ApiAuthInterceptor tests have been added

Change-Id: Ieb42e8fa417ff3afb8acad3bd6c48a8287026a2e Issue-ID: DCAEGEN2-517 Signed-off-by: ANDRZEJ SZUKUC <andrzej.szukuc@nokia.com>
author: andrzejszukuc <andrzej.szukuc@nokia.com> 2018-10-04 09:48:10 +0200
committer: andrzejszukuc <andrzej.szukuc@nokia.com> 2018-10-10 10:14:26 +0200
commit: 9a07a2c23e4ad44a65096004b2731b7188a8d09c (patch)
tree: 4c5524ca95e39d29f9f165b38b246f6d4113b22c
parent: 84b25b7ab2019a558fad92e21c4cc44c242e4461 (diff)
4 files changed, 184 insertions, 5 deletions
diff --git a/pom.xml b/pom.xml
index d3503969..c95228fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
     </parent>
     <groupId>org.onap.dcaegen2.collectors.ves</groupId>
     <artifactId>VESCollector</artifactId>
-    <version>1.3.1-SNAPSHOT</version>
+    <version>1.3.2-SNAPSHOT</version>
     <name>dcaegen2-collectors-ves</name>
     <description>VESCollector</description>
     <properties>
@@ -443,6 +443,12 @@ limitations under the License.
             <version>2.17.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <version>5.1.0.RELEASE</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <repositories>
         <repository>
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 864a16d7..8061ec5a 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -23,9 +23,6 @@ import io.vavr.control.Option;
 import org.onap.dcae.ApplicationSettings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import javax.servlet.http.HttpServletRequest;
diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
new file mode 100644
index 00000000..cb4d334c
--- /dev/null
+++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
@@ -0,0 +1,176 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dcaegen2.collectors.ves
+ * ================================================================================
+ * Copyright (C) 2018 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcae.restapi;
+
+import io.vavr.collection.HashMap;
+import io.vavr.collection.Map;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.onap.dcae.ApplicationSettings;
+import org.slf4j.Logger;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.Silent.class)
+public class ApiAuthInterceptionTest {
+    private static final String USERNAME = "Foo";
+    private static final String PASSWORD = "Bar";
+    private static final Map<String, String> CREDENTIALS = HashMap.of(USERNAME, PASSWORD);
+
+    @Mock
+    private Logger log;
+
+    @Mock
+    private ApplicationSettings settings;
+
+    @Mock
+    private HttpServletResponse response;
+
+    @Mock
+    private Object obj;
+
+    @Mock
+    private PrintWriter writer;
+
+    @InjectMocks
+    private ApiAuthInterceptor sut;
+
+
+    private HttpServletRequest createEmptyRequest() {
+        return MockMvcRequestBuilders
+                .post("")
+                .buildRequest(null);
+    }
+
+    private HttpServletRequest createRequestWithAuthorizationHeader() {
+        return SecurityMockMvcRequestPostProcessors
+                .httpBasic(USERNAME, PASSWORD)
+                .postProcessRequest(
+                        MockMvcRequestBuilders
+                                .post("")
+                                .buildRequest(null));
+    }
+
+    @Test
+    public void shouldSucceedWhenAuthorizationIsDisabled() throws IOException {
+        // given
+        final HttpServletRequest request = createEmptyRequest();
+
+        when(settings.authorizationEnabled()).thenReturn(false);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertTrue(isAuthorized);
+    }
+
+    @Test
+    public void shouldFailDueToEmptyBasicAuthorizationHeader() throws IOException {
+        // given
+        final HttpServletRequest request = createEmptyRequest();
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+
+        // then
+        assertFalse(isAuthorized);
+
+        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+    }
+
+    @Test
+    public void shouldFailDueToBasicAuthenticationUserMissingFromSettings() throws IOException {
+        // given
+        final HttpServletRequest request = createRequestWithAuthorizationHeader();
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertFalse(isAuthorized);
+
+        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+    }
+
+    @Test
+    public void shouldSucceed() throws IOException {
+        // given
+        final HttpServletRequest request = createRequestWithAuthorizationHeader();
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertTrue(isAuthorized);
+    }
+
+    @Test
+    public void shouldFailDueToInvalidBasicAuthorizationHeaderValue() throws IOException {
+        // given
+        final HttpServletRequest request =
+                MockMvcRequestBuilders
+                        .post("")
+                        .header(HttpHeaders.AUTHORIZATION, "FooBar")
+                        .buildRequest(null);
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertFalse(isAuthorized);
+
+        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+    }
+}
diff --git a/version.properties b/version.properties
index fee49286..ef20baaf 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=3
-patch=1
+patch=2
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT
author	andrzejszukuc <andrzej.szukuc@nokia.com>	2018-10-04 09:48:10 +0200
committer	andrzejszukuc <andrzej.szukuc@nokia.com>	2018-10-10 10:14:26 +0200
commit	9a07a2c23e4ad44a65096004b2731b7188a8d09c (patch)
tree	4c5524ca95e39d29f9f165b38b246f6d4113b22c
parent	84b25b7ab2019a558fad92e21c4cc44c242e4461 (diff)