Skip to content

Commit ec6a7a0

Browse files
andricDuandricDu
authored
Merge pull request #378 from overture-stack/develop
New stable
2 parents 2bde14e + d842b4e commit ec6a7a0

File tree

8 files changed

+123
-116
lines changed

8 files changed

+123
-116
lines changed

src/main/java/bio/overture/ego/service/ApplicationService.java

-5
Original file line numberDiff line numberDiff line change
@@ -231,13 +231,8 @@ public Application getByClientId(@NonNull String clientId) {
231231
}
232232

233233
public Application findByBasicToken(@NonNull String token) {
234-
log.info(format("Looking for token '%s'", token));
235234
val base64encoding = removeAppTokenPrefix(token);
236-
log.info(format("Decoding '%s'", base64encoding));
237-
238235
val contents = new String(Base64.getDecoder().decode(base64encoding));
239-
log.info(format("Decoded to '%s'", contents));
240-
241236
val parts = COLON_SPLITTER.splitToList(contents);
242237
val clientId = parts.get(0);
243238
log.info(format("Extracted client id '%s'", clientId));

src/test/java/bio/overture/ego/controller/TokenControllerTest.java

+30-31
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
import static java.util.Arrays.asList;
77
import static net.javacrumbs.jsonunit.core.Option.IGNORING_ARRAY_ORDER;
88
import static net.javacrumbs.jsonunit.fluent.JsonFluentAssert.assertThatJson;
9-
import static org.assertj.core.api.Assertions.assertThat;
9+
import static org.junit.Assert.*;
1010

1111
import bio.overture.ego.AuthorizationServiceMain;
1212
import bio.overture.ego.model.dto.PermissionRequest;
@@ -98,9 +98,9 @@ public void issueTokenShouldRevokeRedundantTokens() {
9898
"",
9999
entityGenerator.getScopes("collab.READ"));
100100

101-
assertThat(tokenService.getById(tokenRevoke.getId()).isRevoked()).isFalse();
102-
assertThat(tokenService.getById(otherToken.getId()).isRevoked()).isFalse();
103-
assertThat(tokenService.getById(otherToken2.getId()).isRevoked()).isFalse();
101+
assertFalse(tokenService.getById(tokenRevoke.getId()).isRevoked());
102+
assertFalse(tokenService.getById(otherToken.getId()).isRevoked());
103+
assertFalse(tokenService.getById(otherToken2.getId()).isRevoked());
104104

105105
val scopes = "collab.READ,aws.READ";
106106
val params = new LinkedMultiValueMap<String, Object>();
@@ -112,10 +112,10 @@ public void issueTokenShouldRevokeRedundantTokens() {
112112
val response = initStringRequest().endpoint("o/token").body(params).post();
113113
val responseStatus = response.getStatusCode();
114114

115-
assertThat(responseStatus).isEqualTo(HttpStatus.OK);
116-
assertThat(tokenService.getById(tokenRevoke.getId()).isRevoked()).isTrue();
117-
assertThat(tokenService.getById(otherToken.getId()).isRevoked()).isFalse();
118-
assertThat(tokenService.getById(otherToken2.getId()).isRevoked()).isFalse();
115+
assertEquals(responseStatus, HttpStatus.OK);
116+
assertTrue(tokenService.getById(tokenRevoke.getId()).isRevoked());
117+
assertFalse(tokenService.getById(otherToken.getId()).isRevoked());
118+
assertFalse(tokenService.getById(otherToken2.getId()).isRevoked());
119119
}
120120

121121
@SneakyThrows
@@ -151,7 +151,7 @@ public void issueTokenExactScope() {
151151
val response = initStringRequest().endpoint("o/token").body(params).post();
152152
val statusCode = response.getStatusCode();
153153

154-
assertThat(statusCode).isEqualTo(HttpStatus.OK);
154+
assertEquals(statusCode, HttpStatus.OK);
155155
assertThatJson(response.getBody())
156156
.when(IGNORING_ARRAY_ORDER)
157157
.node("scope")
@@ -187,11 +187,11 @@ public void issueTokenWithExcessiveScope() {
187187

