diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 6b1b2707..19168685 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -26,7 +26,7 @@ jobs:
docker start FileFighterDB
-
name: Run Tests and update Sonar
- run: mvn clean test sonar:sonar -s ./settings.xml
+ run: mvn clean verify sonar:sonar -s ./settings.xml
env:
SONAR_LOGIN: ${{ secrets.SONAR_LOGIN }}
SONAR_PASSWORD: ${{ secrets.SONAR_PASSWORD }}
diff --git a/pom.xml b/pom.xml
index 6f054298..6c9b9108 100644
--- a/pom.xml
+++ b/pom.xml
@@ -153,6 +153,38 @@
report
+
+
+ check
+ verify
+
+ check
+
+
+
+
+ CLASS
+
+ *BusinessService
+ *Controller
+ *Service
+
+
+
+ *FileSystemRestService
+ *PermissionRestService
+
+
+
+ LINE
+ COVEREDRATIO
+ 95%
+
+
+
+
+
+
diff --git a/src/main/java/de/filefighter/rest/domain/common/InputSanitizerService.java b/src/main/java/de/filefighter/rest/domain/common/InputSanitizerService.java
new file mode 100644
index 00000000..873f2046
--- /dev/null
+++ b/src/main/java/de/filefighter/rest/domain/common/InputSanitizerService.java
@@ -0,0 +1,39 @@
+package de.filefighter.rest.domain.common;
+
+import de.filefighter.rest.rest.exceptions.RequestDidntMeetFormalRequirementsException;
+import org.springframework.stereotype.Service;
+
+@Service
+public class InputSanitizerService {
+
+ public static boolean stringIsValid(String s) {
+ return !(null == s || s.isEmpty() || s.isBlank());
+ }
+
+ /**
+ *
+ * Sanitizes a String, so it can be used.
+ * @param string String that needs to be sanitized.
+ * @return string without whitespaces and without illegal characters.
+ * @throws RequestDidntMeetFormalRequirementsException when string was empty.
+ */
+ public static String sanitizeString(String string) {
+ if(!InputSanitizerService.stringIsValid(string))
+ throw new RequestDidntMeetFormalRequirementsException("String was empty");
+ return string.replaceAll("\\s", "");
+ }
+
+ public String sanitizeRequestHeader(String header, String testString) {
+ if (!(stringIsValid(testString) && stringIsValid(header)))
+ throw new RequestDidntMeetFormalRequirementsException("Header does not contain a valid String.");
+
+ if (!testString.matches("^" + header + "[^\\s](.*)$"))
+ throw new RequestDidntMeetFormalRequirementsException("Header does not contain '" + header + "', or format is invalid.");
+ String[] split = testString.split(header);
+ return split[1];
+ }
+
+ public String sanitizeTokenValue(String tokenValue){
+ return InputSanitizerService.sanitizeString(tokenValue);
+ }
+}
diff --git a/src/main/java/de/filefighter/rest/domain/common/Utils.java b/src/main/java/de/filefighter/rest/domain/common/Utils.java
deleted file mode 100644
index 8a74bb31..00000000
--- a/src/main/java/de/filefighter/rest/domain/common/Utils.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package de.filefighter.rest.domain.common;
-
-import de.filefighter.rest.rest.exceptions.RequestDidntMeetFormalRequirementsException;
-
-public class Utils {
-
- private Utils() {
- // Prevent Instantiation
- }
-
- public static boolean stringIsValid(String s) {
- return !(null == s || s.isEmpty() || s.isBlank());
- }
-
- public static String validateAuthorizationHeader(String header, String testString) {
- if (!stringIsValid(testString))
- throw new RequestDidntMeetFormalRequirementsException("Header does not contain a valid String.");
-
- if (!testString.matches("^" + header + "[^\\s](.*)$"))
- throw new RequestDidntMeetFormalRequirementsException("Header does not contain '" + header + "', or format is invalid.");
- String[] split = testString.split(header);
- return split[1];
- }
-
- public static String removeWhiteSpaces(String string) {
- return string.replaceAll("\\s", "");
- }
-}
diff --git a/src/main/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessService.java b/src/main/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessService.java
index 2fa118f1..1313fdc2 100644
--- a/src/main/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessService.java
+++ b/src/main/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessService.java
@@ -6,7 +6,6 @@
import de.filefighter.rest.domain.user.data.dto.User;
import de.filefighter.rest.domain.user.exceptions.UserNotAuthenticatedException;
import de.filefighter.rest.rest.exceptions.FileFighterDataException;
