Permalink
Browse files

working on auth example requiring DB initialization handling

  • Loading branch information...
arcuri82 committed Dec 2, 2018
1 parent 4f2c3f4 commit a83e1965a02117571577ab46136d46048ce7a90d
Showing with 448 additions and 1 deletion.
  1. +43 −0 client-java/controller/src/main/java/org/evomaster/client/java/controller/AuthUtils.java
  2. +4 −0 e2e-tests/spring-examples/pom.xml
  3. +2 −1 e2e-tests/spring-examples/src/main/java/com/foo/rest/examples/spring/SwaggerConfiguration.java
  4. +16 −0 e2e-tests/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/AuthApp.java
  5. +29 −0 e2e-tests/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/AuthProjectService.java
  6. +45 −0 e2e-tests/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/AuthRest.java
  7. +29 −0 e2e-tests/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/AuthUserService.java
  8. +45 −0 ...sts/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/AuthWebSecurityConfig.java
  9. +47 −0 ...ests/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/db/AuthProjectEntity.java
  10. +31 −0 e2e-tests/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/db/AuthUserEntity.java
  11. +6 −0 ...sts/spring-examples/src/main/java/com/foo/rest/examples/spring/db/auth/db/AuthUserRepository.java
  12. +41 −0 e2e-tests/spring-examples/src/test/java/com/foo/rest/examples/spring/db/auth/DbAuthController.java
  13. +39 −0 ...ts/spring-examples/src/test/java/org/evomaster/e2etests/spring/examples/db/auth/DbAuthEMTest.java
  14. +50 −0 ...pring-examples/src/test/java/org/evomaster/e2etests/spring/examples/db/auth/DbAuthManualTest.java
  15. +16 −0 .../spring-examples/src/test/java/org/evomaster/e2etests/spring/examples/db/auth/DbAuthTestBase.java
  16. +5 −0 pom.xml
@@ -0,0 +1,43 @@
package org.evomaster.client.java.controller;
import org.evomaster.client.java.controller.api.dto.AuthenticationDto;
import org.evomaster.client.java.controller.api.dto.HeaderDto;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Objects;
public class AuthUtils {
public static String encode64(String value){
Objects.requireNonNull(value);
byte[] data = value.getBytes(Charset.forName("UTF-8"));
byte[] encoded = Base64.getEncoder().encode(data);
return new String(encoded);
}
/**
* DTO representing the use of authentication via HTTP Basic (RFC-7617)
* @param dtoName a name used to identify this id. Mainly needed for debugging
* @param userId the id of a user
* @param password password for that user
* @return
*/
public static AuthenticationDto getForBasic(String dtoName, String userId, String password){
Objects.requireNonNull(userId, password);
String encoded = encode64(userId + ":" + password);
String headerValue = "Basic " + encoded;
AuthenticationDto dto = new AuthenticationDto(dtoName);
dto.headers.add(new HeaderDto("Authorization", headerValue));
return dto;
}
}
@@ -56,6 +56,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
@@ -1,6 +1,7 @@
package com.foo.rest.examples.spring;
import org.springframework.context.annotation.Bean;
import org.springframework.security.core.Authentication;
import org.springframework.web.context.request.WebRequest;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.service.ApiInfo;
@@ -18,7 +19,7 @@ public Docket docketApi() {
.select()
.paths(regex("/api/.*"))
.build()
.ignoredParameterTypes(WebRequest.class);
.ignoredParameterTypes(WebRequest.class, Authentication.class);
}
private ApiInfo apiInfo() {
@@ -0,0 +1,16 @@
package com.foo.rest.examples.spring.db.auth;
import com.foo.rest.examples.spring.SwaggerConfiguration;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
@EnableSwagger2
@SpringBootApplication
public class AuthApp extends SwaggerConfiguration {
public static void main(String[] args) {
SpringApplication.run(AuthApp.class, args);
}
}
@@ -0,0 +1,29 @@
package com.foo.rest.examples.spring.db.auth;
import com.foo.rest.examples.spring.db.auth.db.AuthProjectEntity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import java.util.List;
@Service
public class AuthProjectService {
@Autowired
private EntityManager em;
@Transactional
public List<AuthProjectEntity> getForUser(String userId){
TypedQuery<AuthProjectEntity> query = em.createQuery(
