All api tests green

iam-login-service/src/main/java/it/infn/mw/iam/config/security/CorsConfig.java

@@ -1,3 +1,18 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2019
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package it.infn.mw.iam.config.security;
 
 import org.springframework.context.annotation.Bean;

iam-login-service/src/main/resources-filtered/application.properties

@@ -44,7 +44,7 @@ logging.level.org.springframework.test.web.servlet.result=DEBUG
 # Notification service logging
 #logging.level.it.infn.mw.iam.notification=DEBUG
 
-#logging.level.org.springframework.security=DEBUG
+logging.level.org.springframework.security=DEBUG
 #logging.level.org.springframework.web=DEBUG
 
 # logging.level.com.fasterxml.jackson=INFO

iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/attributes/AccountAttributesTests.java

@@ -24,11 +24,9 @@
 import static org.hamcrest.Matchers.hasSize;
 import static org.junit.Assert.assertThat;
 import static org.springframework.http.MediaType.APPLICATION_JSON_UTF8;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
-import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.log;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -41,33 +39,25 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.SpringApplicationConfiguration;
 import org.springframework.security.test.context.support.WithMockUser;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.ResultMatcher;
-import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.web.context.WebApplicationContext;
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.collect.Lists;
 
-import it.infn.mw.iam.IamLoginService;
 import it.infn.mw.iam.api.common.AttributeDTO;
 import it.infn.mw.iam.persistence.model.IamAccount;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
-import it.infn.mw.iam.test.core.CoreControllerTestSupport;
 import it.infn.mw.iam.test.util.WithAnonymousUser;
+import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
 import it.infn.mw.iam.test.util.oauth.MockOAuth2Filter;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = {IamLoginService.class, CoreControllerTestSupport.class})
-@WebAppConfiguration
-@Transactional
-@WithMockUser(username = "admin", roles = "ADMIN")
+
+@RunWith(SpringRunner.class)
+@IamMockMvcIntegrationTest
 public class AccountAttributesTests {
 
   public static final ResultMatcher OK = status().isOk();
@@ -97,8 +87,6 @@ public class AccountAttributesTests {
   private IamAccountRepository repo;
 
   @Autowired
-  private WebApplicationContext context;
-
   private MockMvc mvc;
 
   @Autowired
@@ -109,11 +97,6 @@ public class AccountAttributesTests {
 
   @Before
   public void setup() {
-
-    mvc = MockMvcBuilders.webAppContextSetup(context)
-      .apply(springSecurity())
-      .alwaysDo(log())
-      .build();
     mockOAuth2Filter.cleanupSecurityContext();
   }
 
@@ -187,6 +170,7 @@ public void managingAttributesRequiresPrivilegedUser() throws Exception {
   }
 
   @Test
+  @WithMockUser(username = "admin", roles = "ADMIN")
   public void gettingAttributesWorksForAdminUser() throws Exception {
     IamAccount testAccount =
         repo.findByUsername(TEST_USER).orElseThrow(assertionError(EXPECTED_USER_NOT_FOUND));
@@ -203,6 +187,7 @@ public void gettingAttributesWorksForAdminUser() throws Exception {
   }
 
   @Test
+  @WithMockUser(username = "admin", roles = "ADMIN")
   public void setAttributeWorks() throws Exception {
 
     IamAccount testAccount =
@@ -242,6 +227,7 @@ public void setAttributeWorks() throws Exception {
   }
 
   @Test
+  @WithMockUser(username = "admin", roles = "ADMIN")
   public void deleteAttributeWorks() throws Exception {
     IamAccount testAccount =
         repo.findByUsername(TEST_USER).orElseThrow(assertionError(EXPECTED_USER_NOT_FOUND));
@@ -267,6 +253,7 @@ public void deleteAttributeWorks() throws Exception {
   }
 
   @Test
+  @WithMockUser(username = "admin", roles = "ADMIN")
   public void nonExistingAccountIsHandledCorrectly() throws Exception {
     String randomUuid = UUID.randomUUID().toString();
     AttributeDTO attr = new AttributeDTO();
@@ -292,6 +279,7 @@ public void nonExistingAccountIsHandledCorrectly() throws Exception {
   }
 
   @Test
+  @WithMockUser(username = "admin", roles = "ADMIN")
   public void multiAttributeSetTest() throws Exception {
 
     IamAccount testAccount =

iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/authority/AccountAuthorityEndpointTests.java

@@ -23,61 +23,48 @@
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.not;
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.security.test.context.support.WithMockUser;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
-import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.web.context.WebApplicationContext;
 
 import it.infn.mw.iam.IamLoginService;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
 import it.infn.mw.iam.persistence.repository.IamAuthoritiesRepository;
+import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@SpringApplicationConfiguration(classes = IamLoginService.class)
-@WebAppConfiguration
-@Transactional
+@RunWith(SpringRunner.class)
+@IamMockMvcIntegrationTest
+@SpringBootTest(classes = {IamLoginService.class}, webEnvironment = WebEnvironment.MOCK)
 public class AccountAuthorityEndpointTests {
 
-  public static final String TEST_100 = "test_100";
-  public static final String TEST_100_UUID = "f2ce8cb2-a1db-4884-9ef0-d8842cc02b4a";
+  private static final String TEST_100 = "test_100";
+  private static final String TEST_100_UUID = "f2ce8cb2-a1db-4884-9ef0-d8842cc02b4a";
 
-  public static final String INVALID_USER_ID = "6cbc791d-561c-43c3-af31-dd89f41e3b29";
-
-  public static final String ROLE_USER = "ROLE_USER";
-  public static final String ROLE_ADMIN = "ROLE_ADMIN";
+  private static final String INVALID_USER_ID = "6cbc791d-561c-43c3-af31-dd89f41e3b29";
 
