From 63968c0b9c72e2548763a302812b8df2860a9529 Mon Sep 17 00:00:00 2001 From: anhefti Date: Thu, 29 Nov 2018 11:14:56 +0100 Subject: [PATCH] SEBSERV-8 #fixed db schemas for profiles and tests --- .../sebserver/gbl/model/user/UserInfo.java | 5 ++- .../oauth/WebClientDetailsService.java | 5 ++- src/main/resources/logback.xml | 3 +- .../{config/schema.sql => schema-dev.sql} | 0 .../api/AdministrationAPIIntegrationTest.java | 2 +- .../api/ExamAPIIntegrationTest.java | 44 ++++++++++++++----- .../api/ExamAPITestController.java | 7 ++- .../resources/application-test.properties | 1 + src/test/resources/data-test.sql | 13 ++++++ .../{schema-h2.sql => schema-test.sql} | 0 10 files changed, 61 insertions(+), 19 deletions(-) rename src/main/resources/{config/schema.sql => schema-dev.sql} (100%) create mode 100644 src/test/resources/data-test.sql rename src/test/resources/{schema-h2.sql => schema-test.sql} (100%) diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java index b430fb70..19384bc6 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java +++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java @@ -8,6 +8,7 @@ package ch.ethz.seb.sebserver.gbl.model.user; +import java.io.Serializable; import java.util.Collection; import java.util.Collections; import java.util.Locale; @@ -36,7 +37,9 @@ import ch.ethz.seb.sebserver.webservice.datalayer.batis.model.UserRecord; * to and from JSON within the Jackson library. * * This domain model is immutable and thread-save */ -public final class UserInfo { +public final class UserInfo implements Serializable { + + private static final long serialVersionUID = 2526446136264377808L; /** The user's UUID */ @JsonProperty(USER.ATTR_UUID) diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java index 5d9cba43..e7b9facc 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java @@ -8,6 +8,8 @@ package ch.ethz.seb.sebserver.webservice.weblayer.oauth; +import java.util.Collections; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -73,9 +75,10 @@ public class WebClientDetailsService implements ClientDetailsService { final BaseClientDetails baseClientDetails = new BaseClientDetails( clientId, WebResourceServerConfiguration.EXAM_API_RESOURCE_ID, - "exam-api-read,exam-api-write", + null, "client_credentials,refresh_token", ""); + baseClientDetails.setScope(Collections.emptySet()); baseClientDetails.setClientSecret(this.clientPasswordEncoder.encode("test")); return baseClientDetails; } diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml index 4e1ce13c..ecdb6cd3 100644 --- a/src/main/resources/logback.xml +++ b/src/main/resources/logback.xml @@ -8,9 +8,8 @@ + - - diff --git a/src/main/resources/config/schema.sql b/src/main/resources/schema-dev.sql similarity index 100% rename from src/main/resources/config/schema.sql rename to src/main/resources/schema-dev.sql diff --git a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java index f46e998d..510be3df 100644 --- a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java +++ b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java @@ -95,7 +95,7 @@ public class AdministrationAPIIntegrationTest { @Test public void getHello_givenToken_thenOK() { try { - final String accessToken = obtainAccessToken("user", "test"); + final String accessToken = obtainAccessToken("admin", "admin"); final String contentAsString = this.mockMvc.perform(get(this.endpoint + "/hello") .header("Authorization", "Bearer " + accessToken)) .andExpect(status().isOk()) diff --git a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java index b34f9a2f..417331ab 100644 --- a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java +++ b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java @@ -9,12 +9,15 @@ package ch.ethz.seb.sebserver.webservice.integration.api; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import java.io.UnsupportedEncodingException; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -62,10 +65,15 @@ public class ExamAPIIntegrationTest { .addFilter(this.springSecurityFilterChain).build(); } - protected String obtainAccessToken(final String clientId, final String clientSecret) throws Exception { + protected String obtainAccessToken( + final String clientId, + final String clientSecret, + final String scope) throws Exception { + final MultiValueMap params = new LinkedMultiValueMap<>(); params.add("grant_type", "client_credentials"); params.add("client_id", clientId); + params.add("scope", scope); final ResultActions result = this.mockMvc.perform(post("/oauth/token") .params(params) @@ -87,18 +95,30 @@ public class ExamAPIIntegrationTest { } @Test - public void getHello_givenToken_thenOK() { - try { - final String accessToken = obtainAccessToken("test", "test"); - final String contentAsString = this.mockMvc.perform(get(this.endpoint + "/hello") - .header("Authorization", "Bearer " + accessToken)) - .andExpect(status().isOk()) - .andReturn().getResponse().getContentAsString(); + public void get_same_token_for_same_scope() throws Exception { + final String accessToken1 = obtainAccessToken("test", "test", "testScope"); + final String accessToken2 = obtainAccessToken("test", "test", "testScope"); - assertEquals("Hello From Exam-Web-Service", contentAsString); - } catch (final Exception e) { - e.printStackTrace(); - } + assertEquals(accessToken1, accessToken2); + } + + @Test + public void get_different_tokens_for_different_scopes() throws Exception { + final String accessToken1 = obtainAccessToken("test", "test", "testScope1"); + final String accessToken2 = obtainAccessToken("test", "test", "testScope2"); + + assertNotEquals(accessToken1, accessToken2); + } + + @Test + public void getHello_givenToken_thenOK() throws UnsupportedEncodingException, Exception { + final String accessToken = obtainAccessToken("test", "test", "testScope"); + final String contentAsString = this.mockMvc.perform(get(this.endpoint + "/hello") + .header("Authorization", "Bearer " + accessToken)) + .andExpect(status().isOk()) + .andReturn().getResponse().getContentAsString(); + + assertEquals("Hello From Exam-Web-Service", contentAsString); } } diff --git a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java index b0b60735..8d0c58eb 100644 --- a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java +++ b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java @@ -8,8 +8,9 @@ package ch.ethz.seb.sebserver.webservice.integration.api; -import java.security.Principal; +import java.util.Set; +import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; @@ -22,7 +23,9 @@ import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; public class ExamAPITestController { @RequestMapping(value = "/hello", method = RequestMethod.GET) - public String helloFromWebService(final Principal principal) { + public String helloFromWebService(final OAuth2Authentication principal) { + final Set scope = principal.getOAuth2Request().getScope(); + System.out.println("OAuth 2 exam client scope is: " + scope); return "Hello From Exam-Web-Service"; } diff --git a/src/test/resources/application-test.properties b/src/test/resources/application-test.properties index 5d200506..51b2c64e 100644 --- a/src/test/resources/application-test.properties +++ b/src/test/resources/application-test.properties @@ -6,6 +6,7 @@ spring.h2.console.enabled=true spring.datasource.platform=h2 spring.datasource.url=jdbc:h2:mem:test;MODE=MySQL;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE spring.datasource.driver-class-name=org.h2.Driver +spring.datasource.platform=test sebserver.webservice.api.admin.clientId=testClient sebserver.webservice.api.admin.clientSecret=testClient diff --git a/src/test/resources/data-test.sql b/src/test/resources/data-test.sql new file mode 100644 index 00000000..ce268a85 --- /dev/null +++ b/src/test/resources/data-test.sql @@ -0,0 +1,13 @@ +INSERT INTO institution VALUES + (1, 'ETH Zürich', 'INTERNAL') + ; + +INSERT INTO user VALUES + (1, 1, 'internalDemoAdmin', 'Admin1', 'admin', '$2a$08$c2GKYEYoUVXH1Yb8GXVXVu66ltPvbZgLMcVSXRH.LgZNF/YeaYB8m', 'admin@nomail.nomail', '2018-01-01 00:00:00', 1, 1, 'en', 'UTC') + ; + +INSERT INTO user_role VALUES + (1, 1, 'SEB_SERVER_ADMIN') + ; + + diff --git a/src/test/resources/schema-h2.sql b/src/test/resources/schema-test.sql similarity index 100% rename from src/test/resources/schema-h2.sql rename to src/test/resources/schema-test.sql