From 5de259581558ec991e550ec35662bdf3d5b94c4b Mon Sep 17 00:00:00 2001 From: bennsimon Date: Wed, 6 Jul 2022 10:55:51 +0300 Subject: [PATCH 01/24] add redis test container --- .github/workflows/ci.yml | 8 +------- pom.xml | 6 ++++++ src/test/java/org/opensrp/TestRedisConfig.java | 11 ++++------- src/test/java/org/opensrp/TestRedisInstance.java | 16 ++++++++++++++++ 4 files changed, 27 insertions(+), 14 deletions(-) create mode 100644 src/test/java/org/opensrp/TestRedisInstance.java diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d955f03a2..63e897068 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,12 +22,6 @@ jobs: uses: actions/setup-java@v1 with: java-version: 11 - - name: Setup Redis - uses: supercharge/redis-github-action@1.1.0 - - - name: Show running services - run: sudo netstat -tuplen # listing all the port for debug purpose. - - name: Run Unit tests with Maven run: mvn -B clean test jacoco:report --file pom.xml --no-transfer-progress - name: Set Branch name Environment variable @@ -46,4 +40,4 @@ jobs: -D repoToken="$COVERALLS_REPO_TOKEN" \ -D serviceName=Github \ -D branch="$BRANCH_NAME" \ - -D pullRequest="$PR_NUMBER" \ \ No newline at end of file + -D pullRequest="$PR_NUMBER" \ diff --git a/pom.xml b/pom.xml index a5a9004a9..379907010 100644 --- a/pom.xml +++ b/pom.xml @@ -386,6 +386,12 @@ guava 31.0.1-jre + + org.testcontainers + testcontainers + 1.17.2 + test + diff --git a/src/test/java/org/opensrp/TestRedisConfig.java b/src/test/java/org/opensrp/TestRedisConfig.java index ff0850952..dc363f9d6 100644 --- a/src/test/java/org/opensrp/TestRedisConfig.java +++ b/src/test/java/org/opensrp/TestRedisConfig.java @@ -22,22 +22,19 @@ */ @Configuration @EnableCaching -public class TestRedisConfig { +public class TestRedisConfig extends TestRedisInstance { @Value("#{opensrp['redis.host']}") private String redisHost; - - @Value("#{opensrp['redis.port']}") - private int redisPort; - + private int redisDatabase = 0; @Value("#{opensrp['redis.pool.max.connections']}") private int redisMaxConnections = 0; - private RedisStandaloneConfiguration redisStandaloneConfiguration() { - RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration(redisHost, redisPort); + int port = TestRedisInstance.redisContainer.getMappedPort(TestRedisInstance.DOCKER_EXPOSE_PORT); + RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration(redisHost, port); redisStandaloneConfiguration.setDatabase(redisDatabase); return redisStandaloneConfiguration; } diff --git a/src/test/java/org/opensrp/TestRedisInstance.java b/src/test/java/org/opensrp/TestRedisInstance.java new file mode 100644 index 000000000..7f14036e6 --- /dev/null +++ b/src/test/java/org/opensrp/TestRedisInstance.java @@ -0,0 +1,16 @@ +package org.opensrp; + +import org.testcontainers.containers.GenericContainer; +import org.testcontainers.utility.DockerImageName; + +public abstract class TestRedisInstance { + private static final String DOCKER_IMAGE_NAME = "redis:7-alpine"; + protected static final int DOCKER_EXPOSE_PORT = 6379; + + protected static final GenericContainer redisContainer = new GenericContainer<>(DockerImageName.parse(DOCKER_IMAGE_NAME)) + .withExposedPorts(DOCKER_EXPOSE_PORT); + + static { + redisContainer.start(); + } +} From f05f49f3f284f6a0ffb3f99536be9f4ddc62099d Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 14 Feb 2023 11:53:04 +0300 Subject: [PATCH 02/24] overide JdbcTokenStore storeAcessToken mthd --- configs | 2 +- .../config/security/OAuth2SecurityConfig.java | 2 +- .../security/OpenMRSJdbcTokenStore.java | 21 +++++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java diff --git a/configs b/configs index 3ad596261..16ca54ec4 160000 --- a/configs +++ b/configs @@ -1 +1 @@ -Subproject commit 3ad596261a3471198c870a39038076a5a61a12ff +Subproject commit 16ca54ec4be4b8cf0b6c4dc42b8cc4790a0bcf65 diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index ce96a569a..4a3e4e4ab 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -83,7 +83,7 @@ public DefaultTokenServices tokenServices() { @Bean public JdbcTokenStore tokenStore() { - return new JdbcTokenStore(dataSource); + return new OpenMRSJdbcTokenStore(dataSource); } } diff --git a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java new file mode 100644 index 000000000..74b295fb3 --- /dev/null +++ b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java @@ -0,0 +1,21 @@ +package org.opensrp.web.config.security; + +import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; + +import javax.sql.DataSource; + +public class OpenMRSJdbcTokenStore extends JdbcTokenStore { + public OpenMRSJdbcTokenStore(DataSource dataSource) { + super(dataSource); + } + + @Override + public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { + final String key = authenticationKeyGenerator.extractKey(authentication); + jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); + super.storeAccessToken(token, authentication); + } + +} From 111a29b67810c381c6034fc1b343bb181daf5f67 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 14 Feb 2023 12:27:13 +0300 Subject: [PATCH 03/24] use reflection to access private fields --- .../security/OpenMRSJdbcTokenStore.java | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java index 74b295fb3..9b0fc7827 100644 --- a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java +++ b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java @@ -1,10 +1,13 @@ package org.opensrp.web.config.security; +import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; import javax.sql.DataSource; +import java.lang.reflect.Field; public class OpenMRSJdbcTokenStore extends JdbcTokenStore { public OpenMRSJdbcTokenStore(DataSource dataSource) { @@ -13,9 +16,27 @@ public OpenMRSJdbcTokenStore(DataSource dataSource) { @Override public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { - final String key = authenticationKeyGenerator.extractKey(authentication); - jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); - super.storeAccessToken(token, authentication); + try { + // use reflection to access private fields in superclass + Field jdbcTemplateField = Class.forName("org.springframework.security.oauth2.provider.token.store.JdbcTokenStore") + .getDeclaredField("jdbcTemplate"); + jdbcTemplateField.setAccessible(true); + JdbcTemplate template = (JdbcTemplate) jdbcTemplateField.get(null); + + Field authenticationKeyGeneratorField = Class.forName("org.springframework.security.oauth2.provider.token.store.JdbcTokenStore") + .getDeclaredField("jdbcTemplate"); + jdbcTemplateField.setAccessible(true); + AuthenticationKeyGenerator authKeyGenerator = (AuthenticationKeyGenerator) authenticationKeyGeneratorField.get(null); + + final String key = authKeyGenerator.extractKey(authentication); + template.update("delete from oauth_access_token where authentication_id = ?", key); + + } catch (NoSuchFieldException | ClassNotFoundException | IllegalAccessException e) { + throw new RuntimeException(e); + } finally { + super.storeAccessToken(token, authentication); + } + } } From 08539333736b63e3b1bc5037b09815801d3e0c92 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 14 Feb 2023 12:37:20 +0300 Subject: [PATCH 04/24] refactor code --- .../web/config/security/OpenMRSJdbcTokenStore.java | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java index 9b0fc7827..e37adff4a 100644 --- a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java +++ b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java @@ -17,21 +17,20 @@ public OpenMRSJdbcTokenStore(DataSource dataSource) { @Override public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { try { + // use reflection to access private fields in superclass - Field jdbcTemplateField = Class.forName("org.springframework.security.oauth2.provider.token.store.JdbcTokenStore") - .getDeclaredField("jdbcTemplate"); + Field jdbcTemplateField = JdbcTokenStore.class.getDeclaredField("jdbcTemplate"); jdbcTemplateField.setAccessible(true); JdbcTemplate template = (JdbcTemplate) jdbcTemplateField.get(null); - Field authenticationKeyGeneratorField = Class.forName("org.springframework.security.oauth2.provider.token.store.JdbcTokenStore") - .getDeclaredField("jdbcTemplate"); + Field authKeyGeneratorField = JdbcTokenStore.class.getDeclaredField("authenticationKeyGenerator"); jdbcTemplateField.setAccessible(true); - AuthenticationKeyGenerator authKeyGenerator = (AuthenticationKeyGenerator) authenticationKeyGeneratorField.get(null); + AuthenticationKeyGenerator authKeyGenerator = (AuthenticationKeyGenerator) authKeyGeneratorField.get(null); final String key = authKeyGenerator.extractKey(authentication); template.update("delete from oauth_access_token where authentication_id = ?", key); - } catch (NoSuchFieldException | ClassNotFoundException | IllegalAccessException e) { + } catch (NoSuchFieldException | IllegalAccessException e) { throw new RuntimeException(e); } finally { super.storeAccessToken(token, authentication); From bea4049860e839cfd734e6a004feeb5723ee6c17 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 14 Feb 2023 12:48:46 +0300 Subject: [PATCH 05/24] apply openMRS formatter --- .../security/OpenMRSJdbcTokenStore.java | 59 ++++++++++--------- 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java index e37adff4a..513fa07a2 100644 --- a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java +++ b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java @@ -10,32 +10,35 @@ import java.lang.reflect.Field; public class OpenMRSJdbcTokenStore extends JdbcTokenStore { - public OpenMRSJdbcTokenStore(DataSource dataSource) { - super(dataSource); - } - - @Override - public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { - try { - - // use reflection to access private fields in superclass - Field jdbcTemplateField = JdbcTokenStore.class.getDeclaredField("jdbcTemplate"); - jdbcTemplateField.setAccessible(true); - JdbcTemplate template = (JdbcTemplate) jdbcTemplateField.get(null); - - Field authKeyGeneratorField = JdbcTokenStore.class.getDeclaredField("authenticationKeyGenerator"); - jdbcTemplateField.setAccessible(true); - AuthenticationKeyGenerator authKeyGenerator = (AuthenticationKeyGenerator) authKeyGeneratorField.get(null); - - final String key = authKeyGenerator.extractKey(authentication); - template.update("delete from oauth_access_token where authentication_id = ?", key); - - } catch (NoSuchFieldException | IllegalAccessException e) { - throw new RuntimeException(e); - } finally { - super.storeAccessToken(token, authentication); - } - - } - + + public OpenMRSJdbcTokenStore(DataSource dataSource) { + super(dataSource); + } + + @Override + public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { + try { + + // use reflection to access private fields in superclass + Field jdbcTemplateField = JdbcTokenStore.class.getDeclaredField("jdbcTemplate"); + jdbcTemplateField.setAccessible(true); + JdbcTemplate template = (JdbcTemplate) jdbcTemplateField.get(null); + + Field authKeyGeneratorField = JdbcTokenStore.class.getDeclaredField("authenticationKeyGenerator"); + jdbcTemplateField.setAccessible(true); + AuthenticationKeyGenerator authKeyGenerator = (AuthenticationKeyGenerator) authKeyGeneratorField.get(null); + + final String key = authKeyGenerator.extractKey(authentication); + template.update("delete from oauth_access_token where authentication_id = ?", key); + + } + catch (NoSuchFieldException | IllegalAccessException e) { + throw new RuntimeException(e); + } + finally { + super.storeAccessToken(token, authentication); + } + + } + } From 0cf4fa46703ffeb6886b99823d84b951ef5af713 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 14 Feb 2023 14:25:16 +0300 Subject: [PATCH 06/24] use bean in OAuth2SecurityConfig --- .../config/security/OAuth2SecurityConfig.java | 31 +++++++++---- .../security/OpenMRSJdbcTokenStore.java | 44 ------------------- 2 files changed, 23 insertions(+), 52 deletions(-) delete mode 100644 src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index 4a3e4e4ab..a51ddf1e5 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -1,5 +1,5 @@ /** - * + * */ package org.opensrp.web.config.security; @@ -10,10 +10,15 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; +import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.ClientDetailsService; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; +import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator; import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -26,15 +31,15 @@ @EnableWebSecurity @Configuration @Profile("oauth2") -public class OAuth2SecurityConfig extends BasicAuthSecurityConfig{ +public class OAuth2SecurityConfig extends BasicAuthSecurityConfig { @Autowired private OauthAuthenticationProvider opensrpAuthenticationProvider; @Autowired private ClientDetailsService clientDetailsService; - - @Qualifier( value = "openSRPDataSource") + + @Qualifier(value = "openSRPDataSource") @Autowired private DataSource dataSource; @@ -67,14 +72,13 @@ protected void configure(HttpSecurity http) throws Exception { /* @formatter:on */ } - @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(opensrpAuthenticationProvider).eraseCredentials(false); - } + } public DefaultTokenServices tokenServices() { - DefaultTokenServices tokenServices= new DefaultTokenServices(); + DefaultTokenServices tokenServices = new DefaultTokenServices(); tokenServices.setTokenStore(tokenStore()); tokenServices.setSupportRefreshToken(true); tokenServices.setClientDetailsService(clientDetailsService); @@ -83,7 +87,18 @@ public DefaultTokenServices tokenServices() { @Bean public JdbcTokenStore tokenStore() { - return new OpenMRSJdbcTokenStore(dataSource); + final JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource); + final AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator(); + return new JdbcTokenStore(dataSource) { + + @Override + public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { + final String key = authenticationKeyGenerator.extractKey(authentication); + jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); + super.storeAccessToken(token, authentication); + } + + }; } } diff --git a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java b/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java deleted file mode 100644 index 513fa07a2..000000000 --- a/src/main/java/org/opensrp/web/config/security/OpenMRSJdbcTokenStore.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.opensrp.web.config.security; - -import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; -import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; - -import javax.sql.DataSource; -import java.lang.reflect.Field; - -public class OpenMRSJdbcTokenStore extends JdbcTokenStore { - - public OpenMRSJdbcTokenStore(DataSource dataSource) { - super(dataSource); - } - - @Override - public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { - try { - - // use reflection to access private fields in superclass - Field jdbcTemplateField = JdbcTokenStore.class.getDeclaredField("jdbcTemplate"); - jdbcTemplateField.setAccessible(true); - JdbcTemplate template = (JdbcTemplate) jdbcTemplateField.get(null); - - Field authKeyGeneratorField = JdbcTokenStore.class.getDeclaredField("authenticationKeyGenerator"); - jdbcTemplateField.setAccessible(true); - AuthenticationKeyGenerator authKeyGenerator = (AuthenticationKeyGenerator) authKeyGeneratorField.get(null); - - final String key = authKeyGenerator.extractKey(authentication); - template.update("delete from oauth_access_token where authentication_id = ?", key); - - } - catch (NoSuchFieldException | IllegalAccessException e) { - throw new RuntimeException(e); - } - finally { - super.storeAccessToken(token, authentication); - } - - } - -} From a0a528b00a7cee7a1bbc252c07ffd4f3440caf2f Mon Sep 17 00:00:00 2001 From: hilpitome Date: Wed, 15 Feb 2023 12:10:14 +0300 Subject: [PATCH 07/24] update version and add logging --- pom.xml | 2 +- .../web/config/security/OAuth2SecurityConfig.java | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 3eede7e19..bb3651ac2 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ opensrp-server-web war - 2.1.70.8-SNAPSHOT + 2.1.70.9-SNAPSHOT