defineContext now requires an existing user name or null to create a new user

This commit is contained in:
Michael Hoennig 2022-08-31 16:26:31 +02:00
parent 8731f4a7b2
commit a06feff42e
8 changed files with 28 additions and 27 deletions

View File

@ -30,7 +30,7 @@ public class RbacUserController implements RbacusersApi {
public ResponseEntity<RbacUserResource> createUser( public ResponseEntity<RbacUserResource> createUser(
final RbacUserResource body final RbacUserResource body
) { ) {
context.define(body.getName()); context.define(null);
if (body.getUuid() == null) { if (body.getUuid() == null) {
body.setUuid(UUID.randomUUID()); body.setUuid(UUID.randomUUID());

View File

@ -17,8 +17,9 @@ begin
end if; end if;
select uuid from RbacUser where name = currentUser into currentUserUuid; select uuid from RbacUser where name = currentUser into currentUserUuid;
-- TODO: maybe this should be changed, and in this case no user name defined in context? if currentUserUuid is null then
-- no exception if user does not exist because users can register themselves raise exception '[401] user % given in `defineContext(...)` does not exist', currentUser;
end if;
return currentUserUuid; return currentUserUuid;
end; $$; end; $$;
@ -166,7 +167,7 @@ begin
if (length(currentUserName) > 0) then if (length(currentUserName) > 0) then
raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName; raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
else else
raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` first;"'; raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user;"';
end if; end if;
end if; end if;
return string_to_array(currentSubjectsUuids, ';'); return string_to_array(currentSubjectsUuids, ';');

View File

@ -69,16 +69,16 @@ class ContextIntegrationTests {
} }
@Test @Test
void defineWithUnknownCurrentUserButWithAssumedRoles() { void defineWithUnknownCurrentUser() {
// when // when
final var result = jpaAttempt.transacted(() -> final var result = jpaAttempt.transacted(() ->
context.define("unknown@example.org", "test_package#yyy00.admin") context.define("unknown@example.org")
); );
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
javax.persistence.PersistenceException.class, javax.persistence.PersistenceException.class,
"ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin"); "[401] user unknown@example.org given in `defineContext(...)` does not exist");
} }
@Test @Test

View File

@ -492,7 +492,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
RbacUserEntity createRBacUser() { RbacUserEntity createRBacUser() {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com"; final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com";
context(newUserName, null); context(null);
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName)); return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName));
}).returnedValue(); }).returnedValue();
} }

View File

@ -300,7 +300,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
private RbacUserEntity createNewUserTransacted() { private RbacUserEntity createNewUserTransacted() {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
context(newUserName); context(null);
return rbacUserRepository.create(new RbacUserEntity(null, newUserName)); return rbacUserRepository.create(new RbacUserEntity(null, newUserName));
}).assumeSuccessful().returnedValue(); }).assumeSuccessful().returnedValue();
} }

View File

@ -138,8 +138,8 @@ class RbacRoleRepositoryIntegrationTest {
} }
@Test @Test
void unknownUser_withoutAssumedRole_cannotViewAnyRbacRoles() { void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
context.define("unknown@example.org"); context.define(null);
final var result = attempt( final var result = attempt(
em, em,
@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest {
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[401] currentSubjectsUuids () cannot be determined, unknown user name \"unknown@example.org\""); "[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user");
} }
} }

View File

@ -47,7 +47,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void anyoneCanCreateTheirOwnUser() { public void anyoneCanCreateTheirOwnUser() {
// given // given
final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
context(givenNewUserName, null); context(null);
// when // when
final var result = rbacUserRepository.create( final var result = rbacUserRepository.create(