188188
val response = initStringRequest().endpoint("o/token").body(params).post();
189189
val statusCode = response.getStatusCode();
190-
assertThat(statusCode).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR);
190+
assertEquals(statusCode, HttpStatus.INTERNAL_SERVER_ERROR);
191191

192192
val jsonResponse = MAPPER.readTree(response.getBody());
193-
assertThat(jsonResponse.get("error").asText())
194-
.isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
193+
assertEquals(
194+
jsonResponse.get("error").asText(), HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
195195
}
196196

197197
@SneakyThrows
@@ -230,7 +230,7 @@ public void issueTokenForLimitedScopes() {
230230
val response = initStringRequest().endpoint("o/token").body(params).post();
231231
val statusCode = response.getStatusCode();
232232

233-
assertThat(statusCode).isEqualTo(HttpStatus.OK);
233+
assertEquals(statusCode, HttpStatus.OK);
234234
assertThatJson(response.getBody())
235235
.when(IGNORING_ARRAY_ORDER)
236236
.node("scope")
@@ -275,10 +275,9 @@ public void issueTokenForInvalidScope() {
275275
val response = initStringRequest().endpoint("o/token").body(params).post();
276276

277277
val statusCode = response.getStatusCode();
278-
assertThat(statusCode).isEqualTo(HttpStatus.NOT_FOUND);
278+
assertEquals(statusCode, HttpStatus.NOT_FOUND);
279279
val jsonResponse = MAPPER.readTree(response.getBody());
280-
assertThat(jsonResponse.get("error").asText())
281-
.isEqualTo(HttpStatus.NOT_FOUND.getReasonPhrase());
280+
assertEquals(jsonResponse.get("error").asText(), HttpStatus.NOT_FOUND.getReasonPhrase());
282281
}
283282

284283
@SneakyThrows
@@ -296,11 +295,11 @@ public void issueTokenForInvalidUser() {
296295
val response = initStringRequest().endpoint("o/token").body(params).post();
297296

298297
val statusCode = response.getStatusCode();
299-
assertThat(statusCode).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR);
298+
assertEquals(statusCode, HttpStatus.INTERNAL_SERVER_ERROR);
300299

301300
val jsonResponse = MAPPER.readTree(response.getBody());
302-
assertThat(jsonResponse.get("error").asText())
303-
.isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
301+
assertEquals(
302+
jsonResponse.get("error").asText(), HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
304303
}
305304

306305
@SneakyThrows
@@ -319,7 +318,7 @@ public void checkRevokedToken() {
319318
val response = initStringRequest().endpoint("o/check_token").body(params).post();
320319

321320
val statusCode = response.getStatusCode();
322-
assertThat(statusCode).isEqualTo(HttpStatus.UNAUTHORIZED);
321+
assertEquals(statusCode, HttpStatus.UNAUTHORIZED);
323322
}
324323

325324
@SneakyThrows
@@ -338,7 +337,7 @@ public void checkValidToken() {
338337
val response = initStringRequest().endpoint("o/check_token").body(params).post();
339338

340339
val statusCode = response.getStatusCode();
341-
assertThat(statusCode).isEqualTo(HttpStatus.MULTI_STATUS);
340+
assertEquals(statusCode, HttpStatus.MULTI_STATUS);
342341
}
343342

344343
@SneakyThrows
@@ -354,7 +353,7 @@ public void checkInvalidToken() {
354353
val response = initStringRequest().endpoint("o/check_token").body(params).post();
355354

356355
val statusCode = response.getStatusCode();
357-
assertThat(statusCode).isEqualTo(HttpStatus.UNAUTHORIZED);
356+
assertEquals(statusCode, HttpStatus.UNAUTHORIZED);
358357
}
359358

360359
@SneakyThrows
@@ -383,7 +382,7 @@ public void getUserScope() {
383382
val response = initStringRequest().endpoint("o/scopes?userName=%s", userName).get();
384383

385384
val statusCode = response.getStatusCode();
386-
assertThat(statusCode).isEqualTo(HttpStatus.OK);
385+
assertEquals(statusCode, HttpStatus.OK);
387386
assertThatJson(response.getBody())
388387
.when(IGNORING_ARRAY_ORDER)
389388
.node("scopes")
@@ -397,7 +396,7 @@ public void getUserScopeInvalidUserName() {
397396
val response = initStringRequest().endpoint("o/scopes?userName=%s", userName).get();
398397

