From 6fcd1cee5da23dd3ba79b2ad52ef5e25d1a0f85b Mon Sep 17 00:00:00 2001 From: Philip Durbin Date: Mon, 26 Jun 2017 15:54:30 -0400 Subject: [PATCH] make sure :SearchApiRequiresToken is respected #3900 --- .../java/edu/harvard/iq/dataverse/api/Search.java | 6 ++++-- .../iq/dataverse/settings/SettingsServiceBean.java | 4 ++++ .../java/edu/harvard/iq/dataverse/api/SearchIT.java | 12 ++++++++---- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Search.java b/src/main/java/edu/harvard/iq/dataverse/api/Search.java index 39e3f92a120..ad83167b9fe 100644 --- a/src/main/java/edu/harvard/iq/dataverse/api/Search.java +++ b/src/main/java/edu/harvard/iq/dataverse/api/Search.java @@ -226,8 +226,10 @@ public boolean nonPublicSearchAllowed() { } public boolean tokenLessSearchAllowed() { - boolean outOfBoxBehavior = true; - return settingsSvc.isTrueForKey(SettingsServiceBean.Key.SearchApiRequiresToken, outOfBoxBehavior); + boolean outOfBoxBehavior = false; + boolean tokenLessSearchAllowed = settingsSvc.isFalseForKey(SettingsServiceBean.Key.SearchApiRequiresToken, outOfBoxBehavior); + logger.fine("tokenLessSearchAllowed: " + tokenLessSearchAllowed); + return tokenLessSearchAllowed; } private boolean getDataRelatedToMe() { diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java index 8eddfe21376..f90e097fe24 100644 --- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java +++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java @@ -393,6 +393,10 @@ public boolean isTrue( String name, boolean defaultValue ) { public boolean isTrueForKey( Key key, boolean defaultValue ) { return isTrue( key.toString(), defaultValue ); } + + public boolean isFalseForKey( Key key, boolean defaultValue ) { + return ! isTrue( key.toString(), defaultValue ); + } public void deleteValueForKey( Key name ) { delete( name.toString() ); diff --git a/src/test/java/edu/harvard/iq/dataverse/api/SearchIT.java b/src/test/java/edu/harvard/iq/dataverse/api/SearchIT.java index 7da1a5aa76c..ddc84570757 100644 --- a/src/test/java/edu/harvard/iq/dataverse/api/SearchIT.java +++ b/src/test/java/edu/harvard/iq/dataverse/api/SearchIT.java @@ -134,6 +134,10 @@ public void testSearchPermisions() throws InterruptedException { disableNonPublicSearch.then().assertThat() .statusCode(OK.getStatusCode()); + Response makeSureTokenlessSearchIsEnabled = UtilIT.deleteSetting(SettingsServiceBean.Key.SearchApiRequiresToken); + makeSureTokenlessSearchIsEnabled.then().assertThat() + .statusCode(OK.getStatusCode()); + Response publishedPublicDataShouldBeVisibleToTokenless = UtilIT.search("id:dataset_" + datasetId1, nullToken); publishedPublicDataShouldBeVisibleToTokenless.prettyPrint(); publishedPublicDataShouldBeVisibleToTokenless.then().assertThat() @@ -142,13 +146,13 @@ public void testSearchPermisions() throws InterruptedException { .body("data.items[0].name", CoreMatchers.is("Darwin's Finches")) .statusCode(OK.getStatusCode()); - Response disableTokenlessSearch = UtilIT.setSetting(SettingsServiceBean.Key.SearchApiRequiresToken, "false"); + Response disableTokenlessSearch = UtilIT.setSetting(SettingsServiceBean.Key.SearchApiRequiresToken, "true"); disableTokenlessSearch.then().assertThat() .statusCode(OK.getStatusCode()); - Response dataverse462behaviorOfTokensBeingRequired = UtilIT.search("id:dataset_" + datasetId1, nullToken); - dataverse462behaviorOfTokensBeingRequired.prettyPrint(); - dataverse462behaviorOfTokensBeingRequired.then().assertThat() + Response dataverse47behaviorOfTokensBeingRequired = UtilIT.search("id:dataset_" + datasetId1, nullToken); + dataverse47behaviorOfTokensBeingRequired.prettyPrint(); + dataverse47behaviorOfTokensBeingRequired.then().assertThat() .body("message", CoreMatchers.equalTo("Please provide a key query parameter (?key=XXX) or via the HTTP header X-Dataverse-key")) .statusCode(UNAUTHORIZED.getStatusCode());