Examples with ApiToken org.hisp.dhis.security.apikey.ApiToken used on opensource projects

Example 11 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenAuthManager method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    final String tokenKey = ((ApiTokenAuthenticationToken) authentication).getTokenKey();
    final Optional<ApiTokenAuthenticationToken> cachedToken = apiTokenCache.getIfPresent(tokenKey);
    if (cachedToken.isPresent()) {
        validateTokenExpiry(cachedToken.get().getToken().getExpire());
        return cachedToken.get();
    } else {
        ApiToken apiToken = apiTokenService.getWithKey(tokenKey);
        if (apiToken == null) {
            throw new ApiTokenAuthenticationException(ApiTokenErrors.invalidToken("The API token does not exists."));
        }
        validateTokenExpiry(apiToken.getExpire());
        User user = validateUser(apiToken);
        ApiTokenAuthenticationToken authenticationToken = new ApiTokenAuthenticationToken(apiToken, user);
        apiTokenCache.put(tokenKey, authenticationToken);
        return authenticationToken;
    }
}

Example 12 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenAuthenticationTest method createNewToken.

private TokenAndKey createNewToken() {
    ApiToken token = new ApiToken();
    token.setType(ApiTokenType.PERSONAL_ACCESS_TOKEN);
    token = apiTokenService.initToken(token);
    apiTokenStore.save(token);
    final String key = token.getKey();
    final String hashedKey = apiTokenService.hashKey(key);
    token.setKey(hashedKey);
    apiTokenService.update(token);
    return TokenAndKey.of(key, token);
}

Example 13 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenAuthenticationTest method testAllowedMethodRule.

@Test
void testAllowedMethodRule() {
    final TokenAndKey tokenAndKey = createNewToken();
    final String key = tokenAndKey.key;
    final ApiToken apiToken = tokenAndKey.apiToken;
    apiToken.addMethodToAllowedList("POST");
    apiTokenService.update(apiToken);
    assertEquals("Failed to authenticate API token, request http method is not allowed.", GET(URI, ApiTokenHeader(key)).error(HttpStatus.UNAUTHORIZED).getMessage());
    apiToken.addMethodToAllowedList("GET");
    apiTokenService.update(apiToken);
    JsonUser user = GET(URI, ApiTokenHeader(key)).content().as(JsonUser.class);
    assertEquals(adminUser.getUid(), user.getId());
}

Example 14 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testPatchApiTokenIntegerProperty.

@Test
void testPatchApiTokenIntegerProperty() {
    final String uid = createNewTokenWithAttributes();
    final ApiToken apiToken1 = fetchAsEntity(uid);
    assertEquals(1, (int) apiToken1.getVersion());
    assertStatus(HttpStatus.OK, PATCH(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", uid + "?importReportMode=ERRORS", Body("[{'op': 'replace', 'path': '/version', 'value': 333}]")));
    final ApiToken apiToken2 = fetchAsEntity(uid);
    assertEquals(333, (int) apiToken2.getVersion());
}

Example 15 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantModifyOthers.

@Test
void testCantModifyOthers() {
    final ApiToken newToken = createNewEmptyToken();
    final ApiToken apiToken1 = fetchAsEntity(newToken.getUid());
    apiToken1.setKey("x");
    switchToNewUser("anonymous");
    assertStatus(HttpStatus.NOT_FOUND, PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", newToken.getUid() + "?importReportMode=ERRORS", Body(renderService.toJsonAsString(apiToken1))));
}