Remove certOnly and basicAuth from authentication methods

Issue-ID: DCAEGEN2-1776
Signed-off-by: pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: I475dcce9de8c7c05d2a05cf51dc862b5bf920164

2 files changed, 6 insertions, 148 deletions

diff --git a/src/test/java/org/onap/dcae/TLSTest.java b/src/test/java/org/onap/dcae/TLSTest.java
index 49a089cc..e55b6052 100644
--- a/src/test/java/org/onap/dcae/TLSTest.java
+++ b/src/test/java/org/onap/dcae/TLSTest.java
@@ -32,8 +32,8 @@ import org.springframework.http.HttpStatus;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.when;
-import static org.onap.dcae.TLSTest.HttpsConfiguration.USERNAME;
-import static org.onap.dcae.TLSTest.HttpsConfiguration.PASSWORD;
+import static org.onap.dcae.TLSTest.HttpsConfigurationWithTLSAuthenticationAndBasicAuth.USERNAME;
+import static org.onap.dcae.TLSTest.HttpsConfigurationWithTLSAuthenticationAndBasicAuth.PASSWORD;
 
 public class TLSTest extends TLSTestBase {
 
@@ -53,37 +53,6 @@ public class TLSTest extends TLSTestBase {
     }
 
     @Nested
-    @Import(HttpsConfiguration.class)
-    class HttpsTest extends TestClassBase {
-
-
-        @Test
-        public void shouldHttpsRequestWithoutBasicAuthFail() {
-            assertThrows(Exception.class, this::makeHttpsRequest);
-        }
-
-        @Test
-        public void shouldHttpsRequestWithBasicAuthSucceed() {
-            assertEquals(HttpStatus.OK, makeHttpsRequestWithBasicAuth(USERNAME, PASSWORD).getStatusCode());
-        }
-    }
-
-    @Nested
-    @Import(HttpsConfigurationWithTLSAuthentication.class)
-    class HttpsWithTLSAuthenticationTest extends TestClassBase {
-
-        @Test
-        public void shouldHttpsRequestWithoutCertificateFail() {
-            assertThrows(Exception.class, this::makeHttpsRequest);
-        }
-
-        @Test
-        public void shouldHttpsRequestWithCertificateSucceed() {
-            assertEquals(HttpStatus.OK, makeHttpsRequestWithClientCert().getStatusCode());
-        }
-    }
-
-    @Nested
     @Import(HttpsConfigurationWithTLSAuthenticationAndBasicAuth.class)
     class HttpsWithTLSAuthenticationAndBasicAuthTest extends TestClassBase {
 
@@ -107,38 +76,19 @@ public class TLSTest extends TLSTestBase {
         }
     }
 
-    static class HttpsConfiguration extends TLSTestBase.ConfigurationBase {
+    static class HttpsConfigurationWithTLSAuthenticationAndBasicAuth extends TLSTestBase.ConfigurationBase {
         public static final String USERNAME = "TestUser";
         public static final String PASSWORD = "TestPassword";
-
         @Override
         protected void configureSettings(ApplicationSettings settings) {
             when(settings.keystoreFileLocation()).thenReturn(KEYSTORE.toString());
             when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString());
-            when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
             when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, "$2a$10$51tDgG2VNLde5E173Ay/YO.Fq.aD.LR2Rp8pY3QAKriOSPswvGviy"));
-            when(settings.httpPort()).thenReturn(1111);
-        }
-    }
-
-    static class HttpsConfigurationWithTLSAuthentication extends HttpsConfiguration {
-        @Override
-        protected void configureSettings(ApplicationSettings settings) {
-            super.configureSettings(settings);
-            when(settings.authMethod()).thenReturn(AuthMethodType.CERT_ONLY.value());
+            when(settings.authMethod()).thenReturn(AuthMethodType.CERT_BASIC_AUTH.value());
             when(settings.truststoreFileLocation()).thenReturn(TRUSTSTORE.toString());
             when(settings.truststorePasswordFileLocation()).thenReturn(TRUSTSTORE_PASSWORD_FILE.toString());
             when(settings.certSubjectMatcher()).thenReturn(CERT_SUBJECT_MATCHER.toString());
             when(settings.httpPort()).thenReturn(1111);
         }
     }
-
-    static class HttpsConfigurationWithTLSAuthenticationAndBasicAuth extends HttpsConfigurationWithTLSAuthentication {
-        @Override
-        protected void configureSettings(ApplicationSettings settings) {
-            super.configureSettings(settings);
-            when(settings.authMethod()).thenReturn(AuthMethodType.CERT_BASIC_AUTH.value());
-            when(settings.httpPort()).thenReturn(1111);
-        }
-    }
 }
\ No newline at end of file
diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
index 250292f3..67193617 100644
--- a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
+++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
@@ -20,8 +20,6 @@
 
 package org.onap.dcae.restapi;
 
-import io.vavr.collection.HashMap;
-import io.vavr.collection.Map;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
@@ -30,10 +28,8 @@ import org.mockito.junit.MockitoJUnitRunner;
 import org.onap.dcae.ApplicationSettings;
 import org.onap.dcae.common.configuration.AuthMethodType;
 import org.slf4j.Logger;
-import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 
 import javax.servlet.http.HttpServletRequest;
@@ -48,12 +44,9 @@ import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.Silent.class)
 public class ApiAuthInterceptionTest {
-  private static final String USERNAME = "Foo";
-  private static final String PASSWORD = "Bar";
-  private static final Map<String, String> CREDENTIALS = HashMap.of(USERNAME, PASSWORD);
   private static final int HTTP_PORT = 8080;
   private static final int OUTSIDE_PORT = 30235;
-  public static final String HEALTHCHECK_URL = "/healthcheck";
+  private static final String HEALTHCHECK_URL = "/healthcheck";
 
   @Mock
   private Logger log;
@@ -89,82 +82,6 @@ public class ApiAuthInterceptionTest {
   }
 
   @Test
-  public void shouldFailDueToEmptyBasicAuthorizationHeader() throws IOException {
-    // given
-    final HttpServletRequest request = createEmptyRequest();
-
-    when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
-    when(response.getWriter()).thenReturn(writer);
-
-    // when
-    final boolean isAuthorized = sut.preHandle(request, response, obj);
-
-
-    // then
-    assertFalse(isAuthorized);
-
-    verify(response).setStatus(HttpStatus.UNAUTHORIZED.value());
-    verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
-  }
-
-  @Test
-  public void shouldFailDueToBasicAuthenticationUserMissingFromSettings() throws IOException {
-    // given
-    final HttpServletRequest request = createRequestWithAuthorizationHeader();
-
-    when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
-    when(response.getWriter()).thenReturn(writer);
-
-    // when
-    final boolean isAuthorized = sut.preHandle(request, response, obj);
-
-    // then
-    assertFalse(isAuthorized);
-
-    verify(response).setStatus(HttpStatus.UNAUTHORIZED.value());
-    verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
-  }
-
-  @Test
-  public void shouldSucceed() throws IOException {
-    // given
-    final HttpServletRequest request = createRequestWithAuthorizationHeader();
-    when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
-    when(settings.validAuthorizationCredentials()).thenReturn(
-        HashMap.of(USERNAME, "$2a$10$BsZkEynNm/93wbAeeZuxJeu6IHRyQl4XReqDg2BtYOFDhUsz20.3G"));
-    when(response.getWriter()).thenReturn(writer);
-
-    // when
-    final boolean isAuthorized = sut.preHandle(request, response, obj);
-
-    // then
-    assertTrue(isAuthorized);
-  }
-
-  @Test
-  public void shouldFailDueToInvalidBasicAuthorizationHeaderValue() throws IOException {
-    // given
-    final HttpServletRequest request =
-        MockMvcRequestBuilders
-            .post("")
-            .header(HttpHeaders.AUTHORIZATION, "FooBar")
-            .buildRequest(null);
-
-    when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value());
-    when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
-    when(response.getWriter()).thenReturn(writer);
-
-    // when
-    final boolean isAuthorized = sut.preHandle(request, response, obj);
-
-    // then
-    assertFalse(isAuthorized);
-
-    verify(response).setStatus(HttpStatus.UNAUTHORIZED.value());
-    verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
-  }
-
-  @Test
   public void shouldSucceedForHealthcheckOnHealthcheckPortWhenRequestFromInsideCluster() throws IOException {
     // given
     final HttpServletRequest request = createRequestWithPorts(HTTP_PORT, HTTP_PORT, HEALTHCHECK_URL);
@@ -218,15 +135,6 @@ public class ApiAuthInterceptionTest {
             .buildRequest(null);
   }
 
-  private HttpServletRequest createRequestWithAuthorizationHeader() {
-    return SecurityMockMvcRequestPostProcessors
-            .httpBasic(USERNAME, PASSWORD)
-            .postProcessRequest(
-                    MockMvcRequestBuilders
-                            .post("")
-                            .buildRequest(null));
-  }
-
   private HttpServletRequest createRequestWithPorts(int localPort, int serverPort, String urlTemplate) {
     MockHttpServletRequest healthcheckRequest = MockMvcRequestBuilders
             .get(urlTemplate)
@@ -235,4 +143,4 @@ public class ApiAuthInterceptionTest {
     healthcheckRequest.setServerPort(serverPort);
     return healthcheckRequest;
   }
-}
+}
\ No newline at end of file