opensrp-server-web OpenSRP Server Web Application https://github.com/OpenSRP/opensrp-server-web diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index a51ddf1e5..1f9ce1746 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -3,6 +3,8 @@ */ package org.opensrp.web.config.security; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.opensrp.web.config.Role; import org.opensrp.web.security.OauthAuthenticationProvider; import org.springframework.beans.factory.annotation.Autowired; @@ -89,12 +91,17 @@ public DefaultTokenServices tokenServices() { public JdbcTokenStore tokenStore() { final JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource); final AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator(); + Logger logger = LogManager.getLogger(JdbcTokenStore.class.toString()); return new JdbcTokenStore(dataSource) { @Override public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { final String key = authenticationKeyGenerator.extractKey(authentication); - jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); + if( key == null || authentication == null) + return; + int rowsAffected = jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); + String isSuccess = ( rowsAffected > 0 ) ? "Success" : "Failure"; + logger.info("Attempt to delete authentication_id {} from oauth_access_token table was a {}", key, isSuccess); super.storeAccessToken(token, authentication); } From 5dc1f4e66d8dc33b771ca7de755391c4c0be8609 Mon Sep 17 00:00:00 2001 From: Hilary Baraka Egesa Date: Fri, 17 Feb 2023 11:30:20 +0300 Subject: [PATCH 08/24] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bb3651ac2..1c3097124 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ opensrp-server-web war - 2.1.70.9-SNAPSHOT + 2.1.70.9-ALPHA-SNAPSHOT opensrp-server-web OpenSRP Server Web Application https://github.com/OpenSRP/opensrp-server-web From e6cde50f4d84a34e570d1e129a1514d9a6b51b9d Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 20 Feb 2023 19:32:54 +0300 Subject: [PATCH 09/24] refactor storeaAccessToken method --- .../web/config/security/OAuth2SecurityConfig.java | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index 1f9ce1746..876ea9b9b 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -96,12 +96,14 @@ public JdbcTokenStore tokenStore() { @Override public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { - final String key = authenticationKeyGenerator.extractKey(authentication); - if( key == null || authentication == null) - return; - int rowsAffected = jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); - String isSuccess = ( rowsAffected > 0 ) ? "Success" : "Failure"; - logger.info("Attempt to delete authentication_id {} from oauth_access_token table was a {}", key, isSuccess); + + if( authentication != null){ + final String key = authenticationKeyGenerator.extractKey(authentication); + int rowsAffected = jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); + String isSuccess = ( rowsAffected > 0 ) ? "Success" : "Failure"; + logger.info("Attempt to delete authentication_id {} from oauth_access_token table was a {}", key, isSuccess); + } + super.storeAccessToken(token, authentication); } From 690124ec6d1e649ba162b7dd4e116106ae887a90 Mon Sep 17 00:00:00 2001 From: Hilary Baraka Egesa Date: Tue, 21 Feb 2023 10:15:15 +0300 Subject: [PATCH 10/24] Update pom.xml update version code --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1c3097124..10a3c2aa8 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ opensrp-server-web war - 2.1.70.9-ALPHA-SNAPSHOT + 2.1.70.9-ALPHA1-SNAPSHOT opensrp-server-web OpenSRP Server Web Application https://github.com/OpenSRP/opensrp-server-web From 953575a69043f893854fcedc5d8305d0d96105ec Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 27 Feb 2023 17:44:46 +0300 Subject: [PATCH 11/24] add extra logging --- .../org/opensrp/web/config/security/OAuth2SecurityConfig.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index 876ea9b9b..80dc31581 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -102,6 +102,8 @@ public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authenti int rowsAffected = jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); String isSuccess = ( rowsAffected > 0 ) ? "Success" : "Failure"; logger.info("Attempt to delete authentication_id {} from oauth_access_token table was a {}", key, isSuccess); + } else { + logger.info("authentication object is null"); } super.storeAccessToken(token, authentication); From 3dcb9ca39775cf1e92ef735e7151103cb93311e3 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 27 Feb 2023 17:56:20 +0300 Subject: [PATCH 12/24] update pom version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 10a3c2aa8..5f89dda83 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ opensrp-server-web war - 2.1.70.9-ALPHA1-SNAPSHOT + 2.1.70.9-ALPHA2-SNAPSHOT opensrp-server-web OpenSRP Server Web Application https://github.com/OpenSRP/opensrp-server-web From dbdbf4f151dbbaac684b7536f1c57b979521f607 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Thu, 2 Mar 2023 16:21:09 +0300 Subject: [PATCH 13/24] apply formatter; --- .../web/config/security/OAuth2SecurityConfig.