+  private static final String ROLE_USER = "ROLE_USER";
+  private static final String ROLE_ADMIN = "ROLE_ADMIN";
 
   @Autowired
-  WebApplicationContext context;
+  private IamAccountRepository iamAccountRepo;
 
   @Autowired
-  IamAccountRepository iamAccountRepo;
+  private IamAuthoritiesRepository iamAuthoritiesRepo;
 
   @Autowired
-  IamAuthoritiesRepository iamAuthoritiesRepo;
-
-  MockMvc mvc;
-
-  @Before
-  public void setup() {
-    mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
-  }
+  private MockMvc mvc;
 
   private void addUserAuthority(String userId, String authority) {
     iamAuthoritiesRepo.findByAuthority(authority)
@@ -109,8 +96,9 @@ public void anonymousAccessToAuthorityEndpointFails() throws Exception {
 
 
     mvc
-      .perform(delete("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", "ROLE_USER").contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .perform(
+          delete("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", "ROLE_USER")
+            .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isUnauthorized());
   }
@@ -129,8 +117,9 @@ public void unprivilegedAccessToAuthorityEndpointFails() throws Exception {
       .andExpect(status().isForbidden());
 
     mvc
-      .perform(delete("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", "ROLE_USER").contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .perform(
+          delete("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", "ROLE_USER")
+            .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isForbidden());
   }
@@ -164,8 +153,9 @@ public void AddInvalidAuthorityFails() throws Exception {
     String expectedErrorMessage = String.format("Invalid authority: '%s'", invalidAuthority);
 
     mvc
-      .perform(post("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", invalidAuthority).contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .perform(
+          post("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", invalidAuthority)
+            .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isBadRequest())
       .andExpect(jsonPath("$.error", equalTo(expectedErrorMessage)));
@@ -180,8 +170,9 @@ public void AddEmptyAuthorityFails() throws Exception {
     String expectedErrorMessage = String.format("Authority cannot be an empty string");
 
     mvc
-      .perform(post("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", invalidAuthority).contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .perform(
+          post("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", invalidAuthority)
+            .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isBadRequest())
       .andExpect(jsonPath("$.error", equalTo(expectedErrorMessage)));
@@ -202,8 +193,9 @@ public void AddSuperLongAuthorityFails() throws Exception {
     String expectedErrorMessage = String.format("Invalid authority size");
 
     mvc
-      .perform(post("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", invalidAuthority).contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .perform(
+          post("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", invalidAuthority)
+            .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isBadRequest())
       .andExpect(jsonPath("$.error", equalTo(expectedErrorMessage)));
@@ -237,8 +229,11 @@ public void AddAuthorityWorks() throws Exception {
       .andExpect(status().isOk())
       .andExpect(jsonPath("$.authorities", contains(ROLE_USER)));
 
-    mvc.perform(post("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", authority)
-      .contentType(APPLICATION_FORM_URLENCODED_VALUE)).andDo(print()).andExpect(status().isOk());
+    mvc
+      .perform(post("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", authority)
+        .contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .andDo(print())
+      .andExpect(status().isOk());
 
     mvc.perform(get("/iam/account/{id}/authorities", TEST_100_UUID))
       .andDo(print())
@@ -258,8 +253,11 @@ public void DeleteAuthorityWorks() throws Exception {
 
     String authority = "ROLE_USER";
 
-    mvc.perform(delete("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", authority)
-      .contentType(APPLICATION_FORM_URLENCODED_VALUE)).andDo(print()).andExpect(status().isOk());
+    mvc
+      .perform(delete("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", authority)
+        .contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .andDo(print())
+      .andExpect(status().isOk());
 
     mvc.perform(get("/iam/account/{id}/authorities", TEST_100_UUID))
       .andDo(print())
@@ -280,7 +278,8 @@ public void DeleteUnboundAuthoritySilentlySucceeds() throws Exception {
 
     mvc
       .perform(delete("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", unboundAuthority).contentType(APPLICATION_FORM_URLENCODED_VALUE))
+        .param("authority", unboundAuthority)
+        .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isOk());
   }
@@ -294,7 +293,8 @@ public void deleteInvalidAuthorityGetsBadRequest() throws Exception {
 
     mvc
       .perform(delete("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", invalidAuthority).contentType(APPLICATION_FORM_URLENCODED_VALUE))
+        .param("authority", invalidAuthority)
+        .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isBadRequest())
       .andExpect(jsonPath("$.error", equalTo(expectedErrorMessage)));
@@ -309,8 +309,9 @@ public void deleteEmptyAuthorityGetsBadRequest() throws Exception {
 
 
     mvc
-      .perform(delete("/iam/account/{id}/authorities", TEST_100_UUID)
-        .param("authority", emptyAuthority).contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .perform(
+          delete("/iam/account/{id}/authorities", TEST_100_UUID).param("authority", emptyAuthority)
+            .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isBadRequest())
       .andExpect(jsonPath("$.error", equalTo(expectedErrorMessage)));
@@ -335,8 +336,9 @@ public void invalidUserIdFailsWithNotFound() throws Exception {
       .andExpect(jsonPath("$.error", equalTo(expectedErrorMessage)));
 
     mvc
-      .perform(delete("/iam/account/{id}/authorities", INVALID_USER_ID)
-        .param("authority", ROLE_USER).contentType(APPLICATION_FORM_URLENCODED_VALUE))
+      .perform(
+          delete("/iam/account/{id}/authorities", INVALID_USER_ID).param("authority", ROLE_USER)
+            .contentType(APPLICATION_FORM_URLENCODED_VALUE))
       .andDo(print())
       .andExpect(status().isNotFound())
       .andExpect(jsonPath("$.error", equalTo(expectedErrorMessage)));