From 0656dc99698ea09444b614844bf7d194e86496d8 Mon Sep 17 00:00:00 2001 From: Art Date: Mon, 6 Sep 2021 08:07:10 +0300 Subject: [PATCH] 36.1 Test endpoint for security - Forbidden (#2) --- .../backend/controller/UserResource.java | 15 +++++++ .../backend/domain/HttpResponse.java | 4 ++ .../backend/common/BaseUserTest.java | 2 +- .../backend/controller/UserResourceTest.java | 42 +++++++++++++++++++ 4 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java create mode 100644 support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java new file mode 100644 index 0000000..eb9a7d1 --- /dev/null +++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java @@ -0,0 +1,15 @@ +package net.shyshkin.study.fullstack.supportportal.backend.controller; + +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping("user") +public class UserResource { + + @GetMapping("home") + public String showUser() { + return "Application works"; + } +} diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/domain/HttpResponse.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/domain/HttpResponse.java index 4e55244..fc0442b 100644 --- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/domain/HttpResponse.java +++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/domain/HttpResponse.java @@ -6,11 +6,15 @@ import lombok.Data; import lombok.NoArgsConstructor; import org.springframework.http.HttpStatus; +import java.time.LocalDateTime; + @NoArgsConstructor @AllArgsConstructor @Data @Builder public class HttpResponse { +// @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'hh:mm:ss.SSS") + private final LocalDateTime timestamp = LocalDateTime.now(); private int httpStatusCode; // 200, 201, 400, 500 private HttpStatus httpStatus; private String reason; diff --git a/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/common/BaseUserTest.java b/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/common/BaseUserTest.java index a980379..f1d49fc 100644 --- a/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/common/BaseUserTest.java +++ b/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/common/BaseUserTest.java @@ -27,7 +27,7 @@ public abstract class BaseUserTest { .firstName(FAKER.name().firstName()) .lastName(FAKER.name().lastName()) .username(FAKER.name().username()) - .password("bad_password") + .password("{noop}bad_password") .userId(UUID.randomUUID().toString()) .isActive(true) .isNotLocked(true) diff --git a/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java b/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java new file mode 100644 index 0000000..2789635 --- /dev/null +++ b/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java @@ -0,0 +1,42 @@ +package net.shyshkin.study.fullstack.supportportal.backend.controller; + +import lombok.extern.slf4j.Slf4j; +import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.test.context.ActiveProfiles; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertAll; +import static org.springframework.http.HttpStatus.FORBIDDEN; + +@Slf4j +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@ActiveProfiles("local") +class UserResourceTest { + + @Autowired + TestRestTemplate restTemplate; + + @Test + void showUser_forbidden() { + + //when + var responseEntity = restTemplate.getForEntity("/user/home", HttpResponse.class); + + //then + log.debug("Response Entity: {}", responseEntity); + assertThat(responseEntity.getStatusCode()).isEqualTo(FORBIDDEN); + assertThat(responseEntity.getBody()) + .isNotNull() + .hasNoNullFieldsOrProperties() + .satisfies(httpResponse -> assertAll( + () -> assertThat(httpResponse.getHttpStatusCode()).isEqualTo(403), + () -> assertThat(httpResponse.getHttpStatus()).isEqualTo(FORBIDDEN), + () -> assertThat(httpResponse.getReason()).isEqualTo("FORBIDDEN"), + () -> assertThat(httpResponse.getMessage()).isEqualTo("You need to log in to access this page") + )); + } +} \ No newline at end of file