diff --git a/.github/workflows/feature.yml b/.github/workflows/feature.yml index 96517766..20ca9741 100644 --- a/.github/workflows/feature.yml +++ b/.github/workflows/feature.yml @@ -7,6 +7,7 @@ on: - AFG-** - bug/** - GAP-** + - feat/** pull_request: branches: - feature/** diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/dto/api/JwtPayload.java b/src/main/java/gov/cabinetoffice/gap/applybackend/dto/api/JwtPayload.java index dbd7b8a6..c98256b2 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/dto/api/JwtPayload.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/dto/api/JwtPayload.java @@ -25,4 +25,5 @@ public class JwtPayload { private String familyName; private String email; private String isAdmin; + private String roles; } \ No newline at end of file diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/exception/ForbiddenException.java b/src/main/java/gov/cabinetoffice/gap/applybackend/exception/ForbiddenException.java new file mode 100644 index 00000000..324b7cca --- /dev/null +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/exception/ForbiddenException.java @@ -0,0 +1,24 @@ +package gov.cabinetoffice.gap.applybackend.exception; + +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.ResponseStatus; + +@ResponseStatus(HttpStatus.FORBIDDEN) +public class ForbiddenException extends RuntimeException { + + public ForbiddenException() { + } + + public ForbiddenException(String message) { + super(message); + } + + public ForbiddenException(String message, Throwable cause) { + super(message, cause); + } + + public ForbiddenException(Throwable cause) { + super(cause); + } + +} diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/model/GrantApplicant.java b/src/main/java/gov/cabinetoffice/gap/applybackend/model/GrantApplicant.java index 86e2dbb8..829b5e69 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/model/GrantApplicant.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/model/GrantApplicant.java @@ -22,7 +22,7 @@ public class GrantApplicant { private long id; @Column - private UUID userId; + private String userId; @OneToOne(mappedBy = "applicant") @JsonIgnoreProperties diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/repository/GrantApplicantRepository.java b/src/main/java/gov/cabinetoffice/gap/applybackend/repository/GrantApplicantRepository.java index d257311d..f28b4695 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/repository/GrantApplicantRepository.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/repository/GrantApplicantRepository.java @@ -7,5 +7,5 @@ import java.util.UUID; public interface GrantApplicantRepository extends JpaRepository { - Optional findByUserId(UUID userid); + Optional findByUserId(String userid); } diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/security/JwtTokenFilterV2.java b/src/main/java/gov/cabinetoffice/gap/applybackend/security/JwtTokenFilterV2.java new file mode 100644 index 00000000..9b0143cf --- /dev/null +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/security/JwtTokenFilterV2.java @@ -0,0 +1,68 @@ +package gov.cabinetoffice.gap.applybackend.security; + +import com.auth0.jwt.interfaces.DecodedJWT; +import gov.cabinetoffice.gap.applybackend.dto.api.JwtPayload; +import gov.cabinetoffice.gap.applybackend.exception.ForbiddenException; +import gov.cabinetoffice.gap.applybackend.service.JwtService; +import lombok.RequiredArgsConstructor; +import org.springframework.http.HttpHeaders; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.Collections; + +import static org.springframework.util.ObjectUtils.isEmpty; + +/** + * This class cannot be a Spring bean, otherwise Spring will automatically apply it to all + * requests, regardless of whether they've been specifically ignored + */ +@RequiredArgsConstructor +public class JwtTokenFilterV2 extends OncePerRequestFilter { + + private final JwtService jwtService; + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, + FilterChain chain) + throws ServletException, IOException { + + // Check if auth header exists. If not, return without setting authentication in the security context + final String header = request.getHeader(HttpHeaders.AUTHORIZATION); + if (isEmpty(header) || !header.startsWith("Bearer ")) { + chain.doFilter(request, response); + return; + } + //verify the token + String normalisedJwt = header.split(" ")[1]; + if (!jwtService.verifyToken(normalisedJwt)) { + chain.doFilter(request, response); + return; + } + + DecodedJWT decodedJWT = jwtService.decodedJwt(normalisedJwt); + //set the Security context, so we can access it everywhere + JwtPayload jwtPayload = jwtService.decodeTheTokenPayloadInAReadableFormatV2(decodedJWT); + + if (!jwtPayload.getRoles().contains("APPLICANT")) { + throw new ForbiddenException("User is not an applicant"); + } + + UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( + jwtPayload, + null, + Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))); + + SecurityContextHolder.getContext().setAuthentication(authentication); + chain.doFilter(request, response); + } + +} \ No newline at end of file diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/security/WebSecurityConfig.java b/src/main/java/gov/cabinetoffice/gap/applybackend/security/WebSecurityConfig.java index 0c7f6ec5..afcf4493 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/security/WebSecurityConfig.