"select p from AuthProjectEntity p where p.owner.userId=?1", AuthProjectEntity.class);
query.setParameter(1, userId);
return query.getResultList();
}
}
@@ -0,0 +1,45 @@
package com.foo.rest.examples.spring.db.auth;
import com.foo.rest.examples.spring.db.auth.db.AuthUserEntity;
import com.foo.rest.examples.spring.db.auth.db.AuthUserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
@RestController
@RequestMapping(path = "/api/db/auth")
public class AuthRest {
@Autowired
private AuthProjectService projectService;
@Autowired
private AuthUserRepository userRepository;
@GetMapping(path = "/projects")
public ResponseEntity getProjects(Authentication user){
String id = user.getName();
int n = projectService.getForUser(id).size();
if(n == 0){
return ResponseEntity.status(400).build();
}
return ResponseEntity.status(200).build();
}
@GetMapping(path = "/users")
public Iterable<AuthUserEntity> getUsers(){
return userRepository.findAll();
}
}
@@ -0,0 +1,29 @@
package com.foo.rest.examples.spring.db.auth;
import com.foo.rest.examples.spring.db.auth.db.AuthUserEntity;
import com.foo.rest.examples.spring.db.auth.db.AuthUserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.Collections;
@Service
public class AuthUserService implements UserDetailsService {
@Autowired
private AuthUserRepository repository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
AuthUserEntity u = repository.findById(username).orElse(null);
if (u == null) {
throw new UsernameNotFoundException("Username not found: " + username);
}
return new User(username, u.getPassword(), Collections.emptySet());
}
}
@@ -0,0 +1,45 @@
package com.foo.rest.examples.spring.db.auth;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class AuthWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthUserService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/api/db/auth/projects").authenticated()
.antMatchers("/**").permitAll()
.and()
.httpBasic();
}
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
return authenticationProvider;
}
}
@@ -0,0 +1,47 @@
package com.foo.rest.examples.spring.db.auth.db;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.ManyToOne;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
@Entity
public class AuthProjectEntity {
@Id @GeneratedValue
private Long id;
@NotBlank
private String name;
@ManyToOne @NotNull
private AuthUserEntity owner;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public AuthUserEntity getOwner() {
return owner;
}
public void setOwner(AuthUserEntity owner) {
this.owner = owner;
}
}
@@ -0,0 +1,31 @@
package com.foo.rest.examples.spring.db.auth.db;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.validation.constraints.NotBlank;
@Entity
public class AuthUserEntity {
@Id @NotBlank
private String userId;
@NotBlank
private String password;
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
@@ -0,0 +1,6 @@
package com.foo.rest.examples.spring.db.auth.db;
import org.springframework.data.repository.CrudRepository;
public interface AuthUserRepository extends CrudRepository<AuthUserEntity, String> {
}
@@ -0,0 +1,41 @@
package com.foo.rest.examples.spring.db.auth;
import com.foo.rest.examples.spring.db.SpringWithDbController;
import org.evomaster.client.java.controller.AuthUtils;
import org.evomaster.client.java.controller.api.dto.AuthenticationDto;
import org.evomaster.client.java.controller.db.DbCleaner;
import org.evomaster.client.java.controller.db.SqlScriptRunner;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.List;
public class DbAuthController extends SpringWithDbController {
private static final String userId = "foo";
private static final String password = "123";
public DbAuthController() {
super(AuthApp.class);
}
@Override
public List<AuthenticationDto> getInfoForAuthentication() {
return Arrays.asList(AuthUtils.getForBasic("example", userId, password));
}
@Override
public void resetStateOfSUT() {
DbCleaner.clearDatabase_H2(connection);
try {
SqlScriptRunner.execInsert(connection,
"insert into Auth_User_Entity(user_id,password) values('"+userId+"','"+password+"');");
} catch (SQLException e) {
throw new RuntimeException(e);
}
}
}
Oops, something went wrong.

0 comments on commit a83e196

Please sign in to comment.