Commit 9be3d2dc authored by Sascha Herzinger's avatar Sascha Herzinger
Browse files

Merge remote-tracking branch 'remotes/origin/563-spring-security-frontend' into 563-spring-security

parents 9dc71311 9e28dd43
......@@ -77,4 +77,7 @@ alter table user_privilege_map_table add primary key (user_id, privilege_id);
-- objectId is now a String to account for non DB generated ids
alter table privilege_table alter column object_id type varchar;
\ No newline at end of file
alter table privilege_table alter column object_id type varchar;
-- change id to project_id for project prvileges
update privilege_table set object_id = (select project_id from project_table where id::text = object_id) where object_id is not null;
......@@ -4,28 +4,25 @@ import java.awt.geom.Point2D;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import lcsb.mapviewer.model.map.Comment;
import lcsb.mapviewer.model.security.PrivilegeType;
import lcsb.mapviewer.services.impl.CommentService;
import lcsb.mapviewer.services.interfaces.ICommentService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.web.bind.annotation.*;
import lcsb.mapviewer.api.BaseController;
import lcsb.mapviewer.api.ElementIdentifierType;
import lcsb.mapviewer.api.QueryException;
import lcsb.mapviewer.api.*;
import lcsb.mapviewer.model.security.PrivilegeType;
@RestController
@RequestMapping(value = "/projects/{projectId}/comments", produces = MediaType.APPLICATION_JSON_VALUE)
public class CommentController extends BaseController {
Logger logger = LogManager.getLogger();
private CommentRestImpl commentController;
......
......@@ -6,10 +6,17 @@ import org.junit.runners.Suite.SuiteClasses;
@RunWith(Suite.class)
@SuiteClasses({ ConfigurationControllerIntegrationTest.class,
ChemicalControllerIntegrationTest.class,
CommentControllerIntegrationTest.class,
CommentControllerIntegrationTestWithoutTransaction.class,
DrugControllerIntegrationTest.class,
EndPointsInputValidationTests.class,
FileControllerIntegrationTest.class,
FileControllerIntegrationTestWithoutTransaction.class,
MapControllerIntegrationTest.class,
MiRnaControllerIntegrationTest.class,
OverlayControllerIntegrationTest.class,
OverlayControllerIntegrationTestWithoutTransaction.class,
PluginControllerIntegrationTest.class,
ProjectControllerIntegrationTest.class,
ProjectControllerIntegrationTestForAsyncCalls.class,
......
package lcsb.mapviewer.web;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
import org.springframework.transaction.annotation.Transactional;
import lcsb.mapviewer.model.user.ConfigurationElementType;
import lcsb.mapviewer.services.interfaces.IConfigurationService;
@RunWith(SpringJUnit4ClassRunner.class)
@Transactional
@Rollback
public class ChemicalControllerIntegrationTest extends ControllerIntegrationTest {
Logger logger = LogManager.getLogger();
private static final String TEST_ADMIN_PASSWORD = "test_admin";
private static final String TEST_ADMIN_LOGIN = "test_admin";
@Autowired
IConfigurationService configurationService;
String project_id;
@Before
public void setup() {
createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
project_id = configurationService.getConfigurationValue(ConfigurationElementType.DEFAULT_MAP);
}
@Test
public void testSearchChemicalsInProjectUrl() throws Exception {
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/" + project_id + "/chemicals:search")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.session(session);
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
}
}
......@@ -557,6 +557,26 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
assertEquals(1, commentDao.getCommentByModel(map, null, null).size());
}
@Test
public void testAddElementCommentWithoutAllNecessaryData() throws Exception {
createUser(TEST_USER_LOGIN, TEST_USER_PASSWORD, map.getProject());
MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
String body = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
new BasicNameValuePair("name", "test_user"),
new BasicNameValuePair("modelId", map.getId().toString()))));
RequestBuilder request = post(
"/projects/" + TEST_PROJECT + "/comments/models/" + map.getId() + "/bioEntities/elements/" + element.getId())
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(body)
.session(session);
mockMvc.perform(request)
.andExpect(status().isBadRequest());
}
@Test
public void testAddElementCommentAsAdmin() throws Exception {
createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
......
