From 0d6bbae9baa4531f5b5c3009fa72e691cf30fe41 Mon Sep 17 00:00:00 2001 From: Ruslan Kashapov Date: Thu, 11 Mar 2021 14:15:49 +0200 Subject: Move web security configuration to application module Issue-ID: CPS-288 Change-Id: Ieba184c3e4727e354c19a3db31325052d15ced44 Signed-off-by: Ruslan Kashapov --- .../rest/controller/AdminRestControllerSpec.groovy | 34 +++++------------ .../rest/controller/DataRestControllerSpec.groovy | 11 ++---- .../rest/controller/QueryRestControllerSpec.groovy | 12 +++--- .../controller/RestControllerSpecification.groovy | 34 ----------------- .../exceptions/CpsRestExceptionHandlerSpec.groovy | 43 ++++++---------------- 5 files changed, 30 insertions(+), 104 deletions(-) delete mode 100644 cps-rest/src/test/groovy/org/onap/cps/rest/controller/RestControllerSpecification.groovy (limited to 'cps-rest/src/test/groovy/org/onap') diff --git a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/AdminRestControllerSpec.groovy b/cps-rest/src/test/groovy/org/onap/cps/rest/controller/AdminRestControllerSpec.groovy index f38193803a..5b5be1c161 100755 --- a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/AdminRestControllerSpec.groovy +++ b/cps-rest/src/test/groovy/org/onap/cps/rest/controller/AdminRestControllerSpec.groovy @@ -46,10 +46,11 @@ import org.springframework.mock.web.MockMultipartFile import org.springframework.test.web.servlet.MockMvc import org.springframework.util.LinkedMultiValueMap import org.springframework.util.MultiValueMap +import spock.lang.Specification import spock.lang.Unroll @WebMvcTest -class AdminRestControllerSpec extends RestControllerSpecification { +class AdminRestControllerSpec extends Specification { @SpringBean CpsModuleService mockCpsModuleService = Mock() @@ -85,7 +86,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { def response = mvc.perform( post(createDataspaceEndpoint) - .header("Authorization", getAuthorizationHeader()) .param('dataspace-name', dataspaceName)) .andReturn().response then: 'service method is invoked with expected parameters' @@ -104,7 +104,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { def response = mvc.perform( post(createDataspaceEndpoint) - .header("Authorization", getAuthorizationHeader()) .param('dataspace-name', dataspaceName)) .andReturn().response then: 'dataspace creation fails' @@ -122,7 +121,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { mvc.perform( multipart(schemaSetEndpoint) .file(multipartFile) - .header("Authorization", getAuthorizationHeader()) .param('schema-set-name', schemaSetName)) .andReturn().response then: 'associated service method is invoked with expected parameters' @@ -144,7 +142,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { mvc.perform( multipart(schemaSetEndpoint) .file(multipartFile) - .header("Authorization", getAuthorizationHeader()) .param('schema-set-name', schemaSetName)) .andReturn().response then: 'associated service method is invoked with expected parameters' @@ -165,7 +162,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { mvc.perform( multipart(schemaSetEndpoint) .file(multipartFile) - .header("Authorization", getAuthorizationHeader()) .param('schema-set-name', schemaSetName)) .andReturn().response then: 'create schema set rejected' @@ -186,7 +182,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { mvc.perform( multipart(schemaSetEndpoint) .file(multipartFile) - .header("Authorization", getAuthorizationHeader()) .param('schema-set-name', schemaSetName)) .andReturn().response then: 'create schema set rejected' @@ -203,7 +198,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { mvc.perform( multipart(schemaSetEndpoint) .file(multipartFile) - .header("Authorization", getAuthorizationHeader()) .param('schema-set-name', schemaSetName)) .andReturn().response then: 'the error response returned indicating internal server error occurrence' @@ -216,9 +210,7 @@ class AdminRestControllerSpec extends RestControllerSpecification { given: 'an endpoint' def schemaSetEndpoint = "$basePath/v1/dataspaces/$dataspaceName/schema-sets/$schemaSetName" when: 'delete schema set endpoint is invoked' - def response = - mvc.perform(delete(schemaSetEndpoint).header("Authorization", getAuthorizationHeader())) - .andReturn().response + def response = mvc.perform(delete(schemaSetEndpoint)).andReturn().response then: 'associated service method is invoked with expected parameters' 1 * mockCpsModuleService.deleteSchemaSet(dataspaceName, schemaSetName, CASCADE_DELETE_PROHIBITED) and: 'response code indicates success' @@ -233,9 +225,7 @@ class AdminRestControllerSpec extends RestControllerSpecification { and: 'an endpoint' def schemaSetEndpoint = "$basePath/v1/dataspaces/$dataspaceName/schema-sets/$schemaSetName" when: 'delete schema set endpoint is invoked' - def response = - mvc.perform(delete(schemaSetEndpoint).header("Authorization", getAuthorizationHeader())) - .andReturn().response + def response = mvc.perform(delete(schemaSetEndpoint)).andReturn().response then: 'schema set deletion fails with conflict response code' response.status == HttpStatus.CONFLICT.value() } @@ -247,9 +237,7 @@ class AdminRestControllerSpec extends RestControllerSpecification { and: 'an endpoint' def schemaSetEndpoint = "$basePath/v1/dataspaces/$dataspaceName/schema-sets/$schemaSetName" when: 'get schema set API is invoked' - def response = - mvc.perform(get(schemaSetEndpoint).header("Authorization", getAuthorizationHeader())) - .andReturn().response + def response = mvc.perform(get(schemaSetEndpoint)).andReturn().response then: 'the correct schema set is returned' response.status == HttpStatus.OK.value() response.getContentAsString().contains(schemaSetName) @@ -266,7 +254,6 @@ class AdminRestControllerSpec extends RestControllerSpecification { def response = mvc.perform( post(anchorEndpoint).contentType(MediaType.APPLICATION_JSON) - .header("Authorization", getAuthorizationHeader()) .params(requestParams as MultiValueMap)) .andReturn().response then: 'anchor is created successfully' @@ -281,9 +268,7 @@ class AdminRestControllerSpec extends RestControllerSpecification { and: 'an endpoint' def anchorEndpoint = "$basePath/v1/dataspaces/$dataspaceName/anchors" when: 'get all anchors API is invoked' - def response = - mvc.perform(get(anchorEndpoint).header("Authorization", getAuthorizationHeader())) - .andReturn().response + def response = mvc.perform(get(anchorEndpoint)).andReturn().response then: 'the correct anchor is returned' response.status == HttpStatus.OK.value() response.getContentAsString().contains(anchorName) @@ -291,13 +276,12 @@ class AdminRestControllerSpec extends RestControllerSpecification { def 'Get existing anchor by dataspace and anchor name.'() { given: 'service method returns an anchor' - mockCpsAdminService.getAnchor(dataspaceName,anchorName) >> new Anchor(name: anchorName, dataspaceName: dataspaceName, schemaSetName:schemaSetName) + mockCpsAdminService.getAnchor(dataspaceName, anchorName) >> + new Anchor(name: anchorName, dataspaceName: dataspaceName, schemaSetName: schemaSetName) and: 'an endpoint' def anchorEndpoint = "$basePath/v1/dataspaces/$dataspaceName/anchors/$anchorName" when: 'get anchor API is invoked' - def response = - mvc.perform(get(anchorEndpoint).header("Authorization", getAuthorizationHeader())) - .andReturn().response + def response = mvc.perform(get(anchorEndpoint)).andReturn().response def responseContent = response.getContentAsString() then: 'the correct anchor is returned' response.status == HttpStatus.OK.value() diff --git a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/DataRestControllerSpec.groovy b/cps-rest/src/test/groovy/org/onap/cps/rest/controller/DataRestControllerSpec.groovy index ef834a7a2a..15627d5982 100755 --- a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/DataRestControllerSpec.groovy +++ b/cps-rest/src/test/groovy/org/onap/cps/rest/controller/DataRestControllerSpec.groovy @@ -46,10 +46,11 @@ import org.springframework.http.HttpStatus import org.springframework.http.MediaType import org.springframework.test.web.servlet.MockMvc import spock.lang.Shared +import spock.lang.Specification import spock.lang.Unroll @WebMvcTest -class DataRestControllerSpec extends RestControllerSpecification { +class DataRestControllerSpec extends Specification { @SpringBean CpsDataService mockCpsDataService = Mock() @@ -96,7 +97,6 @@ class DataRestControllerSpec extends RestControllerSpecification { def response = mvc.perform( post(endpoint) - .header("Authorization", getAuthorizationHeader()) .contentType(MediaType.APPLICATION_JSON).content(json)) .andReturn().response then: 'a created response is returned' @@ -113,7 +113,7 @@ class DataRestControllerSpec extends RestControllerSpecification { mockCpsDataService.getDataNode(dataspaceName, anchorName, xpath, OMIT_DESCENDANTS) >> dataNodeWithLeavesNoChildren when: 'get request is performed through REST API' def response = - mvc.perform(get(endpoint).header("Authorization", getAuthorizationHeader()).param('xpath', xpath)) + mvc.perform(get(endpoint).param('xpath', xpath)) .andReturn().response then: 'a success response is returned' response.status == HttpStatus.OK.value() @@ -133,7 +133,6 @@ class DataRestControllerSpec extends RestControllerSpecification { def response = mvc.perform( get(endpoint) - .header("Authorization", getAuthorizationHeader()) .param('xpath', xpath) .param('include-descendants', includeDescendantsOption)) .andReturn().response @@ -155,7 +154,7 @@ class DataRestControllerSpec extends RestControllerSpecification { mockCpsDataService.getDataNode(dataspaceName, anchorName, xpath, _) >> { throw exception } when: 'get request is performed through REST API' def response = - mvc.perform(get(endpoint).header("Authorization", getAuthorizationHeader()).param("xpath", xpath)) + mvc.perform(get(endpoint).param("xpath", xpath)) .andReturn().response then: 'a success response is returned' response.status == httpStatus.value() @@ -178,7 +177,6 @@ class DataRestControllerSpec extends RestControllerSpecification { patch(endpoint) .contentType(MediaType.APPLICATION_JSON) .content(jsonData) - .header("Authorization", getAuthorizationHeader()) .param('xpath', xpath) ).andReturn().response then: 'the service method is invoked with expected parameters' @@ -202,7 +200,6 @@ class DataRestControllerSpec extends RestControllerSpecification { put(endpoint) .contentType(MediaType.APPLICATION_JSON) .content(jsonData) - .header("Authorization", getAuthorizationHeader()) .param('xpath', xpath)) .andReturn().response then: 'the service method is invoked with expected parameters' diff --git a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/QueryRestControllerSpec.groovy b/cps-rest/src/test/groovy/org/onap/cps/rest/controller/QueryRestControllerSpec.groovy index 907528a559..f3f1417f13 100644 --- a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/QueryRestControllerSpec.groovy +++ b/cps-rest/src/test/groovy/org/onap/cps/rest/controller/QueryRestControllerSpec.groovy @@ -20,6 +20,10 @@ package org.onap.cps.rest.controller +import static org.onap.cps.spi.FetchDescendantsOption.INCLUDE_ALL_DESCENDANTS +import static org.onap.cps.spi.FetchDescendantsOption.OMIT_DESCENDANTS +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get + import com.google.gson.Gson import org.modelmapper.ModelMapper import org.onap.cps.api.CpsAdminService @@ -33,14 +37,11 @@ import org.springframework.beans.factory.annotation.Value import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest import org.springframework.http.HttpStatus import org.springframework.test.web.servlet.MockMvc +import spock.lang.Specification import spock.lang.Unroll -import static org.onap.cps.spi.FetchDescendantsOption.INCLUDE_ALL_DESCENDANTS -import static org.onap.cps.spi.FetchDescendantsOption.OMIT_DESCENDANTS -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get - @WebMvcTest -class QueryRestControllerSpec extends RestControllerSpecification { +class QueryRestControllerSpec extends Specification { @SpringBean CpsDataService mockCpsDataService = Mock() @@ -77,7 +78,6 @@ class QueryRestControllerSpec extends RestControllerSpecification { def response = mvc.perform( get(dataNodeEndpoint) - .header("Authorization", getAuthorizationHeader()) .param('cps-path', cpsPath) .param('include-descendants', includeDescendantsOption)) .andReturn().response diff --git a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/RestControllerSpecification.groovy b/cps-rest/src/test/groovy/org/onap/cps/rest/controller/RestControllerSpecification.groovy deleted file mode 100644 index a700ea2132..0000000000 --- a/cps-rest/src/test/groovy/org/onap/cps/rest/controller/RestControllerSpecification.groovy +++ /dev/null @@ -1,34 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Copyright (c) 2021 Bell Canada. