2 * ============LICENSE_START=======================================================
3 * Copyright (c) 2021 Bell Canada.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.cps.temporal.controller.rest
23 import org.onap.cps.temporal.controller.rest.config.WebSecurityConfig
24 import org.onap.cps.temporal.controller.rest.model.AnchorDetailsMapper
25 import org.onap.cps.temporal.controller.rest.model.AnchorDetailsMapperImpl
26 import org.onap.cps.temporal.controller.rest.model.AnchorHistory
27 import org.onap.cps.temporal.controller.rest.model.SortMapper
28 import org.onap.cps.temporal.domain.NetworkData
29 import org.onap.cps.temporal.service.NetworkDataService
30 import org.spockframework.spring.SpringBean
31 import org.spockframework.spring.StubBeans
32 import org.springframework.beans.factory.annotation.Autowired
33 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
34 import org.springframework.context.annotation.Import
35 import org.springframework.data.domain.Pageable
36 import org.springframework.data.domain.Slice
37 import org.springframework.data.domain.SliceImpl
38 import org.springframework.http.HttpHeaders
39 import org.springframework.http.HttpStatus
40 import org.springframework.test.web.servlet.MockMvc
41 import org.springframework.test.web.servlet.setup.MockMvcBuilders
42 import org.springframework.web.context.WebApplicationContext
43 import spock.lang.Shared
44 import spock.lang.Specification
45 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
46 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
48 @WebMvcTest(QueryController)
49 @Import([WebSecurityConfig, SortMapper, AnchorDetailsMapperImpl])
50 class ControllerSecuritySpec extends Specification {
53 NetworkDataService mockNetworkDataService = Mock() {
54 searchNetworkData(_) >> new SliceImpl<NetworkData>([], Pageable.ofSize(1), false)
57 QueryController.QueryResponseFactory mockQueryResponseFactory = Mock()
62 WebApplicationContext context
65 def testEndpoint = '/cps-temporal/api/v1/dataspaces/my-dataspace/anchors/my-anchor/history'
68 mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
71 def 'Get request with authentication: #scenario.'() {
72 given: 'authentication'
73 HttpHeaders httpHeaders = new HttpHeaders()
74 httpHeaders.setBasicAuth(username, password)
75 when: 'request is sent with authentication'
76 def response = mvc.perform(get(testEndpoint).headers(httpHeaders)
77 ).andReturn().response
78 then: 'expected http status is returned'
79 assert response.status == expectedHttpStatus.value()
81 scenario | username | password || expectedHttpStatus
82 'correct credentials' | 'testUser' | 'testPassword' || HttpStatus.OK
83 'unknown username' | 'unknown-user' | 'password' || HttpStatus.UNAUTHORIZED
84 'wrong password' | 'cpsuser' | 'wrong-password' || HttpStatus.UNAUTHORIZED
87 def 'Get urls without authentication : #scenario.'() {
88 when: 'request is sent without authentication'
89 def response = mvc.perform(get(url)
90 ).andReturn().response
91 then: 'expected http status is returned'
92 assert response.status == expectedHttpStatus.value()
94 scenario | url | expectedHttpStatus
95 'permitted url' | '/swagger/openapi.yml' | HttpStatus.OK
96 'not-permitted url' | testEndpoint | HttpStatus.UNAUTHORIZED