Commit 9e39c9dd authored by Martin Lowe's avatar Martin Lowe 🇨🇦
Browse files

Add tests + static namespace vars for property names for opt resources

parent 1208a5b2
Pipeline #11688 passed with stage
in 0 seconds
......@@ -32,26 +32,31 @@ public class OptionalPathFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
if (optionalResourcesEnabled.get()) {
// check annotation on target endpoint to be sure that endpoint is enabled
Method m = ((PostMatchContainerRequestContext) requestContext).getResourceMethod().getMethod();
OptionalPath opt = m.getAnnotation(OptionalPath.class);
if (opt != null) {
// get the specified config value fresh and check that it is enabled, or enabled by default if missing
Optional<Boolean> configValue = ConfigProvider.getConfig().getOptionalValue(opt.value(), Boolean.class);
if (configValue.isPresent() && configValue.get()) {
LOGGER.trace("Request to '{}' enabled by config, allowing call",
requestContext.getUriInfo().getAbsolutePath());
} else if (configValue.isEmpty() && opt.enabledByDefault()) {
LOGGER.trace("Request to '{}' enabled by default, allowing call",
requestContext.getUriInfo().getAbsolutePath());
} else {
LOGGER.trace("Request to '{}' rejected as endpoint is not enabled",
requestContext.getUriInfo().getAbsolutePath());
// abort with 404 as we should hide that this exists
requestContext.abortWith(Response.status(404).build());
}
// check annotation on target endpoint to be sure that endpoint is enabled
Method m = ((PostMatchContainerRequestContext) requestContext).getResourceMethod().getMethod();
OptionalPath opt = m.getAnnotation(OptionalPath.class);
if (opt != null) {
if (!optionalResourcesEnabled.get()) {
LOGGER.trace("Request to '{}' rejected as optional resources are not enabled",
requestContext.getUriInfo().getAbsolutePath());
// abort with 404 as we should hide that this exists
requestContext.abortWith(Response.status(404).build());
}
// get the specified config value fresh and check that it is enabled, or enabled by default if missing
Optional<Boolean> configValue = ConfigProvider.getConfig().getOptionalValue(opt.value(), Boolean.class);
if (configValue.isPresent() && configValue.get()) {
LOGGER.trace("Request to '{}' enabled by config, allowing call",
requestContext.getUriInfo().getAbsolutePath());
} else if (configValue.isEmpty() && opt.enabledByDefault()) {
LOGGER.trace("Request to '{}' enabled by default, allowing call",
requestContext.getUriInfo().getAbsolutePath());
} else {
LOGGER.trace("Request to '{}' rejected as endpoint is not enabled",
requestContext.getUriInfo().getAbsolutePath());
// abort with 404 as we should hide that this exists
requestContext.abortWith(Response.status(404).build());
}
}
}
}
......@@ -20,6 +20,7 @@ import javax.ws.rs.core.Response;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.eclipsefoundation.core.namespace.MicroprofilePropertyNames;
import org.eclipsefoundation.core.namespace.OptionalPath;
import org.eclipsefoundation.core.service.CachingService;
import org.eclipsefoundation.core.service.CachingService.ParameterizedCacheKey;
......@@ -52,7 +53,7 @@ public class CacheResource {
@GET
@Path("keys")
@Produces(MediaType.TEXT_HTML)
@OptionalPath("eclipse.cache.resource.enabled")
@OptionalPath(MicroprofilePropertyNames.CACHE_RESOURCE_ENABLED)
public Response getCaches(@QueryParam("key") String passedKey) {
if (shouldBlockCacheRequest(passedKey)) {
return Response.status(403).build();
......@@ -66,7 +67,7 @@ public class CacheResource {
@POST
@Path("{cacheKey}/clear")
@OptionalPath("eclipse.cache.resource.enabled")
@OptionalPath(MicroprofilePropertyNames.CACHE_RESOURCE_ENABLED)
public Response clearForKey(@PathParam("cacheKey") String cacheKey, @QueryParam("key") String passedKey,
Map<String, List<String>> params) {
if (shouldBlockCacheRequest(passedKey)) {
......
package org.eclipsefoundation.core.resource;
import static io.restassured.RestAssured.given;
import java.util.UUID;
import javax.inject.Inject;
import org.eclipsefoundation.core.resource.CacheResource.InstanceCacheResourceKey;
import org.junit.jupiter.api.Test;
import io.quarkus.test.junit.QuarkusTest;
@QuarkusTest
public class CacheResourceDisabledTest {
@Inject
InstanceCacheResourceKey key;
@Test
void cacheUI_protected() {
given().when().get("/caches/keys").then().statusCode(404);
}
@Test
void cacheUI_returnsMissingWithKeyValues() {
given().when().get("/caches/keys?key={key}", UUID.randomUUID().toString()).then().statusCode(404);
given().when().get("/caches/keys?key={key}", key.key).then().statusCode(404);
}
}
package org.eclipsefoundation.core.resource;
import static io.restassured.RestAssured.given;
import java.util.UUID;
import javax.inject.Inject;
import org.eclipsefoundation.core.resource.CacheResource.InstanceCacheResourceKey;
import org.eclipsefoundation.core.test.OptionalResourceEnabledTestProfile;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import io.quarkus.arc.Arc;
import io.quarkus.test.junit.QuarkusTest;
import io.quarkus.test.junit.TestProfile;
@QuarkusTest
@TestProfile(OptionalResourceEnabledTestProfile.class)
public class CacheResourceTest {
@Inject
InstanceCacheResourceKey key;
@Test
void resourceSecuringKey_changesEachCreation() {
InstanceCacheResourceKey k = new InstanceCacheResourceKey();
InstanceCacheResourceKey k2 = new InstanceCacheResourceKey();
Assertions.assertNotEquals(k.key, k2.key);
}
@Test
void resourceSecuringKey_availableThroughCDI() {
Assertions.assertNotNull(key.key);
}
@Test
void resourceSecuringKey_sharedLifecycle() {
// check that key doesn't change across calls
InstanceCacheResourceKey keyCdiRef = Arc.container().instance(InstanceCacheResourceKey.class).get();
Assertions.assertEquals(keyCdiRef.key, key.key);
}
@Test
void cacheUI_protected() {
given().when().get("/caches/keys").then().statusCode(403);
}
@Test
void cacheUI_usesInstanceKey() {
given().when().get("/caches/keys?key={key}", UUID.randomUUID().toString()).then().statusCode(403);
given().when().get("/caches/keys?key={key}", key.key).then().statusCode(200);
}
}
package org.eclipsefoundation.core.test;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.eclipsefoundation.core.namespace.MicroprofilePropertyNames;
import io.quarkus.test.junit.QuarkusTestProfile;
/**
*
* @author Martin Lowe
*/
public class OptionalResourceEnabledTestProfile implements QuarkusTestProfile {
// private immutable copy of the configs for auth state
private static final Map<String, String> CONFIG_OVERRIDES;
static {
Map<String, String> tmp = new HashMap<>();
tmp.put(MicroprofilePropertyNames.OPTIONAL_RESOURCES_ENABLED, "true");
tmp.put(MicroprofilePropertyNames.CACHE_RESOURCE_ENABLED, "true");
CONFIG_OVERRIDES = Collections.unmodifiableMap(tmp);
}
@Override
public Map<String, String> getConfigOverrides() {
return CONFIG_OVERRIDES;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment