From 56d62533cebe89d94542d5b8fde7b5c3b00c1a33 Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Thu, 3 Jan 2019 13:23:21 -0700 Subject: [PATCH] [SHIBUI-1031] Re-enabled password JsonProperty annotation. Fixed unit tests accordingly. --- .../admin/ui/security/model/User.java | 4 +- .../UsersControllerIntegrationTests.groovy | 58 +++++++++---------- 2 files changed, 29 insertions(+), 33 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java index 992b55413..c0da827e1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java @@ -1,6 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.security.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable; import lombok.EqualsAndHashCode; import lombok.Getter; @@ -33,8 +34,7 @@ public class User extends AbstractAuditable { @Column(nullable = false, unique = true) private String username; - //TODO: Need to figure out the right way to protect this property - //@JsonProperty(access = JsonProperty.Access.WRITE_ONLY) + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) @Column(nullable = false) private String password; diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy index 9faec1da1..57c134ada 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy @@ -4,6 +4,9 @@ import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.databind.SerializationFeature import edu.internet2.tier.shibboleth.admin.ui.security.model.Role import edu.internet2.tier.shibboleth.admin.ui.security.model.User +import groovy.json.JsonBuilder +import groovy.json.JsonOutput +import groovy.json.JsonSlurper import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.test.context.SpringBootTest import org.springframework.boot.test.web.client.TestRestTemplate @@ -80,37 +83,32 @@ class UsersControllerIntegrationTests extends Specification { def 'POST new user persists properly'() { given: - def newUser = new User().with { - it.firstName = 'Foo' - it.lastName = 'Bar' - it.username = 'FooBar' - it.password = 'somepass' - it.roles = [new Role().with {it.name = 'ROLE_USER'}] as Set - it - } + def newUser = [firstName: 'Foo', + lastName: 'Bar', + username: 'FooBar', + password: 'somepass', + emailAddress: 'foo@institution.edu', + roles: ['ROLE_USER']] when: - def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map) + def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map) then: result.statusCodeValue == 200 - //TODO: Compare body? Or do that in a service-level unit test? } def 'POST new duplicate username returns 409'() { given: - def newUser = new User().with { - it.firstName = 'Foo' - it.lastName = 'Bar' - it.username = 'DuplicateUser' - it.password = 'somepass' - it.roles = [new Role().with {it.name = 'ROLE_USER'}] as Set - it - } + def newUser = [firstName: 'Foo', + lastName: 'Bar', + username: 'DuplicateUser', + password: 'somepass', + emailAddress: 'foo@institution.edu', + roles: ['ROLE_USER']] when: - this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map) - def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map) + this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map) + def result = this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map) then: result.statusCodeValue == 409 @@ -118,19 +116,17 @@ class UsersControllerIntegrationTests extends Specification { def 'PUT updates user properly'() { given: - def newUser = new User().with { - it.firstName = 'Foo' - it.lastName = 'Bar' - it.username = 'FooBar' - it.password = 'somepass' - it.roles = [new Role().with {it.name = 'ROLE_USER'}] as Set - it - } + def newUser = [firstName: 'Foo', + lastName: 'Bar', + username: 'FooBar', + password: 'somepass', + emailAddress: 'foo@institution.edu', + roles: ['ROLE_USER']] when: - this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map) - newUser.setFirstName('Bob') - def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", org.springframework.http.HttpMethod.PUT, createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map) + this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map) + newUser['firstName'] = 'Bob' + def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", org.springframework.http.HttpMethod.PUT, createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map) then: result.statusCodeValue == 200