use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCreate.
@Test
void testCreate() {
final JsonObject jsonObject = assertApiTokenCreatedResponse(POST(ApiTokenSchemaDescriptor.API_ENDPOINT + "/", "{}"));
final String uid = jsonObject.getString("uid").string();
final String rawKey = jsonObject.getString("key").string();
assertNotNull(uid);
assertNotNull(rawKey);
assertEquals(48, rawKey.length());
final ApiToken token = fetchAsEntity(uid);
String hashedKey = token.getKey();
assertEquals(64, hashedKey.length());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCreateApiToken.
@Test
void testCreateApiToken() {
final String uid = createNewTokenWithAttributes();
final ApiToken apiToken1 = fetchAsEntity(uid);
assertEquals(1, (int) apiToken1.getVersion());
assertNotNull(apiToken1.getKey());
assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("1.1.1.1"));
assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("2.2.2.2"));
assertTrue(apiToken1.getIpAllowedList().getAllowedIps().contains("3.3.3.3"));
assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("GET"));
assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("POST"));
assertTrue(apiToken1.getMethodAllowedList().getAllowedMethods().contains("PATCH"));
assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname1.com"));
assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname2.com"));
assertTrue(apiToken1.getRefererAllowedList().getAllowedReferrers().contains("http://hostname3.com"));
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCantAddInvalidIpPut.
@Test
void testCantAddInvalidIpPut() {
final ApiToken token = createNewEmptyToken();
token.addIpToAllowedList("X.1.1.1");
final HttpResponse put = PUT(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", token.getUid(), Body(renderService.toJsonAsString(token)));
assertEquals("Not a valid ip address, value=X.1.1.1", put.error().getMessage());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCantAddInvalidIpPatch.
@Test
void testCantAddInvalidIpPatch() {
final ApiToken token = createNewEmptyToken();
final HttpResponse patch = PATCH(ApiTokenSchemaDescriptor.API_ENDPOINT + "/{id}", token.getUid() + "?importReportMode=ERRORS", Body("[{'op':'replace','path':'/attributes','value':[{'type':'IpAllowedList','allowedIps':['X.1.1.1']}]}]"));
assertEquals("Not a valid ip address, value=X.1.1.1", patch.error().getMessage());
}
use of org.hisp.dhis.security.apikey.ApiToken in project dhis2-core by dhis2.
the class ApiTokenControllerTest method testCantDeleteOtherTokens.
@Test
void testCantDeleteOtherTokens() {
final ApiToken newToken = createNewEmptyToken();
switchContextToUser(userA);
assertStatus(HttpStatus.NOT_FOUND, DELETE(ApiTokenSchemaDescriptor.API_ENDPOINT + "/" + newToken.getUid()));
}
Aggregations