From d473eb6fdf36e4c6be142bc6a5b89c7867df35d6 Mon Sep 17 00:00:00 2001
From: birkon <birkon@stud.ntnu.no>
Date: Thu, 4 May 2023 10:20:45 +0200
Subject: [PATCH] added authentication on shoppinglist endpoints and
controller/service tests
---
.../controller/ShoppingListController.java | 4 +-
.../repository/ShoppingListRepository.java | 11 ++-
.../SmartMat/service/ShoppingListService.java | 12 +++
.../ShoppingListControllerTest.java | 84 ++++++++++++++++++-
.../group/FridgeControllerTest.java | 2 +-
.../service/ShoppingListServiceTest.java | 31 +++++++
6 files changed, 139 insertions(+), 5 deletions(-)
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
index 352447b2..4c4d085f 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
@@ -44,7 +44,9 @@ public class ShoppingListController {
* @return the shopping list, or an error if the ID is invalid
*/
@GetMapping("/{id}")
- public ResponseEntity<ShoppingList> getShoppingListById(@PathVariable("id") long id) {
+ public ResponseEntity<ShoppingList> getShoppingListById(@PathVariable("id") long id, Authentication auth) {
+ shoppingListService.isUserInShoppinglist(id, auth.getName());
+
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(id);
return shoppingList.map(list -> ResponseEntity.status(HttpStatus.OK).body(list))
.orElseGet(() -> ResponseEntity.status(HttpStatus.NOT_FOUND).build());
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/repository/ShoppingListRepository.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/repository/ShoppingListRepository.java
index 8bbc7684..dcc5f416 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/repository/ShoppingListRepository.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/repository/ShoppingListRepository.java
@@ -1,5 +1,6 @@
package ntnu.idatt2016.v233.SmartMat.repository;
+import java.util.List;
import java.util.Optional;
import ntnu.idatt2016.v233.SmartMat.entity.ShoppingList;
@@ -23,5 +24,13 @@ public interface ShoppingListRepository extends JpaRepository<ShoppingList, Long
*/
Optional<ShoppingList> getByGroupGroupId(long id);
-
+
+ /**
+ * Gets all shopping lists by the username of the user
+ * @param username the username of the user
+ * @return a list of shopping lists
+ */
+ List<ShoppingList> findAllByGroupUsersUsername(String username);
+
+
}
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
index c7867e9c..6f1f69f3 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
@@ -105,4 +105,16 @@ public class ShoppingListService {
return shoppingListRepository.findById(shoppingListId);
}
+
+ /**
+ * Check if user can edit/get shoppinglist
+ * @param id id of shoppinglist
+ * @param name name of user
+ * @return true if user is in shoppinglist, false if not
+ */
+ public boolean isUserInShoppinglist(long id, String name) {
+ return shoppingListRepository.findAllByGroupUsersUsername(name).stream()
+ .anyMatch(shoppingList -> shoppingList.getShoppingListID() == id);
+
+ }
}
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
index 04b1935e..cf325eb3 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
@@ -1,5 +1,6 @@
package ntnu.idatt2016.v233.SmartMat.controller;
+import ntnu.idatt2016.v233.SmartMat.dto.enums.Authority;
import ntnu.idatt2016.v233.SmartMat.dto.request.ShoppingListRequest;
import ntnu.idatt2016.v233.SmartMat.entity.ShoppingList;
import ntnu.idatt2016.v233.SmartMat.service.ShoppingListService;
@@ -11,7 +12,12 @@ import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import java.util.Collection;
+import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -28,6 +34,80 @@ public class ShoppingListControllerTest {
private ShoppingList shoppingList;
+ private final Authentication regularUser = new Authentication() {
+ @Override
+ public Collection<? extends GrantedAuthority> getAuthorities() {
+ return List.of(new SimpleGrantedAuthority(Authority.USER.name()));
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getDetails() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return null;
+ }
+
+ @Override
+ public boolean isAuthenticated() {
+ return true;
+ }
+
+ @Override
+ public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
+
+ }
+
+ @Override
+ public String getName() {
+ return "test";
+ }
+ };
+
+ private Authentication adminUser = new Authentication() {
+ @Override
+ public Collection<? extends GrantedAuthority> getAuthorities() {
+ return List.of(new SimpleGrantedAuthority(Authority.ADMIN.name()));
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getDetails() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return null;
+ }
+
+ @Override
+ public boolean isAuthenticated() {
+ return true;
+ }
+
+ @Override
+ public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
+
+ }
+
+ @Override
+ public String getName() {
+ return "test";
+ }
+ };
+
@BeforeEach
public void setUp() {
shoppingList = new ShoppingList();
@@ -39,7 +119,7 @@ public class ShoppingListControllerTest {
long id = 1;
when(shoppingListService.getShoppingListById(id)).thenReturn(Optional.of(shoppingList));
- ResponseEntity<ShoppingList> response = shoppingListController.getShoppingListById(id);
+ ResponseEntity<ShoppingList> response = shoppingListController.getShoppingListById(id, adminUser);
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(shoppingList, response.getBody());
@@ -50,7 +130,7 @@ public class ShoppingListControllerTest {
long id = 1;
when(shoppingListService.getShoppingListById(id)).thenReturn(Optional.empty());
- ResponseEntity<ShoppingList> response = shoppingListController.getShoppingListById(id);
+ ResponseEntity<ShoppingList> response = shoppingListController.getShoppingListById(id, adminUser);
assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode());
}
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
index 418ef509..4ae6df8a 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
@@ -51,7 +51,7 @@ public class FridgeControllerTest {
private FridgeProductRequest fridgeProductRequest;
- private Authentication regularUser = new Authentication() {
+ private final Authentication regularUser = new Authentication() {
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of(new SimpleGrantedAuthority(Authority.USER.name()));
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListServiceTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListServiceTest.java
index c304217d..6ff1845b 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListServiceTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListServiceTest.java
@@ -1,6 +1,8 @@
package ntnu.idatt2016.v233.SmartMat.service;
import ntnu.idatt2016.v233.SmartMat.entity.group.Group;
+import ntnu.idatt2016.v233.SmartMat.entity.group.UserGroupAsso;
+import ntnu.idatt2016.v233.SmartMat.entity.user.User;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.InjectMocks;
@@ -79,4 +81,33 @@ class ShoppingListServiceTest {
verify(shoppingListRepository, times(1)).deleteById(1L);
}
+
+ @Test
+ void isUserInGroupWithShoppinglist(){
+ ShoppingList shoppingList = new ShoppingList();
+ Group group = new Group();
+ shoppingList.setGroup(group);
+
+ User user = User.builder()
+ .username("test")
+ .password("test")
+ .build();
+
+ group.addUser(UserGroupAsso.builder()
+ .user(user)
+ .group(group)
+ .build());
+
+
+ when(shoppingListRepository.findAllByGroupUsersUsername(user.getUsername()))
+ .thenReturn(List.of(shoppingList));
+
+ boolean result = shoppingListService.isUserInShoppinglist(
+ shoppingList.getShoppingListID(), user.getUsername());
+
+ assertTrue(result);
+
+ verify(shoppingListRepository, times(1))
+ .findAllByGroupUsersUsername(user.getUsername());
+ }
}
--
GitLab