You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2020/09/30 19:20:58 UTC
[archiva-redback-core] branch master updated (aa13965 -> b2a150f)
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git.
from aa13965 Fixing tests
new f1f69fe Adding email test service for API v2
new b2a150f Adding permission tests for v2 API
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../redback/rest/api/services/v2/UserService.java | 5 +-
.../rest/services/mock/DefaultServicesAssert.java | 1 +
.../redback/rest/services/mock/ServicesAssert.java | 2 +
.../services/v2/AbstractNativeRestServices.java | 14 +-
.../rest/services/v2/NativeUserServiceTest.java | 147 ++++++++++++++++++++-
5 files changed, 164 insertions(+), 5 deletions(-)
[archiva-redback-core] 01/02: Adding email test service for API v2
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit f1f69feaa732ab20bd6d2a9fa36547f7f63583aa
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Wed Sep 30 20:09:27 2020 +0200
Adding email test service for API v2
---
.../rest/services/mock/DefaultServicesAssert.java | 1 +
.../redback/rest/services/mock/ServicesAssert.java | 2 ++
.../services/v2/AbstractNativeRestServices.java | 14 ++++++--
.../rest/services/v2/NativeUserServiceTest.java | 37 ++++++++++++++++++++++
4 files changed, 52 insertions(+), 2 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/DefaultServicesAssert.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/DefaultServicesAssert.java
index 625611d..c57ee81 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/DefaultServicesAssert.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/DefaultServicesAssert.java
@@ -47,6 +47,7 @@ public class DefaultServicesAssert
}
public void clearEmailMessages() {
+
mockJavaMailSender.getSendedEmails( ).clear( );
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/ServicesAssert.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/ServicesAssert.java
index 80b5f5c..b68c2dd 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/ServicesAssert.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/mock/ServicesAssert.java
@@ -31,11 +31,13 @@ import java.util.List;
@Path( "DefaultServicesAssert" )
public interface ServicesAssert
{
+ @Path("/getEmailMessageSended")
@GET
@Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML } )
List<EmailMessage> getEmailMessageSended()
throws Exception;
+ @Path("/clearEmailMessages")
@POST
void clearEmailMessages();
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java
index da80867..442224a 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AbstractNativeRestServices.java
@@ -332,11 +332,16 @@ public abstract class AbstractNativeRestServices
RestAssured.basePath = basePath;
}
- protected RequestSpecBuilder getRequestSpecBuilder( )
+ protected RequestSpecBuilder getRequestSpecBuilder( ) {
+ return getRequestSpecBuilder( null );
+ }
+
+ protected RequestSpecBuilder getRequestSpecBuilder( String basePath )
{
+ String myBasePath = basePath == null ? getBasePath( ) : basePath;
return new RequestSpecBuilder( ).setBaseUri( baseURI )
.setPort( port )
- .setBasePath( getBasePath( ) )
+ .setBasePath( myBasePath )
.addHeader( "Origin", RestAssured.baseURI + ":" + RestAssured.port );
}
@@ -355,6 +360,11 @@ public abstract class AbstractNativeRestServices
return getRequestSpecBuilder( ).addHeader( "Authorization", "Bearer " + bearerToken ).build( );
}
+ protected RequestSpecification getRequestSpec( String bearerToken, String path)
+ {
+ return getRequestSpecBuilder( path ).addHeader( "Authorization", "Bearer " + bearerToken ).build( );
+ }
+
protected void shutdownNative( ) throws Exception
{
if (startServer)
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index 1fdf530..da3c666 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -20,6 +20,7 @@ package org.apache.archiva.redback.rest.services.v2;
import io.restassured.response.Response;
import org.apache.archiva.redback.rest.api.model.v2.User;
+import org.apache.archiva.redback.rest.services.mock.EmailMessage;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.MethodOrderer;
@@ -950,6 +951,12 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
void register( )
{
String adminToken = getAdminToken( );
+
+ given( ).spec( getRequestSpec( adminToken, "/api/testsService" ) )
+ .when( )
+ .post( "DefaultServicesAssert/clearEmailMessages" )
+ .then( ).statusCode( 204 );
+
Map<String, Object> requestMap = new HashMap<>( );
Map<String, Object> userMap = new HashMap<>( );
@@ -970,6 +977,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.when( )
.post( "bilbo/register" )
.then( ).statusCode( 200 );
+
+ Response response = given( ).spec( getRequestSpec( adminToken, "/api/testsService" ) ).contentType( JSON )
+ .get( "DefaultServicesAssert/getEmailMessageSended" ).then( ).statusCode( 200 )
+ .extract( ).response( );
+ List<EmailMessage> emailMessages = response.jsonPath( ).getList( "", EmailMessage.class );
+ assertEquals( 1, emailMessages.size( ) );
+ assertEquals( "bilbo@lordoftherings.org", emailMessages.get( 0 ).getTos( ).get( 0 ) );
+
+ assertEquals( "Welcome", emailMessages.get( 0 ).getSubject( ) );
+ assertTrue(
