summaryrefslogtreecommitdiffstats
path: root/src/test
diff options
context:
space:
mode:
Diffstat (limited to 'src/test')
-rw-r--r--src/test/groovy/org/onap/cps/temporal/controller/rest/ControllerSecuritySpec.groovy99
-rw-r--r--src/test/groovy/org/onap/cps/temporal/controller/rest/QueryControllerSpec.groovy10
-rw-r--r--src/test/groovy/org/onap/cps/temporal/domain/SearchCriteriaSpec.groovy6
-rw-r--r--src/test/resources/application.yml9
4 files changed, 115 insertions, 9 deletions
diff --git a/src/test/groovy/org/onap/cps/temporal/controller/rest/ControllerSecuritySpec.groovy b/src/test/groovy/org/onap/cps/temporal/controller/rest/ControllerSecuritySpec.groovy
new file mode 100644
index 0000000..2ced672
--- /dev/null
+++ b/src/test/groovy/org/onap/cps/temporal/controller/rest/ControllerSecuritySpec.groovy
@@ -0,0 +1,99 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (c) 2021 Bell Canada.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.cps.temporal.controller.rest
+
+import org.onap.cps.temporal.controller.rest.config.WebSecurityConfig
+import org.onap.cps.temporal.controller.rest.model.AnchorDetailsMapper
+import org.onap.cps.temporal.controller.rest.model.AnchorDetailsMapperImpl
+import org.onap.cps.temporal.controller.rest.model.AnchorHistory
+import org.onap.cps.temporal.controller.rest.model.SortMapper
+import org.onap.cps.temporal.domain.NetworkData
+import org.onap.cps.temporal.service.NetworkDataService
+import org.spockframework.spring.SpringBean
+import org.spockframework.spring.StubBeans
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
+import org.springframework.context.annotation.Import
+import org.springframework.data.domain.Pageable
+import org.springframework.data.domain.Slice
+import org.springframework.data.domain.SliceImpl
+import org.springframework.http.HttpHeaders
+import org.springframework.http.HttpStatus
+import org.springframework.test.web.servlet.MockMvc
+import org.springframework.test.web.servlet.setup.MockMvcBuilders
+import org.springframework.web.context.WebApplicationContext
+import spock.lang.Shared
+import spock.lang.Specification
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+
+@WebMvcTest(QueryController)
+@Import([WebSecurityConfig, SortMapper, AnchorDetailsMapperImpl])
+class ControllerSecuritySpec extends Specification {
+
+ @SpringBean
+ NetworkDataService mockNetworkDataService = Mock() {
+ searchNetworkData(_) >> new SliceImpl<NetworkData>([], Pageable.ofSize(1), false)
+ }
+
+ QueryController.QueryResponseFactory mockQueryResponseFactory = Mock()
+
+ MockMvc mvc
+
+ @Autowired
+ WebApplicationContext context
+
+ @Shared
+ def testEndpoint = '/cps-temporal/api/v1/dataspaces/my-dataspace/anchors/my-anchor/history'
+
+ def setup() {
+ mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
+ }
+
+ def 'Get request with authentication: #scenario.'() {
+ given: 'authentication'
+ HttpHeaders httpHeaders = new HttpHeaders()
+ httpHeaders.setBasicAuth(username, password)
+ when: 'request is sent with authentication'
+ def response = mvc.perform(get(testEndpoint).headers(httpHeaders)
+ ).andReturn().response
+ then: 'expected http status is returned'
+ assert response.status == expectedHttpStatus.value()
+ where:
+ scenario | username | password || expectedHttpStatus
+ 'correct credentials' | 'testUser' | 'testPassword' || HttpStatus.OK
+ 'unknown username' | 'unknown-user' | 'password' || HttpStatus.UNAUTHORIZED
+ 'wrong password' | 'cpsuser' | 'wrong-password' || HttpStatus.UNAUTHORIZED
+ }
+
+ def 'Get urls without authentication : #scenario.'() {
+ when: 'request is sent without authentication'
+ def response = mvc.perform(get(url)
+ ).andReturn().response
+ then: 'expected http status is returned'
+ assert response.status == expectedHttpStatus.value()
+ where:
+ scenario | url | expectedHttpStatus
+ 'permitted url' | '/swagger/openapi.yml' | HttpStatus.OK
+ 'not-permitted url' | testEndpoint | HttpStatus.UNAUTHORIZED
+ }
+
+}
diff --git a/src/test/groovy/org/onap/cps/temporal/controller/rest/QueryControllerSpec.groovy b/src/test/groovy/org/onap/cps/temporal/controller/rest/QueryControllerSpec.groovy
index a18a134..7847b34 100644
--- a/src/test/groovy/org/onap/cps/temporal/controller/rest/QueryControllerSpec.groovy
+++ b/src/test/groovy/org/onap/cps/temporal/controller/rest/QueryControllerSpec.groovy
@@ -21,8 +21,7 @@
package org.onap.cps.temporal.controller.rest
import org.onap.cps.temporal.controller.utils.DateTimeUtility
-import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
-
+import com.fasterxml.jackson.databind.ObjectMapper
import java.time.OffsetDateTime
import org.onap.cps.temporal.controller.rest.model.AnchorDetails
import org.onap.cps.temporal.controller.rest.model.AnchorDetailsMapperImpl
@@ -41,13 +40,14 @@ import org.springframework.data.domain.SliceImpl
import org.springframework.data.domain.Sort
import org.springframework.http.HttpStatus
import org.springframework.http.MediaType
+import org.springframework.security.test.context.support.WithMockUser
import org.springframework.test.web.servlet.MockMvc
-import org.testcontainers.shaded.com.fasterxml.jackson.databind.ObjectMapper
-import spock.lang.Shared
import spock.lang.Specification
+import spock.lang.Shared
@WebMvcTest(QueryController)
-@Import([SortMapper, QueryResponseFactory, AnchorDetailsMapperImpl])
+@Import([SortMapper, AnchorDetailsMapperImpl])
+@WithMockUser
class QueryControllerSpec extends Specification {
@SpringBean
diff --git a/src/test/groovy/org/onap/cps/temporal/domain/SearchCriteriaSpec.groovy b/src/test/groovy/org/onap/cps/temporal/domain/SearchCriteriaSpec.groovy
index 3d6a354..32bc660 100644
--- a/src/test/groovy/org/onap/cps/temporal/domain/SearchCriteriaSpec.groovy
+++ b/src/test/groovy/org/onap/cps/temporal/domain/SearchCriteriaSpec.groovy
@@ -131,12 +131,12 @@ class SearchCriteriaSpec extends Specification {
then: 'exception is thrown'
def illegalArgumentException = thrown(IllegalArgumentException)
def message = illegalArgumentException.getMessage();
- assert message.contains("sort")
+ assert message.contains('sort')
assert message.contains(expectedExceptionMessage)
where:
scenario | sort | expectedExceptionMessage
- 'null' | null | "null"
- 'unsupported properties' | Sort.by(Sort.Direction.ASC, 'unsupported') | "Invalid sorting"
+ 'null' | null | 'null'
+ 'unsupported properties' | Sort.by(Sort.Direction.ASC, 'unsupported') | 'Invalid sorting'
'missing required sort' | Sort.by(Sort.Direction.ASC, 'anchor') | 'Missing mandatory sort'
}
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
index fce4a17..6765057 100644
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@@ -63,4 +63,11 @@ app:
topic: cps.cfg-state-events
query:
response:
- max-page-size: 20 \ No newline at end of file
+ max-page-size: 20
+
+security:
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/swagger/openapi.yml
+ auth:
+ username: testUser
+ password: testPassword