From a29488d0f476eae0a7821026ded3cf538256757b Mon Sep 17 00:00:00 2001 From: Fiete Ostkamp Date: Fri, 14 Apr 2023 11:39:12 +0000 Subject: Upload preferences Issue-ID: PORTAL-1082 Signed-off-by: Fiete Ostkamp Change-Id: I265e0c8be481a279347aa653acc483c5017c996d --- app/LICENSE | 201 +++++++++++++++++++++ app/LICENSE_HEADER | 20 ++ app/build.gradle | 109 +++++++++++ .../onap/portal/prefs/PortalPrefsApplication.java | 37 ++++ .../portal/prefs/configuration/BeansConfig.java | 35 ++++ .../portal/prefs/configuration/LogInterceptor.java | 59 ++++++ .../prefs/configuration/PortalPrefsConfig.java | 39 ++++ .../portal/prefs/configuration/SecurityConfig.java | 53 ++++++ .../prefs/controller/PreferencesController.java | 88 +++++++++ .../onap/portal/prefs/entities/PreferencesDto.java | 39 ++++ .../portal/prefs/exception/ProblemException.java | 53 ++++++ .../prefs/repository/PreferencesRepository.java | 28 +++ .../portal/prefs/services/PreferencesService.java | 80 ++++++++ .../onap/portal/prefs/util/IdTokenExchange.java | 91 ++++++++++ .../java/org/onap/portal/prefs/util/Logger.java | 58 ++++++ app/src/main/resources/application-local.yml | 39 ++++ app/src/main/resources/application.yml | 39 ++++ app/src/main/resources/logback-spring.xml | 13 ++ .../org/onap/portal/prefs/BaseIntegrationTest.java | 163 +++++++++++++++++ .../java/org/onap/portal/prefs/TokenGenerator.java | 130 +++++++++++++ .../prefs/actuator/ActuatorIntegrationTest.java | 48 +++++ .../PreferencesControllerIntegrationTest.java | 198 ++++++++++++++++++++ app/src/test/resources/application.yml | 35 ++++ app/src/test/resources/logback-spring.xml | 13 ++ 24 files changed, 1668 insertions(+) create mode 100644 app/LICENSE create mode 100644 app/LICENSE_HEADER create mode 100644 app/build.gradle create mode 100644 app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java create mode 100644 app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java create mode 100644 app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java create mode 100644 app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java create mode 100644 app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java create mode 100644 app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java create mode 100644 app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java create mode 100644 app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java create mode 100644 app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java create mode 100644 app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java create mode 100644 app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java create mode 100644 app/src/main/java/org/onap/portal/prefs/util/Logger.java create mode 100644 app/src/main/resources/application-local.yml create mode 100644 app/src/main/resources/application.yml create mode 100644 app/src/main/resources/logback-spring.xml create mode 100644 app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java create mode 100644 app/src/test/java/org/onap/portal/prefs/TokenGenerator.java create mode 100644 app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java create mode 100644 app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java create mode 100644 app/src/test/resources/application.yml create mode 100644 app/src/test/resources/logback-spring.xml (limited to 'app') diff --git a/app/LICENSE b/app/LICENSE new file mode 100644 index 0000000..abe3069 --- /dev/null +++ b/app/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2021 TNAP / development / system-team + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/app/LICENSE_HEADER b/app/LICENSE_HEADER new file mode 100644 index 0000000..66e028a --- /dev/null +++ b/app/LICENSE_HEADER @@ -0,0 +1,20 @@ +/* + * + * Copyright (c) ${year}. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ diff --git a/app/build.gradle b/app/build.gradle new file mode 100644 index 0000000..1551d9e --- /dev/null +++ b/app/build.gradle @@ -0,0 +1,109 @@ +plugins { + id 'java' + id 'idea' + id 'application' + id 'io.spring.dependency-management' + id 'org.springframework.boot' + id 'jacoco' + id 'org.sonarqube' + id 'com.gorylenko.gradle-git-properties' +} + +group = 'org.onap' +version = '0.1.1' +sourceCompatibility = '17' +targetCompatibility = '17' + +application { + mainClass = 'org.onap.portal.prefs.PortalPrefsApplication' +} + +configurations { + compileOnly { + extendsFrom annotationProcessor + } + + // avoid "LoggerFactory is not a Logback LoggerContext but Logback is on the classpath" error + all*.exclude module : 'logback-classic' +} + +repositories { + mavenCentral() + maven { + url "https://plugins.gradle.org/m2/" + } +} + +ext { + vavrVersion = '0.10.4' + problemVersion = '0.27.1' + logstashLogbackVersion = '7.2' + embedMongoVersion = '3.2.8' + embedMongoIntegrationVersion = '1.1.0-spring27x' + springCloudWiremockVersion = '3.1.0' +} + +dependencies { + implementation project(':openapi') + implementation 'org.springframework.boot:spring-boot-starter-actuator' + implementation 'org.springframework.boot:spring-boot-starter-data-mongodb-reactive' + implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server' + implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'org.springframework.boot:spring-boot-starter-webflux' + implementation 'org.springframework.boot:spring-boot-starter-validation' + implementation "io.vavr:vavr:$vavrVersion" + implementation "org.zalando:problem:$problemVersion" + implementation "net.logstash.logback:logstash-logback-encoder:$logstashLogbackVersion" + + compileOnly 'org.projectlombok:lombok' + + developmentOnly 'org.springframework.boot:spring-boot-devtools' + + annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor' + annotationProcessor 'org.projectlombok:lombok' + + testImplementation 'org.springframework.boot:spring-boot-starter-test' + testImplementation 'io.projectreactor:reactor-test' + testImplementation 'io.rest-assured:rest-assured' + testImplementation "org.springframework.cloud:spring-cloud-contract-wiremock:$springCloudWiremockVersion" + testImplementation "de.flapdoodle.embed:de.flapdoodle.embed.mongo:$embedMongoVersion" + testImplementation "de.flapdoodle.embed:de.flapdoodle.embed.mongo.spring:$embedMongoIntegrationVersion" + testCompileOnly 'org.projectlombok:lombok' + testAnnotationProcessor 'org.projectlombok:lombok' +} + +test { + useJUnitPlatform() + finalizedBy(jacocoTestReport) +} + +jacocoTestReport { + reports { + xml.enabled true + } +} + +sonarqube { + properties { + property "sonar.projectKey", "tnap.SONAR.portal.portal-prefs" + property "sonar.projectName", "portal-prefs" + } +} + +configurations.implementation.setCanBeResolved(true) + +// avoid generating X.X.X-plain.jar +jar { + enabled = false +} + +springBoot { + buildInfo { + properties { + artifact = "onap-portal-prefs" + version = rootProject.file('version').text.trim() + group = "org.onap" + name = "Portal user preferences service" + } + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java new file mode 100644 index 0000000..092c533 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java @@ -0,0 +1,37 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import org.onap.portal.prefs.configuration.PortalPrefsConfig; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.context.properties.EnableConfigurationProperties; + +@EnableConfigurationProperties(PortalPrefsConfig.class) +@SpringBootApplication +public class PortalPrefsApplication { + + public static void main(String[] args) { + SpringApplication.run(PortalPrefsApplication.class, args); + } + +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java new file mode 100644 index 0000000..77ef7f0 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java @@ -0,0 +1,35 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.time.Clock; + +@Configuration +public class BeansConfig { + @Bean + Clock clock() { + return Clock.systemUTC(); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java new file mode 100644 index 0000000..b653fe3 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java @@ -0,0 +1,59 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.onap.portal.prefs.util.Logger; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.reactive.ServerWebExchangeContextFilter; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import reactor.core.publisher.Mono; + +import java.util.List; + +@Component +public class LogInterceptor implements WebFilter { + public static final String EXCHANGE_CONTEXT_ATTRIBUTE = + ServerWebExchangeContextFilter.class.getName() + ".EXCHANGE_CONTEXT"; + + public static final String X_REQUEST_ID = "X-Request-Id"; + + @Override + public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { + List xRequestIdList = exchange.getRequest().getHeaders().get(X_REQUEST_ID); + if (xRequestIdList != null && !xRequestIdList.isEmpty()) { + String xRequestId = xRequestIdList.get(0); + Logger.requestLog( + xRequestId, exchange.getRequest().getMethod(), exchange.getRequest().getURI()); + exchange.getResponse().getHeaders().add(X_REQUEST_ID, xRequestId); + exchange.getResponse().beforeCommit(() -> { + Logger.responseLog(xRequestId,exchange.getResponse().getStatusCode()); + return Mono.empty(); + }); + } + + return chain + .filter(exchange) + .contextWrite(cxt -> cxt.put(EXCHANGE_CONTEXT_ATTRIBUTE, exchange)); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java new file mode 100644 index 0000000..3c03673 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java @@ -0,0 +1,39 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import javax.validation.constraints.NotBlank; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.ConstructorBinding; + +import lombok.Data; + +@Data +@ConstructorBinding +@ConfigurationProperties("portal-prefs") +public class PortalPrefsConfig { + + @NotBlank + private final String realm; + +} diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java new file mode 100644 index 0000000..531e90b --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java @@ -0,0 +1,53 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + +/** + * Configures the access control of the API endpoints. + */ +// https://hantsy.github.io/spring-reactive-sample/security/config.html +@EnableWebFluxSecurity +@Configuration +public class SecurityConfig { + + @Bean + public SecurityWebFilterChain springSecurityWebFilterChain(ServerHttpSecurity http) { + return http.httpBasic().disable() + .formLogin().disable() + .csrf().disable() + .cors() + .and() + .authorizeExchange() + .pathMatchers(HttpMethod.GET, "/actuator/**").permitAll() + .anyExchange().authenticated() + .and() + .oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt) + .build(); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java new file mode 100644 index 0000000..584b3b4 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java @@ -0,0 +1,88 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.controller; + + +import javax.validation.Valid; + +import org.onap.portal.prefs.exception.ProblemException; +import org.onap.portal.prefs.openapi.api.PreferencesApi; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.services.PreferencesService; +import org.onap.portal.prefs.util.IdTokenExchange; +import org.onap.portal.prefs.util.Logger; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.server.ServerWebExchange; + +import reactor.core.publisher.Mono; + +@RestController +public class PreferencesController implements PreferencesApi { + + + private final PreferencesService preferencesService; + + public PreferencesController(PreferencesService getPreferences){ + this.preferencesService = getPreferences; + } + + @Override + public Mono> getPreferences(String xRequestId, ServerWebExchange exchange) { + return IdTokenExchange + .extractUserId(exchange) + .flatMap(userid -> + preferencesService.getPreferences(userid) + .map(ResponseEntity::ok)) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" ); + return Mono.error(ex); + }) + .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST)); + + } + + @Override + public Mono> savePreferences(String xRequestId, @Valid Mono preferences, + ServerWebExchange exchange) { + return IdTokenExchange + .extractUserId(exchange) + .flatMap(userid -> + preferences + .flatMap( pref -> + preferencesService + .savePreferences(xRequestId, userid, pref))) + .map( ResponseEntity::ok) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" ); + return Mono.error(ex); + }) + .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST)); + } + + @Override + public Mono> updatePreferences(String xRequestId, @Valid Mono preferences, ServerWebExchange exchange) { + return savePreferences(xRequestId, preferences, exchange); + } + +} diff --git a/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java new file mode 100644 index 0000000..45616a9 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java @@ -0,0 +1,39 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.entities; + +import lombok.Getter; +import lombok.Setter; +import org.springframework.data.annotation.Id; +import org.springframework.data.mongodb.core.mapping.Document; + +@Document +@Getter +@Setter +public class PreferencesDto { + @Id + private String userId; + + private Object properties; + +} + diff --git a/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java new file mode 100644 index 0000000..b9d2a3d --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java @@ -0,0 +1,53 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.exception; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; +import org.zalando.problem.AbstractThrowableProblem; +import org.zalando.problem.Problem; +import org.zalando.problem.Status; +import org.zalando.problem.StatusType; + +import java.net.URI; + +/** The default portal-prefs exception */ +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +@EqualsAndHashCode(callSuper = true) +public class ProblemException extends AbstractThrowableProblem { + @Builder.Default private final URI type = Problem.DEFAULT_TYPE; + + @Builder.Default private final String title = "Bad preferences error"; + + @Builder.Default private final StatusType status = Status.BAD_REQUEST; + + @Builder.Default private final String detail = "Please add more details here"; + + @Builder.Default private final URI instance = null; + +} diff --git a/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java new file mode 100644 index 0000000..461ee1d --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java @@ -0,0 +1,28 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.repository; + +import org.onap.portal.prefs.entities.PreferencesDto; +import org.springframework.data.mongodb.repository.ReactiveMongoRepository; + +public interface PreferencesRepository extends ReactiveMongoRepository { +} diff --git a/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java new file mode 100644 index 0000000..f96dfea --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java @@ -0,0 +1,80 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.services; + +import org.onap.portal.prefs.entities.PreferencesDto; +import org.onap.portal.prefs.exception.ProblemException; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.repository.PreferencesRepository; +import org.onap.portal.prefs.util.