Merge 01b19e6 into f127590

FAForever · Sep 23, 2019 · c3d9748 · c3d9748
2 parents f127590 + 01b19e6
commit c3d9748
Show file tree

Hide file tree

Showing 71 changed files with 1,580 additions and 623 deletions.
diff --git a/.idea/runConfigurations/FafApiApplication.xml b/.idea/runConfigurations/FafApiApplication.xml
diff --git a/.travis.yml b/.travis.yml
@@ -23,7 +23,7 @@ before_install:
 install:
   - git clone https://github.com/FAForever/faf-stack.git faf-stack
     && pushd faf-stack
-    && git checkout e33243c9
+    && git checkout 79c5d9d9
     && cp -r config.template config
     && cp .env.template .env
     && ./scripts/init-db.sh

diff --git a/src/inttest/java/com/faforever/api/AbstractIntegrationTest.java b/src/inttest/java/com/faforever/api/AbstractIntegrationTest.java
@@ -7,6 +7,7 @@
 import com.faforever.commons.api.dto.Avatar;
 import com.faforever.commons.api.dto.AvatarAssignment;
 import com.faforever.commons.api.dto.BanInfo;
+import com.faforever.commons.api.dto.DomainBlacklist;
 import com.faforever.commons.api.dto.ModerationReport;
 import com.faforever.commons.api.dto.Player;
 import com.faforever.commons.api.dto.Tutorial;
@@ -38,6 +39,8 @@
 
 import javax.transaction.Transactional;
 import java.time.format.DateTimeFormatter;
+import java.util.Collections;
+import java.util.Set;
 
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 
@@ -48,6 +51,8 @@
 @Transactional
 @Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, scripts = "classpath:sql/prepDefaultUser.sql")
 public abstract class AbstractIntegrationTest {
+  protected static final String NO_SCOPE = "no_scope";
+  protected static final String NO_AUTHORITIES = "NO_AUTHORITIES";
   protected static final DateTimeFormatter OFFSET_DATE_TIME_FORMATTER = DateTimeFormatter.ISO_OFFSET_DATE_TIME;
 
   protected final static String AUTH_WEBSITE = "WEBSITE";
@@ -82,12 +87,21 @@ public void setUp() {
       Tutorial.class,
       Avatar.class,
       AvatarAssignment.class,
-      BanInfo.class
+      BanInfo.class,
+      DomainBlacklist.class
     );
   }
 
-  protected RequestPostProcessor getOAuthToken(String... scope) {
-    return oAuthHelper.addBearerToken(Sets.newSet(scope));
+  protected RequestPostProcessor getOAuthTokenWithoutUser(String... scope) {
+    return oAuthHelper.addBearerToken(Sets.newSet(scope), null);
+  }
+
+  protected RequestPostProcessor getOAuthTokenWithTestUser(String scope, String authority) {
+    return getOAuthTokenWithTestUser(Collections.singleton(scope), Collections.singleton(authority));
+  }
+
+  protected RequestPostProcessor getOAuthTokenWithTestUser(Set<String> scope, Set<String> authorities) {
+    return oAuthHelper.addBearerToken(5, "ACTIVE_USER", scope, authorities);
   }
 
   protected void assertApiError(MvcResult mvcResult, ErrorCode errorCode) throws Exception {

diff --git a/src/inttest/java/com/faforever/api/avatar/AvatarControllerTest.java b/src/inttest/java/com/faforever/api/avatar/AvatarControllerTest.java
@@ -2,6 +2,7 @@
 
 import com.faforever.api.AbstractIntegrationTest;
 import com.faforever.api.data.domain.Avatar;
+import com.faforever.api.data.domain.GroupPermission;
 import com.faforever.api.security.AuditService;
 import com.faforever.api.security.OAuthScope;
 import com.faforever.api.utils.FileHandlingHelper;
@@ -11,7 +12,6 @@
 import org.springframework.boot.test.mock.mockito.SpyBean;
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockMultipartFile;
-import org.springframework.security.test.context.support.WithUserDetails;
 import org.springframework.test.context.jdbc.Sql;
 import org.springframework.test.context.jdbc.Sql.ExecutionPhase;
 import org.springframework.test.web.servlet.request.MockMultipartHttpServletRequestBuilder;
@@ -42,11 +42,10 @@ public class AvatarControllerTest extends AbstractIntegrationTest {
   AvatarRepository avatarRepository;
 
   @Test
-  @WithUserDetails(AUTH_MODERATOR)
-  public void moderatorCanUpload() throws Exception {
+  public void canUploadWithScopeAndRole() throws Exception {
     mockMvc.perform(
       createAvatarUploadRequest()
-        .with(getOAuthToken(OAuthScope._UPLOAD_AVATAR))
+        .with(getOAuthTokenWithTestUser(OAuthScope._UPLOAD_AVATAR, GroupPermission.ROLE_WRITE_AVATAR))
     ).andExpect(status().isCreated())
       .andExpect(content().string(""));
     final Avatar avatar = avatarRepository.findOneByUrl("http://localhost/faf/avatars/avatar3.png").get();
@@ -57,12 +56,12 @@ public void moderatorCanUpload() throws Exception {
   }
 
