Add challenge API tests

2024-04-27 16:44:53 +02:00 · 2023-11-08 15:03:52 +01:00 · 2023-11-08 15:03:52 +01:00 · 46b6303279
parent 3b25600e6a
commit 46b6303279
9 changed files with 131 additions and 11 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -8,3 +8,9 @@ indent_size = 4
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
+
+[*.yml]
+indent_size = 2
+
+[*.yaml]
+indent_size = 2
--- a/app-authenticator/pom.xml
+++ b/app-authenticator/pom.xml
@ -61,7 +61,7 @@

        <dependency>
            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
+            <artifactId>spring-boot-starter-webflux</artifactId>
            <scope>test</scope>
        </dependency>

@ -77,6 +77,13 @@
            <scope>test</scope>
        </dependency>

+        <dependency>
+            <groupId>netzbegruenung</groupId>
+            <artifactId>dev</artifactId>
+            <version>${revision}</version>
+            <scope>test</scope>
+        </dependency>
+
    </dependencies>

    <build>
@ -93,4 +100,4 @@
        </plugins>
    </build>

-</project>
+</project>
--- a/app-authenticator/src/test/java/netzbegruenung/keycloak/app/AppAuthenticatorLiveTest.java
+++ b/app-authenticator/src/test/java/netzbegruenung/keycloak/app/AppAuthenticatorLiveTest.java
@ -1,7 +1,6 @@
 package netzbegruenung.keycloak.app;

 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
 import org.keycloak.common.Profile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -9,15 +8,13 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.test.context.ActiveProfiles;
-import org.springframework.test.context.junit.jupiter.SpringExtension;

 import netzbegruenung.keycloak.dev.AuthorizationServerApp;

 import org.junit.jupiter.api.BeforeAll;

-@ExtendWith(SpringExtension.class)
@SpringBootTest(classes = { AuthorizationServerApp.class }, webEnvironment = WebEnvironment.DEFINED_PORT)
-@ActiveProfiles("test")
+@ActiveProfiles("livetest")
 public class AppAuthenticatorLiveTest {