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import reactor.core.publisher.Mono; + +@Service +public class PreferencesService { + + @Autowired + private PreferencesRepository repository; + + public Mono getPreferences(String userId){ + return repository + .findById(userId) + .switchIfEmpty(defaultPreferences()) + .map(this::toPreferences); + } + + public Mono savePreferences( String xRequestId, String userId, Preferences preferences){ + + var preferencesDto = new PreferencesDto(); + preferencesDto.setUserId(userId); + preferencesDto.setProperties(preferences.getProperties()); + + return repository + .save(preferencesDto) + .map(this::toPreferences) + .onErrorResume(ProblemException.class, ex -> { + Logger.errorLog(xRequestId,"user prefrences", userId, "portal-prefs" ); + return Mono.error(ex); + }); + + } + + private Preferences toPreferences(PreferencesDto preferencesDto) { + var preferences = new Preferences(); + preferences.setProperties(preferencesDto.getProperties()); + return preferences; + } + + /** + * Get a Preferences object that is initialised with an empty string. + * This is a) for convenience to not handle 404 on the consuming side and + * b) for security reasons + * @return PreferencesDto + */ + private Mono defaultPreferences() { + var preferencesDto = new PreferencesDto(); + preferencesDto.setProperties(""); + return Mono.just(preferencesDto); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java new file mode 100644 index 0000000..20f1581 --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java @@ -0,0 +1,91 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.util; + +import com.nimbusds.jwt.JWTParser; +import io.vavr.control.Option; +import io.vavr.control.Try; +import org.springframework.web.server.ServerWebExchange; +import org.zalando.problem.Problem; +import org.zalando.problem.Status; +import reactor.core.publisher.Mono; + +/** + * Represents a function that handles the JWT identity token. + * Use this to check if the incoming requests are authorized to call the given endpoint + */ + +public final class IdTokenExchange { + + public static final String X_AUTH_IDENTITY_HEADER = "X-Auth-Identity"; + public static final String JWT_CLAIM_USERID = "sub"; + + private IdTokenExchange(){ + + } + + /** + * Extract the identity header from the given {@link ServerWebExchange}. + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the identity header in the form of Bearer {@literal } + */ + private static Mono extractIdentityHeader(ServerWebExchange exchange) { + return io.vavr.collection.List.ofAll( + exchange.getRequest().getHeaders().getOrEmpty(X_AUTH_IDENTITY_HEADER)) + .headOption() + .map(Mono::just) + .getOrElse(Mono.error(Problem.valueOf(Status.FORBIDDEN, "ID token is missing"))); + } + + /** + * Extract the identity token from the given {@link ServerWebExchange}. + * @see OpenId Connect ID Token + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the identity token that contains user roles + */ + private static Mono extractIdToken(ServerWebExchange exchange) { + return extractIdentityHeader(exchange) + .map(identityHeader -> identityHeader.replace("Bearer ", "")); + } + + /** + * Extract the userId from the given {@link ServerWebExchange} + * @param exchange the ServerWebExchange that contains information about the incoming request + * @return the id of the user + */ + public static Mono extractUserId(ServerWebExchange exchange) { + return extractIdToken(exchange) + .flatMap( + idToken -> + Try.of(() -> JWTParser.parse(idToken)) + .mapTry(jwt -> Option.of(jwt.getJWTClaimsSet())) + .map( + optionJwtClaimSet -> + optionJwtClaimSet + .flatMap( + jwtClaimSet -> + Option.of(jwtClaimSet.getClaim(JWT_CLAIM_USERID))) + .map(String.class::cast) + .map( Mono::just).get()) + .getOrElseGet(Mono::error)); + } +} diff --git a/app/src/main/java/org/onap/portal/prefs/util/Logger.java b/app/src/main/java/org/onap/portal/prefs/util/Logger.java new file mode 100644 index 0000000..4f4ac6c --- /dev/null +++ b/app/src/main/java/org/onap/portal/prefs/util/Logger.java @@ -0,0 +1,58 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.util; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; + +import