diff options
| author |   Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2023-04-14 11:39:12 +0000 |
|---|---|---|
| committer | Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2023-04-14 11:39:12 +0000 |
| commit | a29488d0f476eae0a7821026ded3cf538256757b (patch) | |
| tree | 4ad1d38150cea6cea0659fed0c15d5bf05ad42fd /app/src | |
| parent | eeb1ede1a2ae8c55a4d432db80394e02506696fe (diff) | |
Upload preferences
Issue-ID: PORTAL-1082
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Change-Id: I265e0c8be481a279347aa653acc483c5017c996d
Diffstat (limited to 'app/src')
21 files changed, 1338 insertions, 0 deletions
diff --git a/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java new file mode 100644 index 0000000..092c533 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java @@ -0,0 +1,37 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import org.onap.portal.prefs.configuration.PortalPrefsConfig; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.context.properties.EnableConfigurationProperties; + +@EnableConfigurationProperties(PortalPrefsConfig.class) +@SpringBootApplication +public class PortalPrefsApplication { + + public static void main(String[] args) { + SpringApplication.run(PortalPrefsApplication.class, args); + } + +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java new file mode 100644 index 0000000..77ef7f0 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java @@ -0,0 +1,35 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.time.Clock; + +@Configuration +public class BeansConfig { + @Bean + Clock clock() { + return Clock.systemUTC(); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java new file mode 100644 index 0000000..b653fe3 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java @@ -0,0 +1,59 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.onap.portal.prefs.util.Logger; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.reactive.ServerWebExchangeContextFilter; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import reactor.core.publisher.Mono; + +import java.util.List; + +@Component +public class LogInterceptor implements WebFilter { + public static final String EXCHANGE_CONTEXT_ATTRIBUTE = + ServerWebExchangeContextFilter.class.getName() + ".EXCHANGE_CONTEXT"; + + public static final String X_REQUEST_ID = "X-Request-Id"; + + @Override + public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { + List<String> xRequestIdList = exchange.getRequest().getHeaders().get(X_REQUEST_ID); + if (xRequestIdList != null && !xRequestIdList.isEmpty()) { + String xRequestId = xRequestIdList.get(0); + Logger.requestLog( + xRequestId, exchange.getRequest().getMethod(), exchange.getRequest().getURI()); + exchange.getResponse().getHeaders().add(X_REQUEST_ID, xRequestId); + exchange.getResponse().beforeCommit(() -> { + Logger.responseLog(xRequestId,exchange.getResponse().getStatusCode()); + return Mono.empty(); + }); + } + + return chain + .filter(exchange) + .contextWrite(cxt -> cxt.put(EXCHANGE_CONTEXT_ATTRIBUTE, exchange)); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java new file mode 100644 index 0000000..3c03673 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java @@ -0,0 +1,39 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import javax.validation.constraints.NotBlank; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.ConstructorBinding; + +import lombok.Data; + +@Data +@ConstructorBinding +@ConfigurationProperties("portal-prefs") +public class PortalPrefsConfig { + + @NotBlank + private final String realm; + +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java new file mode 100644 index 0000000..531e90b --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java @@ -0,0 +1,53 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + +/** + * Configures the access control of the API endpoints. + */ +// https://hantsy.github.io/spring-reactive-sample/security/config.html +@EnableWebFluxSecurity +@Configuration +public class SecurityConfig { + + @Bean + public SecurityWebFilterChain springSecurityWebFilterChain(ServerHttpSecurity http) { + return http.httpBasic().disable() + .formLogin().disable() + .csrf().disable() + .cors() + .and() + .authorizeExchange() + .pathMatchers(HttpMethod.GET, "/actuator/**").permitAll() + .anyExchange().authenticated() + .and() + .oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt) + .build(); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java new file mode 100644 index 0000000..584b3b4 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java @@ -0,0 +1,88 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.controller; + + +import javax.validation.Valid; + +import org.onap.portal.prefs.exception.ProblemException; +import org.onap.portal.prefs.openapi.api.PreferencesApi; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.services.PreferencesService; +import org.onap.portal.prefs.util.IdTokenExchange; +import org.onap.portal.prefs.util.Logger; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.server.ServerWebExchange; + +import reactor.core.publisher.Mono; + +@RestController +public class PreferencesController implements PreferencesApi { + + + private final PreferencesService preferencesService; + + public PreferencesController(PreferencesService getPreferences){ + this.preferencesService = getPreferences; + } + + @Override + public Mono<ResponseEntity<Preferences>> getPreferences(String xRequestId, ServerWebExchange exchange) { + return IdTokenExchange + .extractUserId(exchange) + .flatMap(userid -> + preferencesService.getPreferences(userid) + .map(ResponseEntity::ok)) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" ); + return Mono.error(ex); + }) + .