From a29488d0f476eae0a7821026ded3cf538256757b Mon Sep 17 00:00:00 2001 From: Fiete Ostkamp Date: Fri, 14 Apr 2023 11:39:12 +0000 Subject: Upload preferences Issue-ID: PORTAL-1082 Signed-off-by: Fiete Ostkamp Change-Id: I265e0c8be481a279347aa653acc483c5017c996d --- .../org/onap/portal/prefs/BaseIntegrationTest.java | 163 +++++++++++++++++ .../java/org/onap/portal/prefs/TokenGenerator.java | 130 ++++++++++++++ .../prefs/actuator/ActuatorIntegrationTest.java | 48 +++++ .../PreferencesControllerIntegrationTest.java | 198 +++++++++++++++++++++ 4 files changed, 539 insertions(+) create mode 100644 app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java create mode 100644 app/src/test/java/org/onap/portal/prefs/TokenGenerator.java create mode 100644 app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java create mode 100644 app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java (limited to 'app/src/test/java/org/onap') diff --git a/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java new file mode 100644 index 0000000..7852c41 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java @@ -0,0 +1,163 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.tomakehurst.wiremock.client.WireMock; +import com.nimbusds.jose.jwk.JWKSet; +import org.onap.portal.prefs.util.IdTokenExchange; +import org.onap.portal.prefs.configuration.PortalPrefsConfig; +import io.restassured.RestAssured; +import io.restassured.filter.log.RequestLoggingFilter; +import io.restassured.filter.log.ResponseLoggingFilter; +import io.restassured.specification.RequestSpecification; +import io.vavr.collection.List; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock; +import org.springframework.http.MediaType; + +import java.util.UUID; + +/** Base class for all tests that has the common config including port, realm, logging and auth. */ +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@AutoConfigureWireMock(port = 0) +public abstract class BaseIntegrationTest { + +// @TestConfiguration +// public static class Config { +// @Bean +// WireMockConfigurationCustomizer optionsCustomizer() { +// return options -> options.extensions(new ResponseTemplateTransformer(true)); +// } +// } + + @LocalServerPort protected int port; + @Value("${portal-prefs.realm}") + protected String realm; + + @Autowired protected ObjectMapper objectMapper; + @Autowired private TokenGenerator tokenGenerator; + @Autowired protected PortalPrefsConfig portalPrefsConfig; + + @BeforeAll + public static void setup() { + RestAssured.filters(new RequestLoggingFilter(), new ResponseLoggingFilter()); + } + + /** Mocks the OIDC auth flow. */ + @BeforeEach + public void mockAuth() { + WireMock.reset(); + + WireMock.stubFor( + WireMock.get( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/certs", realm))) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", JWKSet.MIME_TYPE) + .withBody(tokenGenerator.getJwkSet().toString()))); + + final TokenGenerator.TokenGeneratorConfig config = + TokenGenerator.TokenGeneratorConfig.builder().port(port).realm(realm).sub("test-user").build(); + + WireMock.stubFor( + WireMock.post( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/token", realm))) + .withBasicAuth("test", "test") + .withRequestBody(WireMock.containing("grant_type=client_credentials")) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) + .withBody( + objectMapper + .createObjectNode() + .put("token_type", "bearer") + .put("access_token", tokenGenerator.generateToken(config)) + .put("expires_in", config.getExpireIn().getSeconds()) + .put("refresh_token", tokenGenerator.generateToken(config)) + .put("refresh_expires_in", config.getExpireIn().getSeconds()) + .put("not-before-policy", 0) + .put("session_state", UUID.randomUUID().toString()) + .put("scope", "email profile") + .toString()))); + } + + /** + * Builds an OAuth2 configuration including the roles, port and realm. This config can be used to + * generate OAuth2 access tokens. + * + * @param sub the userId + * @param roles the roles used for RBAC + * @return the OAuth2 configuration + */ + protected TokenGenerator.TokenGeneratorConfig getTokenGeneratorConfig(String sub, List roles) { + return TokenGenerator.TokenGeneratorConfig.builder() + .port(port) + .sub(sub) + .realm(realm) + .roles(roles) + .build(); + } + + /** Get a RequestSpecification that does not have an Identity header. */ + protected RequestSpecification unauthenticatedRequestSpecification() { + return RestAssured.given().port(port); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the onap_admin role to the request. + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification() { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("test-user", List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the onap_admin role to the request. + * @param userId the userId that should be contained in the incoming request + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification(String userId) { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig(userId, List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java new file mode 100644 index 0000000..6883064 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java @@ -0,0 +1,130 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import java.time.Clock; +import java.time.Duration; +import java.time.Instant; +import java.util.Date; +import java.util.UUID; + +import