From a06feff42ee8fec6a57b8f642805a71f90df50fb Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Wed, 31 Aug 2022 16:26:31 +0200 Subject: [PATCH] defineContext now requires an existing user name or null to create a new user --- .../rbac/rbacuser/RbacUserController.java | 2 +- .../db/changelog/054-rbac-context.sql | 9 ++++--- .../context/ContextIntegrationTests.java | 6 ++--- .../RbacGrantControllerAcceptanceTest.java | 2 +- .../RbacGrantRepositoryIntegrationTest.java | 2 +- .../RbacRoleRepositoryIntegrationTest.java | 6 ++--- .../RbacUserControllerAcceptanceTest.java | 26 +++++++++---------- .../RbacUserRepositoryIntegrationTest.java | 2 +- 8 files changed, 28 insertions(+), 27 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java index 90272a78..b2f74134 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java @@ -30,7 +30,7 @@ public class RbacUserController implements RbacusersApi { public ResponseEntity createUser( final RbacUserResource body ) { - context.define(body.getName()); + context.define(null); if (body.getUuid() == null) { body.setUuid(UUID.randomUUID()); diff --git a/src/main/resources/db/changelog/054-rbac-context.sql b/src/main/resources/db/changelog/054-rbac-context.sql index 37ff4a01..b791baef 100644 --- a/src/main/resources/db/changelog/054-rbac-context.sql +++ b/src/main/resources/db/changelog/054-rbac-context.sql @@ -17,8 +17,9 @@ begin end if; select uuid from RbacUser where name = currentUser into currentUserUuid; - -- TODO: maybe this should be changed, and in this case no user name defined in context? - -- no exception if user does not exist because users can register themselves + if currentUserUuid is null then + raise exception '[401] user % given in `defineContext(...)` does not exist', currentUser; + end if; return currentUserUuid; end; $$; @@ -37,7 +38,7 @@ declare roleUuidToAssume uuid; begin if currentUserUuid is null then - if length(coalesce(assumedRoles, '')) > 0 then + if length(coalesce(assumedRoles, '')) > 0 then raise exception '[403] undefined has no permission to assume role %', assumedRoles; else return array[]::uuid[]; @@ -166,7 +167,7 @@ begin if (length(currentUserName) > 0) then raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName; else - raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` first;"'; + raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user;"'; end if; end if; return string_to_array(currentSubjectsUuids, ';'); diff --git a/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java index 39606ea9..416576ae 100644 --- a/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java @@ -69,16 +69,16 @@ class ContextIntegrationTests { } @Test - void defineWithUnknownCurrentUserButWithAssumedRoles() { + void defineWithUnknownCurrentUser() { // when final var result = jpaAttempt.transacted(() -> - context.define("unknown@example.org", "test_package#yyy00.admin") + context.define("unknown@example.org") ); // then result.assertExceptionWithRootCauseMessage( javax.persistence.PersistenceException.class, - "ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin"); + "[401] user unknown@example.org given in `defineContext(...)` does not exist"); } @Test diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index 41d93221..1486d40b 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -492,7 +492,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { RbacUserEntity createRBacUser() { return jpaAttempt.transacted(() -> { final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com"; - context(newUserName, null); + context(null); return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName)); }).returnedValue(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java index 59e211f5..eb54ad4a 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java @@ -300,7 +300,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { private RbacUserEntity createNewUserTransacted() { return jpaAttempt.transacted(() -> { final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; - context(newUserName); + context(null); return rbacUserRepository.create(new RbacUserEntity(null, newUserName)); }).assumeSuccessful().returnedValue(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index 16c66a67..b4021b39 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -138,8 +138,8 @@ class RbacRoleRepositoryIntegrationTest { } @Test - void unknownUser_withoutAssumedRole_cannotViewAnyRbacRoles() { - context.define("unknown@example.org"); + void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() { + context.define(null); final var result = attempt( em, @@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest { result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[401] currentSubjectsUuids () cannot be determined, unknown user name \"unknown@example.org\""); + "[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java index 5bc074fa..c1a6d28d 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java @@ -51,21 +51,21 @@ class RbacUserControllerAcceptanceTest { // @formatter:off final var location = RestAssured .given() - .contentType(ContentType.JSON) - .body(""" - { - "name": "new-user@example.com" - } - """) - .port(port) + .contentType(ContentType.JSON) + .body(""" + { + "name": "new-user@example.com" + } + """) + .port(port) .when() - .post("http://localhost/api/rbac-users") + .post("http://localhost/api/rbac-users") .then().assertThat() - .statusCode(201) - .contentType(ContentType.JSON) - .body("name", is("new-user@example.com")) - .header("Location", startsWith("http://localhost")) - .extract().header("Location"); + .statusCode(201) + .contentType(ContentType.JSON) + .body("name", is("new-user@example.com")) + .header("Location", startsWith("http://localhost")) + .extract().header("Location"); // @formatter:on // finally, the user can view its own record diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java index 423ed21a..ac912f77 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java @@ -47,7 +47,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { public void anyoneCanCreateTheirOwnUser() { // given final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; - context(givenNewUserName, null); + context(null); // when final var result = rbacUserRepository.create(