-import de.filefighter.rest.rest.exceptions.RequestDidntMeetFormalRequirementsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
@@ -14,10 +13,6 @@
import java.time.Instant;
import java.util.UUID;
-import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BEARER_PREFIX;
-import static de.filefighter.rest.domain.common.Utils.stringIsValid;
-import static de.filefighter.rest.domain.common.Utils.validateAuthorizationHeader;
-
@Service
public class AccessTokenBusinessService {
@@ -67,9 +62,6 @@ public AccessToken getValidAccessTokenForUser(User user) {
}
public AccessToken findAccessTokenByValueAndUserId(String accessTokenValue, long userId) {
- if (!stringIsValid(accessTokenValue))
- throw new RequestDidntMeetFormalRequirementsException("Value of AccessToken was not valid.");
-
AccessTokenEntity accessTokenEntity = accessTokenRepository.findByUserIdAndValue(userId, accessTokenValue);
if (null == accessTokenEntity)
throw new UserNotAuthenticatedException(userId);
@@ -78,9 +70,6 @@ public AccessToken findAccessTokenByValueAndUserId(String accessTokenValue, long
}
public AccessToken findAccessTokenByValue(String accessTokenValue) {
- if (!stringIsValid(accessTokenValue))
- throw new RequestDidntMeetFormalRequirementsException("Value of AccessToken was not valid.");
-
AccessTokenEntity accessTokenEntity = accessTokenRepository.findByValue(accessTokenValue);
if (null == accessTokenEntity)
throw new UserNotAuthenticatedException("AccessToken not found.");
@@ -88,16 +77,6 @@ public AccessToken findAccessTokenByValue(String accessTokenValue) {
return accessTokenDtoService.createDto(accessTokenEntity);
}
-
- public AccessToken validateAccessTokenValueWithHeader(String accessTokenValue) {
- String cleanValue = validateAuthorizationHeader(AUTHORIZATION_BEARER_PREFIX, accessTokenValue);
- AccessTokenEntity accessTokenEntity = accessTokenRepository.findByValue(cleanValue);
- if (null == accessTokenEntity)
- throw new UserNotAuthenticatedException("AccessToken not found.");
-
- return accessTokenDtoService.createDto(accessTokenEntity);
- }
-
public static String generateRandomTokenValue() {
return UUID.randomUUID().toString();
}
diff --git a/src/main/java/de/filefighter/rest/domain/user/business/UserAuthorizationService.java b/src/main/java/de/filefighter/rest/domain/user/business/UserAuthorizationService.java
index 4f60fdf3..d7b6cd9f 100644
--- a/src/main/java/de/filefighter/rest/domain/user/business/UserAuthorizationService.java
+++ b/src/main/java/de/filefighter/rest/domain/user/business/UserAuthorizationService.java
@@ -1,6 +1,6 @@
package de.filefighter.rest.domain.user.business;
-import de.filefighter.rest.domain.common.Utils;
+import de.filefighter.rest.domain.common.InputSanitizerService;
import de.filefighter.rest.domain.token.data.dto.AccessToken;
import de.filefighter.rest.domain.user.data.dto.User;
import de.filefighter.rest.domain.user.data.persistance.UserEntity;
@@ -15,10 +15,6 @@
import java.nio.charset.StandardCharsets;
import java.util.Base64;
-import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BASIC_PREFIX;
-import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BEARER_PREFIX;
-import static de.filefighter.rest.domain.common.Utils.removeWhiteSpaces;
-
@Service
public class UserAuthorizationService {
@@ -32,9 +28,7 @@ public UserAuthorizationService(UserRepository userRepository, UserDtoService us
this.userDtoService = userDtoService;
}
- public User authenticateUserWithUsernameAndPassword(String base64encodedUserAndPasswordWithHeader) {
- String base64encodedUserAndPassword = Utils.validateAuthorizationHeader(AUTHORIZATION_BASIC_PREFIX, base64encodedUserAndPasswordWithHeader);
-
+ public User authenticateUserWithUsernameAndPassword(String base64encodedUserAndPassword) {
String decodedUsernameAndPassword = "";
try {
byte[] decodedValue = Base64.getDecoder().decode(base64encodedUserAndPassword);
@@ -49,8 +43,8 @@ public User authenticateUserWithUsernameAndPassword(String base64encodedUserAndP
if (split.length != 2)
throw new RequestDidntMeetFormalRequirementsException("Credentials didnt meet formal requirements.");
- String lowerCaseUsername = removeWhiteSpaces(split[0].toLowerCase()); //no nullPointerException possible here.