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST)); + + } + + @Override + public Mono<ResponseEntity<Preferences>> savePreferences(String xRequestId, @Valid Mono<Preferences> preferences, + ServerWebExchange exchange) { + return IdTokenExchange + .extractUserId(exchange) + .flatMap(userid -> + preferences + .flatMap( pref -> + preferencesService + .savePreferences(xRequestId, userid, pref))) + .map( ResponseEntity::ok) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" ); + return Mono.error(ex); + }) + .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST)); + } + + @Override + public Mono<ResponseEntity<Preferences>> updatePreferences(String xRequestId, @Valid Mono<Preferences> preferences, ServerWebExchange exchange) { + return savePreferences(xRequestId, preferences, exchange); + } + +} diff --git a/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java new file mode 100644 index 0000000..45616a9 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java @@ -0,0 +1,39 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.entities; + +import lombok.Getter; +import lombok.Setter; +import org.springframework.data.annotation.Id; +import org.springframework.data.mongodb.core.mapping.Document; + +@Document +@Getter +@Setter +public class PreferencesDto { + @Id + private String userId; + + private Object properties; + +} + diff --git a/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java new file mode 100644 index 0000000..b9d2a3d --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java @@ -0,0 +1,53 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.exception; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; +import org.zalando.problem.AbstractThrowableProblem; +import org.zalando.problem.Problem; +import org.zalando.problem.Status; +import org.zalando.problem.StatusType; + +import java.net.URI; + +/** The default portal-prefs exception */ +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +@EqualsAndHashCode(callSuper = true) +public class ProblemException extends AbstractThrowableProblem { + @Builder.Default private final URI type = Problem.DEFAULT_TYPE; + + @Builder.Default private final String title = "Bad preferences error"; + + @Builder.Default private final StatusType status = Status.BAD_REQUEST; + + @Builder.Default private final String detail = "Please add more details here"; + + @Builder.Default private final URI instance = null; + +} diff --git a/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java new file mode 100644 index 0000000..461ee1d --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java @@ -0,0 +1,28 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.repository; + +import org.onap.portal.prefs.entities.PreferencesDto; +import org.springframework.data.mongodb.repository.ReactiveMongoRepository; + +public interface PreferencesRepository extends ReactiveMongoRepository<PreferencesDto, String> { +} diff --git a/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java new file mode 100644 index 0000000..f96dfea --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java @@ -0,0 +1,80 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.services; + +import org.onap.portal.prefs.entities.PreferencesDto; +import org.onap.portal.prefs.exception.ProblemException; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.repository.PreferencesRepository; +import org.onap.portal.prefs.util.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import reactor.core.publisher.Mono; + +@Service +public class PreferencesService { + + @Autowired + private PreferencesRepository repository; + + public Mono<Preferences> getPreferences(String userId){ + return repository + .findById(userId) + .switchIfEmpty(defaultPreferences()) + .map(this::toPreferences); + } + + public Mono<Preferences> savePreferences( String xRequestId, String userId, Preferences preferences){ + + var preferencesDto = new PreferencesDto(); + preferencesDto.setUserId(userId); + preferencesDto.setProperties(preferences.getProperties()); + + return repository + .save(preferencesDto) + .map(this::toPreferences) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user prefrences", userId, "portal-prefs" ); + return Mono.error(ex); + }); + + } + + private Preferences toPreferences(PreferencesDto preferencesDto) { + var preferences = new Preferences(); + preferences.setProperties(preferencesDto.getProperties()); + return preferences; + } + + /** + * Get a Preferences object that is initialised with an empty string. + * This is a) for convenience to not handle 404 on the consuming side and + * b) for security reasons + * @return PreferencesDto + */ + private Mono<PreferencesDto> defaultPreferences() { + var preferencesDto = new PreferencesDto(); + preferencesDto.setProperties(""); + return Mono.just(preferencesDto); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java new file mode 100644 index 0000000..20f1581 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java @@ -0,0 +1,91 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.util; + +import