399398
val statusCode = response.getStatusCode();
400-
assertThat(statusCode).isEqualTo(HttpStatus.NOT_FOUND);
399+
assertEquals(statusCode, HttpStatus.NOT_FOUND);
401400
}
402401

403402
@SneakyThrows
@@ -421,7 +420,7 @@ public void listToken() {
421420
val response = initStringRequest().endpoint("o/token?user_id=%s", userId).get();
422421

423422
val statusCode = response.getStatusCode();
424-
assertThat(statusCode).isEqualTo(HttpStatus.OK);
423+
assertEquals(statusCode, HttpStatus.OK);
425424

426425
// Result should only have unrevoked tokens, ignoring the "exp" field.
427426
val expected =
@@ -443,8 +442,8 @@ public void listTokenEmptyToken() {
443442
val response = initStringRequest().endpoint("o/token?user_id=%s", userId).get();
444443

445444
val statusCode = response.getStatusCode();
446-
assertThat(statusCode).isEqualTo(HttpStatus.OK);
447-
assertThat(response.getBody()).isEqualTo("[]");
445+
assertEquals(statusCode, HttpStatus.OK);
446+
assertEquals(response.getBody(), "[]");
448447
}
449448

450449
@SneakyThrows
@@ -464,17 +463,17 @@ public void tokenShouldHaveNonZeroExpiry() {
464463
val response = initStringRequest().endpoint("o/token").body(params).post();
465464
val responseStatus = response.getStatusCode();
466465

467-
assertThat(responseStatus).isEqualTo(HttpStatus.OK);
466+
assertEquals(responseStatus, HttpStatus.OK);
468467

469468
val listResponse =
470469
initStringRequest().endpoint("o/token?user_id=%s", user.getId().toString()).get();
471470
val listStatusCode = listResponse.getStatusCode();
472-
assertThat(listStatusCode).isEqualTo(HttpStatus.OK);
471+
assertEquals(listStatusCode, HttpStatus.OK);
473472

474473
log.info(listResponse.getBody());
475474
val responseJson = MAPPER.readTree(listResponse.getBody());
476475
val exp = responseJson.get(0).get("exp").asInt();
477-
assertThat(exp).isNotZero();
478-
assertThat(exp).isPositive();
476+
assertTrue(exp != 0);
477+
assertTrue(exp > 0);
479478
}
480479
}

src/test/java/bio/overture/ego/controller/TokensOnUserAndPolicyDeletes.java

+10-11
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,8 @@
1717

1818
package bio.overture.ego.controller;
1919

20-
import static org.assertj.core.api.Assertions.assertThat;
20+
import static org.junit.Assert.assertEquals;
21+
import static org.junit.Assert.assertTrue;
2122
import static org.springframework.http.HttpHeaders.AUTHORIZATION;
2223
import static org.springframework.http.MediaType.APPLICATION_JSON;
2324

@@ -88,16 +89,15 @@ public void deleteUser_ExistingTokens_TokensDeletedSuccess() {
8889
val deleteUserResponse = initStringRequest().endpoint("/users/%s", userDelete.getId()).delete();
8990

9091
val deleteStatusCode = deleteUserResponse.getStatusCode();
91-
assertThat(deleteStatusCode).isEqualTo(HttpStatus.OK);
92+
assertEquals(deleteStatusCode, HttpStatus.OK);
9293

9394
val checkTokenAfterDeleteResponse = checkToken(tokenToDelete);
9495
// Should be revoked
95-
assertThat(checkTokenAfterDeleteResponse.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
96+
assertEquals(checkTokenAfterDeleteResponse.getStatusCode(), HttpStatus.UNAUTHORIZED);
9697

9798
val checkTokenRemainedAfterDeleteResponse = checkToken(tokenToKeep);
9899
// Should be valid
99-
assertThat(checkTokenRemainedAfterDeleteResponse.getStatusCode())
100-
.isEqualTo(HttpStatus.MULTI_STATUS);
100+
assertEquals(checkTokenRemainedAfterDeleteResponse.getStatusCode(), HttpStatus.MULTI_STATUS);
101101
}
102102