- String password = split[1];
+ String lowerCaseUsername = InputSanitizerService.sanitizeString(split[0].toLowerCase());
+ String password = InputSanitizerService.sanitizeString(split[1]);
UserEntity userEntity = userRepository.findByLowercaseUsernameAndPassword(lowerCaseUsername, password);
if (null == userEntity)
@@ -60,8 +54,7 @@ public User authenticateUserWithUsernameAndPassword(String base64encodedUserAndP
}
public User authenticateUserWithRefreshToken(String refreshToken) {
- String cleanValue = Utils.validateAuthorizationHeader(AUTHORIZATION_BEARER_PREFIX, refreshToken);
- UserEntity userEntity = userRepository.findByRefreshToken(cleanValue);
+ UserEntity userEntity = userRepository.findByRefreshToken(refreshToken);
if (null == userEntity)
throw new UserNotAuthenticatedException("No user found for this Refresh Token.");
diff --git a/src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java b/src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java
index 41c0a4e3..7ded0ec6 100644
--- a/src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java
+++ b/src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java
@@ -1,6 +1,5 @@
package de.filefighter.rest.domain.user.business;
-import de.filefighter.rest.domain.common.Utils;
import de.filefighter.rest.domain.token.business.AccessTokenBusinessService;
import de.filefighter.rest.domain.token.data.dto.RefreshToken;
import de.filefighter.rest.domain.user.data.dto.User;
@@ -26,8 +25,8 @@
import java.util.Arrays;
import java.util.regex.Pattern;
-import static de.filefighter.rest.domain.common.Utils.removeWhiteSpaces;
-import static de.filefighter.rest.domain.common.Utils.stringIsValid;
+import static de.filefighter.rest.domain.common.InputSanitizerService.sanitizeString;
+import static de.filefighter.rest.domain.common.InputSanitizerService.stringIsValid;
@Service
public class UserBusinessService {
@@ -37,7 +36,6 @@ public class UserBusinessService {
private final GroupRepository groupRepository;
private final MongoTemplate mongoTemplate;
-
private static final Logger LOG = LoggerFactory.getLogger(UserBusinessService.class);
public static final int USER_ID_MAX = 99999999;
@@ -86,7 +84,7 @@ public User findUserByUsername(String username) {
if (!stringIsValid(username))
throw new RequestDidntMeetFormalRequirementsException("Username was not valid.");
- String lowercaseUsername = removeWhiteSpaces(username.toLowerCase());
+ String lowercaseUsername = sanitizeString(username.toLowerCase());
UserEntity entity = userRepository.findByLowercaseUsername(lowercaseUsername);
if (null == entity)
@@ -146,7 +144,7 @@ public void registerNewUser(UserRegisterForm newUser) {
}
public boolean passwordIsValid(String password) {
- if (!Utils.stringIsValid(password))
+ if (!stringIsValid(password))
return false;
if (this.passwordCheckDisabled) return true;
diff --git a/src/main/java/de/filefighter/rest/domain/user/rest/UserRestService.java b/src/main/java/de/filefighter/rest/domain/user/rest/UserRestService.java
index 013d01b5..48f6e3db 100644
--- a/src/main/java/de/filefighter/rest/domain/user/rest/UserRestService.java
+++ b/src/main/java/de/filefighter/rest/domain/user/rest/UserRestService.java
@@ -1,5 +1,6 @@
package de.filefighter.rest.domain.user.rest;
+import de.filefighter.rest.domain.common.InputSanitizerService;
import de.filefighter.rest.domain.token.business.AccessTokenBusinessService;
import de.filefighter.rest.domain.token.data.dto.AccessToken;
import de.filefighter.rest.domain.token.data.dto.RefreshToken;
@@ -12,6 +13,8 @@
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
+import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BASIC_PREFIX;
+import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BEARER_PREFIX;
import static de.filefighter.rest.domain.user.group.Groups.ADMIN;
@@ -21,16 +24,21 @@ public class UserRestService implements UserRestServiceInterface {
private final UserBusinessService userBusinessService;
private final UserAuthorizationService userAuthorizationService;
private final AccessTokenBusinessService accessTokenBusinessService;
+ private final InputSanitizerService inputSanitizerService;
- public UserRestService(UserBusinessService userBusinessService, UserAuthorizationService userAuthorizationService, AccessTokenBusinessService accessTokenBusinessService) {
+ public UserRestService(UserBusinessService userBusinessService, UserAuthorizationService userAuthorizationService, AccessTokenBusinessService accessTokenBusinessService, InputSanitizerService inputSanitizerService) {
this.userBusinessService = userBusinessService;
this.userAuthorizationService = userAuthorizationService;
this.accessTokenBusinessService = accessTokenBusinessService;
+ this.inputSanitizerService = inputSanitizerService;
}
@Override
- public ResponseEntity getUserByUserIdAuthenticateWithAccessToken(String accessToken, long userId) {
- AccessToken validAccessToken = accessTokenBusinessService.validateAccessTokenValueWithHeader(accessToken);
+ public ResponseEntity getUserByUserIdAuthenticateWithAccessToken(String accessTokenWithHeader, long userId) {
+ String sanitizedHeaderValue = inputSanitizerService.sanitizeRequestHeader(AUTHORIZATION_BEARER_PREFIX, accessTokenWithHeader);
+ String sanitizedTokenString = inputSanitizerService.sanitizeTokenValue(sanitizedHeaderValue);
+
+ AccessToken validAccessToken = accessTokenBusinessService.findAccessTokenByValue(sanitizedTokenString);
userAuthorizationService.authenticateUserWithAccessToken(validAccessToken);
User user = userBusinessService.getUserById(userId);
return new ResponseEntity<>(user, HttpStatus.OK);
@@ -38,21 +46,29 @@ public ResponseEntity getUserByUserIdAuthenticateWithAccessToken(String ac
@Override
public ResponseEntity getRefreshTokenWithUsernameAndPassword(String base64encodedUserAndPasswordWithHeader) {
- User authenticatedUser = userAuthorizationService.authenticateUserWithUsernameAndPassword(base64encodedUserAndPasswordWithHeader);
+ String sanitizedHeaderValue = inputSanitizerService.sanitizeRequestHeader(AUTHORIZATION_BASIC_PREFIX, base64encodedUserAndPasswordWithHeader);
+
+ User authenticatedUser = userAuthorizationService.authenticateUserWithUsernameAndPassword(sanitizedHeaderValue);
RefreshToken refreshToken = userBusinessService.getRefreshTokenForUser(authenticatedUser);
return new ResponseEntity<>(refreshToken, HttpStatus.OK);
}
@Override
public ResponseEntity getAccessTokenByRefreshToken(String refreshTokenWithHeader) {
- User user = userAuthorizationService.authenticateUserWithRefreshToken(refreshTokenWithHeader);
+ String sanitizedHeaderValue = inputSanitizerService.sanitizeRequestHeader(AUTHORIZATION_BEARER_PREFIX, refreshTokenWithHeader);
+ String sanitizedTokenString = inputSanitizerService.sanitizeTokenValue(sanitizedHeaderValue);
+
+ User user = userAuthorizationService.authenticateUserWithRefreshToken(sanitizedTokenString);
AccessToken accessToken = accessTokenBusinessService.getValidAccessTokenForUser(user);
return new ResponseEntity<>(accessToken, HttpStatus.OK);
}
@Override
- public ResponseEntity updateUserByUserIdAuthenticateWithAccessToken(UserRegisterForm updatedUser, long userId, String accessTokenValue) {
- AccessToken accessToken = accessTokenBusinessService.validateAccessTokenValueWithHeader(accessTokenValue);
+ public ResponseEntity updateUserByUserIdAuthenticateWithAccessToken(UserRegisterForm updatedUser, long userId, String accessTokenHeader) {
+ String sanitizedHeaderValue = inputSanitizerService.sanitizeRequestHeader(AUTHORIZATION_BEARER_PREFIX, accessTokenHeader);
+ String sanitizedTokenString = inputSanitizerService.sanitizeTokenValue(sanitizedHeaderValue);
+
+ AccessToken accessToken = accessTokenBusinessService.findAccessTokenByValue(sanitizedTokenString);
User authenticatedUser = userAuthorizationService.authenticateUserWithAccessToken(accessToken);
userBusinessService.updateUser(userId, updatedUser, authenticatedUser);
ServerResponse response = new ServerResponse(HttpStatus.CREATED, "User successfully updated.");
@@ -60,17 +76,23 @@ public ResponseEntity updateUserByUserIdAuthenticateWithAccessTo
}
@Override
- public ResponseEntity registerNewUserWithAccessToken(UserRegisterForm newUser, String accessToken) {
- AccessToken validAccessToken = accessTokenBusinessService.validateAccessTokenValueWithHeader(accessToken);
+ public ResponseEntity registerNewUserWithAccessToken(UserRegisterForm newUser, String accessTokenHeader) {
+ String sanitizedHeaderValue = inputSanitizerService.sanitizeRequestHeader(AUTHORIZATION_BEARER_PREFIX, accessTokenHeader);
+ String sanitizedTokenString = inputSanitizerService.sanitizeTokenValue(sanitizedHeaderValue);
+
+ AccessToken validAccessToken = accessTokenBusinessService.findAccessTokenByValue(sanitizedTokenString);
userAuthorizationService.authenticateUserWithAccessTokenAndGroup(validAccessToken, ADMIN);
userBusinessService.registerNewUser(newUser);
return new ResponseEntity<>(new ServerResponse(HttpStatus.CREATED, "User successfully created."), HttpStatus.CREATED);
}
@Override
- public ResponseEntity findUserByUsernameAndAccessToken(String username, String accessToken) {
- AccessToken token = accessTokenBusinessService.validateAccessTokenValueWithHeader(accessToken);
- userAuthorizationService.authenticateUserWithAccessToken(token);
+ public ResponseEntity findUserByUsernameAndAccessToken(String username, String accessTokenHeader) {
+ String sanitizedHeaderValue = inputSanitizerService.sanitizeRequestHeader(AUTHORIZATION_BEARER_PREFIX, accessTokenHeader);
+ String sanitizedTokenString = inputSanitizerService.sanitizeTokenValue(sanitizedHeaderValue);
+
+ AccessToken accessToken = accessTokenBusinessService.findAccessTokenByValue(sanitizedTokenString);
+ userAuthorizationService.authenticateUserWithAccessToken(accessToken);
User foundUser = userBusinessService.findUserByUsername(username);
return new ResponseEntity<>(foundUser, HttpStatus.OK);
}
diff --git a/src/test/java/de/filefighter/rest/domain/common/InputSanitizerServiceUnitTest.java b/src/test/java/de/filefighter/rest/domain/common/InputSanitizerServiceUnitTest.java
new file mode 100644
index 00000000..19a48950
--- /dev/null
+++ b/src/test/java/de/filefighter/rest/domain/common/InputSanitizerServiceUnitTest.java
@@ -0,0 +1,99 @@
+package de.filefighter.rest.domain.common;
+
+import de.filefighter.rest.rest.exceptions.RequestDidntMeetFormalRequirementsException;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class InputSanitizerServiceUnitTest {
+
+ private final InputSanitizerService inputSanitizerService = new InputSanitizerService();
+
+ @Test
+ void StringIsValid() {
+ String string0 = "";
+ String string1 = null;
+
+ assertFalse(InputSanitizerService.stringIsValid(string0));
+ assertFalse(InputSanitizerService.stringIsValid(string1));
+ }
+
+ @Test
+ void sanitizeStringThrows() {
+ String string0 = "";
+ String string1 = null;
+
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ InputSanitizerService.sanitizeString(string0));
+
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ InputSanitizerService.sanitizeString(string1));
