With this change, the creation of API keys will throw an error if one tries to create a new API key. To make this error distinguishable from other errors, we use a 404 (not found) in this case (a 409 would be indistinguishable from a "real" conflict, 401 or 403 could be misleading). Doing this, the cli client can print better error messages.

In addition, this removes the links to API keys in user hal objects, when API keys are disabled.

Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
This commit is contained in:
Rene Pfeuffer
2023-02-28 10:01:27 +01:00
committed by SCM-Manager
parent cb8c951cb8
commit 8cef21e32c
11 changed files with 172 additions and 23 deletions

View File

@@ -41,6 +41,7 @@ import org.mockito.Mock;
import sonia.scm.ContextEntry;
import sonia.scm.NotFoundException;
import sonia.scm.PageResult;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.group.GroupManager;
import sonia.scm.security.ApiKeyService;
import sonia.scm.security.PermissionAssigner;
@@ -110,6 +111,8 @@ public class UserRootResourceTest {
private GroupManager groupManager;
@Mock
private GroupToGroupDtoMapper groupToGroupDtoMapper;
@Mock
private ScmConfiguration scmConfiguration;
@InjectMocks
private UserDtoToUserMapperImpl dtoToUserMapper;
@InjectMocks

View File

@@ -33,6 +33,7 @@ import org.junit.Before;
import org.junit.Test;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.user.User;
import sonia.scm.user.UserManager;
import sonia.scm.user.UserTestData;
@@ -55,6 +56,8 @@ public class UserToUserDtoMapperTest {
@Mock
private UserManager userManager;
@Mock
private ScmConfiguration scmConfiguration;
@InjectMocks
private UserToUserDtoMapperImpl mapper;
@@ -188,4 +191,26 @@ public class UserToUserDtoMapperTest {
assertEquals("expected permissions link", expectedBaseUri.resolve("abc/permissions").toString(), userDto.getLinks().getLinkBy("permissions").get().getHref());
assertEquals("expected permission overview link", expectedBaseUri.resolve("abc/permissionOverview").toString(), userDto.getLinks().getLinkBy("permissionOverview").get().getHref());
}
@Test
public void shouldMapApiKeyLinks_IfEnabled() {
User user = createDefaultUser();
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
when(scmConfiguration.isEnabledApiKeys()).thenReturn(true);
UserDto userDto = mapper.map(user);
assertEquals("expected api key link", expectedBaseUri.resolve("abc/api_keys").toString(), userDto.getLinks().getLinkBy("apiKeys").get().getHref());
}
@Test
public void shouldNotMapApiKeyLinks_IfDisabled() {
User user = createDefaultUser();
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
when(scmConfiguration.isEnabledApiKeys()).thenReturn(false);
UserDto userDto = mapper.map(user);
assertThat(userDto.getLinks().getLinkBy("apiKeys")).isEmpty();
}
}

View File

@@ -35,6 +35,7 @@ import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import sonia.scm.AlreadyExistsException;
import sonia.scm.HandlerEventType;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.store.DataStore;
import sonia.scm.store.DataStoreFactory;
import sonia.scm.store.InMemoryDataStore;
@@ -61,7 +62,8 @@ class ApiKeyServiceTest {
ApiKeyTokenHandler tokenHandler = new ApiKeyTokenHandler();
DataStoreFactory storeFactory = new InMemoryDataStoreFactory(new InMemoryDataStore<ApiKeyCollection>());
DataStore<ApiKeyCollection> store = storeFactory.withType(ApiKeyCollection.class).withName("apiKeys").build();
ApiKeyService service = new ApiKeyService(storeFactory, passwordService, keyGenerator, tokenHandler, passphraseGenerator);
ScmConfiguration scmConfiguration = new ScmConfiguration();
ApiKeyService service = new ApiKeyService(storeFactory, passwordService, keyGenerator, tokenHandler, passphraseGenerator, scmConfiguration);
@BeforeEach
void mockPasswordService() {
@@ -177,5 +179,13 @@ class ApiKeyServiceTest {
assertThat(store.get("dent")).isNull();
}
@Test
void shouldFailIfApiKeysAreDisabled() {
scmConfiguration.setEnabledApiKeys(false);
assertThrows(ApiKeysDisabledException.class, () -> service.createNewKey("dent", "1", "READ"));
}
}
}