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= -*/ - -package org.onap.cps.rest.controller - -import spock.lang.Specification - -/** - * Abstract class for all rest controller specifications. - */ -abstract class RestControllerSpecification extends Specification { - - def authorizationHeader = 'Basic Y3BzdXNlcjpjcHNyMGNrcyE=' - - def getAuthorizationHeader() { - return authorizationHeader - } - -} \ No newline at end of file diff --git a/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy b/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy index 89b6b89364..05bd41d305 100644 --- a/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy +++ b/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy @@ -21,13 +21,18 @@ package org.onap.cps.rest.exceptions +import static org.springframework.http.HttpStatus.BAD_REQUEST +import static org.springframework.http.HttpStatus.CONFLICT +import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR +import static org.springframework.http.HttpStatus.NOT_FOUND +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get + import groovy.json.JsonSlurper import org.modelmapper.ModelMapper import org.onap.cps.api.CpsAdminService import org.onap.cps.api.CpsDataService import org.onap.cps.api.CpsModuleService import org.onap.cps.api.CpsQueryService -import org.onap.cps.rest.controller.RestControllerSpecification import org.onap.cps.spi.exceptions.AnchorAlreadyDefinedException import org.onap.cps.spi.exceptions.CpsException import org.onap.cps.spi.exceptions.CpsPathException @@ -43,17 +48,11 @@ import org.springframework.beans.factory.annotation.Value import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest import org.springframework.test.web.servlet.MockMvc import spock.lang.Shared +import spock.lang.Specification import spock.lang.Unroll -import static org.springframework.http.HttpStatus.BAD_REQUEST -import static org.springframework.http.HttpStatus.CONFLICT -import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR -import static org.springframework.http.HttpStatus.NOT_FOUND -import static org.springframework.http.HttpStatus.UNAUTHORIZED -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get - @WebMvcTest -class CpsRestExceptionHandlerSpec extends RestControllerSpecification { +class CpsRestExceptionHandlerSpec extends Specification { @SpringBean CpsAdminService mockCpsAdminService = Mock() @@ -150,7 +149,7 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { where: 'the following exceptions are thrown' exceptionThrown << [new ModelValidationException(errorMessage, errorDetails, null), new DataValidationException(errorMessage, errorDetails, null), - new CpsPathException(errorMessage,errorDetails)] + new CpsPathException(errorMessage, errorDetails)] } @Unroll @@ -168,38 +167,18 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { new SchemaSetInUseException(dataspaceName, existingObjectName)] } - def 'Get request without authentication is not authorized'() { - when: 'request is sent without authentication' - def response = - mvc.perform(get("$basePath/v1/dataspaces/dataspace-name/anchors")).andReturn().response - then: 'HTTP Unauthorized status code is returned' - assert UNAUTHORIZED.value() == response.status - } - - def 'Get request with invalid authentication is not authorized'() { - when: 'request is sent with invalid authentication' - def response = - mvc.perform( - get("$basePath/v1/dataspaces/dataspace-name/anchors") - .header("Authorization", 'Basic invalid auth')) - .andReturn().response - then: 'HTTP Unauthorized status code is returned' - assert UNAUTHORIZED.value() == response.status - } - /* * NB. The test uses 'get JSON by id' endpoint and associated service method invocation * to test the exception handling. The endpoint chosen is not a subject of test. */ def setupTestException(exception) { - mockCpsAdminService.getAnchors(_) >> { throw exception} + mockCpsAdminService.getAnchors(_) >> { throw exception } } def performTestRequest() { return mvc.perform( - get("$basePath/v1/dataspaces/dataspace-name/anchors") - .header("Authorization", getAuthorizationHeader())) + get("$basePath/v1/dataspaces/dataspace-name/anchors")) .andReturn().response } -- cgit 1.2.3-korg