-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from cabinetoffice/release/2.4
Release/2.4
- Loading branch information
Showing
10 changed files
with
148 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
src/main/java/gov/cabinetoffice/gap/applybackend/exception/UnauthorizedException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package gov.cabinetoffice.gap.applybackend.exception; | ||
|
||
import org.springframework.http.HttpStatus; | ||
import org.springframework.web.bind.annotation.ResponseStatus; | ||
|
||
@ResponseStatus(HttpStatus.UNAUTHORIZED) | ||
public class UnauthorizedException extends RuntimeException { | ||
|
||
public UnauthorizedException() { | ||
} | ||
|
||
public UnauthorizedException(String message) { | ||
super(message); | ||
} | ||
|
||
public UnauthorizedException(String message, Throwable cause) { | ||
super(message, cause); | ||
} | ||
|
||
public UnauthorizedException(Throwable cause) { | ||
super(cause); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
src/main/java/gov/cabinetoffice/gap/applybackend/service/SecretAuthService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
package gov.cabinetoffice.gap.applybackend.service; | ||
|
||
import gov.cabinetoffice.gap.applybackend.exception.UnauthorizedException; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.beans.factory.annotation.Value; | ||
import org.springframework.stereotype.Service; | ||
|
||
import java.util.Objects; | ||
|
||
@Service | ||
@RequiredArgsConstructor | ||
public class SecretAuthService { | ||
|
||
@Value("${lambda.secret}") | ||
private String lambdaSecret; | ||
|
||
/** | ||
* Intended to authenticate requests coming from lambdas, which shouldn't pass through | ||
* the JWT auth process. TODO I think this could be converted into an annotation for | ||
* lambda controller methods | ||
* @param authHeader value taken from Authorization header | ||
*/ | ||
public void authenticateSecret(String authHeader) { | ||
if (!Objects.equals(lambdaSecret, authHeader)) { | ||
throw new UnauthorizedException("Secret key does not match"); | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
src/test/java/gov/cabinetoffice/gap/applybackend/service/SecretAuthServiceTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package gov.cabinetoffice.gap.applybackend.service; | ||
|
||
import gov.cabinetoffice.gap.applybackend.exception.UnauthorizedException; | ||
import org.junit.jupiter.api.BeforeEach; | ||
import org.junit.jupiter.api.Test; | ||
import org.mockito.InjectMocks; | ||
import org.springframework.test.context.junit.jupiter.SpringJUnitConfig; | ||
import org.springframework.test.util.ReflectionTestUtils; | ||
|
||
import static org.assertj.core.api.AssertionsForClassTypes.assertThatNoException; | ||
import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy; | ||
|
||
@SpringJUnitConfig | ||
class SecretAuthServiceTest { | ||
|
||
@InjectMocks | ||
private SecretAuthService secretAuthService; | ||
|
||
private final String correctSecretKey = "topSecretKey"; | ||
|
||
@BeforeEach | ||
void beforeEach() { | ||
ReflectionTestUtils.setField(secretAuthService, "lambdaSecret", correctSecretKey); | ||
} | ||
|
||
@Test | ||
void authenticateSecret_HappyPath() { | ||
assertThatNoException().isThrownBy(() -> secretAuthService.authenticateSecret(correctSecretKey)); | ||
} | ||
|
||
@Test | ||
void authenticateSecret_UnhappyPath() { | ||
assertThatThrownBy(() -> secretAuthService.authenticateSecret("wrongKey")) | ||
.isInstanceOf(UnauthorizedException.class).hasMessage("Secret key does not match"); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters