Examples with User com.aidanwhiteley.books.domain.User used on opensource projects

Example 26 with User

use of com.aidanwhiteley.books.domain.User in project books by aidanwhiteley.

the class BookSecureControllerTest method tryToCreateBookWithInsufficientPermissions.

@Test
public void tryToCreateBookWithInsufficientPermissions() {
    Book testBook = BookRepositoryTest.createTestBook();
    // Set up user with just the ROLE_USER role
    User user = BookControllerTestUtils.getTestUser();
    user.removeRole(Role.ROLE_ADMIN);
    user.removeRole(Role.ROLE_EDITOR);
    String token = jwtUtils.createTokenForUser(user);
    HttpEntity<Book> putData = BookControllerTestUtils.getBookHttpEntity(testBook, user, token);
    ResponseEntity<Book> postResponse = testRestTemplate.exchange("/secure/api/books", HttpMethod.POST, putData, Book.class);
    // See comments in the tryToCreateBookWithNoPermissions test for why a 302 is expected.
    assertEquals(HttpStatus.FOUND, postResponse.getStatusCode());
}

Example 27 with User

use of com.aidanwhiteley.books.domain.User in project books by aidanwhiteley.

the class BookSecureControllerTest method testDebugHeaders.

@Test
public void testDebugHeaders() {
    User user = BookControllerTestUtils.getTestUser();
    String token = jwtUtils.createTokenForUser(user);
    // Re-using "book related" code to get required headers easily set up
    Book testBook = BookRepositoryTest.createTestBook();
    HttpEntity<Book> request = BookControllerTestUtils.getBookHttpEntity(testBook, user, token, null);
    ResponseEntity<String> response = testRestTemplate.exchange("/secure/api/debugheaders", HttpMethod.GET, request, String.class);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    assertTrue(response.getBody().contains(JwtAuthenticationService.JWT_COOKIE_NAME));
}

Example 28 with User

use of com.aidanwhiteley.books.domain.User in project books by aidanwhiteley.

the class BookSecureControllerTest method tryUpdateActionWhenNoCsrfTokenInRequestHeaders.

@Test
public void tryUpdateActionWhenNoCsrfTokenInRequestHeaders() {
    User user = BookControllerTestUtils.getTestUser();
    String token = jwtUtils.createTokenForUser(user);
    String xsrfToken = BookControllerTestUtils.getXsrfToken(testRestTemplate);
    // Check all works OK when xsrf token is supplied
    Book testBook = BookRepositoryTest.createTestBook();
    HttpEntity<Book> request = BookControllerTestUtils.getBookHttpEntity(testBook, user, token, xsrfToken);
    ResponseEntity<Book> response = testRestTemplate.exchange("/secure/api/books", HttpMethod.POST, request, Book.class);
    assertEquals(HttpStatus.CREATED, response.getStatusCode());
    // And now check the action is forbidden when no xsrf token is supplied
    request = BookControllerTestUtils.getBookHttpEntity(testBook, user, token, null);
    response = testRestTemplate.exchange("/secure/api/books", HttpMethod.POST, request, Book.class);
    // In actual fact, what happens is that the request is re-directed to the "logon page", A 403 would have been preferable
    assertEquals(HttpStatus.FOUND, response.getStatusCode());
    assertTrue(response.getHeaders().getLocation().getPath().equals(WebSecurityConfiguration.API_LOGIN));
}

Example 29 with User

use of com.aidanwhiteley.books.domain.User in project books by aidanwhiteley.

the class BookSecureControllerTest method createAndDeleteBook.

@Test
public void createAndDeleteBook() {
    // Create book
    ResponseEntity<Book> response = BookControllerTestUtils.postBookToServer(jwtUtils, testRestTemplate);
    assertEquals(HttpStatus.CREATED, response.getStatusCode());
    // Get location of created book
    String location = response.getHeaders().getLocation().toString();
    assertNotNull("Location of newly created book should have been provided", location);
    String id = location.substring(location.lastIndexOf("/") + 1);
    // Get an admin user and required tokens and then delete the book
    User user = BookControllerTestUtils.getTestUser();
    String token = jwtUtils.createTokenForUser(user);
    String xsrfToken = BookControllerTestUtils.getXsrfToken(testRestTemplate);
    HttpEntity<Book> request = BookControllerTestUtils.getBookHttpEntity(null, user, token, xsrfToken);
    response = testRestTemplate.exchange("/secure/api/books/" + id, HttpMethod.DELETE, request, Book.class);
    assertEquals(HttpStatus.NO_CONTENT, response.getStatusCode());
    // Now check that the book can no longer be found
    Book deletedBook = testRestTemplate.getForObject(location, Book.class);
    assertEquals(null, deletedBook.getId());
}

Example 30 with User

use of com.aidanwhiteley.books.domain.User in project books by aidanwhiteley.

the class JwtUtilsTest method testTamperedWithToken.

@Test(expected = SignatureException.class)
public void testTamperedWithToken() {
    JwtUtils jwt = new JwtUtils();
    jwt.setIssuer("A test issuer");
    jwt.setExpiryInMilliSeconds(60 * 1000);
    jwt.setSecretKey("A test secret key");
    User testUser = BookControllerTestUtils.getTestUser();
    String token = jwt.createTokenForUser(testUser);
    StringBuilder tampered = new StringBuilder(token);
    int strlength = token.length();
    char aChar = token.charAt(strlength - 1);
    tampered.setCharAt(strlength - 1, (char) (aChar - 1));
    jwt.getUserFromToken(tampered.toString());
}