package lcsb.mapviewer.web;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.*;
import org.junit.runner.RunWith;
import org.springframework.http.MediaType;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
@RunWith(SpringJUnit4ClassRunner.class)
@Rollback
public class CommentControllerIntegrationTestWithoutTransaction extends ControllerIntegrationTest {
Logger logger = LogManager.getLogger();
private static final String BUILT_IN_TEST_ADMIN_PASSWORD = "admin";
private static final String BUILT_IN_TEST_ADMIN_LOGIN = "admin";
@Before
public void setup() {
}
@After
public void tearDown() {
}
@Test
public void testRemoveNonExistingCommentOnNonExistingMap() throws Exception {
RequestBuilder request = delete("/projects/*/comments/-1/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED);
mockMvc.perform(request)
.andExpect(status().is4xxClientError());
}
}
package lcsb.mapviewer.web;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
import org.springframework.transaction.annotation.Transactional;
import lcsb.mapviewer.model.user.ConfigurationElementType;
import lcsb.mapviewer.services.interfaces.IConfigurationService;
@RunWith(SpringJUnit4ClassRunner.class)
@Transactional
@Rollback
public class DrugControllerIntegrationTest extends ControllerIntegrationTest {
Logger logger = LogManager.getLogger();
private static final String TEST_ADMIN_PASSWORD = "test_admin";
private static final String TEST_ADMIN_LOGIN = "test_admin";
@Autowired
IConfigurationService configurationService;
String project_id;
@Before
public void setup() {
createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
project_id = configurationService.getConfigurationValue(ConfigurationElementType.DEFAULT_MAP);
}
@Test
public void testSearchDrugsInProjectUrl() throws Exception {
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/" + project_id + "/drugs:search")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.session(session);
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
}
}
package lcsb.mapviewer.web;
import static org.junit.Assert.*;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import java.util.*;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
@RunWith(SpringJUnit4ClassRunner.class)
public class EndPointsInputValidationTests extends ControllerIntegrationTest {
Logger logger = LogManager.getLogger();
private static String[] testValues = { " ", "-1", "0", "sample", "admin", "1.00,2.00", "17.00", "1" };
private static List<HttpStatus> validResponses = Arrays.asList(HttpStatus.OK, HttpStatus.BAD_REQUEST,
HttpStatus.NOT_FOUND, HttpStatus.FORBIDDEN);
@Autowired
public RequestMappingHandlerMapping requestMappingHandlerMapping;
@Test
public void testResponseStatusCodeFromEndpoints() throws Exception {
// Configurator.setLevel(LogManager.getLogger(BaseController.class).getName(),
// Level.FATAL);
for (RequestMappingInfo t : requestMappingHandlerMapping.getHandlerMethods().keySet()) {
for (String url : t.getPatternsCondition().getPatterns()) {
for (RequestMethod method : t.getMethodsCondition().getMethods()) {
testUrl(url, method);
}
}
}
}
private void testUrl(String url, RequestMethod method) throws Exception {
for (String urlWithData : getAllPossibleUrls(url)) {
RequestBuilder request = null;
switch (method) {
case GET:
request = get(urlWithData);
break;
case PATCH:
request = patch(urlWithData).content("XX=YY");
break;
case POST:
request = post(urlWithData).content("XX=YY");
break;
case DELETE:
request = delete(urlWithData);
break;
default:
fail(method.toString());
}
logger.debug(method + ", " + urlWithData);
HttpServletResponse response = mockMvc.perform(request).andReturn().getResponse();
HttpStatus status = HttpStatus.valueOf(response.getStatus());
assertTrue("[" + method + " \"" + urlWithData + "\"]\tInvalid response: " + status.name(),
validResponses.contains(status));
}
}
private List<String> getAllPossibleUrls(String url) {
List<String> result = new ArrayList<>();
Set<String> parameters = getParameters(url);
if (parameters.size() == 0) {
result.add(url);
} else {
String parameter = "{" + parameters.iterator().next() + "}";
for (String s : testValues) {
result.addAll(getAllPossibleUrls(url.replace(parameter, s)));
}
}
return result;
}
private Set<String> getParameters(String url) {
Set<String> result = new HashSet<>();
int pos = url.indexOf("{");
while (pos > 0) {
int endPos = url.indexOf("}", pos);
result.add(url.substring(pos + 1, endPos));
pos = url.indexOf("{", pos + 1);
}
return result;
}
}
package lcsb.mapviewer.web;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import java.util.Arrays;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
@RunWith(SpringJUnit4ClassRunner.class)
@Rollback
public class FileControllerIntegrationTestWithoutTransaction extends ControllerIntegrationTest {
private static final String BUILT_IN_TEST_ADMIN_PASSWORD = "admin";
private static final String BUILT_IN_TEST_ADMIN_LOGIN = "admin";
@Before
public void setup() {
}
@Test
public void appendToNonExistingFile() throws Exception {
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
