diff --git a/CHANGELOG.md b/CHANGELOG.md index cb7efc326..f146ff037 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [unreleased] +- Fixes `Invalid API key` issue on hello API + ## [6.0.0] - 2023-06-02 ### Adds diff --git a/src/main/java/io/supertokens/webserver/api/core/NotFoundOrHelloAPI.java b/src/main/java/io/supertokens/webserver/api/core/NotFoundOrHelloAPI.java index 52f069808..ed3806e42 100644 --- a/src/main/java/io/supertokens/webserver/api/core/NotFoundOrHelloAPI.java +++ b/src/main/java/io/supertokens/webserver/api/core/NotFoundOrHelloAPI.java @@ -43,6 +43,11 @@ public String getPath() { return "/"; } + @Override + protected boolean checkAPIKey(HttpServletRequest req) { + return false; + } + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { handleRequest(req, resp); diff --git a/src/test/java/io/supertokens/test/HelloAPITest.java b/src/test/java/io/supertokens/test/HelloAPITest.java index bc7d7f418..21380b7b7 100644 --- a/src/test/java/io/supertokens/test/HelloAPITest.java +++ b/src/test/java/io/supertokens/test/HelloAPITest.java @@ -25,14 +25,14 @@ import io.supertokens.pluginInterface.multitenancy.*; import io.supertokens.storageLayer.StorageLayer; import io.supertokens.test.httpRequest.HttpRequestForTesting; +import io.supertokens.test.httpRequest.HttpResponseException; import org.junit.AfterClass; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.TestRule; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.*; public class HelloAPITest { @Rule @@ -165,4 +165,176 @@ public void testHelloAPIWithBasePath3() throws Exception { process.kill(); assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); } + + @Test + public void testWithBasePathThatHelloAPIDoesNotRequireAPIKeys() throws Exception { + String[] args = {"../"}; + + TestingProcessManager.TestingProcess process = TestingProcessManager.start(args, false); + FeatureFlagTestContent.getInstance(process.getProcess()) + .setKeyValue(FeatureFlagTestContent.ENABLED_FEATURES, new EE_FEATURES[]{EE_FEATURES.MULTI_TENANCY}); + Utils.setValueInConfig("api_keys", "asdfasdfasdf123412341234"); + Utils.setValueInConfig("base_path", "/hello"); + + process.startProcess(); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED)); + + if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) { + return; + } + + Multitenancy.addNewOrUpdateAppOrTenant(process.getProcess(), new TenantConfig( + new TenantIdentifier(null, "hello", null), + new EmailPasswordConfig(true), + new ThirdPartyConfig(true, null), + new PasswordlessConfig(true), + new JsonObject() + ), false); + + Multitenancy.addNewOrUpdateAppOrTenant(process.getProcess(), new TenantConfig( + new TenantIdentifier(null, "hello", "hello"), + new EmailPasswordConfig(true), + new ThirdPartyConfig(true, null), + new PasswordlessConfig(true), + new JsonObject() + ), false); + + Multitenancy.addNewOrUpdateAppOrTenant(process.getProcess(), new TenantConfig( + new TenantIdentifier(null, null, "hello"), + new EmailPasswordConfig(true), + new ThirdPartyConfig(true, null), + new PasswordlessConfig(true), + new JsonObject() + ), false); + + String res; + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/hello/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/hello/hello/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/hello/appid-hello/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/hello/appid-hello/hello/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + // Not found + try { + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/abcd", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + fail(); + } catch (HttpResponseException e) { + assertEquals(404, e.statusCode); + } + + try { + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + fail(); + } catch (HttpResponseException e) { + assertEquals(404, e.statusCode); + } + + process.kill(); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); + } + + @Test + public void testThatHelloAPIDoesNotRequireAPIKeys() throws Exception { + String[] args = {"../"}; + + TestingProcessManager.TestingProcess process = TestingProcessManager.start(args, false); + FeatureFlagTestContent.getInstance(process.getProcess()) + .setKeyValue(FeatureFlagTestContent.ENABLED_FEATURES, new EE_FEATURES[]{EE_FEATURES.MULTI_TENANCY}); + Utils.setValueInConfig("api_keys", "asdfasdfasdf123412341234"); + + process.startProcess(); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED)); + + if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) { + return; + } + + Multitenancy.addNewOrUpdateAppOrTenant(process.getProcess(), new TenantConfig( + new TenantIdentifier(null, "hello", null), + new EmailPasswordConfig(true), + new ThirdPartyConfig(true, null), + new PasswordlessConfig(true), + new JsonObject() + ), false); + + Multitenancy.addNewOrUpdateAppOrTenant(process.getProcess(), new TenantConfig( + new TenantIdentifier(null, "hello", "hello"), + new EmailPasswordConfig(true), + new ThirdPartyConfig(true, null), + new PasswordlessConfig(true), + new JsonObject() + ), false); + + Multitenancy.addNewOrUpdateAppOrTenant(process.getProcess(), new TenantConfig( + new TenantIdentifier(null, null, "hello"), + new EmailPasswordConfig(true), + new ThirdPartyConfig(true, null), + new PasswordlessConfig(true), + new JsonObject() + ), false); + + String res; + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/hello/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/appid-hello/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + res = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/appid-hello/hello/hello", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + assertEquals("Hello", res); + + // Not found + try { + HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/abcd", null, 1000, 1000, + null, Utils.getCdiVersionStringLatestForTests(), ""); + fail(); + } catch (HttpResponseException e) { + assertEquals(404, e.statusCode); + } + + process.kill(); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); + } }