+ }
+
+ @Test
+ void sanitizeStringWorks() {
+ String string0 = "a a a b b bbb bb";
+ String string1 = "\n\rasd\n";
+ String string0valid = "aaabbbbbbb";
+ String string1valid = "asd";
+
+ assertEquals(string0valid, InputSanitizerService.sanitizeString(string0));
+ assertEquals(string1valid, InputSanitizerService.sanitizeString(string1));
+ }
+
+ @Test
+ void sanitizeRequestHeaderThrows() {
+ String header = "HEADER: ";
+ String string0 = "";
+ String string1 = null;
+ String string2 = header + "";
+ String string3 = header + " as a a s d d d ";
+
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ inputSanitizerService.sanitizeRequestHeader(header, string0));
+
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ inputSanitizerService.sanitizeRequestHeader(header, string1));
+
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ inputSanitizerService.sanitizeRequestHeader(header, string2));
+
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ inputSanitizerService.sanitizeRequestHeader(header, string3));
+ }
+
+
+ @Test
+ void sanitizeRequestHeaderWorks() {
+ String header = "HEADER: ";
+ String expected = "Baum";
+ String authString = header + expected;
+
+
+ String actual = inputSanitizerService.sanitizeRequestHeader(header, authString);
+ assertEquals(expected, actual);
+ }
+
+ @Test
+ void sanitizeTokenThrows() {
+ String string0 = "";
+ String string1 = null;
+
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ inputSanitizerService.sanitizeTokenValue(string0));
+ assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
+ inputSanitizerService.sanitizeTokenValue(string1));
+ }
+
+ @Test
+ void sanitizeTokenWorks() {
+ String string0 = "a a a b b bbb bb";
+ String string1 = "\n\rasd\n";
+ String string0valid = "aaabbbbbbb";
+ String string1valid = "asd";
+
+ assertEquals(string0valid, inputSanitizerService.sanitizeTokenValue(string0));
+ assertEquals(string1valid, inputSanitizerService.sanitizeTokenValue(string1));
+ }
+
+}
\ No newline at end of file
diff --git a/src/test/java/de/filefighter/rest/domain/common/UtilsUnitTest.java b/src/test/java/de/filefighter/rest/domain/common/UtilsUnitTest.java
deleted file mode 100644
index fd396d4e..00000000
--- a/src/test/java/de/filefighter/rest/domain/common/UtilsUnitTest.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package de.filefighter.rest.domain.common;
-
-import de.filefighter.rest.rest.exceptions.RequestDidntMeetFormalRequirementsException;
-import org.junit.jupiter.api.Test;
-
-import static org.junit.jupiter.api.Assertions.*;
-
-@SuppressWarnings(value = "ConstantConditions")
-class UtilsUnitTest {
-
- @Test
- void stringIsValid() {
- String string = "string";
- boolean actual = Utils.stringIsValid(string);
- assertTrue(actual);
- }
-
- @Test
- void stringIsNotValid() {
- String nullString = null;
- String empty = "";
-
- boolean actual = Utils.stringIsValid(nullString);
- boolean actual1 = Utils.stringIsValid(empty);
- assertFalse(actual);
- assertFalse(actual1);
- }
-
- @Test
- void validateHeaderThrows() {
- String dummyHeaderPrefix = "UGABUGA: ";
-
- String notValid = "";
- String validButDoesntMatch = "something";
- String noContent = dummyHeaderPrefix + "";
-
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- Utils.validateAuthorizationHeader(dummyHeaderPrefix, notValid)
- );
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- Utils.validateAuthorizationHeader(dummyHeaderPrefix, validButDoesntMatch)
- );
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- Utils.validateAuthorizationHeader(dummyHeaderPrefix, noContent)
- );
- }
-
- @Test
- void validateHeaderWorks() {
- String dummyHeaderPrefix = "UGABUGA: ";
- String expected = "baum";
