admin/cmc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified User to do not serialize password (#19, #18)

Browse Source
This commit is contained in:
Art
2021-09-18 08:39:02 +03:00
parent e891ef29a1
commit 679d13abad
3 changed files with 34 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/domain/User.java
View File

@ -1,5 +1,6 @@
package net.shyshkin.study.fullstack.supportportal.backend.domain; package net.shyshkin.study.fullstack.supportportal.backend.domain;
import com.fasterxml.jackson.annotation.JsonProperty;
import lombok.*; import lombok.*;
import javax.persistence.Entity; import javax.persistence.Entity;
@ -29,7 +30,10 @@ public class User implements Serializable {
private String firstName; private String firstName;
private String lastName; private String lastName;
private String username; private String username;
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String password; private String password;
private String email; private String email;
private String profileImageUrl; private String profileImageUrl;
private LocalDateTime lastLoginDate; private LocalDateTime lastLoginDate;

36
support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java
View File

@ -1,6 +1,10 @@
package net.shyshkin.study.fullstack.supportportal.backend.controller; package net.shyshkin.study.fullstack.supportportal.backend.controller;
import com.auth0.jwt.interfaces.JWTVerifier; import com.auth0.jwt.interfaces.JWTVerifier;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import net.shyshkin.study.fullstack.supportportal.backend.common.BaseUserTest; import net.shyshkin.study.fullstack.supportportal.backend.common.BaseUserTest;
import net.shyshkin.study.fullstack.supportportal.backend.constant.FileConstant; import net.shyshkin.study.fullstack.supportportal.backend.constant.FileConstant;
@ -116,7 +120,7 @@ class UserResourceTest extends BaseUserTest {
User registeredUser = responseEntity.getBody(); User registeredUser = responseEntity.getBody();
assertThat(registeredUser) assertThat(registeredUser)
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", fakeUser.getUsername()) .hasFieldOrPropertyWithValue("username", fakeUser.getUsername())
.hasFieldOrPropertyWithValue("email", fakeUser.getEmail()) .hasFieldOrPropertyWithValue("email", fakeUser.getEmail())
.hasFieldOrPropertyWithValue("firstName", fakeUser.getFirstName()) .hasFieldOrPropertyWithValue("firstName", fakeUser.getFirstName())
@ -191,10 +195,9 @@ class UserResourceTest extends BaseUserTest {
String password = fakeUser.getPassword().replace("{noop}", ""); String password = fakeUser.getPassword().replace("{noop}", "");
String username = fakeUser.getUsername(); String username = fakeUser.getUsername();
userRepository.save(fakeUser); userRepository.save(fakeUser);
String expectedMessage = "User logged in successfully";
//when //when
User userLogin = User.builder() var userLogin = UserLoginDto.builder()
.username(username) .username(username)
.password(password) .password(password)
.build(); .build();
@ -232,7 +235,7 @@ class UserResourceTest extends BaseUserTest {
String expectedMessage = "USERNAME / PASSWORD INCORRECT. PLEASE TRY AGAIN"; String expectedMessage = "USERNAME / PASSWORD INCORRECT. PLEASE TRY AGAIN";
//when //when
User userLogin = User.builder() var userLogin = UserLoginDto.builder()
.username(username) .username(username)
.password(password) .password(password)
.build(); .build();
@ -265,7 +268,7 @@ class UserResourceTest extends BaseUserTest {
String expectedMessage = "USERNAME / PASSWORD INCORRECT. PLEASE TRY AGAIN"; String expectedMessage = "USERNAME / PASSWORD INCORRECT. PLEASE TRY AGAIN";
//when //when
User userLogin = User.builder() var userLogin = UserLoginDto.builder()
.username(username) .username(username)
.password(password) .password(password)
.build(); .build();
@ -290,7 +293,7 @@ class UserResourceTest extends BaseUserTest {
@Test @Test
@Order(60) @Order(60)
void loginUser_bruteForceDetectionTest() throws InterruptedException { void loginUser_bruteForceDetectionTest() {
//given //given
User fakeUser = createRandomUser(); User fakeUser = createRandomUser();
@ -300,7 +303,7 @@ class UserResourceTest extends BaseUserTest {
String wrongPassword = "wrongPass"; String wrongPassword = "wrongPass";
//when //when
User userLogin = User.builder() var userLogin = UserLoginDto.builder()
.username(username) .username(username)
.password(wrongPassword) .password(wrongPassword)
.build(); .build();
@ -325,7 +328,7 @@ class UserResourceTest extends BaseUserTest {
if (i > 3) { if (i > 3) {
// Even correct password should not allow access to locked account // Even correct password should not allow access to locked account
userLogin = User.builder() userLogin = UserLoginDto.builder()
.username(username) .username(username)
.password(correctPassword) .password(correctPassword)
.build(); .build();
@ -384,7 +387,7 @@ class UserResourceTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", userDto.getUsername()) .hasFieldOrPropertyWithValue("username", userDto.getUsername())
.hasFieldOrPropertyWithValue("email", userDto.getEmail()) .hasFieldOrPropertyWithValue("email", userDto.getEmail())
.hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName())
@ -472,7 +475,7 @@ class UserResourceTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", userDto.getUsername()) .hasFieldOrPropertyWithValue("username", userDto.getUsername())
.hasFieldOrPropertyWithValue("email", userDto.getEmail()) .hasFieldOrPropertyWithValue("email", userDto.getEmail())
.hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName())
@ -562,7 +565,7 @@ class UserResourceTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", userDto.getUsername()) .hasFieldOrPropertyWithValue("username", userDto.getUsername())
.hasFieldOrPropertyWithValue("email", userDto.getEmail()) .hasFieldOrPropertyWithValue("email", userDto.getEmail())
.hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName())
@ -620,7 +623,7 @@ class UserResourceTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", userDto.getUsername()) .hasFieldOrPropertyWithValue("username", userDto.getUsername())
.hasFieldOrPropertyWithValue("email", userDto.getEmail()) .hasFieldOrPropertyWithValue("email", userDto.getEmail())
.hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName())
@ -724,4 +727,13 @@ class UserResourceTest extends BaseUserTest {
.hasFieldOrPropertyWithValue("message", "USER WAS NOT FOUND"); .hasFieldOrPropertyWithValue("message", "USER WAS NOT FOUND");
} }
} }
@Data
@NoArgsConstructor
@AllArgsConstructor
@Builder
static class UserLoginDto {
private String username;
private String password;
}
} }

