Skip to content
Snippets Groups Projects
Commit 0c96c2cf authored by Martin Lowe's avatar Martin Lowe :flag_ca:
Browse files

fix: Add required role to the endpoint calls

parent 1a95ce67
No related branches found
No related tags found
1 merge request!34feat(oidc): Switch API from Drupal OAuth to use Keycloak in its place
Pipeline #74551 passed
/*********************************************************************
* Copyright (c) 2025 Eclipse Foundation.
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
**********************************************************************/
package org.eclipsefoundation.openvsx.namespace;
/**
* Shared parameters used in the operation of the API.
*/
public class OpenVSXParameters {
public static final String DEFAULT_ACCESS_ROLE = "openvsx_publisher_agreement";
private OpenVSXParameters() {}
}
...@@ -15,15 +15,16 @@ import java.util.Arrays; ...@@ -15,15 +15,16 @@ import java.util.Arrays;
import org.eclipsefoundation.efservices.services.ProfileService; import org.eclipsefoundation.efservices.services.ProfileService;
import org.eclipsefoundation.http.exception.ApplicationException; import org.eclipsefoundation.http.exception.ApplicationException;
import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
import io.quarkus.security.Authenticated;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.GET; import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path; import jakarta.ws.rs.Path;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
@Authenticated
@Path("profile") @Path("profile")
@RolesAllowed(OpenVSXParameters.DEFAULT_ACCESS_ROLE)
public class ProfileResource { public class ProfileResource {
private final ProfileService profile; private final ProfileService profile;
......
...@@ -21,12 +21,13 @@ import org.eclipsefoundation.http.exception.ApplicationException; ...@@ -21,12 +21,13 @@ import org.eclipsefoundation.http.exception.ApplicationException;
import org.eclipsefoundation.openvsx.config.PublisherAgreementConfig; import org.eclipsefoundation.openvsx.config.PublisherAgreementConfig;
import org.eclipsefoundation.openvsx.models.AgreementSigningRequest; import org.eclipsefoundation.openvsx.models.AgreementSigningRequest;
import org.eclipsefoundation.openvsx.models.PublisherAgreementData; import org.eclipsefoundation.openvsx.models.PublisherAgreementData;
import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
import org.eclipsefoundation.openvsx.services.FoundationOperationService; import org.eclipsefoundation.openvsx.services.FoundationOperationService;
import org.eclipsefoundation.openvsx.services.PublisherAgreementService; import org.eclipsefoundation.openvsx.services.PublisherAgreementService;
import org.eclipsefoundation.utils.exception.FinalForbiddenException; import org.eclipsefoundation.utils.exception.FinalForbiddenException;
import io.quarkus.security.Authenticated;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.BadRequestException; import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.DELETE; import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET; import jakarta.ws.rs.GET;
...@@ -41,8 +42,8 @@ import jakarta.ws.rs.core.Response.Status; ...@@ -41,8 +42,8 @@ import jakarta.ws.rs.core.Response.Status;
/** /**
* Resource containing calls for retrieving and signing OpenVSX publisher agreements. * Resource containing calls for retrieving and signing OpenVSX publisher agreements.
*/ */
@Authenticated
@Path("publisher_agreement") @Path("publisher_agreement")
@RolesAllowed(OpenVSXParameters.DEFAULT_ACCESS_ROLE)
public class PublisherAgreementResource { public class PublisherAgreementResource {
private static final String NOT_FOUND_MSG_FORMAT = "Unable to find agreement for user: %s"; private static final String NOT_FOUND_MSG_FORMAT = "Unable to find agreement for user: %s";
......
...@@ -14,8 +14,8 @@ package org.eclipsefoundation.openvsx.resources; ...@@ -14,8 +14,8 @@ package org.eclipsefoundation.openvsx.resources;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import org.eclipsefoundation.openvsx.namespace.OpenVSXParameters;
import org.eclipsefoundation.openvsx.test.helpers.SchemaNamespaceHelper; import org.eclipsefoundation.openvsx.test.helpers.SchemaNamespaceHelper;
import org.eclipsefoundation.testing.helpers.AuthHelper;
import org.eclipsefoundation.testing.helpers.TestCaseHelper; import org.eclipsefoundation.testing.helpers.TestCaseHelper;
import org.eclipsefoundation.testing.models.EndpointTestBuilder; import org.eclipsefoundation.testing.models.EndpointTestBuilder;
import org.eclipsefoundation.testing.models.EndpointTestCase; import org.eclipsefoundation.testing.models.EndpointTestCase;
...@@ -37,19 +37,19 @@ class ProfileResourceTest { ...@@ -37,19 +37,19 @@ class ProfileResourceTest {
* GET CURRENT USER * GET CURRENT USER
*/ */
@Test @Test
@TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE) @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
void testGetProfile_success() { void testGetProfile_success() {
EndpointTestBuilder.from(GET_CURRENT_SUCCESS).run(); EndpointTestBuilder.from(GET_CURRENT_SUCCESS).run();
} }
@Test @Test
@TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE) @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
void testGetProfile_success_validateResponseFormat() { void testGetProfile_success_validateResponseFormat() {
EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckFormat().run(); EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckFormat().run();
} }
@Test @Test
@TestSecurity(user = FAKEUSER_PROFILE, roles = AuthHelper.DEFAULT_ROLE) @TestSecurity(user = FAKEUSER_PROFILE, roles = OpenVSXParameters.DEFAULT_ACCESS_ROLE)
void testGetProfile_success_validateSchema() { void testGetProfile_success_validateSchema() {
EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckSchema().run(); EndpointTestBuilder.from(GET_CURRENT_SUCCESS).andCheckSchema().run();
} }
...@@ -70,4 +70,16 @@ class ProfileResourceTest { ...@@ -70,4 +70,16 @@ class ProfileResourceTest {
.build()) .build())
.run(); .run();
} }
@Test
@TestSecurity(user = FAKEUSER_PROFILE, roles = "user")
void testGetProfile_failure_noValidRole() {
EndpointTestBuilder
.from(TestCaseHelper
.prepareTestCase(BASE_URL, new String[] {}, null)
.setStatusCode(403)
.setHeaderParams(Optional.of(Map.of("Authorization", "Bearer token1")))
.build())
.run();
}
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment