File tree Expand file tree Collapse file tree
main/java/org/opendevstack/apiservice/project
test/java/org/opendevstack/apiservice/project/controller Expand file tree Collapse file tree Original file line number Diff line number Diff line change 77import org .opendevstack .apiservice .project .facade .ProjectsFacade ;
88import org .opendevstack .apiservice .project .model .CreateProjectRequest ;
99import org .opendevstack .apiservice .project .model .CreateProjectResponse ;
10+ import org .opendevstack .apiservice .project .util .SecurityUtils ;
1011import org .opendevstack .apiservice .project .validation .ProjectRequestValidator ;
1112import org .springframework .http .HttpStatus ;
1213import org .springframework .http .ResponseEntity ;
@@ -37,15 +38,16 @@ public class ProjectController implements ProjectsApi {
3738 @ Override
3839 public ResponseEntity <CreateProjectResponse > createProject (@ Valid @ RequestBody CreateProjectRequest createProjectRequest ) {
3940 projectRequestValidator .validate (createProjectRequest );
40- UUID clientId = UUID .fromString ("00000000-0000-0000-0000-000000000001" );
41+ UUID clientId = SecurityUtils .getClientId ();
42+
4143 CreateProjectResponse projectResponse = projectsFacade .createProject (createProjectRequest , clientId );
4244 projectResponse .setLocation (API_BASE_PATH + "/" + projectResponse .getProjectKey ());
4345 return ResponseEntity
4446 .status (HttpStatus .OK )
4547 .header (HTTP_HEADER_LOCATION , API_BASE_PATH )
4648 .body (projectResponse );
4749 }
48-
50+
4951 @ GetMapping ("/{projectKey}" )
5052 @ Override
5153 public ResponseEntity <CreateProjectResponse > getProject (@ PathVariable String projectKey ) {
Original file line number Diff line number Diff line change 1+ package org .opendevstack .apiservice .project .util ;
2+
3+ import org .springframework .security .core .context .SecurityContextHolder ;
4+ import org .springframework .security .oauth2 .jwt .Jwt ;
5+ import org .springframework .security .oauth2 .server .resource .InvalidBearerTokenException ;
6+
7+ import java .util .UUID ;
8+
9+ public class SecurityUtils {
10+
11+ private SecurityUtils () {
12+ // to avoid instantiation
13+ }
14+
15+ public static UUID getClientId () {
16+ String appId = null ;
17+ Object principal = SecurityContextHolder .getContext ().getAuthentication ().getPrincipal ();
18+
19+ if (principal instanceof Jwt ) {
20+ appId = ((Jwt ) principal ).getClaimAsString ("appid" );
21+ } else {
22+ throw new InvalidBearerTokenException ("Invalid authentication token: " + principal .getClass ().getName ());
23+ }
24+
25+ return UUID .fromString (appId );
26+ }
27+ }
Original file line number Diff line number Diff line change 1111import org .opendevstack .apiservice .project .validation .ProjectRequestValidator ;
1212import org .springframework .http .HttpStatus ;
1313import org .springframework .http .ResponseEntity ;
14+ import org .springframework .security .core .context .SecurityContextHolder ;
15+ import org .springframework .security .oauth2 .jwt .Jwt ;
16+ import org .springframework .security .oauth2 .server .resource .authentication .JwtAuthenticationToken ;
17+
18+ import java .util .UUID ;
1419
1520import static org .assertj .core .api .Assertions .assertThat ;
1621import static org .mockito .ArgumentMatchers .any ;
1722import static org .mockito .Mockito .verify ;
1823import static org .mockito .Mockito .when ;
1924
20- import java .util .UUID ;
21-
2225class ProjectControllerTest {
2326
2427 @ Mock
@@ -34,6 +37,14 @@ class ProjectControllerTest {
3437 void setup () {
3538 mocks = MockitoAnnotations .openMocks (this );
3639 sut = new ProjectController (projectsFacade , projectRequestValidator );
40+
41+ Jwt jwtToken = Jwt .withTokenValue ("dummy-token" )
42+ .claim ("appid" , UUID .randomUUID ().toString ())
43+ .claim ("sub" , "test-user" )
44+ .header ("alg" , "none" )
45+ .build ();
46+ JwtAuthenticationToken authentication = new JwtAuthenticationToken (jwtToken );
47+ SecurityContextHolder .getContext ().setAuthentication (authentication );
3748 }
3849
3950 @ AfterEach
You can’t perform that action at this time.
0 commit comments