hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

defineContext now requires an existing user name or null to create a new user

Browse Source
This commit is contained in:
Michael Hoennig 2022-08-31 16:26:31 +02:00
parent 8731f4a7b2
commit a06feff42e
8 changed files with 28 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java
View File

@ -30,7 +30,7 @@ public class RbacUserController implements RbacusersApi {
public ResponseEntity<RbacUserResource> createUser(
final RbacUserResource body
) {
context.define(body.getName());
context.define(null);
if (body.getUuid() == null) {
body.setUuid(UUID.randomUUID());

9
src/main/resources/db/changelog/054-rbac-context.sql
View File

@ -17,8 +17,9 @@ begin
end if;
select uuid from RbacUser where name = currentUser into currentUserUuid;
-- TODO: maybe this should be changed, and in this case no user name defined in context?
-- no exception if user does not exist because users can register themselves
if currentUserUuid is null then
raise exception '[401] user % given in `defineContext(...)` does not exist', currentUser;
end if;
return currentUserUuid;
end; $$;
@ -37,7 +38,7 @@ declare
roleUuidToAssume uuid;
begin
if currentUserUuid is null then
if length(coalesce(assumedRoles, '')) > 0 then
if length(coalesce(assumedRoles, '')) > 0 then
raise exception '[403] undefined has no permission to assume role %', assumedRoles;
else
return array[]::uuid[];
@ -166,7 +167,7 @@ begin
if (length(currentUserName) > 0) then
raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
else
raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` first;"';
raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user;"';
end if;
end if;
return string_to_array(currentSubjectsUuids, ';');

6
src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java
View File

@ -69,16 +69,16 @@ class ContextIntegrationTests {
}
@Test
void defineWithUnknownCurrentUserButWithAssumedRoles() {
void defineWithUnknownCurrentUser() {
// when
final var result = jpaAttempt.transacted(() ->
context.define("unknown@example.org", "test_package#yyy00.admin")
context.define("unknown@example.org")
);
// then
result.assertExceptionWithRootCauseMessage(
javax.persistence.PersistenceException.class,
"ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin");
"[401] user unknown@example.org given in `defineContext(...)` does not exist");
}
@Test

2
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
View File

@ -492,7 +492,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
RbacUserEntity createRBacUser() {
return jpaAttempt.transacted(() -> {
final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com";
context(newUserName, null);
context(null);
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName));
}).returnedValue();
}

2
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
View File

@ -300,7 +300,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
private RbacUserEntity createNewUserTransacted() {
return jpaAttempt.transacted(() -> {
final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
context(newUserName);
context(null);
return rbacUserRepository.create(new RbacUserEntity(null, newUserName));
}).assumeSuccessful().returnedValue();
}

6
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
View File

@ -138,8 +138,8 @@ class RbacRoleRepositoryIntegrationTest {
}
@Test
void unknownUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
context.define("unknown@example.org");
void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
context.define(null);
final var result = attempt(
em,
@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest {
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[401] currentSubjectsUuids () cannot be determined, unknown user name \"unknown@example.org\"");
"[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user");
}
}

26
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java
View File

@ -51,21 +51,21 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off
final var location = RestAssured
.given()
.contentType(ContentType.JSON)
.body("""
{
"name": "new-user@example.com"
}
""")
.port(port)
.contentType(ContentType.JSON)
.body("""
{
"name": "new-user@example.com"
}
""")
.port(port)
.when()
.post("http://localhost/api/rbac-users")
.post("http://localhost/api/rbac-users")
.then().assertThat()
.statusCode(201)
.contentType(ContentType.JSON)
.body("name", is("new-user@example.com"))
.header("Location", startsWith("http://localhost"))
.extract().header("Location");
.statusCode(201)
.contentType(ContentType.JSON)
.body("name", is("new-user@example.com"))
.header("Location", startsWith("http://localhost"))
.extract().header("Location");
// @formatter:on
// finally, the user can view its own record

2
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
View File

@ -47,7 +47,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void anyoneCanCreateTheirOwnUser() {
// given
final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
context(givenNewUserName, null);
context(null);
// when
final var result = rbacUserRepository.create(