Correct test given api key change. (#1711)

MikeNeilson · web-flow · commit 96983317b313 · 2026-04-30T14:27:04.000-07:00
Given the tests weren't running, honestly not that bad of a problem
after the merge.
diff --git a/cwms-data-api/src/main/java/cwms/cda/data/dao/AuthDao.java b/cwms-data-api/src/main/java/cwms/cda/data/dao/AuthDao.java
@@ -63,6 +63,8 @@ public class AuthDao extends Dao<DataApiPrincipal> {
     public static final String AUTH_ERROR_MSG = "Authentication failed. The API Key may be invalid or no longer active.";
     private static final String API_KEY_V1_PREFIX = "ak1_";
     private static final int API_KEY_ID_LENGTH = 12;
+    private static final int API_KEY_SECRET_LENGTH = 256;
+    public static final int API_KEY_TOTAL_LENGTH = API_KEY_ID_LENGTH + API_KEY_SECRET_LENGTH;
     // At this level we just care that the user has permissions in *any* office
     private static final String RETRIEVE_GROUPS_OF_USER =
             ResourceHelper.getResourceAsString("/cwms/data/sql/user_groups.sql", AuthDao.class);
@@ -514,7 +516,7 @@ public ApiKey createApiKey(DataApiPrincipal p, ApiKey sourceData) throws CwmsAut
     private static String generateSecretKey(SecureRandom randomSource) {
         return randomSource.ints('0', 'z') // allow a-zA-Z0-9
             .filter(i -> (i <= 57 || i >= 65) && (i <= 90 || i >= 97)) // actually filter to above
-            .limit(256)
+            .limit(API_KEY_SECRET_LENGTH)
             .collect(StringBuilder::new, StringBuilder::appendCodePoint, StringBuilder::append)
             .toString();
     }
diff --git a/cwms-data-api/src/test/java/cwms/cda/api/auth/ApiKeyControllerTestIT.java b/cwms-data-api/src/test/java/cwms/cda/api/auth/ApiKeyControllerTestIT.java
@@ -41,14 +41,14 @@
 
 /**
  * Forced order is used here to allow better error reporting
- * but to let all the tests run and make sure 
+ * but to let all the tests run and make sure
  */
 @Tag("integration")
 @TestMethodOrder(OrderAnnotation.class)
 @TestInstance(Lifecycle.PER_CLASS)
 public class ApiKeyControllerTestIT extends DataApiTestIT {
 
-    
+
     private final String KEY_NAME = "TestKey1";
     private final String EXPIRED_KEY_NAME = "TestKey2-Expired";
 
@@ -76,7 +76,7 @@ void test_api_key_creation_no_expiration(String authType, TestAccounts.KeyUser t
                 .statusCode(is(HttpCode.CREATED.getStatus()))
                 .body("user-id",is(key.getUserId().toUpperCase()))
                 .body("key-name",is(key.getKeyName()))
-                .body("api-key.size()",is(256))
+                .body("api-key.size()",is(AuthDao.API_KEY_TOTAL_LENGTH))
                 .body("created",not(equalTo(null)))
                 .body("expires",is(equalTo(null)))
                 .extract().as(ApiKey.class);
@@ -90,8 +90,8 @@ void test_api_key_creation_no_expiration(String authType, TestAccounts.KeyUser t
 	@AuthType(user = TestAccounts.KeyUser.SPK_NORMAL)
     void test_api_key_creation_with_expiration(String authType, TestAccounts.KeyUser theUser, RequestSpecification authSpec) {
         final String keyName = "TestKey1-Expires";
-        
-        
+
+
         final ApiKey key = new ApiKey(theUser.getName(),keyName,null,null,ZonedDateTime.now());
         final ApiKey expiredKey = new ApiKey(key.getUserId(),EXPIRED_KEY_NAME,null,null,ZonedDateTime.now().minusMinutes(1L));
 
