Issue #106 Adapt unit-test, to make sure that the right auth-ctx is u…

…sed.

Live retrieve thing command responses will be filtered by an auth context.
For this filtering, the auth ctx of the requester (source of the command)
and not from the response, shall be used.

Signed-off-by: Joel Bartelheimer <joel.bartelheimer@bosch.io>

concierge/service/src/main/java/org/eclipse/ditto/concierge/service/enforcement/LiveSignalEnforcement.java

@@ -122,7 +122,8 @@ public boolean isApplicable(final SignalWithEntityId<?> signal) {
         }
 
         @Override
-        public AbstractEnforcement<SignalWithEntityId<?>> createEnforcement(final Contextual<SignalWithEntityId<?>> context) {
+        public AbstractEnforcement<SignalWithEntityId<?>> createEnforcement(
+                final Contextual<SignalWithEntityId<?>> context) {
             return new LiveSignalEnforcement(context, thingIdCache, policyEnforcerCache, liveSignalPub);
         }
 
@@ -181,33 +182,38 @@ private CompletionStage<Contextual<WithDittoHeaders>> enforceLiveCommandResponse
         final Optional<Cache<String, Pair<ActorRef, AuthorizationContext>>> responseReceiversOptional =
                 context.getResponseReceivers();
         if (responseReceiversOptional.isPresent()) {
-            final Cache<String, Pair<ActorRef, AuthorizationContext>> responseReceivers = responseReceiversOptional.get();
+            final Cache<String, Pair<ActorRef, AuthorizationContext>> responseReceivers =
+                    responseReceiversOptional.get();
             return returnCommandResponseContextual(responseReceivers, liveResponse, correlationId, enforcer);
         } else {
             log().info("Got live response when global dispatching is inactive: <{}> with correlation ID <{}>",
-                        liveResponse.getType(),
-                        liveResponse.getDittoHeaders().getCorrelationId().orElse(""));
+                    liveResponse.getType(),
+                    liveResponse.getDittoHeaders().getCorrelationId().orElse(""));
 
             return CompletableFuture.completedFuture(withMessageToReceiver(null, null));
         }
     }
 
     private CompletionStage<Contextual<WithDittoHeaders>> returnCommandResponseContextual(
-            final Cache<String, Pair<ActorRef, AuthorizationContext>> responseReceivers, final CommandResponse<?> liveResponse,
+            final Cache<String, Pair<ActorRef, AuthorizationContext>> responseReceivers,
+            final CommandResponse<?> liveResponse,
             final String correlationId, final Enforcer enforcer) {
+
         return responseReceivers.get(correlationId).thenApply(responseReceiverEntry -> {
             final Contextual<WithDittoHeaders> commandResponseContextual;
             if (responseReceiverEntry.isPresent()) {
                 responseReceivers.invalidate(correlationId);
                 final Pair<ActorRef, AuthorizationContext> responseReceiver = responseReceiverEntry.get();
                 final CommandResponse<?> response;
                 if (liveResponse instanceof ThingQueryCommandResponse) {
-                    final var dittoHeadersWithResponseReceiverAuthContext = liveResponse.getDittoHeaders()
-                            .toBuilder()
-                            .authorizationContext(responseReceiver.second())
-                            .build();
+
+                    final var liveResponseWithRequesterAuthCtx = injectRequestersAuthContext(
+                            (ThingQueryCommandResponse<?>) liveResponse,
+                            responseReceiver.second());
+
                     response = ThingCommandEnforcement.buildJsonViewForThingQueryCommandResponse(
-                            (ThingQueryCommandResponse<?>) liveResponse.setDittoHeaders(dittoHeadersWithResponseReceiverAuthContext), enforcer);
+                            liveResponseWithRequesterAuthCtx,
+                            enforcer);
                 } else {
                     response = liveResponse;
                 }
@@ -223,6 +229,18 @@ private CompletionStage<Contextual<WithDittoHeaders>> returnCommandResponseConte
         });
     }
 
+    private static ThingQueryCommandResponse<?> injectRequestersAuthContext(
+            final ThingQueryCommandResponse<?> liveResponse,
+            final AuthorizationContext requesterAuthContext) {
+
+        final var dittoHeadersWithResponseReceiverAuthContext = liveResponse.getDittoHeaders()
+                .toBuilder()
+                .authorizationContext(requesterAuthContext)
+                .build();
+
+        return liveResponse.setDittoHeaders(dittoHeadersWithResponseReceiverAuthContext);
+    }
+
     private CompletionStage<Contextual<WithDittoHeaders>> enforceLiveSignal(final StreamingType streamingType,
             final Signal<?> liveSignal, final Enforcer enforcer) {
 
@@ -377,7 +395,8 @@ private static ResourceKey extractMessageResourceKey(final MessageCommand<?, ?>
         }
     }
 
-    private static CompletionStage<Signal<?>> insertResponseReceiverConflictFree(final Cache<String, Pair<ActorRef, AuthorizationContext>> cache,
+    private static CompletionStage<Signal<?>> insertResponseReceiverConflictFree(
+            final Cache<String, Pair<ActorRef, AuthorizationContext>> cache,
             final Signal<?> signal, final Pair<ActorRef, AuthorizationContext> responseReceiver) {
 
         return setUniqueCorrelationIdForGlobalDispatching(cache, signal)

concierge/service/src/test/java/org/eclipse/ditto/concierge/service/enforcement/LiveSignalEnforcementTest.java

@@ -233,7 +233,15 @@ public void retrieveLiveThingCommandAndResponseByPolicy() {
             assertThat((CharSequence) ((ThingCommand<?>) publishRead.msg()).getEntityId()).isEqualTo(
                     read.getEntityId());
 
-            final ThingCommandResponse<?> readResponse = getRetrieveThingResponse(headers);
+            // the response auth ctx shall be ignored for filtering live retrieve responses,
+            // the auth ctx of the requester is the right one.
+            final var responseHeaders = headers.toBuilder()
+                    .authorizationContext(AuthorizationContext.newInstance(
+                            DittoAuthorizationContextType.PRE_AUTHENTICATED_CONNECTION,
+                            AuthorizationSubject.newInstance("myIssuer:mySubject")))
+                    .build();
+
+            final ThingCommandResponse<?> readResponse = getRetrieveThingResponse(responseHeaders);
             final Thing expectedThing = THING.toBuilder()
                     .removeFeatureProperty(FEATURE_ID, JsonPointer.of(FEATURE_PROPERTY_2))
                     .build();