36.2 Test endpoint for security - correct JWT (#2)

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/JwtConfig.java

@@ -15,7 +15,7 @@ public class JwtConfig {
     @Bean
     public JWTVerifier jwtVerifier(@Value("${app.jwt.secret}") String secret) {
 
-        Algorithm algorithm = Algorithm.HMAC256(secret);
+        Algorithm algorithm = Algorithm.HMAC512(secret);
         return JWT.require(algorithm)
                 .withIssuer(GET_ARRAYS_LLC)
                 .build(); //Reusable verifier instance

support-portal-backend/src/main/resources/application.yml

@@ -12,7 +12,8 @@ spring:
         dialect: org.hibernate.dialect.MySQL8Dialect
 app:
   jwt:
-    secret: ${random.value}
+    secret: VeRy_5ecretP@55W0rd!
+#    secret: ${random.value} #Does not work - every time generates new value
 ---
 spring:
   config:

support-portal-backend/src/test/java/net/shyshkin/study/fullstack/supportportal/backend/controller/UserResourceTest.java

@@ -1,27 +1,35 @@
 package net.shyshkin.study.fullstack.supportportal.backend.controller;
 
 import lombok.extern.slf4j.Slf4j;
+import net.shyshkin.study.fullstack.supportportal.backend.common.BaseUserTest;
 import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse;
+import net.shyshkin.study.fullstack.supportportal.backend.domain.User;
+import net.shyshkin.study.fullstack.supportportal.backend.domain.UserPrincipal;
+import net.shyshkin.study.fullstack.supportportal.backend.utility.JwtTokenProvider;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
-import org.springframework.test.context.ActiveProfiles;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.RequestEntity;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertAll;
 import static org.springframework.http.HttpStatus.FORBIDDEN;
+import static org.springframework.http.HttpStatus.OK;
 
 @Slf4j
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
-@ActiveProfiles("local")
-class UserResourceTest {
+class UserResourceTest extends BaseUserTest {
 
     @Autowired
     TestRestTemplate restTemplate;
 
+    @Autowired
+    JwtTokenProvider jwtTokenProvider;
+
     @Test
-    void showUser_forbidden() {
+    void showUserHome_forbidden() {
 
         //when
         var responseEntity = restTemplate.getForEntity("/user/home", HttpResponse.class);
@@ -39,4 +47,28 @@ class UserResourceTest {
                         () -> assertThat(httpResponse.getMessage()).isEqualTo("You need to log in to access this page")
                 ));
     }
+
+    @Test
+    void showUserHome_correctToken() {
+
+        //given
+        User fakeUser = createRandomUser();
+        user = userRepository.save(fakeUser);
+        String validToken = jwtTokenProvider.generateJwtToken(new UserPrincipal(user));
+        log.debug("JWT Token: `{}`", validToken);
+
+        //when
+        RequestEntity<?> requestEntity = RequestEntity
+                .get("/user/home")
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + validToken)
+                .build();
+        var responseEntity = restTemplate.exchange(requestEntity, String.class);
+
+        //then
+        log.debug("Response Entity: {}", responseEntity);
+        assertThat(responseEntity.getStatusCode()).isEqualTo(OK);
+        assertThat(responseEntity.getBody())
+                .isNotNull()
+                .isEqualTo("Application works");
+    }
 }