java.net.URI; + +@Slf4j +public class Logger { + + private Logger(){} + + public static void requestLog(String xRequestId, HttpMethod methode, URI path) { + log.info("Portal-prefs - request - X-Request-Id {} {} {}", xRequestId, methode, path); + } + + public static void responseLog(String xRequestId, HttpStatus code) { + log.info("Portal-prefs - response - X-Request-Id {} {}", xRequestId, code); + } + + public static void errorLog(String xRequestId, String msg, String id, String app) { + log.info( + "Portal-prefs - error - X-Request-Id {} {} {} not found in {}", xRequestId, msg, id, app); + } + + public static void errorLog( + String xRequestId, String msg, String id, String app, String errorDetails) { + log.info( + "Portal-prefs - error - X-Request-Id {} {} {} not found in {} error message: {}", + xRequestId, + msg, + id, + app, + errorDetails); + } +} diff --git a/app/src/main/resources/application-local.yml b/app/src/main/resources/application-local.yml new file mode 100644 index 0000000..71fe8db --- /dev/null +++ b/app/src/main/resources/application-local.yml @@ -0,0 +1,39 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: http://localhost:8080/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint + data: + mongodb: + database: portal_prefs + host: localhost + port: 27017 + username: root + password: password + +portal-prefs: + realm: ONAP + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml new file mode 100644 index 0000000..eb5b313 --- /dev/null +++ b/app/src/main/resources/application.yml @@ -0,0 +1,39 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: ${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs #Keycloak Endpoint + data: + mongodb: + database: ${PORTALPREFS_DATABASE} + host: ${PORTALPREFS_HOST} + port: ${PORTALPREFS_PORT} + username: ${PORTALPREFS_USERNAME} + password: ${PORTALPREFS_PASSWORD} + +portal-prefs: + realm: ${KEYCLOAK_REALM} + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/main/resources/logback-spring.xml b/app/src/main/resources/logback-spring.xml new file mode 100644 index 0000000..05503bc --- /dev/null +++ b/app/src/main/resources/logback-spring.xml @@ -0,0 +1,13 @@ + + + + + ${LOGBACK_LEVEL:-info} + + + + + + + + diff --git a/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java new file mode 100644 index 0000000..7852c41 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java @@ -0,0 +1,163 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.tomakehurst.wiremock.client.WireMock; +import com.nimbusds.jose.jwk.JWKSet; +import org.onap.portal.prefs.util.IdTokenExchange; +import org.onap.portal.prefs.configuration.PortalPrefsConfig; +import io.restassured.RestAssured; +import io.restassured.filter.log.RequestLoggingFilter; +import io.restassured.filter.log.ResponseLoggingFilter; +import io.restassured.specification.RequestSpecification; +import io.vavr.collection.List; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock; +import org.springframework.http.MediaType; + +import java.util.UUID; + +/** Base class for all tests that has the common config including port, realm, logging and auth. */ +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@AutoConfigureWireMock(port = 0) +public abstract class BaseIntegrationTest { + +// @TestConfiguration +// public static class Config { +// @Bean +// WireMockConfigurationCustomizer optionsCustomizer() { +// return options -> options.extensions(new ResponseTemplateTransformer(true)); +// } +// } + + @LocalServerPort protected int port; + @Value("${portal-prefs.realm}") + protected String realm; + + @Autowired protected ObjectMapper objectMapper; + @Autowired private TokenGenerator tokenGenerator; + @Autowired protected PortalPrefsConfig portalPrefsConfig; + + @BeforeAll + public static void setup() { + RestAssured.filters(new RequestLoggingFilter(), new ResponseLoggingFilter()); + } + + /** Mocks the OIDC auth flow. */ + @BeforeEach + public void mockAuth() { + WireMock.reset(); + + WireMock.stubFor( + WireMock.get( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/certs", realm))) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", JWKSet.MIME_TYPE) + .withBody(tokenGenerator.getJwkSet().toString()))); + + final TokenGenerator.TokenGeneratorConfig config = + TokenGenerator.TokenGeneratorConfig.builder().port(port).realm(realm).sub("test-user").build(); + + WireMock.stubFor( + WireMock.post( + WireMock.urlMatching( + String.format("/auth/realms/%s/protocol/openid-connect/token", realm))) + .withBasicAuth("test", "test") + .withRequestBody(WireMock.containing("grant_type=client_credentials")) + .willReturn( + WireMock.aResponse() + .