feat: Implement authentication for fetching GBFS files #135
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change adds support for specifying authentication details when fetching GBFS files, as defined in the OpenAPI specification. The loader can now handle Basic Authentication, Bearer Token Authentication, and OAuth 2.0 Client Credentials Grant. Key changes: - Added authentication models (`BasicAuth`, `BearerTokenAuth`, `OAuthClientCredentialsGrantAuth`) to the `gbfs-validator-java-loader` module. - Modified `Loader.java` to accept an `Authentication` object and include appropriate `Authorization` headers in HTTP requests. For OAuth2, it handles fetching the token from the specified token URL. - Integrated these changes into the `gbfs-validator-java-api` module by updating `ValidateApiDelegateHandler.java` to map API authentication models to the loader's authentication models. - Ensured backward compatibility by providing an overloaded `load` method in `Loader.java` that defaults to no authentication. Testing: - I added comprehensive unit tests for `Loader.java` in `gbfs-validator-java-loader` using WireMock. These tests cover successful authentication for all supported methods, as well as error scenarios like incorrect credentials and token fetch failures. - I added integration tests in `gbfs-validator-java-api` using `MockMvc` and WireMock. These tests verify the end-to-end authentication flow, from the API request to the `Loader` making authenticated HTTP calls. They ensure that the `/validate` endpoint correctly processes authentication details and that the system behaves as expected under various authentication scenarios. The tests verify that: - Files are fetched successfully with valid authentication credentials for each supported method. - Appropriate `Authorization` headers are added to requests. - OAuth2 token acquisition works correctly. - System errors are reported for authentication failures (e.g., HTTP 401 errors due to bad credentials or token issues) rather than causing the validation process to crash.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.