+ emailMessages.get( 0 ).getText( ).contains( "Use the following URL to validate your account." ) );
+
}
finally
{
@@ -1007,6 +1026,12 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
void askForPasswordReset( )
{
String adminToken = getAdminToken( );
+
+ given( ).spec( getRequestSpec( adminToken, "/api/testsService" ) )
+ .when( )
+ .post( "DefaultServicesAssert/clearEmailMessages" )
+ .then( ).statusCode( 204 );
+
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
@@ -1026,6 +1051,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.post( "aragorn/password/reset" )
.then( ).statusCode( 200 );
+ Response response = given( ).spec( getRequestSpec( adminToken, "/api/testsService" ) ).contentType( JSON )
+ .get( "DefaultServicesAssert/getEmailMessageSended" ).then( ).statusCode( 200 )
+ .extract( ).response( );
+ List<EmailMessage> emailMessages = response.jsonPath( ).getList( "", EmailMessage.class );
+ assertEquals( 1, emailMessages.size( ) );
+ assertEquals( "aragorn@lordoftherings.org", emailMessages.get( 0 ).getTos( ).get( 0 ) );
+ String messageContent = emailMessages.get( 0 ).getText( );
+
+ assertTrue( messageContent.contains( "Password Reset" ));
+ assertTrue(messageContent.contains( "Username: aragorn" ));
+
+
given( ).spec( getRequestSpec( null ) ).contentType( JSON )
.when( )
.post( "xxyy/password/reset" )
[archiva-redback-core] 02/02: Adding permission tests for v2 API
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit b2a150fc5b619a9c70ac50b722a5ecb4437b6585
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Wed Sep 30 21:13:52 2020 +0200
Adding permission tests for v2 API
---
.../redback/rest/api/services/v2/UserService.java | 5 +-
.../rest/services/v2/NativeUserServiceTest.java | 110 ++++++++++++++++++++-
2 files changed, 112 insertions(+), 3 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index ee83204..e87d77d 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -433,10 +433,11 @@ public interface UserService
@Path( "{userId}/operations" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
- @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_LIST_OPERATION )
+ @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_VIEW_OPERATION,
+ resource = "{userId}")
@io.swagger.v3.oas.annotations.Operation( summary = "Returns a list of privileged operations assigned to the given user.",
security = {
- @SecurityRequirement( name = RedbackRoleConstants.USER_MANAGEMENT_USER_LIST_OPERATION )
+ @SecurityRequirement( name = RedbackRoleConstants.USER_MANAGEMENT_USER_VIEW_OPERATION )
},
responses = {
@ApiResponse( responseCode = "200",
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index da3c666..09e051b 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -19,6 +19,8 @@ package org.apache.archiva.redback.rest.services.v2;
*/
import io.restassured.response.Response;
+import org.apache.archiva.redback.rest.api.model.Operation;
+import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.User;
import org.apache.archiva.redback.rest.services.mock.EmailMessage;
import org.junit.jupiter.api.AfterAll;
@@ -1099,9 +1101,83 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( )
.get( "aragorn/permissions" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ List<Permission> result = response.getBody( ).jsonPath( ).getList( "", Permission.class );
+ assertNotNull( result );
+ assertEquals( 2, result.size( ) );
+ assertTrue( result.stream( ).anyMatch( permission -> permission.getName( ).equals( "Edit User Data by Username" ) ) );
+ assertTrue( result.stream( ).anyMatch( permission -> permission.getName( ).equals( "View User Data by Username" ) ) );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void getUserPermissionsInvalidPermission( )
+ {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String token = getUserToken( "aragorn", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .when( )
+ .get( "admin/permissions" )
+ .then( ).statusCode( 403 );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void getUserOperations( )
+ {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String token = getUserToken( "aragorn", "pAssw0rD" );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .when( )
+ .get( "aragorn/operations" )
.prettyPeek( )
.then( ).statusCode( 200 ).extract( ).response( );
- assertEquals( 2, response.getBody( ).jsonPath( ).getList( "" ).size( ) );
+ List<Operation> result = response.getBody( ).jsonPath( ).getList( "", Operation.class );
+ assertNotNull( result );
+ assertEquals( 2, result.size( ) );
+ assertTrue( result.stream( ).anyMatch( operation -> operation.getName( ).equals( "user-management-user-edit" ) ) );
+ assertTrue( result.stream( ).anyMatch( operation -> operation.getName( ).equals( "user-management-user-view" ) ) );
+
}
@@ -1113,4 +1189,36 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
}
+ @Test
+ void getUserOperationsInvalidPermission( )
+ {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String token = getUserToken( "aragorn", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .when( )
+ .get( "admin/operations" )
+ .prettyPeek( )
+ .then( ).statusCode( 403 );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
}