use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenAuthManager method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
final String tokenKey = ((ApiTokenAuthenticationToken) authentication).getTokenKey();
final Optional<ApiTokenAuthenticationToken> cachedToken = apiTokenCache.getIfPresent(tokenKey);
if (cachedToken.isPresent()) {
validateTokenExpiry(cachedToken.get().getToken().getExpire());
return cachedToken.get();
} else {
ApiToken apiToken = apiTokenService.getWithKey(tokenKey);
if (apiToken == null) {
throw new ApiTokenAuthenticationException(ApiTokenErrors.invalidToken("The API token does not exists."));
}
validateTokenExpiry(apiToken.getExpire());
User user = validateUser(apiToken);
ApiTokenAuthenticationToken authenticationToken = new ApiTokenAuthenticationToken(apiToken, user);
apiTokenCache.put(tokenKey, authenticationToken);
return authenticationToken;
}
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenAuthenticationTest method createNewToken.
private TokenAndKey createNewToken() {
ApiToken token = new ApiToken();
token.setType(ApiTokenType.PERSONAL_ACCESS_TOKEN);
token = apiTokenService.initToken(token);
apiTokenStore.save(token);
final String key = token.getKey();
final String hashedKey = apiTokenService.hashKey(key);
token.setKey(hashedKey);
apiTokenService.update(token);
return TokenAndKey.of(key, token);
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenAuthenticationTest method testAllowedMethodRule.
@Test
void testAllowedMethodRule() {
final TokenAndKey tokenAndKey = createNewToken();
final String key = tokenAndKey.key;
final ApiToken apiToken = tokenAndKey.apiToken;
apiToken.addMethodToAllowedList("POST");
apiTokenService.update(apiToken);
assertEquals("Failed to authenticate API token, request http method is not allowed.", GET(URI, ApiTokenHeader(key)).error(HttpStatus.UNAUTHORIZED).getMessage());
apiToken.addMethodToAllowedList("GET");
apiTokenService.update(apiToken);
JsonUser user = GET(URI, ApiTokenHeader(key)).content().as(JsonUser.class);
assertEquals(adminUser.getUid(), user.getId());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testPatchApiTokenIntegerProperty.
@Test
void testPatchApiTokenIntegerProperty() {
final String uid = createNewTokenWithAttributes();
final ApiToken apiToken1 = fetchAsEntity(uid);
assertEquals(1, (int) apiToken1.getVersion());
assertStatus(HttpStatus.OK, PATCH(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", uid + "?importReportMode=ERRORS", Body("[{'op': 'replace', 'path': '/version', 'value': 333}]")));
final ApiToken apiToken2 = fetchAsEntity(uid);
assertEquals(333, (int) apiToken2.getVersion());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCantModifyOthers.
@Test
void testCantModifyOthers() {
final ApiToken newToken = createNewEmptyToken();
final ApiToken apiToken1 = fetchAsEntity(newToken.getUid());
apiToken1.setKey("x");
switchToNewUser("anonymous");
assertStatus(HttpStatus.NOT_FOUND, PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", newToken.getUid() + "?importReportMode=ERRORS", Body(renderService.toJsonAsString(apiToken1))));
}
Aggregations