com.nimbusds.jwt.JWTParser; +import io.vavr.control.Option; +import io.vavr.control.Try; +import org.springframework.web.server.ServerWebExchange; +import org.zalando.problem.Problem; +import org.zalando.problem.Status; +import reactor.core.publisher.Mono; + +/** + * Represents a function that handles the <a href="https://jwt.io/introduction">JWT</a> identity token. + * Use this to check if the incoming requests are authorized to call the given endpoint + */ + +public final class IdTokenExchange { + + public static final String X_AUTH_IDENTITY_HEADER = "X-Auth-Identity"; + public static final String JWT_CLAIM_USERID = "sub"; + + private IdTokenExchange(){ + + } + + /** + * Extract the identity header from the given {@link ServerWebExchange}. + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the identity header in the form of <code>Bearer {@literal <Token>}<c/ode> + */ + private static Mono<String> extractIdentityHeader(ServerWebExchange exchange) { + return io.vavr.collection.List.ofAll( + exchange.getRequest().getHeaders().getOrEmpty(X_AUTH_IDENTITY_HEADER)) + .headOption() + .map(Mono::just) + .getOrElse(Mono.error(Problem.valueOf(Status.FORBIDDEN, "ID token is missing"))); + } + + /** + * Extract the identity token from the given {@link ServerWebExchange}. + * @see <a href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">OpenId Connect ID Token</a> + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the identity token that contains user roles + */ + private static Mono<String> extractIdToken(ServerWebExchange exchange) { + return extractIdentityHeader(exchange) + .map(identityHeader -> identityHeader.replace("Bearer ", "")); + } + + /** + * Extract the <code>userId</code> from the given {@link ServerWebExchange} + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the id of the user + */ + public static Mono<String> extractUserId(ServerWebExchange exchange) { + return extractIdToken(exchange) + .flatMap( + idToken -> + Try.of(() -> JWTParser.parse(idToken)) + .mapTry(jwt -> Option.of(jwt.getJWTClaimsSet())) + .map( + optionJwtClaimSet -> + optionJwtClaimSet + .flatMap( + jwtClaimSet -> + Option.of(jwtClaimSet.getClaim(JWT_CLAIM_USERID))) + .map(String.class::cast) + .map( Mono::just).get()) + .getOrElseGet(Mono::error)); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/util/Logger.java b/app/src/main/java/org/onap/portal/prefs/util/Logger.java new file mode 100644 index 0000000..4f4ac6c --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/util/Logger.java @@ -0,0 +1,58 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.util; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; + +import java.net.URI; + +@Slf4j +public class Logger { + + private Logger(){} + + public static void requestLog(String xRequestId, HttpMethod methode, URI path) { + log.info("Portal-prefs - request - X-Request-Id {} {} {}", xRequestId, methode, path); + } + + public static void responseLog(String xRequestId, HttpStatus code) { + log.info("Portal-prefs - response - X-Request-Id {} {}", xRequestId, code); + } + + public static void errorLog(String xRequestId, String msg, String id, String app) { + log.info( + "Portal-prefs - error - X-Request-Id {} {} {} not found in {}", xRequestId, msg, id, app); + } + + public static void errorLog( + String xRequestId, String msg, String id, String app, String errorDetails) { + log.info( + "Portal-prefs - error - X-Request-Id {} {} {} not found in {} error message: {}", + xRequestId, + msg, + id, + app, + errorDetails); + } +} diff --git a/app/src/main/resources/application-local.yml b/app/src/main/resources/application-local.yml new file mode 100644 index 0000000..71fe8db --- /dev/null +++ b/app/src/main/resources/application-local.yml @@ -0,0 +1,39 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: http://localhost:8080/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint + data: + mongodb: + database: portal_prefs + host: localhost + port: 27017 + username: root + password: password + +portal-prefs: + realm: ONAP + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml new file mode 100644 index 0000000..eb5b313 --- /dev/null +++ b/app/src/main/resources/application.yml @@ -0,0 +1,39 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: ${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs #Keycloak Endpoint + data: + mongodb: + database: ${PORTALPREFS_DATABASE} + host: ${PORTALPREFS_HOST} + port: ${PORTALPREFS_PORT} + username: ${PORTALPREFS_USERNAME} + password: ${PORTALPREFS_PASSWORD} + +portal-prefs: + realm: ${KEYCLOAK_REALM} + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/main/resources/logback-spring.xml b/app/src/main/resources/logback-spring.xml new file mode 100644 index 0000000..05503bc --- /dev/null +++ b/app/src/main/resources/logback-spring.