Search in sources :

Example 1 with EndpointAccessChecker

use of dev.hilla.auth.EndpointAccessChecker in project flow by vaadin.

the class EndpointInvoker method getAccessChecker.

EndpointAccessChecker getAccessChecker(ServletContext servletContext) {
    VaadinServletContext vaadinServletContext = new VaadinServletContext(servletContext);
    VaadinConnectAccessCheckerWrapper wrapper = vaadinServletContext.getAttribute(VaadinConnectAccessCheckerWrapper.class, () -> {
        EndpointAccessChecker accessChecker = applicationContext.getBean(EndpointAccessChecker.class);
        return new VaadinConnectAccessCheckerWrapper(accessChecker);
    });
    return wrapper.accessChecker;
}
Also used : VaadinServletContext(com.vaadin.flow.server.VaadinServletContext) EndpointAccessChecker(dev.hilla.auth.EndpointAccessChecker)

Example 2 with EndpointAccessChecker

use of dev.hilla.auth.EndpointAccessChecker in project flow by vaadin.

the class EndpointControllerTest method should_CallMethodAnonymously_When_AnonymousOverridesRoles.

@Test
public void should_CallMethodAnonymously_When_AnonymousOverridesRoles() {
    EndpointController vaadinController = createVaadinController(TEST_ENDPOINT, new EndpointAccessChecker(new AccessAnnotationChecker()));
    ResponseEntity<String> response = vaadinController.serveEndpoint(TEST_ENDPOINT_NAME, "anonymousOverrides", createRequestParameters("{}"), requestMock);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    assertEquals("\"Hello, no user!\"", response.getBody());
}
Also used : AccessAnnotationChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker) EndpointAccessChecker(dev.hilla.auth.EndpointAccessChecker) Test(org.junit.Test)

Example 3 with EndpointAccessChecker

use of dev.hilla.auth.EndpointAccessChecker in project flow by vaadin.

the class EndpointControllerTest method createVaadinController.

private <T> EndpointController createVaadinController(T endpoint, ObjectMapper vaadinEndpointMapper, EndpointAccessChecker accessChecker, EndpointNameChecker endpointNameChecker, ExplicitNullableTypeChecker explicitNullableTypeChecker, CsrfChecker csrfChecker) {
    ServletContext servletContext = Mockito.mock(ServletContext.class);
    Lookup lookup = Mockito.mock(Lookup.class);
    Mockito.when(servletContext.getAttribute(Lookup.class.getName())).thenReturn(lookup);
    if (vaadinEndpointMapper == null) {
        vaadinEndpointMapper = new ObjectMapper();
    }
    if (accessChecker == null) {
        accessChecker = mock(EndpointAccessChecker.class);
        when(accessChecker.check(TEST_METHOD, requestMock)).thenReturn(null);
    }
    if (csrfChecker == null) {
        csrfChecker = new CsrfChecker(servletContext);
    }
    if (endpointNameChecker == null) {
        endpointNameChecker = mock(EndpointNameChecker.class);
        when(endpointNameChecker.check(TEST_ENDPOINT_NAME)).thenReturn(null);
    }
    if (explicitNullableTypeChecker == null) {
        explicitNullableTypeChecker = mock(ExplicitNullableTypeChecker.class);
        when(explicitNullableTypeChecker.checkValueForType(any(), any())).thenReturn(null);
    }
    ApplicationContext mockApplicationContext = mockApplicationContext(endpoint);
    EndpointRegistry registry = new EndpointRegistry(endpointNameChecker);
    EndpointInvoker invoker = Mockito.spy(new EndpointInvoker(mockApplicationContext, vaadinEndpointMapper, explicitNullableTypeChecker, registry));
    Mockito.doReturn(accessChecker).when(invoker).getAccessChecker(any());
    EndpointController connectController = Mockito.spy(new EndpointController(mockApplicationContext, registry, invoker, csrfChecker));
    return connectController;
}
Also used : CsrfChecker(dev.hilla.auth.CsrfChecker) ApplicationContext(org.springframework.context.ApplicationContext) ServletContext(javax.servlet.ServletContext) Lookup(com.vaadin.flow.di.Lookup) EndpointAccessChecker(dev.hilla.auth.EndpointAccessChecker) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 4 with EndpointAccessChecker

use of dev.hilla.auth.EndpointAccessChecker in project flow by vaadin.

the class EndpointControllerTest method should_bePossibeToGetPrincipalInEndpoint.

@Test
public void should_bePossibeToGetPrincipalInEndpoint() {
    when(principal.getName()).thenReturn("foo");
    EndpointController vaadinController = createVaadinController(TEST_ENDPOINT, new EndpointAccessChecker(new AccessAnnotationChecker()));
    ResponseEntity<String> response = vaadinController.serveEndpoint(TEST_ENDPOINT_NAME, "getUserName", createRequestParameters("{}"), requestMock);
    assertEquals("\"foo\"", response.getBody());
}
Also used : AccessAnnotationChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker) EndpointAccessChecker(dev.hilla.auth.EndpointAccessChecker) Test(org.junit.Test)

Example 5 with EndpointAccessChecker

use of dev.hilla.auth.EndpointAccessChecker in project flow by vaadin.

the class EndpointControllerTest method should_CallMethodAnonymously_When_UserPrincipalIsInRole.

@Test
public void should_CallMethodAnonymously_When_UserPrincipalIsInRole() {
    when(requestMock.isUserInRole("FOO_ROLE")).thenReturn(true);
    EndpointController vaadinController = createVaadinController(TEST_ENDPOINT, new EndpointAccessChecker(new AccessAnnotationChecker()));
    ResponseEntity<String> response = vaadinController.serveEndpoint(TEST_ENDPOINT_NAME, "testRoleAllowed", createRequestParameters("{}"), requestMock);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    assertEquals("\"Hello, user in role!\"", response.getBody());
}
Also used : AccessAnnotationChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker) EndpointAccessChecker(dev.hilla.auth.EndpointAccessChecker) Test(org.junit.Test)

Aggregations

EndpointAccessChecker (dev.hilla.auth.EndpointAccessChecker)9 Test (org.junit.Test)6 AccessAnnotationChecker (com.vaadin.flow.server.auth.AccessAnnotationChecker)5 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 Lookup (com.vaadin.flow.di.Lookup)1 VaadinRequest (com.vaadin.flow.server.VaadinRequest)1 VaadinServletContext (com.vaadin.flow.server.VaadinServletContext)1 CsrfChecker (dev.hilla.auth.CsrfChecker)1 EndpointException (dev.hilla.exception.EndpointException)1 EndpointValidationException (dev.hilla.exception.EndpointValidationException)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 Type (java.lang.reflect.Type)1 ServletContext (javax.servlet.ServletContext)1 ConstraintViolation (javax.validation.ConstraintViolation)1 ApplicationContext (org.springframework.context.ApplicationContext)1