diff --git a/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java b/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java index 69cdc12..6bcc95c 100644 --- a/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java +++ b/support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java @@ -6,12 +6,10 @@ import net.shyshkin.study.fullstack.supportportal.backend.common.BaseUserTest; import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse; import net.shyshkin.study.fullstack.supportportal.backend.domain.User; import net.shyshkin.study.fullstack.supportportal.backend.domain.UserPrincipal; +import net.shyshkin.study.fullstack.supportportal.backend.domain.dto.UserDto; import net.shyshkin.study.fullstack.supportportal.backend.service.LoginAttemptService; import net.shyshkin.study.fullstack.supportportal.backend.utility.JwtTokenProvider; -import org.junit.jupiter.api.MethodOrderer; -import org.junit.jupiter.api.Order; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.TestMethodOrder; +import org.junit.jupiter.api.*; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.web.client.TestRestTemplate; @@ -19,6 +17,8 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.RequestEntity; import org.springframework.http.ResponseEntity; +import java.util.Map; + import static net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants.JWT_TOKEN_HEADER; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertAll; @@ -38,6 +38,8 @@ class UserResourceTest extends BaseUserTest { @Autowired JWTVerifier jwtVerifier; + private static String correctToken; + @Test @Order(10) void showUserHome_forbidden() { @@ -200,6 +202,7 @@ class UserResourceTest extends BaseUserTest { log.debug("Token: {}", token); assertThat(token).isNotBlank(); assertThat(jwtVerifier.verify(token).getSubject()).isEqualTo(username); + correctToken = token; } @Test @@ -327,4 +330,181 @@ class UserResourceTest extends BaseUserTest { } + + @Test + @Order(70) + void addNewUser_correct() { + + //given + UserDto userDto = createRandomUserDto(); + Map paramMap = Map.of( + "firstName", userDto.getFirstName(), + "lastName", userDto.getLastName(), + "username", userDto.getUsername(), + "email", userDto.getEmail(), + "role", userDto.getRole().name(), + "isActive", String.valueOf(userDto.isActive()), + "isNonLocked", String.valueOf(userDto.isNonLocked()) + ); + + //when + var requestEntity = RequestEntity + .post("/user/add") + .headers(httpHeaders -> httpHeaders.setBearerAuth(correctToken)) + .build(); + ResponseEntity responseEntity = restTemplate + .postForEntity( + "/user/add?username={username}&email={email}" + + "&firstName={firstName}&lastName={lastName}" + + "&role={role}&active={isActive}&nonLocked={isNonLocked}", + requestEntity, + User.class, + paramMap + ); + + //then + log.debug("Response Entity: {}", responseEntity); + assertThat(responseEntity.getStatusCode()).isEqualTo(OK); + assertThat(responseEntity.getBody()) + .isNotNull() + .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") + .hasFieldOrPropertyWithValue("username", userDto.getUsername()) + .hasFieldOrPropertyWithValue("email", userDto.getEmail()) + .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) + .hasFieldOrPropertyWithValue("lastName", userDto.getLastName()) + .hasFieldOrPropertyWithValue("isActive", true) + .hasFieldOrPropertyWithValue("isNotLocked", true) + .hasFieldOrPropertyWithValue("role", "ROLE_ADMIN"); + } + + @Test + @Order(71) + void addNewUser_withoutToken() { + + //given + UserDto userDto = createRandomUserDto(); + Map paramMap = Map.of( + "firstName", userDto.getFirstName(), + "lastName", userDto.getLastName(), + "username", userDto.getUsername(), + "email", userDto.getEmail(), + "role", userDto.getRole().name(), + "isActive", userDto.isActive(), + "isNonLocked", userDto.isNonLocked() + ); + + //when + var responseEntity = restTemplate + .postForEntity( + "/user/add?username={username}&email={email}" + + "&firstName={firstName}&lastName={lastName}" + + "&role={role}&active={isActive}&nonLocked={isNonLocked}", + null, + HttpResponse.class, + paramMap + ); + + //then + log.debug("Response Entity: {}", responseEntity); + assertThat(responseEntity.getStatusCode()).isEqualTo(FORBIDDEN); + assertThat(responseEntity.getBody()) + .isNotNull() + .hasNoNullFieldsOrProperties() + .hasFieldOrPropertyWithValue("httpStatus", FORBIDDEN) + .hasFieldOrPropertyWithValue("message", "You need to log in to access this page"); + } + + @Test + @Order(72) + @DisplayName("When trying to use token of non existing user (or already deleted/blocked user) but token is correct then should allow access") + void addNewUser_tokenOfNonExistingUser() { + + //given + User nonExistingUser = createRandomUser(); + log.debug("Non existing user: {}", nonExistingUser); + String token = jwtTokenProvider.generateJwtToken(new UserPrincipal(nonExistingUser)); + + UserDto userDto = createRandomUserDto(); + Map paramMap = Map.of( + "firstName", userDto.getFirstName(), + "lastName", userDto.getLastName(), + "username", userDto.getUsername(), + "email", userDto.getEmail(), + "role", userDto.getRole().name(), + "isActive", userDto.isActive(), + "isNonLocked", userDto.isNonLocked() + ); + + //when + var requestEntity = RequestEntity + .post("/user/add") + .headers(httpHeaders -> httpHeaders.setBearerAuth(token)) + .build(); + ResponseEntity responseEntity = restTemplate + .postForEntity( + "/user/add?username={username}&email={email}" + + "&firstName={firstName}&lastName={lastName}" + + "&role={role}&active={isActive}&nonLocked={isNonLocked}", + requestEntity, + User.class, + paramMap + ); + + //then + log.debug("Response Entity: {}", responseEntity); + assertThat(responseEntity.getStatusCode()).isEqualTo(OK); + assertThat(responseEntity.getBody()) + .isNotNull() + .hasNoNullFieldsOrPropertiesExcept("lastLoginDate", "lastLoginDateDisplay") + .hasFieldOrPropertyWithValue("username", userDto.getUsername()) + .hasFieldOrPropertyWithValue("email", userDto.getEmail()) + .hasFieldOrPropertyWithValue("firstName", userDto.getFirstName()) + .hasFieldOrPropertyWithValue("lastName", userDto.getLastName()) + .hasFieldOrPropertyWithValue("isActive", true) + .hasFieldOrPropertyWithValue("isNotLocked", true) + .hasFieldOrPropertyWithValue("role", "ROLE_ADMIN"); + } + + @Test + @Order(72) + @DisplayName("When trying to use totally invalid - 403 Forbidden") + void addNewUser_invalidToken() { + + //given + String token = "fake-token"; + + UserDto userDto = createRandomUserDto(); + Map paramMap = Map.of( + "firstName", userDto.getFirstName(), + "lastName", userDto.getLastName(), + "username", userDto.getUsername(), + "email", userDto.getEmail(), + "role", userDto.getRole().name(), + "isActive", userDto.isActive(), + "isNonLocked", userDto.isNonLocked() + ); + + //when + var requestEntity = RequestEntity + .post("/user/add") + .headers(httpHeaders -> httpHeaders.setBearerAuth(token)) + .build(); + var responseEntity = restTemplate + .postForEntity( + "/user/add?username={username}&email={email}" + + "&firstName={firstName}&lastName={lastName}" + + "&role={role}&active={isActive}&nonLocked={isNonLocked}", + requestEntity, + HttpResponse.class, + paramMap + ); + + //then + log.debug("Response Entity: {}", responseEntity); + assertThat(responseEntity.getBody()) + .isNotNull() + .hasNoNullFieldsOrProperties() + .hasFieldOrPropertyWithValue("httpStatus", FORBIDDEN) + .hasFieldOrPropertyWithValue("message", "You need to log in to access this page"); + } } \ No newline at end of file