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index 80dc31581..288621aec 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -97,11 +97,13 @@ public JdbcTokenStore tokenStore() { @Override public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { - if( authentication != null){ + if (authentication != null) { final String key = authenticationKeyGenerator.extractKey(authentication); - int rowsAffected = jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", key); - String isSuccess = ( rowsAffected > 0 ) ? "Success" : "Failure"; - logger.info("Attempt to delete authentication_id {} from oauth_access_token table was a {}", key, isSuccess); + int rowsAffected = jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", + key); + String isSuccess = (rowsAffected > 0) ? "Success" : "Failure"; + logger.info("Attempt to delete authentication_id {} from oauth_access_token table was a {}", key, + isSuccess); } else { logger.info("authentication object is null"); } From d24820fffe3ffa84e81e410ce4a2c3cf2e3f2945 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Thu, 2 Mar 2023 16:27:42 +0300 Subject: [PATCH 14/24] log when entering storAccessToken mthd --- .../org/opensrp/web/config/security/OAuth2SecurityConfig.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index 288621aec..477a76eef 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -96,7 +96,7 @@ public JdbcTokenStore tokenStore() { @Override public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) { - + logger.info("Invoking store access token method"); if (authentication != null) { final String key = authenticationKeyGenerator.extractKey(authentication); int rowsAffected = jdbcTemplate.update("delete from oauth_access_token where authentication_id = ?", @@ -104,8 +104,6 @@ public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authenti String isSuccess = (rowsAffected > 0) ? "Success" : "Failure"; logger.info("Attempt to delete authentication_id {} from oauth_access_token table was a {}", key, isSuccess); - } else { - logger.info("authentication object is null"); } super.storeAccessToken(token, authentication); From fba0d5d080772ff66602ea7b3e4a37ea54f3fda6 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Fri, 3 Mar 2023 18:06:34 +0300 Subject: [PATCH 15/24] init unit test for jdbctokenstore --- configs | 2 +- .../security/OAuth2SecurityConfigTest.java | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java diff --git a/configs b/configs index 16ca54ec4..3ad596261 160000 --- a/configs +++ b/configs @@ -1 +1 @@ -Subproject commit 16ca54ec4be4b8cf0b6c4dc42b8cc4790a0bcf65 +Subproject commit 3ad596261a3471198c870a39038076a5a61a12ff diff --git a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java new file mode 100644 index 000000000..066d5d06d --- /dev/null +++ b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java @@ -0,0 +1,41 @@ +package org.opensrp.web.config.security; + +import junit.framework.TestCase; +import org.mockito.Mockito; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; +import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; +import org.springframework.test.util.ReflectionTestUtils; + +import javax.sql.DataSource; + +public class OAuth2SecurityConfigTest extends TestCase { + + + + public void testTokenStore() { + + OAuth2SecurityConfig oAuth2SecurityConfig = new OAuth2SecurityConfig(); + DataSource dataSource = Mockito.mock(DataSource.class); + Whitebox.setInternalState(oAuth2SecurityConfig, "dataSource", dataSource); + JdbcTokenStore jdbcTokenStore = oAuth2SecurityConfig.tokenStore(); + JdbcTemplate jdbcTemplateMock = Mockito.mock(JdbcTemplate.class); + AuthenticationKeyGenerator authenticationKeyGenerator = Mockito.mock(AuthenticationKeyGenerator.class); + Whitebox.setInternalState(jdbcTokenStore, "jdbcTemplate", jdbcTemplateMock); + Whitebox.setInternalState(jdbcTokenStore, "authenticationKeyGenerator", authenticationKeyGenerator); + + Mockito.when(authenticationKeyGenerator.extractKey(Mockito.any())).thenReturn("some-key"); + + + + OAuth2Authentication authenticationMock = Mockito.mock(OAuth2Authentication.class); + OAuth2AccessToken tokenMock = Mockito.mock(OAuth2AccessToken.class); + Mockito.spy(jdbcTokenStore); + + jdbcTokenStore.storeAccessToken(tokenMock, authenticationMock); + Mockito.verify(jdbcTemplateMock.update(Mockito.anyString())); + } +} From a2bf76bca196e4ab69d92f8dd143d43af0da0f37 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 6 Mar 2023 08:22:25 +0300 Subject: [PATCH 16/24] create OAuth2Request instance for testing --- .../config/security/OAuth2SecurityConfig.java | 2 ++ .../security/OAuth2SecurityConfigTest.java | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java index 477a76eef..4b37112da 100644 --- a/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java +++ b/src/main/java/org/opensrp/web/config/security/OAuth2SecurityConfig.java @@ -112,4 +112,6 @@ public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authenti }; } + + } diff --git a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java index 066d5d06d..dc94d685b 100644 --- a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java +++ b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java @@ -2,10 +2,12 @@ import junit.framework.TestCase; import org.mockito.Mockito; +import org.powermock.reflect.Whitebox; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; import org.springframework.test.util.ReflectionTestUtils; @@ -21,18 +23,24 @@ public void testTokenStore() { OAuth2SecurityConfig oAuth2SecurityConfig = new OAuth2SecurityConfig(); DataSource dataSource = Mockito.mock(DataSource.class); Whitebox.setInternalState(oAuth2SecurityConfig, "dataSource", dataSource); + JdbcTokenStore jdbcTokenStore = oAuth2SecurityConfig.tokenStore(); + JdbcTemplate jdbcTemplateMock = Mockito.mock(JdbcTemplate.class); AuthenticationKeyGenerator authenticationKeyGenerator = Mockito.mock(AuthenticationKeyGenerator.class); + Mockito.when(jdbcTemplateMock.update(Mockito.anyString())).thenReturn(1); + + // Mockito.when(authenticationKeyGenerator.extractKey(Mockito.any())).thenReturn("some-key"); Whitebox.setInternalState(jdbcTokenStore, "jdbcTemplate", jdbcTemplateMock); Whitebox.setInternalState(jdbcTokenStore, "authenticationKeyGenerator", authenticationKeyGenerator); - Mockito.when(authenticationKeyGenerator.extractKey(Mockito.any())).thenReturn("some-key"); - - - OAuth2Authentication authenticationMock = Mockito.mock(OAuth2Authentication.class); OAuth2AccessToken tokenMock = Mockito.mock(OAuth2AccessToken.class); + OAuth2Request auth2Request = new OAuth2Request(null, + "some-client-id", null, true, + null, null, null, + null, null); + Mockito.when(authenticationMock.getOAuth2Request()).thenReturn(auth2Request); Mockito.spy(jdbcTokenStore); jdbcTokenStore.storeAccessToken(tokenMock, authenticationMock); From bf86f643633f4c6e3414a08cf00cb4a3d6b7fbf0 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 6 Mar 2023 16:17:38 +0300 Subject: [PATCH 17/24] mock connection; --- .../security/OAuth2SecurityConfigTest.java | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java index dc94d685b..7797d4bde 100644 --- a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java +++ b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java @@ -1,7 +1,11 @@ package org.opensrp.web.config.security; import junit.framework.TestCase; +import org.junit.Test; +import org.junit.runner.RunWith; import org.mockito.Mockito; +import org.opensrp.TestDatabaseConfig; +import org.opensrp.web.rest.it.TestWebContextLoader; import org.powermock.reflect.Whitebox; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.jdbc.core.JdbcTemplate; @@ -10,15 +14,21 @@ import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.util.ReflectionTestUtils; import javax.sql.DataSource; +import java.sql.Connection; +import java.sql.SQLException; public class OAuth2SecurityConfigTest extends TestCase { - public void testTokenStore() { + @Test + public void testTokenStore() throws SQLException { OAuth2SecurityConfig oAuth2SecurityConfig = new OAuth2SecurityConfig(); DataSource dataSource = Mockito.mock(DataSource.class); @@ -26,9 +36,11 @@ public void testTokenStore() { JdbcTokenStore jdbcTokenStore = oAuth2SecurityConfig.tokenStore(); - JdbcTemplate jdbcTemplateMock = Mockito.mock(JdbcTemplate.class); + JdbcTemplate jdbcTemplateMock = new TestDatabaseConfig().jdbcTemplate(); + Mockito.when(dataSource.getConnection()).thenReturn(Mockito.mock(Connection.class)); + AuthenticationKeyGenerator authenticationKeyGenerator = Mockito.mock(AuthenticationKeyGenerator.class); - Mockito.when(jdbcTemplateMock.update(Mockito.anyString())).thenReturn(1); + Mockito.when(jdbcTemplateMock.update(Mockito.eq("delete from oauth_access_token where authentication_id = ?"), Mockito.eq("4e19bbaa33fc65f5951b336d7c11f6fc"))).thenReturn(1); // Mockito.when(authenticationKeyGenerator.extractKey(Mockito.any())).thenReturn("some-key"); Whitebox.setInternalState(jdbcTokenStore, "jdbcTemplate", jdbcTemplateMock); @@ -44,6 +56,6 @@ public void testTokenStore() { Mockito.spy(jdbcTokenStore); jdbcTokenStore.storeAccessToken(tokenMock, authenticationMock); - Mockito.verify(jdbcTemplateMock.update(Mockito.anyString())); + Mockito.verify(jdbcTemplateMock.update(Mockito.anyString(), Mockito.anyString())); } } From e7a5c42b1c705f0809315487b4da9bf411edb81f Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 7 Mar 2023 10:23:37 +0300 Subject: [PATCH 18/24] add env with annotations --- .../web/config/security/OAuth2SecurityConfigTest.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java index 7797d4bde..042e8a898 100644 --- a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java +++ b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java @@ -23,15 +23,19 @@ import java.sql.Connection; import java.sql.SQLException; +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(loader = TestWebContextLoader.class, locations = { "classpath:test-webmvc-config.xml", }) +@ActiveProfiles(profiles = {"postgres"}) public class OAuth2SecurityConfigTest extends TestCase { - + @Autowired + DataSource dataSource; @Test public void testTokenStore() throws SQLException { OAuth2SecurityConfig oAuth2SecurityConfig = new OAuth2SecurityConfig(); - DataSource dataSource = Mockito.mock(DataSource.class); +// DataSource dataSource = Mockito.mock(DataSource.class); Whitebox.setInternalState(oAuth2SecurityConfig, "dataSource", dataSource); JdbcTokenStore jdbcTokenStore = oAuth2SecurityConfig.tokenStore(); From 8334adc9e55fe69b6e3522389bf5250e128b516b Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 7 Mar 2023 17:18:50 +0300 Subject: [PATCH 19/24] enable redis --- .../opensrp/web/config/security/OAuth2SecurityConfigTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java index 042e8a898..f3517bc3b 100644 --- a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java +++ b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java @@ -24,8 +24,8 @@ import java.sql.SQLException; @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(loader = TestWebContextLoader.class, locations = { "classpath:test-webmvc-config.xml", }) -@ActiveProfiles(profiles = {"postgres"}) +@ContextConfiguration(loader = TestWebContextLoader.class, locations = {"classpath:test-webmvc-config.xml",}) +@ActiveProfiles(profiles = {"postgres", "jedis"}) public class OAuth2SecurityConfigTest extends TestCase { From eeb57f72b746f5dd8f2256938d82503936cf861f Mon Sep 17 00:00:00 2001 From: hilpitome Date: Tue, 7 Mar 2023 18:36:12 +0300 Subject: [PATCH 20/24] add password to TestRedisConfig --- src/test/java/org/opensrp/TestRedisConfig.java | 4 ++++ src/test/resources/test-persistence-postgres.xml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/opensrp/TestRedisConfig.java b/src/test/java/org/opensrp/TestRedisConfig.java index ff0850952..88ac06517 100644 --- a/src/test/java/org/opensrp/TestRedisConfig.java +++ b/src/test/java/org/opensrp/TestRedisConfig.java @@ -35,10 +35,14 @@ public class TestRedisConfig { @Value("#{opensrp['redis.pool.max.connections']}") private int redisMaxConnections = 0; + @Value("#{opensrp['redis.password']}") + private String redisPassword; + private RedisStandaloneConfiguration redisStandaloneConfiguration() { RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration(redisHost, redisPort); redisStandaloneConfiguration.setDatabase(redisDatabase); + redisStandaloneConfiguration.setPassword(redisPassword); return redisStandaloneConfiguration; } diff --git a/src/test/resources/test-persistence-postgres.xml b/src/test/resources/test-persistence-postgres.xml index 6d8b8639b..bf2f3a662 100644 --- a/src/test/resources/test-persistence-postgres.xml +++ b/src/test/resources/test-persistence-postgres.xml @@ -9,7 +9,7 @@ - + @@ -34,4 +34,4 @@ - \ No newline at end of file + From 638662dcba33c4a42069a266cc1b017f1fff9b81 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Fri, 10 Mar 2023 11:21:05 +0300 Subject: [PATCH 21/24] init use real objects instead of mocks --- .../security/OAuth2SecurityConfigTest.java | 69 +++++++++++++++---- 1 file changed, 55 insertions(+), 14 deletions(-) diff --git a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java index f3517bc3b..374487ae5 100644 --- a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java +++ b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java @@ -9,10 +9,14 @@ import org.powermock.reflect.Whitebox; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; +import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; @@ -22,6 +26,7 @@ import javax.sql.DataSource; import java.sql.Connection; import java.sql.SQLException; +import java.util.Collection; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(loader = TestWebContextLoader.class, locations = {"classpath:test-webmvc-config.xml",}) @@ -35,31 +40,67 @@ public class OAuth2SecurityConfigTest extends TestCase { public void testTokenStore() throws SQLException { OAuth2SecurityConfig oAuth2SecurityConfig = new OAuth2SecurityConfig(); -// DataSource dataSource = Mockito.mock(DataSource.class); Whitebox.setInternalState(oAuth2SecurityConfig, "dataSource", dataSource); JdbcTokenStore jdbcTokenStore = oAuth2SecurityConfig.tokenStore(); - JdbcTemplate jdbcTemplateMock = new TestDatabaseConfig().jdbcTemplate(); - Mockito.when(dataSource.getConnection()).thenReturn(Mockito.mock(Connection.class)); + JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource); - AuthenticationKeyGenerator authenticationKeyGenerator = Mockito.mock(AuthenticationKeyGenerator.class); - Mockito.when(jdbcTemplateMock.update(Mockito.eq("delete from oauth_access_token where authentication_id = ?"), Mockito.eq("4e19bbaa33fc65f5951b336d7c11f6fc"))).thenReturn(1); - + AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator(); +// Mockito.when(jdbcTemplateMock.update(Mockito.eq("delete from oauth_access_token where authentication_id = ?"), Mockito.eq("4e19bbaa33fc65f5951b336d7c11f6fc"))).thenReturn(1); + +// jdbcTemplate.update("insert into oauth_access_token (authentication_id) values (?)", "4e19bbaa33fc65f5951b336d7c11f6fc"); // Mockito.when(authenticationKeyGenerator.extractKey(Mockito.any())).thenReturn("some-key"); - Whitebox.setInternalState(jdbcTokenStore, "jdbcTemplate", jdbcTemplateMock); + Whitebox.setInternalState(jdbcTokenStore, "jdbcTemplate", jdbcTemplate); Whitebox.setInternalState(jdbcTokenStore, "authenticationKeyGenerator", authenticationKeyGenerator); - OAuth2Authentication authenticationMock = Mockito.mock(OAuth2Authentication.class); - OAuth2AccessToken tokenMock = Mockito.mock(OAuth2AccessToken.class); + OAuth2Request auth2Request = new OAuth2Request(null, "some-client-id", null, true, null, null, null, null, null); - Mockito.when(authenticationMock.getOAuth2Request()).thenReturn(auth2Request); - Mockito.spy(jdbcTokenStore); - - jdbcTokenStore.storeAccessToken(tokenMock, authenticationMock); - Mockito.verify(jdbcTemplateMock.update(Mockito.anyString(), Mockito.anyString())); + Authentication authentication = new Authentication() { + + private boolean isAuthenticated = true; + + @Override + public Collection getAuthorities() { + return null; + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getDetails() { + return null; + } + + @Override + public Object getPrincipal() { + return "some-principle"; + } + + @Override + public boolean isAuthenticated() { + return this.isAuthenticated; + } + + @Override + public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { + this.isAuthenticated = isAuthenticated; + } + + @Override + public String getName() { + return null; + } + }; + OAuth2Authentication authenticationStub = new OAuth2Authentication(auth2Request, authentication); + OAuth2AccessToken oAuth2AccessTokenStub = new DefaultOAuth2AccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"); + jdbcTokenStore.storeAccessToken(oAuth2AccessTokenStub, authenticationStub); +// Mockito.verify(jdbcTemplate.update(Mockito.anyString(), Mockito.anyString())); } } From 920f74342ddfe2e42093b21a162234d35167e9da Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 13 Mar 2023 10:12:15 +0300 Subject: [PATCH 22/24] delete OAth2SecurityTest and update server version --- pom.xml | 2 +- .../security/OAuth2SecurityConfigTest.java | 106 ------------------ 2 files changed, 1 insertion(+), 107 deletions(-) delete mode 100644 src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java diff --git a/pom.xml b/pom.xml index 5f89dda83..bb3651ac2 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ opensrp-server-web war - 2.1.70.9-ALPHA2-SNAPSHOT + 2.1.70.9-SNAPSHOT opensrp-server-web OpenSRP Server Web Application https://github.com/OpenSRP/opensrp-server-web diff --git a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java b/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java deleted file mode 100644 index 374487ae5..000000000 --- a/src/test/java/org/opensrp/web/config/security/OAuth2SecurityConfigTest.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.opensrp.web.config.security; - -import junit.framework.TestCase; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mockito; -import org.opensrp.TestDatabaseConfig; -import org.opensrp.web.rest.it.TestWebContextLoader; -import org.powermock.reflect.Whitebox; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; -import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator; -import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator; -import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.util.ReflectionTestUtils; - -import javax.sql.DataSource; -import java.sql.Connection; -import java.sql.SQLException; -import java.util.Collection; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(loader = TestWebContextLoader.class, locations = {"classpath:test-webmvc-config.xml",}) -@ActiveProfiles(profiles = {"postgres", "jedis"}) -public class OAuth2SecurityConfigTest extends TestCase { - - - @Autowired - DataSource dataSource; - @Test - public void testTokenStore() throws SQLException { - - OAuth2SecurityConfig oAuth2SecurityConfig = new OAuth2SecurityConfig(); - Whitebox.setInternalState(oAuth2SecurityConfig, "dataSource", dataSource); - - JdbcTokenStore jdbcTokenStore = oAuth2SecurityConfig.tokenStore(); - - JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource); - - AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator(); -// Mockito.when(jdbcTemplateMock.update(Mockito.eq("delete from oauth_access_token where authentication_id = ?"), Mockito.eq("4e19bbaa33fc65f5951b336d7c11f6fc"))).thenReturn(1); - -// jdbcTemplate.update("insert into oauth_access_token (authentication_id) values (?)", "4e19bbaa33fc65f5951b336d7c11f6fc"); - // Mockito.when(authenticationKeyGenerator.extractKey(Mockito.any())).thenReturn("some-key"); - Whitebox.setInternalState(jdbcTokenStore, "jdbcTemplate", jdbcTemplate); - Whitebox.setInternalState(jdbcTokenStore, "authenticationKeyGenerator", authenticationKeyGenerator); - - - OAuth2Request auth2Request = new OAuth2Request(null, - "some-client-id", null, true, - null, null, null, - null, null); - Authentication authentication = new Authentication() { - - private boolean isAuthenticated = true; - - @Override - public Collection getAuthorities() { - return null; - } - - @Override - public Object getCredentials() { - return null; - } - - @Override - public Object getDetails() { - return null; - } - - @Override - public Object getPrincipal() { - return "some-principle"; - } - - @Override - public boolean isAuthenticated() { - return this.isAuthenticated; - } - - @Override - public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { - this.isAuthenticated = isAuthenticated; - } - - @Override - public String getName() { - return null; - } - }; - OAuth2Authentication authenticationStub = new OAuth2Authentication(auth2Request, authentication); - OAuth2AccessToken oAuth2AccessTokenStub = new DefaultOAuth2AccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"); - jdbcTokenStore.storeAccessToken(oAuth2AccessTokenStub, authenticationStub); -// Mockito.verify(jdbcTemplate.update(Mockito.anyString(), Mockito.anyString())); - } -} From ccd6ecd74e20479bd3f8b89453610d4e21e235c2 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 13 Mar 2023 14:45:27 +0300 Subject: [PATCH 23/24] retrigger checks From 4ed7f57e20370d7da094b0a6544b71bb51fef352 Mon Sep 17 00:00:00 2001 From: hilpitome Date: Mon, 13 Mar 2023 18:01:00 +0300 Subject: [PATCH 24/24] revert test postgres settings --- src/test/resources/test-persistence-postgres.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/resources/test-persistence-postgres.xml b/src/test/resources/test-persistence-postgres.xml index bf2f3a662..179cd2e40 100644 --- a/src/test/resources/test-persistence-postgres.xml +++ b/src/test/resources/test-persistence-postgres.xml @@ -9,7 +9,7 @@ - +