Search in sources :

Example 16 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCreate.

@Test
void testCreate() {
    final JsonObject jsonObject = assertApiTokenCreatedResponse(POST(ApiTokenSchemaDescriptor.API_ENDPOINT + "/", "{}"));
    final String uid = jsonObject.getString("uid").string();
    final String rawKey = jsonObject.getString("key").string();
    assertNotNull(uid);
    assertNotNull(rawKey);
    assertEquals(48, rawKey.length());
    final ApiToken token = fetchAsEntity(uid);
    String hashedKey = token.getKey();
    assertEquals(64, hashedKey.length());
}
Also used : JsonObject(org.hisp.dhis.jsontree.JsonObject) ApiToken(org.hisp.dhis.security.apikey.ApiToken) JsonApiToken(org.hisp.dhis.webapi.json.domain.JsonApiToken) DhisControllerConvenienceTest(org.hisp.dhis.webapi.DhisControllerConvenienceTest) Test(org.junit.jupiter.api.Test)

Example 17 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCreateApiToken.

@Test
void testCreateApiToken() {
    final String uid = createNewTokenWithAttributes();
    final ApiToken apiToken1 = fetchAsEntity(uid);
    assertEquals(1, (int) apiToken1.getVersion());
    assertNotNull(apiToken1.getKey());
    assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("1.1.1.1"));
    assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("2.2.2.2"));
    assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("3.3.3.3"));
    assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("GET"));
    assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("POST"));
    assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("PATCH"));
    assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname1.com"));
    assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname2.com"));
    assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname3.com"));
}
Also used : ApiToken(org.hisp.dhis.security.apikey.ApiToken) JsonApiToken(org.hisp.dhis.webapi.json.domain.JsonApiToken) DhisControllerConvenienceTest(org.hisp.dhis.webapi.DhisControllerConvenienceTest) Test(org.junit.jupiter.api.Test)

Example 18 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantAddInvalidIpPut.

@Test
void testCantAddInvalidIpPut() {
    final ApiToken token = createNewEmptyToken();
    token.addIpToAllowedList("X.1.1.1");
    final HttpResponse put = PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", token.getUid(), Body(renderService.toJsonAsString(token)));
    assertEquals("Not a valid ip address, value=X.1.1.1", put.error().getMessage());
}
Also used : ApiToken(org.hisp.dhis.security.apikey.ApiToken) JsonApiToken(org.hisp.dhis.webapi.json.domain.JsonApiToken) DhisControllerConvenienceTest(org.hisp.dhis.webapi.DhisControllerConvenienceTest) Test(org.junit.jupiter.api.Test)

Example 19 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantAddInvalidIpPatch.

@Test
void testCantAddInvalidIpPatch() {
    final ApiToken token = createNewEmptyToken();
    final HttpResponse patch = PATCH(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", token.getUid() + "?importReportMode=ERRORS", Body("[{'op':'replace','path':'/attributes','value':[{'type':'IpAllowedList','allowedIps':['X.1.1.1']}]}]"));
    assertEquals("Not a valid ip address, value=X.1.1.1", patch.error().getMessage());
}
Also used : ApiToken(org.hisp.dhis.security.apikey.ApiToken) JsonApiToken(org.hisp.dhis.webapi.json.domain.JsonApiToken) DhisControllerConvenienceTest(org.hisp.dhis.webapi.DhisControllerConvenienceTest) Test(org.junit.jupiter.api.Test)

Example 20 with ApiToken

use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.

the class ApiTokenControllerTest method testCantDeleteOtherTokens.

@Test
void testCantDeleteOtherTokens() {
    final ApiToken newToken = createNewEmptyToken();
    switchContextToUser(userA);
    assertStatus(HttpStatus.NOT_FOUND, DELETE(ApiTokenSchemaDescriptor.API_ENDPOINT + "/" + newToken.getUid()));
}
Also used : ApiToken(org.hisp.dhis.security.apikey.ApiToken) JsonApiToken(org.hisp.dhis.webapi.json.domain.JsonApiToken) DhisControllerConvenienceTest(org.hisp.dhis.webapi.DhisControllerConvenienceTest) Test(org.junit.jupiter.api.Test)

Aggregations

ApiToken (org.hisp.dhis.security.apikey.ApiToken)21 Test (org.junit.jupiter.api.Test)17 DhisControllerConvenienceTest (org.hisp.dhis.webapi.DhisControllerConvenienceTest)13 JsonApiToken (org.hisp.dhis.webapi.json.domain.JsonApiToken)13 DhisControllerWithApiTokenAuthTest (org.hisp.dhis.webapi.DhisControllerWithApiTokenAuthTest)4 JsonUser (org.hisp.dhis.webapi.json.domain.JsonUser)3 User (org.hisp.dhis.user.User)2 MetadataImportParams (org.hisp.dhis.dxf2.metadata.MetadataImportParams)1 WebMessage (org.hisp.dhis.dxf2.webmessage.WebMessage)1 ObjectReport (org.hisp.dhis.feedback.ObjectReport)1 CreateAccessDeniedException (org.hisp.dhis.hibernate.exception.CreateAccessDeniedException)1 JsonObject (org.hisp.dhis.jsontree.JsonObject)1 CurrentUser (org.hisp.dhis.user.CurrentUser)1 PostMapping (org.springframework.web.bind.annotation.PostMapping)1 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1