103103
/**
@@ -117,16 +117,15 @@ public void deletePolicy_ExistingTokens_TokensDeletedSuccess() {
117117
val deletePolicyResponse =
118118
initStringRequest().endpoint("/policies/%s", policy1.getId()).delete();
119119
val deleteStatusCode = deletePolicyResponse.getStatusCode();
120-
assertThat(deleteStatusCode).isEqualTo(HttpStatus.OK);
120+
assertEquals(deleteStatusCode, HttpStatus.OK);
121121

122122
val checkTokenAfterDeleteResponse = checkToken(tokenToDelete);
123123
// Should be revoked
124-
assertThat(checkTokenAfterDeleteResponse.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
124+
assertEquals(checkTokenAfterDeleteResponse.getStatusCode(), HttpStatus.UNAUTHORIZED);
125125

126126
val checkTokenRemainedAfterDeleteResponse = checkToken(tokenToKeep);
127127
// Should be valid
128-
assertThat(checkTokenRemainedAfterDeleteResponse.getStatusCode())
129-
.isEqualTo(HttpStatus.MULTI_STATUS);
128+
assertEquals(checkTokenRemainedAfterDeleteResponse.getStatusCode(), HttpStatus.MULTI_STATUS);
130129
}
131130

132131
/**
@@ -160,8 +159,8 @@ private String setupUserWithToken(User user, Policy policy) {
160159
val checkTokenResponse = checkToken(accessToken);
161160

162161
val checkStatusCode = checkTokenResponse.getStatusCode();
163-
assertThat(checkStatusCode).isEqualTo(HttpStatus.MULTI_STATUS);
164-
assertThat(checkTokenResponse.getBody()).contains(policy.getName() + "." + "WRITE");
162+
assertEquals(checkStatusCode, HttpStatus.MULTI_STATUS);
163+
assertTrue(checkTokenResponse.getBody().contains(policy.getName() + "." + "WRITE"));
165164

166165
return accessToken;
167166
}

src/test/java/bio/overture/ego/grpc/service/UserServiceGrpcAuthTest.java

+39-25
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,7 @@
22

33
import static bio.overture.ego.utils.EntityGenerator.generateNonExistentId;
44
import static io.grpc.Metadata.ASCII_STRING_MARSHALLER;
5-
import static org.assertj.core.api.Assertions.assertThat;
6-
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
5+
import static org.junit.Assert.*;
76

87
import bio.overture.ego.grpc.GetUserRequest;
98
import bio.overture.ego.grpc.ListUsersRequest;
@@ -133,18 +132,20 @@ public void testDataSetup() {
133132
}
134133
}
135134

136-
@Test
135+
@Test()
137136
public void getUser_noAuth_rejected() {
138137

139138
val noAuthStub = MetadataUtils.attachHeaders(stub, emptyAuthMeta);
140139

141140
// Test that the interceptor rejects this request
142-
assertThatExceptionOfType(StatusRuntimeException.class)
143-
.as("Request should be rejected due to missing JWT")
144-
.isThrownBy(
145-
() ->
146-
noAuthStub.getUser(
147-
GetUserRequest.newBuilder().setId(UUID.randomUUID().toString()).build()));
141+
try {
142+
noAuthStub.getUser(GetUserRequest.newBuilder().setId(UUID.randomUUID().toString()).build());
143+
} catch (Exception e) {
144+
assertEquals(
145+
"Request should be rejected due to missing JWT",
146+
StatusRuntimeException.class,
147+
e.getClass());
148+
}
148149
}
149150

150151
@Test
@@ -155,7 +156,7 @@ public void getUser_userAuth_success() {
155156
// Test that the interceptor rejects this request
156157
val reply =
157158
authStub.getUser(GetUserRequest.newBuilder().setId(testUser.getId().toString()).build());
158-
assertThat(reply.getId().getValue()).isEqualTo(testUser.getId().toString());
159+
assertEquals(reply.getId().getValue(), testUser.getId().toString());
159160
}
160161