@@ -108,7 +108,7 @@ void test_api_key_creation_with_expiration(String authType, TestAccounts.KeyUser
                 .statusCode(is(HttpCode.CREATED.getStatus()))
                 .body("user-id",is(key.getUserId().toUpperCase()))
                 .body("key-name",is(key.getKeyName()))
-                .body("api-key.size()",is(256))            
+                .body("api-key.size()",is(AuthDao.API_KEY_TOTAL_LENGTH))
                 .body("created",not(equalTo(null)))
                 .body("expires",not(equalTo(null)))
                 .extract().as(ApiKey.class);
@@ -127,15 +127,15 @@ void test_api_key_creation_with_expiration(String authType, TestAccounts.KeyUser
                 .statusCode(is(HttpCode.CREATED.getStatus()))
                 .body("user-id",is(expiredKey.getUserId().toUpperCase()))
                 .body("key-name",is(expiredKey.getKeyName()))
-                .body("api-key.size()",is(256))            
+                .body("api-key.size()",is(AuthDao.API_KEY_TOTAL_LENGTH))
                 .body("created",not(equalTo(null)))
                 .body("expires",not(equalTo(null)))
                 .extract().as(ApiKey.class);
         realKeys.add(returnedKey);
 
 
         final String bodyWithSpecificExpiresFormat = "{\"user-id\": \"" + theUser.getName() + "\",\"key-name\": \"foo\",\"api-key\": \"string\",\"expires\": \"2023-09-23T14:20:00.908Z\"}";
-        returnedKey = 
+        returnedKey =
             given()
                 .log().ifValidationFails(LogDetail.ALL,true)
                 .spec(authSpec)
@@ -148,7 +148,7 @@ void test_api_key_creation_with_expiration(String authType, TestAccounts.KeyUser
                 .statusCode(is(HttpCode.CREATED.getStatus()))
                 .body("user-id",is(expiredKey.getUserId().toUpperCase()))
                 .body("key-name",is("foo"))
-                .body("api-key.size()",is(256))
+                .body("api-key.size()",is(AuthDao.API_KEY_TOTAL_LENGTH))
                 .body("created",not(equalTo(null)))
                 .body("expires",not(equalTo(null)))
                 .extract().as(ApiKey.class);
@@ -184,7 +184,7 @@ void test_api_key_creation_not_other_user(String authType, TestAccounts.KeyUser
 	@ArgumentsSource(UserSpecSource.class)
 	@AuthType(user = TestAccounts.KeyUser.SPK_NORMAL)
     void test_api_key_listing(String authType, TestAccounts.KeyUser theUser, RequestSpecification authSpec) {
-        List<ApiKey> keys = 
+        List<ApiKey> keys =
             given()
                 .log().ifValidationFails(LogDetail.ALL,true)
                 .spec(authSpec)
@@ -215,12 +215,12 @@ void test_api_key_listing(String authType, TestAccounts.KeyUser theUser, Request
             .statusCode(HttpCode.OK.getStatus());
     }
 
-    
+
     // use api key
     @Test
     @Order(5)
     public void test_key_usage() throws Exception {
-        
+
         createLocation("ApiKey-Test Location",true,"SPK");
         String json = loadResourceAsString("cwms/cda/api/location_create_spk.json");
         Location location = new Location.Builder(Formats.parseContent(Formats.parseHeader(Formats.JSON, Location.class),
@@ -394,7 +394,7 @@ private void assertContainsKey(ApiKey expectedKey, List<ApiKey> returnedSet) {
                 ZonedDateTime expectedExpires = expected.getExpires();
                 if (expectedKeyExpires == null && expectedExpires == null) {
                     return;
-                } else if((expectedKeyExpires != null && expectedExpires != null) 
+                } else if((expectedKeyExpires != null && expectedExpires != null)
                         && expectedExpires.isEqual(expectedKeyExpires)) {
                     return;
                 }