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration scan="true"> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>${LOGBACK_LEVEL:-info}</level> + </filter> + <encoder class="net.logstash.logback.encoder.LogstashEncoder"/> + </appender> + + <root level="all"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java new file mode 100644 index 0000000..7852c41 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java @@ -0,0 +1,163 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.tomakehurst.wiremock.client.WireMock; +import com.nimbusds.jose.jwk.JWKSet; +import org.onap.portal.prefs.util.IdTokenExchange; +import org.onap.portal.prefs.configuration.PortalPrefsConfig; +import io.restassured.RestAssured; +import io.restassured.filter.log.RequestLoggingFilter; +import io.restassured.filter.log.ResponseLoggingFilter; +import io.restassured.specification.RequestSpecification; +import io.vavr.collection.List; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock; +import org.springframework.http.MediaType; + +import java.util.UUID; + +/** Base class for all tests that has the common config including port, realm, logging and auth. */ +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@AutoConfigureWireMock(port = 0) +public abstract class BaseIntegrationTest { + +// @TestConfiguration +// public static class Config { +// @Bean +// WireMockConfigurationCustomizer optionsCustomizer() { +// return options -> options.extensions(new ResponseTemplateTransformer(true)); +// } +// } + + @LocalServerPort protected int port; + @Value("${portal-prefs.realm}") + protected String realm; + + @Autowired protected ObjectMapper objectMapper; + @Autowired private TokenGenerator tokenGenerator; + @Autowired protected PortalPrefsConfig portalPrefsConfig; + + @BeforeAll + public static void setup() { + RestAssured.filters(new RequestLoggingFilter(), new ResponseLoggingFilter()); + } + + /** Mocks the OIDC auth flow. */ + @BeforeEach + public void mockAuth() { + WireMock.reset(); + + WireMock.stubFor( + WireMock.get( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/certs", realm))) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", JWKSet.MIME_TYPE) + .withBody(tokenGenerator.getJwkSet().toString()))); + + final TokenGenerator.TokenGeneratorConfig config = + TokenGenerator.TokenGeneratorConfig.builder().port(port).realm(realm).sub("test-user").build(); + + WireMock.stubFor( + WireMock.post( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/token", realm))) + .withBasicAuth("test", "test") + .withRequestBody(WireMock.containing("grant_type=client_credentials")) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) + .withBody( + objectMapper + .createObjectNode() + .put("token_type", "bearer") + .put("access_token", tokenGenerator.generateToken(config)) + .put("expires_in", config.getExpireIn().getSeconds()) + .put("refresh_token", tokenGenerator.generateToken(config)) + .put("refresh_expires_in", config.getExpireIn().getSeconds()) + .put("not-before-policy", 0) + .put("session_state", UUID.randomUUID().toString()) + .put("scope", "email profile") + .toString()))); + } + + /** + * Builds an OAuth2 configuration including the roles, port and realm. This config can be used to + * generate OAuth2 access tokens. + * + * @param sub the userId + * @param roles the roles used for RBAC + * @return the OAuth2 configuration + */ + protected TokenGenerator.TokenGeneratorConfig getTokenGeneratorConfig(String sub, List<String> roles) { + return TokenGenerator.TokenGeneratorConfig.builder() + .port(port) + .sub(sub) + .realm(realm) + .roles(roles) + .build(); + } + + /** Get a RequestSpecification that does not have an Identity header. */ + protected RequestSpecification unauthenticatedRequestSpecification() { + return RestAssured.given().port(port); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the <code>onap_admin</code> role to the request. + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification() { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("test-user", List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the <code>onap_admin</code> role to the request. + * @param userId the userId that should be contained in the incoming request + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification(String userId) { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig(userId, List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java new file mode 100644 index 0000000..6883064 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java @@ -0,0 +1,130 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import java.time.Clock; +import java.time.Duration; +import java.time.Instant; +import java.util.Date; +import java.util.UUID; + +import com.nimbusds.jose.JOSEObjectType; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jose.jwk.JWKSet; +import com.nimbusds.jose.jwk.KeyUse; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jose.jwk.gen.RSAKeyGenerator; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import io.vavr.collection.List; +import lombok.Builder; +import lombok.Getter; +import lombok.NonNull; + +@Component +public class TokenGenerator { + + private static final String ROLES_CLAIM = "roles"; + private static final String USERID_CLAIM = "sub"; + + private final Clock clock; + private final RSAKey jwk; + private final JWKSet jwkSet; + private final JWSSigner signer; + + @Autowired + public TokenGenerator(Clock clock) { + try { + this.clock = clock; + jwk = + new RSAKeyGenerator(2048) + .keyUse(KeyUse.SIGNATURE) + .keyID(UUID.randomUUID().toString()) + .generate(); + jwkSet = new JWKSet(jwk); + signer = new RSASSASigner(jwk); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public JWKSet getJwkSet() { + return jwkSet; + } + + public String generateToken(TokenGeneratorConfig config) { + final Instant iat = clock.instant(); + final Instant exp = iat.plus(config.expireIn); + + final JWTClaimsSet claims = + new JWTClaimsSet.Builder() + .jwtID(UUID.randomUUID().toString()) + .subject(UUID.randomUUID().toString()) + .issuer(config.issuer()) + .issueTime(Date.from(iat)) + .expirationTime(Date.from(exp)) + .claim(ROLES_CLAIM, config.getRoles()) + .claim(USERID_CLAIM, config.getSub()) + .build(); + + final SignedJWT jwt = + new SignedJWT( + new JWSHeader.Builder(JWSAlgorithm.RS256) + .keyID(jwk.getKeyID()) + .type(JOSEObjectType.JWT) + .build(), + claims); + + try { + jwt.sign(signer); + } catch (Exception e) { + throw new RuntimeException(e); + } + + return jwt.serialize(); + } + + @Getter + @Builder + public static class TokenGeneratorConfig { + private final int port; + + @NonNull private final String sub; + + @NonNull private final String realm; + + @NonNull @Builder.Default private final Duration expireIn = Duration.ofMinutes(5); + + @Builder.Default private final List<String> roles = List.empty(); + + public String issuer() { + return String.format("http://localhost:%d/auth/realms/%s", port, realm); + } + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java new file mode 100644 index 0000000..95e9b2a --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java @@ -0,0 +1,48 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.actuator; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.onap.portal.prefs.BaseIntegrationTest; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.availability.ApplicationAvailability; +import org.springframework.boot.availability.LivenessState; +import org.springframework.boot.availability.ReadinessState; + +class ActuatorIntegrationTest extends BaseIntegrationTest { + + @Autowired private ApplicationAvailability applicationAvailability; + + @Test + void livenessProbeIsAvailable() { + assertThat(applicationAvailability.getLivenessState()).isEqualTo(LivenessState.CORRECT); + } + + @Test + void readinessProbeIsAvailable() { + + assertThat(applicationAvailability.getReadinessState()) + .isEqualTo(ReadinessState.ACCEPTING_TRAFFIC); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java new file mode 100644 index 0000000..b5f4cf1 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java @@ -0,0 +1,198 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.preferences; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; +import org.onap.portal.prefs.BaseIntegrationTest; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.services.PreferencesService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; + +import io.restassured.http.ContentType; +import io.restassured.http.Header; + +class PreferencesControllerIntegrationTest extends BaseIntegrationTest { + + protected static final String X_REQUEST_ID = "addf6005-3075-4c80-b7bc-2c70b7d42b57"; + + @Autowired + PreferencesService preferencesService; + + @Test + void thatUserPreferencesCanBeRetrieved() { + // First save a user preference before a GET can run + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", expectedResponse) + .block(); + + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeRetrieved() { + unauthenticatedRequestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.UNAUTHORIZED.value()); + } + + @Test + void thatUserPreferencesCanBeSaved() { + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .post("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanBeUpdated() { + // First save a user preference before a GET can run + Preferences initialPreferences = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", initialPreferences) + .block(); + + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value3\",\n" + + " \"dashboard\": {\"key2:\" : \"value4\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .put("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeFound() { + + Preferences actualResponse = requestSpecification("test-canNotBeFound") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(""); + } + + @Test + void thatUserPreferencesHasXRequestIdHeader() { + + String actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .header("X-Request-Id"); + + assertThat(actualResponse).isNotNull().isEqualTo(X_REQUEST_ID); + } + + @Test + void thatUserPreferencesHasNoXRequestIdHeader() { + + requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.BAD_REQUEST.value()); + + + } +} diff --git a/app/src/test/resources/application.yml b/app/src/test/resources/application.yml new file mode 100644 index 0000000..3316c0d --- /dev/null +++ b/app/src/test/resources/application.yml @@ -0,0 +1,35 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + mongodb: + embedded: + version: 3.2.8 + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: http://localhost:${wiremock.server.port}/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint + +portal-prefs: + realm: ONAP + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/test/resources/logback-spring.xml b/app/src/test/resources/logback-spring.xml new file mode 100644 index 0000000..05503bc --- /dev/null +++ b/app/src/test/resources/logback-spring.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration scan="true"> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>${LOGBACK_LEVEL:-info}</level> + </filter> + <encoder class="net.logstash.logback.encoder.LogstashEncoder"/> + </appender> + + <root level="all"> + <appender-ref ref="stdout"/> + </root> +</configuration> |