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE) + .withBody( + objectMapper + .createObjectNode() + .put("token_type", "bearer") + .put("access_token", tokenGenerator.generateToken(config)) + .put("expires_in", config.getExpireIn().getSeconds()) + .put("refresh_token", tokenGenerator.generateToken(config)) + .put("refresh_expires_in", config.getExpireIn().getSeconds()) + .put("not-before-policy", 0) + .put("session_state", UUID.randomUUID().toString()) + .put("scope", "email profile") + .toString()))); + } + + /** + * Builds an OAuth2 configuration including the roles, port and realm. This config can be used to + * generate OAuth2 access tokens. + * + * @param sub the userId + * @param roles the roles used for RBAC + * @return the OAuth2 configuration + */ + protected TokenGenerator.TokenGeneratorConfig getTokenGeneratorConfig(String sub, List roles) { + return TokenGenerator.TokenGeneratorConfig.builder() + .port(port) + .sub(sub) + .realm(realm) + .roles(roles) + .build(); + } + + /** Get a RequestSpecification that does not have an Identity header. */ + protected RequestSpecification unauthenticatedRequestSpecification() { + return RestAssured.given().port(port); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the onap_admin role to the request. + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification() { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("test-user", List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } + + /** + * Object to store common attributes of requests that are going to be made. Adds an Identity + * header for the onap_admin role to the request. + * @param userId the userId that should be contained in the incoming request + * @return the definition of the incoming request (northbound) + */ + protected RequestSpecification requestSpecification(String userId) { + final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig(userId, List.of("foo"))); + + return unauthenticatedRequestSpecification() + .auth() + .preemptive() + .oauth2(idToken) + .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java new file mode 100644 index 0000000..6883064 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java @@ -0,0 +1,130 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs; + +import java.time.Clock; +import java.time.Duration; +import java.time.Instant; +import java.util.Date; +import java.util.UUID; + +import com.nimbusds.jose.JOSEObjectType; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jose.jwk.JWKSet; +import com.nimbusds.jose.jwk.KeyUse; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jose.jwk.gen.RSAKeyGenerator; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import io.vavr.collection.List; +import lombok.Builder; +import lombok.Getter; +import lombok.NonNull; + +@Component +public class TokenGenerator { + + private static final String ROLES_CLAIM = "roles"; + private static final String USERID_CLAIM = "sub"; + + private final Clock clock; + private final RSAKey jwk; + private final JWKSet jwkSet; + private final JWSSigner signer; + + @Autowired + public TokenGenerator(Clock clock) { + try { + this.clock = clock; + jwk = + new RSAKeyGenerator(2048) + .keyUse(KeyUse.SIGNATURE) + .keyID(UUID.randomUUID().toString()) + .generate(); + jwkSet = new JWKSet(jwk); + signer = new RSASSASigner(jwk); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public JWKSet getJwkSet() { + return jwkSet; + } + + public String generateToken(TokenGeneratorConfig config) { + final Instant iat = clock.instant(); + final Instant exp = iat.plus(config.expireIn); + + final JWTClaimsSet claims = + new JWTClaimsSet.Builder() + .jwtID(UUID.randomUUID().toString()) + .subject(UUID.randomUUID().toString()) + .issuer(config.issuer()) + .issueTime(Date.from(iat)) + .expirationTime(Date.from(exp)) + .claim(ROLES_CLAIM, config.getRoles()) + .claim(USERID_CLAIM, config.getSub()) + .build(); + + final SignedJWT jwt = + new SignedJWT( + new JWSHeader.Builder(JWSAlgorithm.RS256) + .keyID(jwk.getKeyID()) + .type(JOSEObjectType.JWT) + .build(), + claims); + + try { + jwt.sign(signer); + } catch (Exception e) { + throw new RuntimeException(e); + } + + return jwt.serialize(); + } + + @Getter + @Builder + public static class TokenGeneratorConfig { + private final int port; + + @NonNull private final String sub; + + @NonNull private final String realm; + + @NonNull @Builder.Default private final Duration expireIn = Duration.ofMinutes(5); + + @Builder.Default private final List roles = List.empty(); + + public String issuer() { + return String.format("http://localhost:%d/auth/realms/%s", port, realm); + } + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java new file mode 100644 index 0000000..95e9b2a --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java @@ -0,0 +1,48 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.actuator; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.onap.portal.prefs.BaseIntegrationTest; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.availability.ApplicationAvailability; +import org.springframework.boot.availability.LivenessState; +import