161162
@Test
@@ -164,11 +165,14 @@ public void getUser_userAuth_rejectedForWrongUser() {
164165
val authStub = MetadataUtils.attachHeaders(stub, userAuthMeta);
165166
UUID randomId = generateNonExistentId(userService);
166167

167-
// Test that the interceptor rejects this request
168-
assertThatExceptionOfType(StatusRuntimeException.class)
169-
.as("User should not be allowed to access data of a different user.")
170-
.isThrownBy(
171-
() -> authStub.getUser(GetUserRequest.newBuilder().setId(randomId.toString()).build()));
168+
try {
169+
authStub.getUser(GetUserRequest.newBuilder().setId(randomId.toString()).build());
170+
} catch (Exception e) {
171+
assertEquals(
172+
"User should not be allowed to access data of a different user.",
173+
StatusRuntimeException.class,
174+
e.getClass());
175+
}
172176
}
173177

174178
@Test
@@ -178,7 +182,7 @@ public void getUser_adminAuth_success() {
178182
// Test that the interceptor rejects this request
179183
val reply =
180184
authStub.getUser(GetUserRequest.newBuilder().setId(testUser.getId().toString()).build());
181-
assertThat(reply.getId().getValue()).isEqualTo(testUser.getId().toString());
185+
assertEquals(reply.getId().getValue(), testUser.getId().toString());
182186
}
183187

184188
@Test
@@ -188,17 +192,22 @@ public void getUser_appAuth_success() {
188192
// Test that the interceptor rejects this request
189193
val reply =
190194
authStub.getUser(GetUserRequest.newBuilder().setId(testUser.getId().toString()).build());
191-
assertThat(reply.getId().getValue()).isEqualTo(testUser.getId().toString());
195+
assertEquals(reply.getId().getValue(), (testUser.getId().toString()));
192196
}
193197

194198
@Test
195199
public void listUsers_noAuth_rejected() {
196200
val authStub = MetadataUtils.attachHeaders(stub, emptyAuthMeta);
197201

198202
// Test that the interceptor rejects this request
199-
assertThatExceptionOfType(StatusRuntimeException.class)
200-
.as("Request should be rejected due to missing JWT")
201-
.isThrownBy(() -> authStub.listUsers(ListUsersRequest.newBuilder().build()));
203+
try {
204+
authStub.listUsers(ListUsersRequest.newBuilder().build());
205+
} catch (Exception e) {
206+
assertEquals(
207+
"Request should be rejected due to missing JWT",
208+
StatusRuntimeException.class,
209+
e.getClass());
210+
}
202211
}
203212

204213
@Test
@@ -207,9 +216,14 @@ public void listUsers_userAuth_rejected() {
207216
val authStub = MetadataUtils.attachHeaders(stub, userAuthMeta);
208217

209218
// Test that the interceptor rejects this request
210-
assertThatExceptionOfType(StatusRuntimeException.class)
211-
.as("Request should be rejected due to missing JWT")
212-
.isThrownBy(() -> authStub.listUsers(ListUsersRequest.newBuilder().build()));
219+
try {
220+
authStub.listUsers(ListUsersRequest.newBuilder().build());
221+
} catch (Exception e) {
222+
assertEquals(
223+
"Request should be rejected due to missing JWT",
224+
StatusRuntimeException.class,
225+
e.getClass());
226+
}
213227
}
214228

215229
@Test
@@ -218,7 +232,7 @@ public void listUsers_adminAuth_success() {
218232

219233
// Test that the interceptor rejects this request
220234
val reply = authStub.listUsers(ListUsersRequest.newBuilder().build());
221-
assertThat(reply.getUsersCount()).isGreaterThanOrEqualTo(2);
235+
assertTrue(reply.getUsersCount() >= 2);
222236
}
223237

224238
@Test
@@ -227,6 +241,6 @@ public void listUsers_appAuth_success() {
227241

228242
// Test that the interceptor rejects this request
229243
val reply = authStub.listUsers(ListUsersRequest.newBuilder().build());
230-
assertThat(reply.getUsersCount()).isGreaterThanOrEqualTo(2);
244+
assertTrue(reply.getUsersCount() >= 2);
231245
}
232246
}

0 commit comments

Comments
 (0)