36.1 Test endpoint for security - Forbidden (#2)

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResource.java

@@ -0,0 +1,15 @@
+package net.shyshkin.study.fullstack.supportportal.backend.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("user")
+public class UserResource {
+
+    @GetMapping("home")
+    public String showUser() {
+        return "Application works";
+    }
+}

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/domain/HttpResponse.java

@@ -6,11 +6,15 @@ import lombok.Data;
 import lombok.NoArgsConstructor;
 import org.springframework.http.HttpStatus;
 
+import java.time.LocalDateTime;
+
 @NoArgsConstructor
 @AllArgsConstructor
 @Data
 @Builder
 public class HttpResponse {
+//    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'hh:mm:ss.SSS")
+    private final LocalDateTime timestamp = LocalDateTime.now();
     private int httpStatusCode; // 200, 201, 400, 500
     private HttpStatus httpStatus;
     private String reason;

support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/common/BaseUserTest.java

@@ -27,7 +27,7 @@ public abstract class BaseUserTest {
                 .firstName(FAKER.name().firstName())
                 .lastName(FAKER.name().lastName())
                 .username(FAKER.name().username())
-                .password("bad_password")
+                .password("{noop}bad_password")
                 .userId(UUID.randomUUID().toString())
                 .isActive(true)
                 .isNotLocked(true)

support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java

@@ -0,0 +1,42 @@
+package net.shyshkin.study.fullstack.supportportal.backend.controller;
+
+import lombok.extern.slf4j.Slf4j;
+import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.test.context.ActiveProfiles;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertAll;
+import static org.springframework.http.HttpStatus.FORBIDDEN;
+
+@Slf4j
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@ActiveProfiles("local")
+class UserResourceTest {
+
+    @Autowired
+    TestRestTemplate restTemplate;
+
+    @Test
+    void showUser_forbidden() {
+
+        //when
+        var responseEntity = restTemplate.getForEntity("/user/home", HttpResponse.class);
+
+        //then
+        log.debug("Response Entity: {}", responseEntity);
+        assertThat(responseEntity.getStatusCode()).isEqualTo(FORBIDDEN);
+        assertThat(responseEntity.getBody())
+                .isNotNull()
+                .hasNoNullFieldsOrProperties()
+                .satisfies(httpResponse -> assertAll(
+                        () -> assertThat(httpResponse.getHttpStatusCode()).isEqualTo(403),
+                        () -> assertThat(httpResponse.getHttpStatus()).isEqualTo(FORBIDDEN),
+                        () -> assertThat(httpResponse.getReason()).isEqualTo("FORBIDDEN"),
+                        () -> assertThat(httpResponse.getMessage()).isEqualTo("You need to log in to access this page")
+                ));
+    }
+}