com.nimbusds.jose.JOSEObjectType; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jose.jwk.JWKSet; +import com.nimbusds.jose.jwk.KeyUse; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jose.jwk.gen.RSAKeyGenerator; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import io.vavr.collection.List; +import lombok.Builder; +import lombok.Getter; +import lombok.NonNull; + +@Component +public class TokenGenerator { + + private static final String ROLES_CLAIM = "roles"; + private static final String USERID_CLAIM = "sub"; + + private final Clock clock; + private final RSAKey jwk; + private final JWKSet jwkSet; + private final JWSSigner signer; + + @Autowired + public TokenGenerator(Clock clock) { + try { + this.clock = clock; + jwk = + new RSAKeyGenerator(2048) + .keyUse(KeyUse.SIGNATURE) + .keyID(UUID.randomUUID().toString()) + .generate(); + jwkSet = new JWKSet(jwk); + signer = new RSASSASigner(jwk); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public JWKSet getJwkSet() { + return jwkSet; + } + + public String generateToken(TokenGeneratorConfig config) { + final Instant iat = clock.instant(); + final Instant exp = iat.plus(config.expireIn); + + final JWTClaimsSet claims = + new JWTClaimsSet.Builder() + .jwtID(UUID.randomUUID().toString()) + .subject(UUID.randomUUID().toString()) + .issuer(config.issuer()) + .issueTime(Date.from(iat)) + .expirationTime(Date.from(exp)) + .claim(ROLES_CLAIM, config.getRoles()) + .claim(USERID_CLAIM, config.getSub()) + .build(); + + final SignedJWT jwt = + new SignedJWT( + new JWSHeader.Builder(JWSAlgorithm.RS256) + .keyID(jwk.getKeyID()) + .type(JOSEObjectType.JWT) + .build(), + claims); + + try { + jwt.sign(signer); + } catch (Exception e) { + throw new RuntimeException(e); + } + + return jwt.serialize(); + } + + @Getter + @Builder + public static class TokenGeneratorConfig { + private final int port; + + @NonNull private final String sub; + + @NonNull private final String realm; + + @NonNull @Builder.Default private final Duration expireIn = Duration.ofMinutes(5); + + @Builder.Default private final List roles = List.empty(); + + public String issuer() { + return String.format("http://localhost:%d/auth/realms/%s", port, realm); + } + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java new file mode 100644 index 0000000..95e9b2a --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java @@ -0,0 +1,48 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.actuator; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.onap.portal.prefs.BaseIntegrationTest; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.availability.ApplicationAvailability; +import org.springframework.boot.availability.LivenessState; +import org.springframework.boot.availability.ReadinessState; + +class ActuatorIntegrationTest extends BaseIntegrationTest { + + @Autowired private ApplicationAvailability applicationAvailability; + + @Test + void livenessProbeIsAvailable() { + assertThat(applicationAvailability.getLivenessState()).isEqualTo(LivenessState.CORRECT); + } + + @Test + void readinessProbeIsAvailable() { + + assertThat(applicationAvailability.getReadinessState()) + .isEqualTo(ReadinessState.ACCEPTING_TRAFFIC); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java new file mode 100644 index 0000000..b5f4cf1 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java @@ -0,0 +1,198 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.preferences; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; +import org.onap.portal.prefs.BaseIntegrationTest; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.services.PreferencesService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; + +import io.restassured.http.ContentType; +import io.restassured.http.Header; + +class PreferencesControllerIntegrationTest extends BaseIntegrationTest { + + protected static final String X_REQUEST_ID = "addf6005-3075-4c80-b7bc-2c70b7d42b57"; + + @Autowired + PreferencesService preferencesService; + + @Test + void thatUserPreferencesCanBeRetrieved() { + // First save a user preference before a GET can run + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", expectedResponse) + .block(); + + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeRetrieved() { + unauthenticatedRequestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.UNAUTHORIZED.value()); + } + + @Test + void thatUserPreferencesCanBeSaved() { + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .post("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanBeUpdated() { + // First save a user preference before a GET can run + Preferences initialPreferences = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", initialPreferences) + .block(); + + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value3\",\n" + + " \"dashboard\": {\"key2:\" : \"value4\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .put("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeFound() { + + Preferences actualResponse = requestSpecification("test-canNotBeFound") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(""); + } + + @Test + void thatUserPreferencesHasXRequestIdHeader() { + + String actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .header("X-Request-Id"); + + assertThat(actualResponse).isNotNull().isEqualTo(X_REQUEST_ID); + } + + @Test + void thatUserPreferencesHasNoXRequestIdHeader() { + + requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.BAD_REQUEST.value()); + + + } +} -- cgit 1.2.3-korg