- String valid = dummyHeaderPrefix.concat(expected);
-
- String actual = Utils.validateAuthorizationHeader(dummyHeaderPrefix, valid);
-
- assertEquals(expected, actual);
- }
-
- @Test
- void removeAllWhiteSpaces(){
- String dummyString = " a d s dd ds d s \n sd \r";
- String expectedString = "adsdddsdssd";
- String actual = Utils.removeWhiteSpaces(dummyString);
-
- assertEquals(expectedString, actual);
- }
-}
\ No newline at end of file
diff --git a/src/test/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessServiceUnitTest.java b/src/test/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessServiceUnitTest.java
index 8e8dfd62..5de6bd25 100644
--- a/src/test/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessServiceUnitTest.java
+++ b/src/test/java/de/filefighter/rest/domain/token/business/AccessTokenBusinessServiceUnitTest.java
@@ -6,13 +6,11 @@
import de.filefighter.rest.domain.user.data.dto.User;
import de.filefighter.rest.domain.user.exceptions.UserNotAuthenticatedException;
import de.filefighter.rest.rest.exceptions.FileFighterDataException;
-import de.filefighter.rest.rest.exceptions.RequestDidntMeetFormalRequirementsException;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import java.time.Instant;
-import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BEARER_PREFIX;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
@@ -100,16 +98,6 @@ void getValidAccessTokenForUserWhenTokenDeletionFails() {
assertThrows(FileFighterDataException.class, () -> accessTokenBusinessService.getValidAccessTokenForUser(dummyUser));
}
- @Test
- void findAccessTokenByValueAndUserIdWithInvalidToken() {
- String tokenValue = "";
- long userId = 1234;
-
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- accessTokenBusinessService.findAccessTokenByValueAndUserId(tokenValue, userId)
- );
- }
-
@Test
void findAccessTokenByValueAndUserIdWithTokenNotFound() {
String tokenValue = "value";
@@ -142,12 +130,6 @@ void findAccessTokenByValueThrowsException() {
String invalidFormat = "";
String validFormat = "ugabuga";
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- accessTokenBusinessService.findAccessTokenByValue(invalidFormat)
- );
-
- when(accessTokenRepositoryMock.findByValue(validFormat)).thenReturn(null);
-
assertThrows(UserNotAuthenticatedException.class, () ->
accessTokenBusinessService.findAccessTokenByValue(validFormat)
);
@@ -174,46 +156,6 @@ void generateRandomTokenValue() {
assertEquals(36, generatedToken.length());
}
- @Test
- void validateAccessTokenValueWithWrongHeader() {
- String header0 = "wrongHeader";
- String header1 = "";
-
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- accessTokenBusinessService.validateAccessTokenValueWithHeader(header0)
- );
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- accessTokenBusinessService.validateAccessTokenValueWithHeader(header1)
- );
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- accessTokenBusinessService.validateAccessTokenValueWithHeader(AUTHORIZATION_BEARER_PREFIX)
- );
- }
-
- @Test
- void validateAccessTokenValueButTokenDoesNotExist() {
- String header = AUTHORIZATION_BEARER_PREFIX + "something";
-
- when(accessTokenRepositoryMock.findByValue("something")).thenReturn(null);
-
- assertThrows(UserNotAuthenticatedException.class, () ->
- accessTokenBusinessService.validateAccessTokenValueWithHeader(header)
- );
- }
-
- @Test
- void validateAccessTokenValue() {
- String header = AUTHORIZATION_BEARER_PREFIX + "something";
- AccessToken expected = AccessToken.builder().build();
- AccessTokenEntity accessTokenEntity = AccessTokenEntity.builder().build();
-
- when(accessTokenRepositoryMock.findByValue("something")).thenReturn(accessTokenEntity);
