garrettmills/commafeed
1
0
Fork 0
forked from Archives/Athou_commafeed
Code Pull Requests Activity

WIP

Browse Source
This commit is contained in:
Athou
2024-08-07 08:10:14 +02:00
parent 2f6ddf0e70
commit cc32f8ad16
164 changed files with 2011 additions and 3288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
commafeed-server/src/test/java/com/commafeed/integration/SecurityIT.java
View File

@@ -2,25 +2,28 @@ package com.commafeed.integration;
import java.util.Base64;
import org.eclipse.jetty.http.HttpStatus;
import org.apache.hc.core5.http.HttpStatus;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import com.commafeed.frontend.model.Entries;
import com.commafeed.frontend.model.UserModel;
import com.commafeed.frontend.model.request.MarkRequest;
import com.commafeed.frontend.model.request.ProfileModificationRequest;
import com.commafeed.frontend.model.request.SubscribeRequest;
import io.quarkus.test.junit.QuarkusTest;
import jakarta.ws.rs.client.Entity;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
@QuarkusTest
class SecurityIT extends BaseIT {
@Test
void notLoggedIn() {
try (Response response = getClient().target(getApiBaseUrl() + "user/profile").request().get()) {
Assertions.assertEquals(HttpStatus.UNAUTHORIZED_401, response.getStatus());
Assertions.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatus());
}
}
@@ -31,18 +34,18 @@ class SecurityIT extends BaseIT {
.request()
.header(HttpHeaders.AUTHORIZATION, auth)
.get()) {
Assertions.assertEquals(HttpStatus.UNAUTHORIZED_401, response.getStatus());
Assertions.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatus());
}
}
@Test
void missingRole() {
String auth = "Basic " + Base64.getEncoder().encodeToString("demo:demo".getBytes());
try (Response response = getClient().target(getApiBaseUrl() + "admin/settings")
try (Response response = getClient().target(getApiBaseUrl() + "admin/metrics")
.request()
.header(HttpHeaders.AUTHORIZATION, auth)
.get()) {
Assertions.assertEquals(HttpStatus.FORBIDDEN_403, response.getStatus());
Assertions.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatus());
}
}
@@ -84,5 +87,16 @@ class SecurityIT extends BaseIT {
.request()
.get(Entries.class);
Assertions.assertEquals("my title for this feed", entries.getName());
// mark entry as read and expect it won't work because it's not a GET request
MarkRequest markRequest = new MarkRequest();
markRequest.setId("1");
markRequest.setRead(true);
try (Response markResponse = getClient().target(getApiBaseUrl() + "entry/mark")
.queryParam("apiKey", apiKey)
.request()
.post(Entity.json(markRequest))) {
Assertions.assertEquals(HttpStatus.SC_UNAUTHORIZED, markResponse.getStatus());
}
}
}