   @Test
-  @WithUserDetails(AUTH_MODERATOR)
-  public void moderatorCanReupload() throws Exception {
+  public void canReuploadWithScopeAndRole() throws Exception {
+    Files.createDirectories(Paths.get("build/cache/avatars"));
     Files.copy(FileHandlingHelper.loadResourceAsStream("/avatars/donator.png"), Paths.get("build/cache/avatars/avatar1.png"));
     mockMvc.perform(
       createAvatarReuploadRequest(1)
-        .with(getOAuthToken(OAuthScope._UPLOAD_AVATAR))
+        .with(getOAuthTokenWithTestUser(OAuthScope._UPLOAD_AVATAR, GroupPermission.ROLE_WRITE_AVATAR))
     ).andExpect(status().isOk())
       .andExpect(content().string(""));
     final Avatar avatar = avatarRepository.findOneByUrl("http://localhost/faf/avatars/avatar1.png").get();
@@ -72,73 +71,67 @@ public void moderatorCanReupload() throws Exception {
   }
 
   @Test
-  @WithUserDetails(AUTH_MODERATOR)
-  public void moderatorCanDeleteAvatar() throws Exception {
+  public void canDeleteAvatarWithScopeAndRole() throws Exception {
+    Files.createDirectories(Paths.get("build/cache/avatars"));
     Files.copy(FileHandlingHelper.loadResourceAsStream("/avatars/donator.png"), Paths.get("build/cache/avatars/avatar1.png"));
     mockMvc.perform(
-      delete("/avatars/1")
-        .with(getOAuthToken(OAuthScope._UPLOAD_AVATAR))
+      delete("/avatars/3")
+        .with(getOAuthTokenWithTestUser(OAuthScope._UPLOAD_AVATAR, GroupPermission.ROLE_WRITE_AVATAR))
     ).andExpect(status().isNoContent());
-    assertThat(avatarRepository.findById(1), is(Optional.empty()));
+    assertThat(avatarRepository.findById(3), is(Optional.empty()));
     verify(auditServiceSpy, times(1)).logMessage(any());
   }
 
   @Test
-  @WithUserDetails(AUTH_USER)
-  public void nonModeratorCannotUpload() throws Exception {
+  public void cannotUploadWithoutRole() throws Exception {
     mockMvc.perform(
       createAvatarUploadRequest()
-        .with(getOAuthToken(OAuthScope._UPLOAD_AVATAR))
+        .with(getOAuthTokenWithTestUser(OAuthScope._UPLOAD_AVATAR, NO_AUTHORITIES))
     ).andExpect(status().isForbidden());
     verify(auditServiceSpy, times(0)).logMessage(any());
   }
 
   @Test
-  @WithUserDetails(AUTH_USER)
-  public void nonModeratorCannotReupload() throws Exception {
+  public void cannotReuploadWithoutRole() throws Exception {
     mockMvc.perform(
       createAvatarReuploadRequest(1)
-        .with(getOAuthToken(OAuthScope._UPLOAD_AVATAR))
+        .with(getOAuthTokenWithTestUser(OAuthScope._UPLOAD_AVATAR, NO_AUTHORITIES))
     ).andExpect(status().isForbidden());
     verify(auditServiceSpy, times(0)).logMessage(any());
   }
 
   @Test
-  @WithUserDetails(AUTH_USER)
-  public void nonModeratorCannotDelete() throws Exception {
+  public void cannotDeleteWithoutRole() throws Exception {
     mockMvc.perform(
       delete("/avatars/1")
-        .with(getOAuthToken(OAuthScope._UPLOAD_AVATAR))
+        .with(getOAuthTokenWithTestUser(OAuthScope._UPLOAD_AVATAR, NO_AUTHORITIES))
     ).andExpect(status().isForbidden());
     verify(auditServiceSpy, times(0)).logMessage(any());
   }
 
   @Test
-  @WithUserDetails(AUTH_USER)
-  public void moderatorWithoutScopeCannotUpload() throws Exception {
+  public void cannotUploadWithoutScope() throws Exception {
     mockMvc.perform(
       createAvatarUploadRequest()
-        .with(getOAuthToken())
+        .with(getOAuthTokenWithTestUser(NO_SCOPE, GroupPermission.ROLE_WRITE_AVATAR))
     ).andExpect(status().isForbidden());
     verify(auditServiceSpy, times(0)).logMessage(any());
   }
 
   @Test
-  @WithUserDetails(AUTH_USER)
-  public void moderatorWithoutScopeCannotReupload() throws Exception {
+  public void cannotReuploadWithoutScope() throws Exception {
     mockMvc.perform(
       createAvatarReuploadRequest(1)
-        .with(getOAuthToken())
+        .with(getOAuthTokenWithTestUser(NO_SCOPE, GroupPermission.ROLE_WRITE_AVATAR))
     ).andExpect(status().isForbidden());
     verify(auditServiceSpy, times(0)).logMessage(any());
   }
 
   @Test
-  @WithUserDetails(AUTH_USER)
-  public void moderatorWithoutScopeCannotDelete() throws Exception {
+  public void cannotDeleteWithoutScope() throws Exception {
     mockMvc.perform(
       delete("/avatars/1")
-        .with(getOAuthToken())
+        .with(getOAuthTokenWithTestUser(NO_SCOPE, GroupPermission.ROLE_WRITE_AVATAR))
     ).andExpect(status().isForbidden());
     verify(auditServiceSpy, times(0)).logMessage(any());
   }