- when(accessTokenDtoServiceMock.createDto(accessTokenEntity)).thenReturn(expected);
-
- AccessToken actual = accessTokenBusinessService.validateAccessTokenValueWithHeader(header);
- assertEquals(expected, actual);
- }
-
@Test
void getAccessTokenCount() {
long count = 420;
diff --git a/src/test/java/de/filefighter/rest/domain/user/business/UserAuthorizationServiceUnitTest.java b/src/test/java/de/filefighter/rest/domain/user/business/UserAuthorizationServiceUnitTest.java
index f2714058..bfba50e0 100644
--- a/src/test/java/de/filefighter/rest/domain/user/business/UserAuthorizationServiceUnitTest.java
+++ b/src/test/java/de/filefighter/rest/domain/user/business/UserAuthorizationServiceUnitTest.java
@@ -9,7 +9,6 @@
import de.filefighter.rest.rest.exceptions.RequestDidntMeetFormalRequirementsException;
import org.junit.jupiter.api.Test;
-import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BASIC_PREFIX;
import static de.filefighter.rest.configuration.RestConfiguration.AUTHORIZATION_BEARER_PREFIX;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.mock;
@@ -25,18 +24,13 @@ class UserAuthorizationServiceUnitTest {
@Test
void authenticateUserWithUsernameAndPasswordThrows() {
- String matchesButIsNotSupportedEncoding = AUTHORIZATION_BASIC_PREFIX + "���"; //funny enough sonar doesnt like this. who cares.
- String matchesButDoesNotMeetRequirements = AUTHORIZATION_BASIC_PREFIX + "dWdhYnVnYQ==";
- String matchesButUserWasNotFound = AUTHORIZATION_BASIC_PREFIX + "dXNlcjpwYXNzd29yZA==";
+ String matchesButIsNotSupportedEncoding = "���"; //funny enough sonar doesnt like this. who cares.
+ String matchesButUserWasNotFound = "dXNlcjpwYXNzd29yZA==";
assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
userAuthorizationService.authenticateUserWithUsernameAndPassword(matchesButIsNotSupportedEncoding)
);
- assertThrows(RequestDidntMeetFormalRequirementsException.class, () ->
- userAuthorizationService.authenticateUserWithUsernameAndPassword(matchesButDoesNotMeetRequirements)
- );
-
when(userRepositoryMock.findByLowercaseUsernameAndPassword("user", "password")).thenReturn(null);
assertThrows(UserNotAuthenticatedException.class, () ->
@@ -45,14 +39,14 @@ void authenticateUserWithUsernameAndPasswordThrows() {
@Test
void authenticateUserWithUsernameAndPasswordWorksCorrectly() {
- String header = AUTHORIZATION_BASIC_PREFIX + "dXNlcjpwYXNzd29yZA=="; // user:password
+ String usernameAndPassword = "dXNlcjpwYXNzd29yZA=="; // user:password
User dummyUser = User.builder().build();
UserEntity dummyEntity = UserEntity.builder().build();
when(userRepositoryMock.findByLowercaseUsernameAndPassword("user", "password")).thenReturn(dummyEntity);
when(userDtoServiceMock.createDto(dummyEntity)).thenReturn(dummyUser);
- User actual = userAuthorizationService.authenticateUserWithUsernameAndPassword(header);
+ User actual = userAuthorizationService.authenticateUserWithUsernameAndPassword(usernameAndPassword);
assertEquals(dummyUser, actual);
}
@@ -70,14 +64,13 @@ void authenticateUserWithRefreshTokenThrowsExceptions() {
@Test
void authenticateUserWithRefreshTokenWorksCorrectly() {
String refreshToken = "Something";
- String authString = AUTHORIZATION_BEARER_PREFIX + refreshToken;
UserEntity dummyEntity = UserEntity.builder().build();
User dummyUser = User.builder().build();
when(userRepositoryMock.findByRefreshToken(refreshToken)).thenReturn(dummyEntity);
when(userDtoServiceMock.createDto(dummyEntity)).thenReturn(dummyUser);
- User actualUser = userAuthorizationService.authenticateUserWithRefreshToken(authString);
+ User actualUser = userAuthorizationService.authenticateUserWithRefreshToken(refreshToken);
assertEquals(dummyUser, actualUser);
}