use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenAuthenticationTest method testExpiredToken.
@Test
void testExpiredToken() {
final TokenAndKey tokenAndKey = createNewToken();
final String key = tokenAndKey.key;
final ApiToken apiToken = tokenAndKey.apiToken;
apiToken.setExpire(System.currentTimeMillis() - 36000);
assertEquals("Failed to authenticate API token, token has expired.", GET(URI, ApiTokenHeader(key)).error(HttpStatus.UNAUTHORIZED).getMessage());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenAuthenticationTest method testAllowedReferrerRule.
@Test
void testAllowedReferrerRule() {
final TokenAndKey tokenAndKey = createNewToken();
final String key = tokenAndKey.key;
final ApiToken apiToken = tokenAndKey.apiToken;
apiToken.addReferrerToAllowedList("https://one.io");
apiTokenService.update(apiToken);
assertEquals("Failed to authenticate API token, request http referrer is missing or not allowed.", GET(URI, ApiTokenHeader(key)).error(HttpStatus.UNAUTHORIZED).getMessage());
apiToken.addReferrerToAllowedList("https://two.io");
apiTokenService.update(apiToken);
JsonUser user = GET(URI, ApiTokenHeader(key), Header("referer", "https://two.io")).content().as(JsonUser.class);
assertEquals(adminUser.getUid(), user.getId());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenAuthenticationTest method testAllowedIpRule.
@Test
void testAllowedIpRule() {
final TokenAndKey tokenAndKey = createNewToken();
final String key = tokenAndKey.key;
final ApiToken apiToken = tokenAndKey.apiToken;
apiToken.addIpToAllowedList("192.168.2.1");
apiTokenService.update(apiToken);
assertEquals("Failed to authenticate API token, request ip address is not allowed.", GET(URI, ApiTokenHeader(key)).error(HttpStatus.UNAUTHORIZED).getMessage());
apiToken.addIpToAllowedList("127.0.0.1");
apiTokenService.update(apiToken);
JsonUser user = GET(URI, ApiTokenHeader(key)).content().as(JsonUser.class);
assertEquals(adminUser.getUid(), user.getId());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCantModifyKeyPatch.
@Test
void testCantModifyKeyPatch() {
final ApiToken newToken = createNewEmptyToken();
final HttpResponse patch = PATCH(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", newToken.getUid() + "?importReportMode=ERRORS", Body("[{'op':'replace','path':'/key','value':'MY NEW VALUE'}]"));
final ApiToken afterPatched = apiTokenService.getWithUid(newToken.getUid());
assertEquals(newToken.getKey(), afterPatched.getKey());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCanModifyWithPut.
@Test
void testCanModifyWithPut() {
final ApiToken newToken = createNewEmptyToken();
final ApiToken apiToken1 = fetchAsEntity(newToken.getUid());
apiToken1.addReferrerToAllowedList("http://hostname1.com");
apiToken1.addMethodToAllowedList("GET");
apiToken1.addIpToAllowedList("2.2.2.2");
assertStatus(HttpStatus.OK, PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", newToken.getUid() + "?importReportMode=ERRORS", Body(renderService.toJsonAsString(apiToken1))));
final ApiToken apiToken2 = fetchAsEntity(newToken.getUid());
assertTrue(apiToken2.getIpAllowedList().getAllowedIps().contains("2.2.2.2"));
assertTrue(apiToken2.getMethodAllowedList().getAllowedMethods().contains("GET"));
assertTrue(apiToken2.getRefererAllowedList().getAllowedReferrers().contains("http://hostname1.com"));
apiToken2.getIpAllowedList().getAllowedIps().remove("2.2.2.2");
apiToken2.getMethodAllowedList().getAllowedMethods().remove("GET");
apiToken2.getRefererAllowedList().getAllowedReferrers().remove("http://hostname1.com");
assertStatus(HttpStatus.OK, PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", newToken.getUid() + "?importReportMode=ERRORS", Body(renderService.toJsonAsString(apiToken2))));
final ApiToken apiToken3 = fetchAsEntity(newToken.getUid());
assertFalse(apiToken3.getIpAllowedList().getAllowedIps().contains("2.2.2.2"));
assertFalse(apiToken3.getMethodAllowedList().getAllowedMethods().contains("GET"));
assertFalse(apiToken3.getRefererAllowedList().getAllowedReferrers().contains("http://hostname1.com"));
}
Aggregations