[SHIBUI-1031]

Re-enabled password JsonProperty annotation. Fixed unit tests accordingly.
TIER · Jan 3, 2019 · 56d6253 · 56d6253
1 parent 510ec55
commit 56d6253
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 33 deletions.
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java
@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.security.model;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
@@ -33,8 +34,7 @@ public class User extends AbstractAuditable {
     @Column(nullable = false, unique = true)
     private String username;
 
-    //TODO: Need to figure out the right way to protect this property
-    //@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
+    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
     @Column(nullable = false)
     private String password;
 

diff --git a/...rnet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy b/...rnet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy
@@ -4,6 +4,9 @@ import com.fasterxml.jackson.databind.ObjectMapper
 import com.fasterxml.jackson.databind.SerializationFeature
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User
+import groovy.json.JsonBuilder
+import groovy.json.JsonOutput
+import groovy.json.JsonSlurper
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.web.client.TestRestTemplate
@@ -80,57 +83,50 @@ class UsersControllerIntegrationTests extends Specification {
 
     def 'POST new user persists properly'() {
         given:
-        def newUser = new User().with {
-            it.firstName = 'Foo'
-            it.lastName = 'Bar'
-            it.username = 'FooBar'
-            it.password = 'somepass'
-            it.roles = [new Role().with {it.name = 'ROLE_USER'}] as Set<Role>
-            it
-        }
+        def newUser = [firstName: 'Foo',
+                       lastName: 'Bar',
+                       username: 'FooBar',
+                       password: 'somepass',
+                       emailAddress: 'foo@institution.edu',
+                       roles: ['ROLE_USER']]
 
         when:
-        def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
+        def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
 
         then:
         result.statusCodeValue == 200
-        //TODO: Compare body? Or do that in a service-level unit test?
     }
 
     def 'POST new duplicate username returns 409'() {
         given:
-        def newUser = new User().with {
-            it.firstName = 'Foo'
-            it.lastName = 'Bar'
-            it.username = 'DuplicateUser'
-            it.password = 'somepass'
-            it.roles = [new Role().with {it.name = 'ROLE_USER'}] as Set<Role>
-            it
-        }
+        def newUser = [firstName: 'Foo',
+                       lastName: 'Bar',
+                       username: 'DuplicateUser',
+                       password: 'somepass',
+                       emailAddress: 'foo@institution.edu',
+                       roles: ['ROLE_USER']]
 
         when:
-        this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
-        def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
+        this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
+        def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
 
         then:
         result.statusCodeValue == 409
     }
 
     def 'PUT updates user properly'() {
         given:
-        def newUser = new User().with {
-            it.firstName = 'Foo'
-            it.lastName = 'Bar'
-            it.username = 'FooBar'
-            it.password = 'somepass'
-            it.roles = [new Role().with {it.name = 'ROLE_USER'}] as Set<Role>
-            it
-        }
+        def newUser = [firstName: 'Foo',
+                       lastName: 'Bar',
+                       username: 'FooBar',
+                       password: 'somepass',
+                       emailAddress: 'foo@institution.edu',
+                       roles: ['ROLE_USER']]
 
         when:
-        this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
-        newUser.setFirstName('Bob')
-        def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", org.springframework.http.HttpMethod.PUT, createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
+        this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
+        newUser['firstName'] = 'Bob'
+        def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", org.springframework.http.HttpMethod.PUT, createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
 
         then:
         result.statusCodeValue == 200