org.springframework.boot.availability.ReadinessState; + +class ActuatorIntegrationTest extends BaseIntegrationTest { + + @Autowired private ApplicationAvailability applicationAvailability; + + @Test + void livenessProbeIsAvailable() { + assertThat(applicationAvailability.getLivenessState()).isEqualTo(LivenessState.CORRECT); + } + + @Test + void readinessProbeIsAvailable() { + + assertThat(applicationAvailability.getReadinessState()) + .isEqualTo(ReadinessState.ACCEPTING_TRAFFIC); + } +} diff --git a/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java new file mode 100644 index 0000000..b5f4cf1 --- /dev/null +++ b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java @@ -0,0 +1,198 @@ +/* + * + * Copyright (c) 2022. Deutsche Telekom AG + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * + * + */ + +package org.onap.portal.prefs.preferences; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; +import org.onap.portal.prefs.BaseIntegrationTest; +import org.onap.portal.prefs.openapi.model.Preferences; +import org.onap.portal.prefs.services.PreferencesService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; + +import io.restassured.http.ContentType; +import io.restassured.http.Header; + +class PreferencesControllerIntegrationTest extends BaseIntegrationTest { + + protected static final String X_REQUEST_ID = "addf6005-3075-4c80-b7bc-2c70b7d42b57"; + + @Autowired + PreferencesService preferencesService; + + @Test + void thatUserPreferencesCanBeRetrieved() { + // First save a user preference before a GET can run + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", expectedResponse) + .block(); + + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeRetrieved() { + unauthenticatedRequestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.UNAUTHORIZED.value()); + } + + @Test + void thatUserPreferencesCanBeSaved() { + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification() + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .post("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanBeUpdated() { + // First save a user preference before a GET can run + Preferences initialPreferences = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value1\",\n" + + " \"dashboard\": {\"key1:\" : \"value2\"}\n" + + " } \n" + + "}"); + preferencesService + .savePreferences(X_REQUEST_ID,"test-user", initialPreferences) + .block(); + + Preferences expectedResponse = new Preferences() + .properties("{\n" + + " \"properties\": { \"appStarter\": \"value3\",\n" + + " \"dashboard\": {\"key2:\" : \"value4\"}\n" + + " } \n" + + "}"); + Preferences actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .contentType(ContentType.JSON) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .body(expectedResponse) + .when() + .put("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties()); + } + + @Test + void thatUserPreferencesCanNotBeFound() { + + Preferences actualResponse = requestSpecification("test-canNotBeFound") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .body() + .as(Preferences.class); + + assertThat(actualResponse).isNotNull(); + assertThat(actualResponse.getProperties()).isEqualTo(""); + } + + @Test + void thatUserPreferencesHasXRequestIdHeader() { + + String actualResponse = requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .header(new Header("X-Request-Id", X_REQUEST_ID)) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.OK.value()) + .extract() + .header("X-Request-Id"); + + assertThat(actualResponse).isNotNull().isEqualTo(X_REQUEST_ID); + } + + @Test + void thatUserPreferencesHasNoXRequestIdHeader() { + + requestSpecification("test-user") + .given() + .accept(MediaType.APPLICATION_JSON_VALUE) + .when() + .get("/v1/preferences") + .then() + .statusCode(HttpStatus.BAD_REQUEST.value()); + + + } +} diff --git a/app/src/test/resources/application.yml b/app/src/test/resources/application.yml new file mode 100644 index 0000000..3316c0d --- /dev/null +++ b/app/src/test/resources/application.yml @@ -0,0 +1,35 @@ +server: + port: 9001 + address: 0.0.0.0 + +spring: + mongodb: + embedded: + version: 3.2.8 + jackson: + serialization: + # needed for serializing objects of type object + FAIL_ON_EMPTY_BEANS: false + security: + oauth2: + resourceserver: + jwt: + jwk-set-uri: http://localhost:${wiremock.server.port}/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint + +portal-prefs: + realm: ONAP + +management: + endpoints: + web: + exposure: + include: "*" + info: + build: + enabled: true + env: + enabled: true + git: + enabled: true + java: + enabled: true diff --git a/app/src/test/resources/logback-spring.xml b/app/src/test/resources/logback-spring.xml new file mode 100644 index 0000000..05503bc --- /dev/null +++ b/app/src/test/resources/logback-spring.xml @@ -0,0 +1,13 @@ + + + + + ${LOGBACK_LEVEL:-info} + + + + + + + + -- cgit 1.2.3-korg