Search in sources :

Example 11 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenAuthManager method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    final String tokenKey = ((ApiTokenAuthenticationToken) authentication).getTokenKey();
    final Optional<ApiTokenAuthenticationToken> cachedToken = apiTokenCache.getIfPresent(tokenKey);
    if (cachedToken.isPresent()) {
        validateTokenExpiry(cachedToken.get().getToken().getExpire());
        return cachedToken.get();
    } else {
        ApiToken apiToken = apiTokenService.getWithKey(tokenKey);
        if (apiToken == null) {
            throw new ApiTokenAuthenticationException(ApiTokenErrors.invalidToken("The API token does not exists."));
        }
        validateTokenExpiry(apiToken.getExpire());
        User user = validateUser(apiToken);
        ApiTokenAuthenticationToken authenticationToken = new ApiTokenAuthenticationToken(apiToken, user);
        apiTokenCache.put(tokenKey, authenticationToken);
        return authenticationToken;
    }
}
Also used : User(org.hisp.dhis.user.User) ApiToken(org.hisp.dhis.security.apikey.ApiToken)

Example 12 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenAuthenticationTest method createNewToken.

private TokenAndKey createNewToken() {
    ApiToken token = new ApiToken();
    token.setType(ApiTokenType.PERSONAL_ACCESS_TOKEN);
    token = apiTokenService.initToken(token);
    apiTokenStore.save(token);
    final String key = token.getKey();
    final String hashedKey = apiTokenService.hashKey(key);
    token.setKey(hashedKey);
    apiTokenService.update(token);
    return TokenAndKey.of(key, token);
}
Also used : ApiToken(org.hisp.dhis.security.apikey.ApiToken)

Example 13 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenAuthenticationTest method testAllowedMethodRule.

@Test
void testAllowedMethodRule() {
    final TokenAndKey tokenAndKey = createNewToken();
    final String key = tokenAndKey.key;
    final ApiToken apiToken = tokenAndKey.apiToken;
    apiToken.addMethodToAllowedList("POST");
    apiTokenService.update(apiToken);
    assertEquals("Failed to authenticate API token, request http method is not allowed.", GET(URI, ApiTokenHeader(key)).error(HttpStatus.UNAUTHORIZED).getMessage());
    apiToken.addMethodToAllowedList("GET");
    apiTokenService.update(apiToken);
    JsonUser user = GET(URI, ApiTokenHeader(key)).content().as(JsonUser.class);
    assertEquals(adminUser.getUid(), user.getId());
}
Also used : JsonUser(org.hisp.dhis.webapi.json.domain.JsonUser) ApiToken(org.hisp.dhis.security.apikey.ApiToken) DhisControllerWithApiTokenAuthTest(org.hisp.dhis.webapi.DhisControllerWithApiTokenAuthTest) Test(org.junit.jupiter.api.Test)

Example 14 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testPatchApiTokenIntegerProperty.

@Test
void testPatchApiTokenIntegerProperty() {
    final String uid = createNewTokenWithAttributes();
    final ApiToken apiToken1 = fetchAsEntity(uid);
    assertEquals(1, (int) apiToken1.getVersion());
    assertStatus(HttpStatus.OK, PATCH(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", uid + "?importReportMode=ERRORS", Body("[{'op': 'replace', 'path': '/version', 'value': 333}]")));
    final ApiToken apiToken2 = fetchAsEntity(uid);
    assertEquals(333, (int) apiToken2.getVersion());
}
Also used : ApiToken(org.hisp.dhis.security.apikey.ApiToken) JsonApiToken(org.hisp.dhis.webapi.json.domain.JsonApiToken) DhisControllerConvenienceTest(org.hisp.dhis.webapi.DhisControllerConvenienceTest) Test(org.junit.jupiter.api.Test)

Example 15 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantModifyOthers.

@Test
void testCantModifyOthers() {
    final ApiToken newToken = createNewEmptyToken();
    final ApiToken apiToken1 = fetchAsEntity(newToken.getUid());
    apiToken1.setKey("x");
    switchToNewUser("anonymous");
    assertStatus(HttpStatus.NOT_FOUND, PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", newToken.getUid() + "?importReportMode=ERRORS", Body(renderService.toJsonAsString(apiToken1))));
}
Also used : ApiToken(org.hisp.dhis.security.apikey.ApiToken) JsonApiToken(org.hisp.dhis.webapi.json.domain.JsonApiToken) DhisControllerConvenienceTest(org.hisp.dhis.webapi.DhisControllerConvenienceTest) Test(org.junit.jupiter.api.Test)

Aggregations

ApiToken (org.hisp.dhis.security.apikey.ApiToken)21 Test (org.junit.jupiter.api.Test)17 DhisControllerConvenienceTest (org.hisp.dhis.webapi.DhisControllerConvenienceTest)13 JsonApiToken (org.hisp.dhis.webapi.json.domain.JsonApiToken)13 DhisControllerWithApiTokenAuthTest (org.hisp.dhis.webapi.DhisControllerWithApiTokenAuthTest)4 JsonUser (org.hisp.dhis.webapi.json.domain.JsonUser)3 User (org.hisp.dhis.user.User)2 MetadataImportParams (org.hisp.dhis.dxf2.metadata.MetadataImportParams)1 WebMessage (org.hisp.dhis.dxf2.webmessage.WebMessage)1 ObjectReport (org.hisp.dhis.feedback.ObjectReport)1 CreateAccessDeniedException (org.hisp.dhis.hibernate.exception.CreateAccessDeniedException)1 JsonObject (org.hisp.dhis.jsontree.JsonObject)1 CurrentUser (org.hisp.dhis.user.CurrentUser)1 PostMapping (org.springframework.web.bind.annotation.PostMapping)1 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1