Search in sources :

Example 1 with MinijaxRequestContext

use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.

the class ResetPasswordTest method testResetPasswordTooShort.

@Test
void testResetPasswordTooShort() throws IOException {
    final User user = new User();
    user.setName("Example 3");
    user.setEmail("reset-3@example.com");
    user.setRoles("user");
    String code = null;
    try (MinijaxRequestContext ctx = createRequestContext()) {
        ctx.getResource(Dao.class).create(user);
        code = ctx.getResource(Security.class).forgotPassword(user);
    }
    final Form form = new Form();
    form.param("newPassword", "foo");
    form.param("confirmNewPassword", "foo");
    final Response r = target("/resetpassword/" + code).request().post(Entity.form(form));
    assertNotNull(r);
    assertEquals(400, r.getStatus());
    assertTrue(r.getCookies().isEmpty());
}
Also used : Response(jakarta.ws.rs.core.Response) MinijaxRequestContext(org.minijax.rs.MinijaxRequestContext) Form(jakarta.ws.rs.core.Form) MinijaxTest(org.minijax.rs.test.MinijaxTest) Test(org.junit.jupiter.api.Test)

Example 2 with MinijaxRequestContext

use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.

the class ResetPasswordTest method testResetPasswordMismatch.

@Test
void testResetPasswordMismatch() throws IOException {
    final User user = new User();
    user.setName("Example 2");
    user.setEmail("reset-2@example.com");
    user.setRoles("user");
    String code = null;
    try (MinijaxRequestContext ctx = createRequestContext()) {
        ctx.getResource(Dao.class).create(user);
        code = ctx.getResource(Security.class).forgotPassword(user);
    }
    final Form form = new Form();
    form.param("newPassword", "my-new-password");
    form.param("confirmNewPassword", "different-password");
    final Response r = target("/resetpassword/" + code).request().post(Entity.form(form));
    assertNotNull(r);
    assertEquals(400, r.getStatus());
    assertTrue(r.getCookies().isEmpty());
}
Also used : Response(jakarta.ws.rs.core.Response) MinijaxRequestContext(org.minijax.rs.MinijaxRequestContext) Form(jakarta.ws.rs.core.Form) MinijaxTest(org.minijax.rs.test.MinijaxTest) Test(org.junit.jupiter.api.Test)

Example 3 with MinijaxRequestContext

use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.

the class SecurityDaoTest method testApiKeys.

@Test
void testApiKeys() throws IOException {
    try (final MinijaxRequestContext ctx = createRequestContext()) {
        final Dao dao = ctx.getResource(Dao.class);
        final User user = new User();
        user.setName("Alice");
        user.setEmail("apikeytest@example.com");
        user.setRoles("user");
        dao.create(user);
        final ApiKey k1 = new ApiKey();
        k1.setName("test1");
        k1.setValue("test1test1");
        k1.setUser(user);
        dao.create(k1);
        final ApiKey k2 = new ApiKey();
        k2.setName("test2");
        k2.setValue("test2test2");
        k2.setUser(user);
        dao.create(k2);
        final List<ApiKey> keys = dao.findApiKeysByUser(user);
        assertNotNull(keys);
        assertEquals(2, keys.size());
        final ApiKey k3 = dao.findApiKeyByValue(k1.getValue());
        assertNotNull(k3);
        assertEquals(k1, k3);
    }
}
Also used : MinijaxRequestContext(org.minijax.rs.MinijaxRequestContext) Test(org.junit.jupiter.api.Test) MinijaxTest(org.minijax.rs.test.MinijaxTest)

Example 4 with MinijaxRequestContext

use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.

the class SecurityDaoTest method testDeleteSessionsByUser.

@Test
@SuppressWarnings("unchecked")
void testDeleteSessionsByUser() throws IOException {
    UserSession s1 = null;
    UserSession s2 = null;
    try (final MinijaxRequestContext ctx = createRequestContext()) {
        final Dao dao = ctx.getResource(Dao.class);
        final User user = new User();
        user.setName("Alice");
        user.setEmail("deletesessions@example.com");
        user.setRoles("user");
        dao.create(user);
        final Security<User> security = ctx.getResource(Security.class);
        final Cookie c1 = security.loginAs(user);
        s1 = dao.read(UserSession.class, IdUtils.tryParse(c1.getValue()));
        assertNotNull(s1);
        assertEquals(user.getId(), s1.getUserId());
        final Cookie c2 = security.loginAs(user);
        s2 = dao.read(UserSession.class, IdUtils.tryParse(c2.getValue()));
        assertNotNull(s2);
        assertEquals(user.getId(), s2.getUserId());
        assertEquals(2, dao.readUserSessionsByUser(user.getId()).size());
        dao.deleteUserSessionsByUser(user.getId());
    }
    try (final MinijaxRequestContext ctx = createRequestContext()) {
        final Dao dao = ctx.getResource(Dao.class);
        assertNull(dao.read(UserSession.class, s1.getId()));
        assertNull(dao.read(UserSession.class, s2.getId()));
    }
}
Also used : Cookie(jakarta.ws.rs.core.Cookie) MinijaxRequestContext(org.minijax.rs.MinijaxRequestContext) Test(org.junit.jupiter.api.Test) MinijaxTest(org.minijax.rs.test.MinijaxTest)

Example 5 with MinijaxRequestContext

use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.

the class CsrfFilter method filter.

@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
    if (!requestContext.getMethod().equals(POST)) {
        return;
    }
    final MinijaxRequestContext ctx = (MinijaxRequestContext) requestContext;
    final Security<?> security = ctx.getResource(Security.class);
    if (!security.isLoggedIn()) {
        return;
    }
    final String scheme = security.getAuthenticationScheme();
    if (scheme == null || !scheme.equals(SecurityContext.FORM_AUTH)) {
        return;
    }
    final MediaType contentType = ctx.getMediaType();
    if (contentType == null) {
        return;
    }
    if (!contentType.isCompatible(APPLICATION_FORM_URLENCODED_TYPE) && !contentType.isCompatible(MULTIPART_FORM_DATA_TYPE)) {
        return;
    }
    security.validateSession(ctx.getForm().getString("csrf"));
}
Also used : MinijaxRequestContext(org.minijax.rs.MinijaxRequestContext) MediaType(jakarta.ws.rs.core.MediaType)

Aggregations

MinijaxRequestContext (org.minijax.rs.MinijaxRequestContext)33 Test (org.junit.jupiter.api.Test)23 MinijaxTest (org.minijax.rs.test.MinijaxTest)21 Response (jakarta.ws.rs.core.Response)13 Form (jakarta.ws.rs.core.Form)8 MinijaxApplication (org.minijax.rs.MinijaxApplication)7 Cookie (jakarta.ws.rs.core.Cookie)6 MediaType (jakarta.ws.rs.core.MediaType)4 Minijax (org.minijax.Minijax)4 IOException (java.io.IOException)3 List (java.util.List)3 NotFoundException (jakarta.ws.rs.NotFoundException)2 InputStream (java.io.InputStream)2 BeforeAll (org.junit.jupiter.api.BeforeAll)2 MinijaxTestRequestContext (org.minijax.rs.test.MinijaxTestRequestContext)2 ByteBuf (io.netty.buffer.ByteBuf)1 DefaultFullHttpResponse (io.netty.handler.codec.http.DefaultFullHttpResponse)1 HttpResponseStatus (io.netty.handler.codec.http.HttpResponseStatus)1 AsciiString (io.netty.util.AsciiString)1 HttpString (io.undertow.util.HttpString)1