 	private static final Logger log = LoggerFactory.getLogger(AppAuthenticatorLiveTest.class);
--- a/app-authenticator/src/test/java/netzbegruenung/keycloak/app/rest/ChallengeResourceTest.java
+++ b/app-authenticator/src/test/java/netzbegruenung/keycloak/app/rest/ChallengeResourceTest.java
@ -0,0 +1,102 @@
+package netzbegruenung.keycloak.app.rest;
+
+import netzbegruenung.keycloak.dev.AuthorizationServerApp;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.keycloak.common.Profile;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.AutoConfigureTestEntityManager;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.jdbc.Sql;
+import org.springframework.test.context.jdbc.SqlConfig;
+import org.springframework.test.web.reactive.server.WebTestClient;
+
+import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.AFTER_TEST_METHOD;
+import static org.springframework.test.context.jdbc.SqlConfig.TransactionMode.ISOLATED;
+
+@SpringBootTest(classes = {AuthorizationServerApp.class}, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureTestEntityManager
+@ActiveProfiles("test")
+@Sql(scripts = {"/import-challenges.sql"},
+	config = @SqlConfig(transactionMode = ISOLATED))
+@Sql(
+	scripts = "/delete-challenges.sql",
+	config = @SqlConfig(transactionMode = ISOLATED),
+	executionPhase = AFTER_TEST_METHOD
+)
+public class ChallengeResourceTest {
+
+	private final static String CHALLENGE_URI = "/realms/baeldung/challenges";
+
+	private final static String SIGNATURE_HEADER_NAME = "Signature";
+
+	private final static String SIGNATURE_HEADER_VALUE = "keyId:deviceId,created:%d,signature:base64encodedSignature";
+
+	private final static Long HALF_HOUR_MILLIS = 1800000L;
+
+	@Autowired
+	private WebTestClient webClient;
+
+	@BeforeAll
+	public static void initProfile() throws Exception {
+		Profile profile = Profile.configure();
+		Profile.init(profile.getName(), profile.getFeatures());
+	}
+
+	@Test
+	void testSignatureHeaderRejected() {
+		webClient
+			.get().uri(CHALLENGE_URI)
+			.exchange()
+			.expectStatus().isBadRequest()
+			.expectBody()
+			.jsonPath("$['error']").isEqualTo(ChallengeResource.CHALLENGE_REJECTED)
+			.jsonPath("$['message']").hasJsonPath();
+	}
+
+	@Test
+	void testEmptyChallenges() {
+		webClient
+			.get().uri(CHALLENGE_URI)
+			.header(SIGNATURE_HEADER_NAME, String.format(SIGNATURE_HEADER_VALUE, System.currentTimeMillis()))
+			.exchange()
+			.expectStatus().isOk()
+			.expectBody()
+			.json("[]");
+	}
+
+	@Test
+	void testChallengeExpired() {
+		Long expiredTimestamp = System.currentTimeMillis() - HALF_HOUR_MILLIS;
+		webClient
+			.get().uri(uriBuilder -> uriBuilder
+				.path(CHALLENGE_URI)
+				.queryParam("device_id", "test_device_id")
+				.build()
+			)
+			.header(SIGNATURE_HEADER_NAME, String.format(SIGNATURE_HEADER_VALUE, expiredTimestamp))
+			.exchange()
+			.expectStatus().isForbidden()
+			.expectBody()
+			.jsonPath("$['error']").isEqualTo(ChallengeResource.CHALLENGE_REJECTED)
+			.jsonPath("$['message']").hasJsonPath();
+	}
+
+	@Test
+	void testNoCredentialsFound() {
+		webClient
+			.get().uri(uriBuilder -> uriBuilder
+				.path(CHALLENGE_URI)
+				.queryParam("device_id", "test_device_id")
+				.build()
+			)
+			.header(SIGNATURE_HEADER_NAME, String.format(SIGNATURE_HEADER_VALUE, System.currentTimeMillis()))
+			.exchange()
+			.expectStatus().is5xxServerError()
+			.expectBody()
+			.jsonPath("$['error']").isEqualTo(ChallengeResource.INTERNAL_ERROR)
+			.jsonPath("$['message']").hasJsonPath();
+	}
+
+}
--- a/app-authenticator/src/test/resources/application-livetest.yml
+++ b/app-authenticator/src/test/resources/application-livetest.yml
@ -0,0 +1,8 @@
+server:
+  port: 8083
+
+spring:
+  datasource:
+    username: sa
+    password: sa
+    url: jdbc:h2:file:~/dev/h2db/appauthdb;AUTO_SERVER=TRUE
--- a/app-authenticator/src/test/resources/application-test.yml
+++ b/app-authenticator/src/test/resources/application-test.yml
@ -1,8 +1,5 @@
-server:
-  port: 8083
-
 spring:
  datasource:
    username: sa
    password: sa
-    url: jdbc:h2:file:~/dev/h2db/appauthdb;AUTO_SERVER=TRUE
+    url: jdbc:h2:mem:test
--- a/app-authenticator/src/test/resources/delete-challenges.sql
+++ b/app-authenticator/src/test/resources/delete-challenges.sql
@ -0,0 +1 @@
+delete from APP_AUTH_CHALLENGE;
--- a/app-authenticator/src/test/resources/import-challenges.sql
+++ b/app-authenticator/src/test/resources/import-challenges.sql
@ -0,0 +1,2 @@
+INSERT INTO APP_AUTH_CHALLENGE (id, realm_id, user_id, target_url, device_id, secret, updated_timestamp, ip_address, device, browser, os, os_version)
+VALUES (random_uuid(), 'baeldung', 'a5461470-33eb-4b2d-82d4-b0484e96ad7f', 'target_url', 'test_device_id', 'secret', DATEDIFF('SECOND', DATE '1970-01-01', CURRENT_TIMESTAMP()) * 1000, 'ip_address', 'device', 'browser', 'os', 'os_version');
--- a/dev/src/main/resources/baeldung-realm.json
+++ b/dev/src/main/resources/baeldung-realm.json
@ -1656,4 +1656,4 @@
  },
  "keycloakVersion" : "8.0.0",
  "userManagedAccessAllowed" : false
-}
+}