String body = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
new BasicNameValuePair("id", "-1"),
new BasicNameValuePair("data", "test_content"))));
RequestBuilder request = post("/files/-1:uploadContent")
.content(body)
.session(session);
mockMvc.perform(request)
.andExpect(status().is4xxClientError());
}
}
......@@ -6,12 +6,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.Before;
import org.junit.Test;
import org.junit.*;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
......@@ -24,6 +22,7 @@ import lcsb.mapviewer.model.Project;
import lcsb.mapviewer.model.map.model.ModelData;
import lcsb.mapviewer.model.security.PrivilegeType;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.services.interfaces.IModelService;
import lcsb.mapviewer.services.interfaces.IUserService;
@RunWith(SpringJUnit4ClassRunner.class)
......@@ -41,6 +40,9 @@ public class MapControllerIntegrationTest extends ControllerIntegrationTest {
@Autowired
private IUserService userService;
@Autowired
private IModelService modelService;
private User anonymous;
private Project project;
......@@ -53,8 +55,13 @@ public class MapControllerIntegrationTest extends ControllerIntegrationTest {
anonymous = userService.getUserByLogin(Configuration.ANONYMOUS_LOGIN);
}
@After
public void tearDown() {
modelService.removeModelFromCache(map);
}
@Test
public void testGetAllProjectsAsAdmin() throws Exception {
public void testGetAllElements() throws Exception {
userService.grantUserPrivilege(anonymous, PrivilegeType.READ_PROJECT, project.getProjectId());
RequestBuilder request = get("/projects/" + TEST_PROJECT + "/models/*/bioEntities/elements/")
......@@ -70,4 +77,15 @@ public class MapControllerIntegrationTest extends ControllerIntegrationTest {
assertTrue("user should be able to access elements", elements > 0);
}
@Test
public void testSearchBioEntitiesAsAdmin() throws Exception {
userService.grantUserPrivilege(anonymous, PrivilegeType.READ_PROJECT, project.getProjectId());
RequestBuilder request = get("/projects/" + TEST_PROJECT + "/models/*/bioEntities:search?coordinates=104.36,182.81")
.contentType(MediaType.APPLICATION_FORM_URLENCODED);
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
}
}
package lcsb.mapviewer.web;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
import org.springframework.transaction.annotation.Transactional;
import lcsb.mapviewer.model.user.ConfigurationElementType;
import lcsb.mapviewer.services.interfaces.IConfigurationService;
@RunWith(SpringJUnit4ClassRunner.class)
@Transactional
@Rollback
public class MiRnaControllerIntegrationTest extends ControllerIntegrationTest {
Logger logger = LogManager.getLogger();
private static final String TEST_ADMIN_PASSWORD = "test_admin";
private static final String TEST_ADMIN_LOGIN = "test_admin";
@Autowired
IConfigurationService configurationService;
String project_id;
@Before
public void setup() {
createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
project_id = configurationService.getConfigurationValue(ConfigurationElementType.DEFAULT_MAP);
}
@Test
public void testSearchMiRnasInProjectUrl() throws Exception {
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/" + project_id + "/miRnas:search")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.session(session);
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
}
}
......@@ -112,6 +112,30 @@ public class OverlayControllerIntegrationTest extends ControllerIntegrationTest
.getAsJsonArray().size());
}
@Test
public void testListPublicOverlaysOverlaysWhenCreatorEmpty() throws Exception {
createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
Layout layout = new Layout();
layout.setProject(project);
layout.setPublicLayout(true);
layoutDao.add(layout);
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/" + TEST_PROJECT + "/overlays/?publicOverlay=true&creator=xxx")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.session(session);
String response = mockMvc.perform(request)
.andExpect(status().is2xxSuccessful())
.andReturn().getResponse().getContentAsString();
assertEquals("There are none public overlays created by user xxx", 1, new JsonParser()
.parse(response)
.getAsJsonArray().size());
}
@Test
public void testListOverlaysByPublicFlag() throws Exception {
createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
......@@ -888,4 +912,23 @@ public class OverlayControllerIntegrationTest extends ControllerIntegrationTest
assertEquals("First user data overlay should be ordered with 1", 1, orderNumber);
}
@Test
public void testUserCanAccessPublicOverlay() throws Exception {
createUser(TEST_USER_LOGIN, TEST_USER_PASSWORD, project);
Layout overlay = new Layout();
overlay.setProject(project);
overlay.setPublicLayout(true);
layoutDao.add(overlay);
MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
RequestBuilder request = get("/projects/" + TEST_PROJECT + "/overlays/" + overlay.getId() + "/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.session(session);
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
}
}
package lcsb.mapviewer.web;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;