @@ public void testOldAPITokenGenerationForGuest() throws ApiException {
 
     @Test
     public void testUserMiddleWare() throws ApiException{
-        ApiClient defaultUser = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort);
-        PublicationResourceApi publicationResourceApi = new PublicationResourceApi(defaultUser);
+        ApiClient anonymous = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort);
+        PublicationResourceApi publicationResourceApi = new PublicationResourceApi(anonymous);
 
         // public available to everyone
         Assertions.assertDoesNotThrow(publicationResourceApi::getPublications);
 
-        // guests can not delete a publication
+        // anonymous user can not delete a publication (other tests exist to ensure role based access is used too)
         try{
             publicationResourceApi.deletePublication(1L);
             Assertions.fail("Should throw 401 since guests can't create a publication.");