Examples with ApiToken org.hisp.dhis.security.apikey.ApiToken used on opensource projects

Example 16 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCreate.

@Test
void testCreate() {
    final JsonObject jsonObject = assertApiTokenCreatedResponse(POST(ApiTokenSchemaDescriptor.API_ENDPOINT + "/", "{}"));
    final String uid = jsonObject.getString("uid").string();
    final String rawKey = jsonObject.getString("key").string();
    assertNotNull(uid);
    assertNotNull(rawKey);
    assertEquals(48, rawKey.length());
    final ApiToken token = fetchAsEntity(uid);
    String hashedKey = token.getKey();
    assertEquals(64, hashedKey.length());
}

Example 17 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCreateApiToken.

@Test
void testCreateApiToken() {
    final String uid = createNewTokenWithAttributes();
    final ApiToken apiToken1 = fetchAsEntity(uid);
    assertEquals(1, (int) apiToken1.getVersion());
    assertNotNull(apiToken1.getKey());
    assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("1.1.1.1"));
    assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("2.2.2.2"));
    assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("3.3.3.3"));
    assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("GET"));
    assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("POST"));
    assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("PATCH"));
    assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname1.com"));
    assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname2.com"));
    assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname3.com"));
}

Example 18 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantAddInvalidIpPut.

@Test
void testCantAddInvalidIpPut() {
    final ApiToken token = createNewEmptyToken();
    token.addIpToAllowedList("X.1.1.1");
    final HttpResponse put = PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", token.getUid(), Body(renderService.toJsonAsString(token)));
    assertEquals("Not a valid ip address, value=X.1.1.1", put.error().getMessage());
}

Example 19 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantAddInvalidIpPatch.

@Test
void testCantAddInvalidIpPatch() {
    final ApiToken token = createNewEmptyToken();
    final HttpResponse patch = PATCH(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", token.getUid() + "?importReportMode=ERRORS", Body("[{'op':'replace','path':'/attributes','value':[{'type':'IpAllowedList','allowedIps':['X.1.1.1']}]}]"));
    assertEquals("Not a valid ip address, value=X.1.1.1", patch.error().getMessage());
}

Example 20 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantDeleteOtherTokens.

@Test
void testCantDeleteOtherTokens() {
    final ApiToken newToken = createNewEmptyToken();
    switchContextToUser(userA);
    assertStatus(HttpStatus.NOT_FOUND, DELETE(ApiTokenSchemaDescriptor.API_ENDPOINT + "/" + newToken.getUid()));
}