12
support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceUnSecureTest.java
View File

@ -82,7 +82,7 @@ class UserResourceUnSecureTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", userDto.getUsername()) .hasFieldOrPropertyWithValue("username", userDto.getUsername())
.hasFieldOrPropertyWithValue("email", userDto.getEmail()) .hasFieldOrPropertyWithValue("email", userDto.getEmail())
.hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName())
@ -285,7 +285,7 @@ class UserResourceUnSecureTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", userDto.getUsername()) .hasFieldOrPropertyWithValue("username", userDto.getUsername())
.hasFieldOrPropertyWithValue("email", userDto.getEmail()) .hasFieldOrPropertyWithValue("email", userDto.getEmail())
.hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName())
@ -332,7 +332,7 @@ class UserResourceUnSecureTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", userDto.getUsername()) .hasFieldOrPropertyWithValue("username", userDto.getUsername())
.hasFieldOrPropertyWithValue("email", userDto.getEmail()) .hasFieldOrPropertyWithValue("email", userDto.getEmail())
.hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName())
@ -454,7 +454,7 @@ class UserResourceUnSecureTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", username) .hasFieldOrPropertyWithValue("username", username)
.hasFieldOrPropertyWithValue("email", user.getEmail()) .hasFieldOrPropertyWithValue("email", user.getEmail())
.hasFieldOrPropertyWithValue("firstName", user.getFirstName()) .hasFieldOrPropertyWithValue("firstName", user.getFirstName())
@ -584,7 +584,7 @@ class UserResourceUnSecureTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", username) .hasFieldOrPropertyWithValue("username", username)
.hasFieldOrPropertyWithValue("email", user.getEmail()) .hasFieldOrPropertyWithValue("email", user.getEmail())
.hasFieldOrPropertyWithValue("firstName", user.getFirstName()) .hasFieldOrPropertyWithValue("firstName", user.getFirstName())
@ -775,7 +775,7 @@ class UserResourceUnSecureTest extends BaseUserTest {
assertThat(responseEntity.getStatusCode()).isEqualTo(OK); assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
assertThat(responseEntity.getBody()) assertThat(responseEntity.getBody())
.isNotNull() .isNotNull()
.hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay", "password")
.hasFieldOrPropertyWithValue("username", username) .hasFieldOrPropertyWithValue("username", username)
.hasFieldOrPropertyWithValue("email", user.getEmail()) .hasFieldOrPropertyWithValue("email", user.getEmail())
.hasFieldOrPropertyWithValue("firstName", user.getFirstName()) .hasFieldOrPropertyWithValue("firstName", user.getFirstName())