fix #446 and add integration test

F43nd1r · Aug 30, 2023 · d912b70 · d912b70
1 parent 7245bf9
commit d912b70
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 8 deletions.
diff --git a/acrarium/src/main/kotlin/com/faendir/acra/domain/ReportService.kt b/acrarium/src/main/kotlin/com/faendir/acra/domain/ReportService.kt
@@ -1,5 +1,5 @@
 /*
- * (C) Copyright 2022 Lukas Morawietz (https://github.com/F43nd1r)
+ * (C) Copyright 2022-2023 Lukas Morawietz (https://github.com/F43nd1r)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +48,7 @@ class ReportService(
 ) {
 
     @Transactional
-    @PreAuthorize("hasRole(T(com.faendir.acra.persistence.user.Role).REPORTER)")
+    @PreAuthorize("isReporter()")
     fun create(
         reporterUserName: String,
         @Language("JSON")

diff --git a/acrarium/src/main/kotlin/com/faendir/acra/persistence/bug/BugRepository.kt b/acrarium/src/main/kotlin/com/faendir/acra/persistence/bug/BugRepository.kt
@@ -37,7 +37,7 @@ class BugRepository(
     private val jooq: DSLContext,
 ) {
 
-    @PreAuthorize("hasViewPermission(#identifier.appId)")
+    @PreAuthorize("isReporter() || hasViewPermission(#identifier.appId)")
     fun findId(identifier: BugIdentifier): BugId? =
         jooq.select(BUG_IDENTIFIER.BUG_ID).from(BUG_IDENTIFIER).where(BUG_IDENTIFIER.matches(identifier)).fetchValue()
 

diff --git a/acrarium/src/main/kotlin/com/faendir/acra/persistence/version/VersionRepository.kt b/acrarium/src/main/kotlin/com/faendir/acra/persistence/version/VersionRepository.kt
@@ -1,5 +1,5 @@
 /*
- * (C) Copyright 2022 Lukas Morawietz (https://github.com/F43nd1r)
+ * (C) Copyright 2022-2023 Lukas Morawietz (https://github.com/F43nd1r)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import java.util.stream.Stream
 class VersionRepository(private val jooq: DSLContext) {
 
     @Transactional
-    @PreAuthorize("hasEditPermission(#appId)")
+    @PreAuthorize("isReporter() || hasEditPermission(#appId)")
     fun ensureExists(appId: AppId, code: Int, flavor: String?, name: String) {
         jooq.insertInto(VERSION)
             .set(VERSION.APP_ID, appId)

diff --git a/acrarium/src/main/kotlin/com/faendir/acra/rest/RestReportInterface.kt b/acrarium/src/main/kotlin/com/faendir/acra/rest/RestReportInterface.kt
@@ -1,5 +1,5 @@
 /*
- * (C) Copyright 2018-2022 Lukas Morawietz (https://github.com/F43nd1r)
+ * (C) Copyright 2018-2023 Lukas Morawietz (https://github.com/F43nd1r)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,8 +34,8 @@ import java.security.Principal
  * @since 22.03.2017
  */
 @RestController
+@PreAuthorize("isReporter()")
 class RestReportInterface(private val reportService: ReportService) {
-    @PreAuthorize("hasRole(T(com.faendir.acra.persistence.user.Role).REPORTER)")
     @RequestMapping(value = [REPORT_PATH], consumes = [MediaType.APPLICATION_JSON_VALUE], method = [RequestMethod.POST])
     fun report(
         @RequestBody
@@ -46,7 +46,6 @@ class RestReportInterface(private val reportService: ReportService) {
         }
     }
 
-    @PreAuthorize("hasRole(T(com.faendir.acra.persistence.user.Role).REPORTER)")
     @RequestMapping(value = [REPORT_PATH], consumes = [MediaType.MULTIPART_FORM_DATA_VALUE], method = [RequestMethod.POST])
     @Throws(IOException::class)
     fun report(request: MultipartHttpServletRequest, principal: Principal): ResponseEntity<*> {

diff --git a/acrarium/src/test/kotlin/com/faendir/acra/rest/RestReportInterfaceIntegrationTest.kt b/acrarium/src/test/kotlin/com/faendir/acra/rest/RestReportInterfaceIntegrationTest.kt
@@ -0,0 +1,69 @@
+/*
+ * (C) Copyright 2023 Lukas Morawietz (https://github.com/F43nd1r)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.faendir.acra.rest
+
+import com.faendir.acra.DatabaseTestConfiguration
+import com.faendir.acra.persistence.app.AppRepository
+import com.faendir.acra.persistence.app.Reporter
+import com.faendir.acra.persistence.user.Role
+import com.faendir.acra.withAuth
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.boot.test.web.client.TestRestTemplate
+import org.springframework.boot.test.web.server.LocalServerPort
+import org.springframework.context.annotation.Import
+import org.springframework.core.io.ClassPathResource
+import org.springframework.http.HttpEntity
+import org.springframework.http.HttpHeaders
+import org.springframework.http.HttpStatus
+import org.springframework.http.MediaType
+import strikt.api.expectThat
+import strikt.assertions.isEqualTo
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@Import(DatabaseTestConfiguration::class)
+class RestReportInterfaceIntegrationTest(
+    @Autowired private val restTemplate: TestRestTemplate,
+    @Autowired private val appRepository: AppRepository,
+    @LocalServerPort private val port: Int,
+) {
+
+    private lateinit var reporter: Reporter
+
+    @BeforeEach
+    fun setup() {
+        withAuth(Role.ADMIN) {
+            reporter = appRepository.create("test")
+        }
+    }
+
+    @Test
+    fun `should be able to submit report`() {
+        val headers = HttpHeaders()
+        headers.set(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+        val result = restTemplate
+            .withBasicAuth(reporter.username, reporter.rawPassword)
+            .postForEntity(
+                "http://localhost:$port/${RestReportInterface.REPORT_PATH}",
+                HttpEntity(ClassPathResource("example.stacktrace").contentAsByteArray, headers),
+                Void::class.java
+            )
+
+        expectThat(result.statusCode).isEqualTo(HttpStatus.OK)
+    }
+}
diff --git a/acrarium/src/test/kotlin/com/faendir/acra/withAuth.kt b/acrarium/src/test/kotlin/com/faendir/acra/withAuth.kt
@@ -0,0 +1,30 @@
+/*
+ * (C) Copyright 2023 Lukas Morawietz (https://github.com/F43nd1r)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.faendir.acra
+
+import com.faendir.acra.persistence.user.Role
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
+import org.springframework.security.core.context.SecurityContextHolder
+
+fun withAuth(vararg roles: Role, block: () -> Unit) {
+    val previous = SecurityContextHolder.getContext().authentication
+    SecurityContextHolder.getContext().authentication = UsernamePasswordAuthenticationToken(null, null, roles.toList())
+    try {
+        block()
+    } finally {
+        SecurityContextHolder.getContext().authentication = previous
+    }
+}