Merge pull request #79 from zero-filtre/fix_search

Unsecure search + retrieve proper courseId for lessons
zero-filtre · Jul 9, 2024 · dc37366 · dc37366
2 parents 4fac3d2 + 736ad57
commit dc37366
Showing 3 changed files with 55 additions and 23 deletions.
diff --git a/src/main/java/tech/zerofiltre/blog/infra/providers/database/course/LessonJPARepository.java b/src/main/java/tech/zerofiltre/blog/infra/providers/database/course/LessonJPARepository.java
@@ -11,7 +11,7 @@
 public interface LessonJPARepository extends JpaRepository<LessonJPA, Long> {
 
     @Query("select new tech.zerofiltre.blog.infra.providers.database.course.model.LessonWithCourseIdJPA(l, co.id) from LessonJPA l " +
-            "join ChapterJPA c on c.id=l.id " +
+            "join ChapterJPA c on c.id=l.chapter.id " +
             "join CourseJPA co on co.id = c.course.id " +
             "where co.status= :status and" +
             "(LOWER(l.title) LIKE LOWER(CONCAT('%', :keyword, '%')) OR " +

diff --git a/src/main/java/tech/zerofiltre/blog/infra/security/config/SecurityConfiguration.java b/src/main/java/tech/zerofiltre/blog/infra/security/config/SecurityConfiguration.java
@@ -1,24 +1,29 @@
 package tech.zerofiltre.blog.infra.security.config;
 
-import lombok.extern.slf4j.*;
-import org.springframework.context.annotation.*;
-import org.springframework.http.*;
-import org.springframework.http.converter.json.*;
-import org.springframework.security.config.annotation.authentication.builders.*;
-import org.springframework.security.config.annotation.web.builders.*;
-import org.springframework.security.config.annotation.web.configuration.*;
-import org.springframework.security.config.http.*;
-import org.springframework.security.core.userdetails.*;
-import org.springframework.security.crypto.password.*;
-import org.springframework.security.web.authentication.*;
-import org.springframework.security.web.util.matcher.*;
-import tech.zerofiltre.blog.domain.metrics.*;
-import tech.zerofiltre.blog.domain.user.*;
-import tech.zerofiltre.blog.infra.entrypoints.rest.*;
-import tech.zerofiltre.blog.infra.providers.api.github.*;
-import tech.zerofiltre.blog.infra.providers.api.so.*;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import tech.zerofiltre.blog.domain.metrics.MetricsProvider;
+import tech.zerofiltre.blog.domain.user.JwtTokenProvider;
+import tech.zerofiltre.blog.domain.user.UserProvider;
+import tech.zerofiltre.blog.domain.user.VerificationTokenProvider;
+import tech.zerofiltre.blog.infra.entrypoints.rest.SecurityContextManager;
+import tech.zerofiltre.blog.infra.providers.api.github.GithubLoginProvider;
+import tech.zerofiltre.blog.infra.providers.api.so.StackOverflowLoginProvider;
 import tech.zerofiltre.blog.infra.security.filter.*;
-import tech.zerofiltre.blog.infra.security.model.*;
+import tech.zerofiltre.blog.infra.security.model.GithubAuthenticationTokenProperties;
+import tech.zerofiltre.blog.infra.security.model.JwtAuthenticationTokenProperties;
+import tech.zerofiltre.blog.infra.security.model.StackOverflowAuthenticationTokenProperties;
 
 @Slf4j
 @Configuration
@@ -129,6 +134,7 @@ protected void configure(final HttpSecurity http) throws Exception {
                         "/user/initPasswordReset",
                         "/user/verifyTokenForPasswordReset",
                         "/tag/**",
+                        "/search",
                         "/user/profile/*",
                         "/user/jwt/refreshToken",
                         "/payment/success",

diff --git a/src/test/java/tech/zerofiltre/blog/infra/providers/database/search/DBSearchProviderIT.java b/src/test/java/tech/zerofiltre/blog/infra/providers/database/search/DBSearchProviderIT.java
@@ -25,8 +25,9 @@
 class DBSearchProviderIT {
 
     private final SearchResultJpaMapper mapper = new SearchResultJpaMapper();
-    ArticleJPA article1;
-    CourseJPA course1;
+    private ArticleJPA article1;
+    private CourseJPA course2;
+    private CourseJPA course1;
     @Autowired
     private ArticleJPARepository articleJPARepository;
     @Autowired
@@ -56,16 +57,36 @@ void setUp() {
         course1.setStatus(Status.PUBLISHED);
         courseJPARepository.save(course1);
 
+        course2 = new CourseJPA();
+        course2.setTitle("2nd Java Course");
+        course2.setSubTitle("2nd Introduction to Spring");
+        course2.setSummary("2nd Summary of Java Course");
+        course2.setStatus(Status.PUBLISHED);
+        courseJPARepository.save(course2);
+
         ChapterJPA chapterJPA = new ChapterJPA();
         chapterJPA.setCourse(course1);
         chapterJPA = chapterJPARepository.save(chapterJPA);
 
+        ChapterJPA chapterJPA2 = new ChapterJPA();
+        chapterJPA2.setCourse(course1);
+        chapterJPA2 = chapterJPARepository.save(chapterJPA2);
+
         LessonJPA lesson1 = new LessonJPA();
         lesson1.setTitle("Data JPA Lesson");
         lesson1.setContent("Content about Data JPA");
         lesson1.setSummary("Summary of Spring Data JPA Lesson");
         lesson1.setChapter(chapterJPA);
+
+        LessonJPA lesson2 = new LessonJPA();
+        lesson2.setTitle("Data JPA Lesson");
+        lesson2.setContent("2nd Content about Data JPA");
+        lesson2.setSummary("Summary of Spring Data JPA Lesson");
+        lesson2.setChapter(chapterJPA2);
+
+
         lessonJPARepository.save(lesson1);
+        lessonJPARepository.save(lesson2);
     }
 
     @Test
@@ -77,12 +98,15 @@ void searchWorksProperly() {
         assertThat(result.getArticles()).hasSize(1);
         assertThat(result.getArticles().get(0).getTitle()).isEqualTo("Spring Boot Guide");
 
-        assertThat(result.getCourses()).hasSize(1);
+        assertThat(result.getCourses()).hasSize(2);
         assertThat(result.getCourses().get(0).getTitle()).isEqualTo("Java Course");
 
-        assertThat(result.getLessons()).hasSize(1);
+        assertThat(result.getLessons()).hasSize(2);
         assertThat(result.getLessons().get(0).getTitle()).isEqualTo("Data JPA Lesson");
         assertThat(result.getLessons().get(0).getCourseId()).isEqualTo(course1.getId());
+
+        assertThat(result.getLessons().get(1).getContent()).isEqualTo("2nd Content about Data JPA");
+        assertThat(result.getLessons().get(1).getCourseId()).isEqualTo(course1.getId());
     }
 
     @Test
@@ -92,7 +116,9 @@ void search_doesNotReturn_nonPublishedItems() {
         articleJPARepository.save(article1);
 
         course1.setStatus(Status.DRAFT);
+        course2.setStatus(Status.DRAFT);
         courseJPARepository.save(course1);
+        courseJPARepository.save(course2);
 
 
         // Execute the search