hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

defineContext now requires an existing user name or null to create a new user

Browse Source
This commit is contained in:
Michael Hoennig 2022-08-31 16:26:31 +02:00
parent 8731f4a7b2
commit a06feff42e
8 changed files with 28 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java
View File

@ -30,7 +30,7 @@ public class RbacUserController implements RbacusersApi {
public ResponseEntity<RbacUserResource> createUser( public ResponseEntity<RbacUserResource> createUser(
final RbacUserResource body final RbacUserResource body
) { ) {
context.define(body.getName()); context.define(null);
if (body.getUuid() == null) { if (body.getUuid() == null) {
body.setUuid(UUID.randomUUID()); body.setUuid(UUID.randomUUID());

9
src/main/resources/db/changelog/054-rbac-context.sql
View File

@ -17,8 +17,9 @@ begin
end if; end if;
select uuid from RbacUser where name = currentUser into currentUserUuid; select uuid from RbacUser where name = currentUser into currentUserUuid;
-- TODO: maybe this should be changed, and in this case no user name defined in context? if currentUserUuid is null then
-- no exception if user does not exist because users can register themselves raise exception '[401] user % given in `defineContext(...)` does not exist', currentUser;
end if;
return currentUserUuid; return currentUserUuid;
end; $$; end; $$;
@ -37,7 +38,7 @@ declare
roleUuidToAssume uuid; roleUuidToAssume uuid;
begin begin
if currentUserUuid is null then if currentUserUuid is null then
if length(coalesce(assumedRoles, '')) > 0 then if length(coalesce(assumedRoles, '')) > 0 then
raise exception '[403] undefined has no permission to assume role %', assumedRoles; raise exception '[403] undefined has no permission to assume role %', assumedRoles;
else else
return array[]::uuid[]; return array[]::uuid[];
@ -166,7 +167,7 @@ begin
if (length(currentUserName) > 0) then if (length(currentUserName) > 0) then
raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName; raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
else else
raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` first;"'; raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user;"';
end if; end if;
end if; end if;
return string_to_array(currentSubjectsUuids, ';'); return string_to_array(currentSubjectsUuids, ';');

6
src/test/java/net/hostsharing/hsadminng/context/ContextIntegrationTests.java
View File

@ -69,16 +69,16 @@ class ContextIntegrationTests {
} }
@Test @Test
void defineWithUnknownCurrentUserButWithAssumedRoles() { void defineWithUnknownCurrentUser() {
// when // when
final var result = jpaAttempt.transacted(() -> final var result = jpaAttempt.transacted(() ->
context.define("unknown@example.org", "test_package#yyy00.admin") context.define("unknown@example.org")
); );
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
javax.persistence.PersistenceException.class, javax.persistence.PersistenceException.class,
"ERROR: [403] undefined has no permission to assume role test_package#yyy00.admin"); "[401] user unknown@example.org given in `defineContext(...)` does not exist");
} }
@Test @Test

2
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java
View File

@ -492,7 +492,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
RbacUserEntity createRBacUser() { RbacUserEntity createRBacUser() {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com"; final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com";
context(newUserName, null); context(null);
return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName)); return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName));
}).returnedValue(); }).returnedValue();
} }

2
src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java
View File

@ -300,7 +300,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
private RbacUserEntity createNewUserTransacted() { private RbacUserEntity createNewUserTransacted() {
return jpaAttempt.transacted(() -> { return jpaAttempt.transacted(() -> {
final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
context(newUserName); context(null);
return rbacUserRepository.create(new RbacUserEntity(null, newUserName)); return rbacUserRepository.create(new RbacUserEntity(null, newUserName));
}).assumeSuccessful().returnedValue(); }).assumeSuccessful().returnedValue();
} }

6
src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java
View File

@ -138,8 +138,8 @@ class RbacRoleRepositoryIntegrationTest {
} }
@Test @Test
void unknownUser_withoutAssumedRole_cannotViewAnyRbacRoles() { void anonymousUser_withoutAssumedRole_cannotViewAnyRbacRoles() {
context.define("unknown@example.org"); context.define(null);
final var result = attempt( final var result = attempt(
em, em,
@ -147,7 +147,7 @@ class RbacRoleRepositoryIntegrationTest {
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[401] currentSubjectsUuids () cannot be determined, unknown user name \"unknown@example.org\""); "[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user");
} }
} }

26
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java
View File

@ -51,21 +51,21 @@ class RbacUserControllerAcceptanceTest {
// @formatter:off // @formatter:off
final var location = RestAssured final var location = RestAssured
.given() .given()
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {
"name": "new-user@example.com" "name": "new-user@example.com"
} }
""") """)
.port(port) .port(port)
.when() .when()
.post("http://localhost/api/rbac-users") .post("http://localhost/api/rbac-users")
.then().assertThat() .then().assertThat()
.statusCode(201) .statusCode(201)
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body("name", is("new-user@example.com")) .body("name", is("new-user@example.com"))
.header("Location", startsWith("http://localhost")) .header("Location", startsWith("http://localhost"))
.extract().header("Location"); .extract().header("Location");
// @formatter:on // @formatter:on
// finally, the user can view its own record // finally, the user can view its own record

2
src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java
View File

@ -47,7 +47,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
public void anyoneCanCreateTheirOwnUser() { public void anyoneCanCreateTheirOwnUser() {
// given // given
final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; final var givenNewUserName = "test-user-" + System.currentTimeMillis() + "@example.com";
context(givenNewUserName, null); context(null);
// when // when
final var result = rbacUserRepository.create( final var result = rbacUserRepository.create(