From 0a10c281fd1244b0577ca308f04ef973314ea926 Mon Sep 17 00:00:00 2001 From: Ezequiel Valencia Date: Wed, 15 Jan 2025 08:34:25 -0500 Subject: [PATCH] Resolving Jim's Suggestions Improve comments for auth functions, and return the Dummy user for get bio-model ID. --- .../java/org/vcell/restq/db/UserRestDB.java | 7 ++----- .../vcell/restq/handlers/BioModelResource.java | 4 ++++ .../org/vcell/restq/apiclient/UsersApiTest.java | 17 +++++++++-------- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/vcell-rest/src/main/java/org/vcell/restq/db/UserRestDB.java b/vcell-rest/src/main/java/org/vcell/restq/db/UserRestDB.java index f8040fdbde..b98fe9704b 100644 --- a/vcell-rest/src/main/java/org/vcell/restq/db/UserRestDB.java +++ b/vcell-rest/src/main/java/org/vcell/restq/db/UserRestDB.java @@ -46,11 +46,8 @@ public UserRestDB(AgroalConnectionFactory agroalConnectionFactory) throws DataAc /** * Get the users identity from the requests that they make, usually this is a JWT token, placed within the - * HTTP Authorization header. If defaultGuest is true, then null will be returned for anonymous users and guests, otherwise - * and error will be thrown about the user being unauthenticated. - * Tokens generated by the old API for guest users will have no effect on this function because the securityIdentity - * is something only our designated Auth0 provider can create. - * @throws DataAccessException + * HTTP Authorization header. If allowAnonymous is true, then null will be returned for anonymous users, otherwise + * an error will be thrown about the user being unauthenticated. */ public enum UserRequirement{ ALLOW_ANONYMOUS, diff --git a/vcell-rest/src/main/java/org/vcell/restq/handlers/BioModelResource.java b/vcell-rest/src/main/java/org/vcell/restq/handlers/BioModelResource.java index edbeadaa51..6f79f7470f 100644 --- a/vcell-rest/src/main/java/org/vcell/restq/handlers/BioModelResource.java +++ b/vcell-rest/src/main/java/org/vcell/restq/handlers/BioModelResource.java @@ -11,6 +11,7 @@ import org.eclipse.microprofile.openapi.annotations.Operation; import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; +import org.vcell.restq.Main; import org.vcell.restq.db.BioModelRestDB; import org.vcell.restq.db.UserRestDB; import org.vcell.restq.models.BioModel; @@ -45,6 +46,9 @@ public BioModelResource(BioModelRestDB bioModelRestDB, UserRestDB userRestDB) { @Produces(MediaType.APPLICATION_JSON) public BioModel getBioModelInfo(@PathParam("bioModelID") String bioModelID) throws SQLException, DataAccessException, ExpressionException { User vcellUser = userRestDB.getUserFromIdentity(securityIdentity, UserRestDB.UserRequirement.ALLOW_ANONYMOUS); + if (vcellUser == null) { + vcellUser = Main.DUMMY_USER; + } try { BioModelRep bioModelRep = bioModelRestDB.getBioModelRep(new KeyValue(bioModelID), vcellUser); return BioModel.fromBioModelRep(bioModelRep); diff --git a/vcell-rest/src/test/java/org/vcell/restq/apiclient/UsersApiTest.java b/vcell-rest/src/test/java/org/vcell/restq/apiclient/UsersApiTest.java index c751714c14..5b37685a02 100644 --- a/vcell-rest/src/test/java/org/vcell/restq/apiclient/UsersApiTest.java +++ b/vcell-rest/src/test/java/org/vcell/restq/apiclient/UsersApiTest.java @@ -171,14 +171,15 @@ public void testOldAPITokenGeneration() throws ApiException { } /** - * If there is no user mapping for the client or the user does not have an JWT token in the Authorization header for HTTP, - * throw 401. If the user is a guest, return a token with the user id "vcellguest" and the user key "140220477". - * @throws ApiException + * If there is no user mapping for the client or the user does not have a JWT token in the Authorization header for HTTP, + * throw 401. + * If the user is anonymous to Auth0 they must ask for a Guest token. + * A token with the user id "vcellguest" and the user key "140220477". */ @Test public void testOldAPITokenGenerationForGuest() throws ApiException { - ApiClient defaultUser = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort); - UsersResourceApi usersResourceApi = new UsersResourceApi(defaultUser); + ApiClient anonymous = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort); + UsersResourceApi usersResourceApi = new UsersResourceApi(anonymous); Assertions.assertThrowsExactly(ApiException.class, () -> usersResourceApi.getLegacyApiToken(), "Should throw 401 since only clients with role user can call it."); @@ -191,13 +192,13 @@ public void testOldAPITokenGenerationForGuest() throws ApiException { @Test public void testUserMiddleWare() throws ApiException{ - ApiClient defaultUser = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort); - PublicationResourceApi publicationResourceApi = new PublicationResourceApi(defaultUser); + ApiClient anonymous = TestEndpointUtils.createUnAuthenticatedAPIClient(testPort); + PublicationResourceApi publicationResourceApi = new PublicationResourceApi(anonymous); // public available to everyone Assertions.assertDoesNotThrow(publicationResourceApi::getPublications); - // guests can not delete a publication + // anonymous user can not delete a publication (other tests exist to ensure role based access is used too) try{ publicationResourceApi.deletePublication(1L); Assertions.fail("Should throw 401 since guests can't create a publication.");