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/security/WebSecurityConfig.java @@ -2,6 +2,7 @@ import gov.cabinetoffice.gap.applybackend.service.JwtService; import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; @@ -22,6 +23,9 @@ public class WebSecurityConfig { private final JwtService jwtService; + @Value("${feature.onelogin.enabled}") + private boolean oneLoginEnabled; + /** * Using WebSecurityCustomizer#ignoring triggers a warning at app start-up for each path ignored. * Unfortunately, its recommendation is not suitable for us, since we not only need authentication to be ignored @@ -57,8 +61,13 @@ public SecurityFilterChain filterChainPublic(HttpSecurity http) throws Exception .anyRequest() .authenticated(); - http + if(oneLoginEnabled) { + http + .addFilterBefore(new JwtTokenFilterV2(jwtService), UsernamePasswordAuthenticationFilter.class); + } else { + http .addFilterBefore(new JwtTokenFilter(jwtService), UsernamePasswordAuthenticationFilter.class); + } // disable a bunch of Spring Security default stuff we don't need http diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileService.java b/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileService.java index f3439cf4..2a73c33c 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileService.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileService.java @@ -29,7 +29,7 @@ public GrantApplicantOrganisationProfile updateOrganisation(GrantApplicantOrgani .orElseThrow(() -> new NotFoundException(String.format("No Organisation Profile with ID %s was found", updatedProfile.getId()))); } - public GrantApplicantOrganisationProfile createOrganisation(UUID applicantId, GrantApplicantOrganisationProfile profile) { + public GrantApplicantOrganisationProfile createOrganisation(String applicantId, GrantApplicantOrganisationProfile profile) { final GrantApplicant applicant = grantApplicantService.getApplicantById(applicantId); profile.setApplicant(applicant); diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantService.java b/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantService.java index 8c4aece9..c84ce7cb 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantService.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantService.java @@ -16,16 +16,15 @@ public class GrantApplicantService { private final GrantApplicantRepository grantApplicantRepository; - public GrantApplicant getApplicantById(UUID applicantId) { + public GrantApplicant getApplicantById(String applicantId) { return grantApplicantRepository .findByUserId(applicantId) - .orElseThrow(() -> new NotFoundException(String.format("No Grant Applicant with ID %s was found", applicantId.toString()))); + .orElseThrow(() -> new NotFoundException(String.format("No Grant Applicant with ID %s was found", applicantId))); } public GrantApplicant getApplicantFromPrincipal() { final JwtPayload jwtPayload = (JwtPayload) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - final UUID applicantId = UUID.fromString(jwtPayload.getSub()); - return this.getApplicantById((applicantId)); + return this.getApplicantById(jwtPayload.getSub()); } public GrantApplicant saveApplicant(GrantApplicant applicant){ diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/service/JwtService.java b/src/main/java/gov/cabinetoffice/gap/applybackend/service/JwtService.java index 187fe961..1b358309 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/service/JwtService.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/service/JwtService.java @@ -4,6 +4,7 @@ import com.auth0.jwt.interfaces.DecodedJWT; import gov.cabinetoffice.gap.applybackend.config.UserServiceConfig; import gov.cabinetoffice.gap.applybackend.dto.api.JwtPayload; + import static java.lang.Boolean.TRUE; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -87,4 +88,25 @@ public JwtPayload decodeTheTokenPayloadInAReadableFormat(DecodedJWT jwt) { .isAdmin(isAdmin) .build(); } + + public JwtPayload decodeTheTokenPayloadInAReadableFormatV2(DecodedJWT jwt) { + final String payloadJson = decodeBase64ToJson(jwt.getPayload()); + final JSONObject jsonObject = new JSONObject(payloadJson); + final String sub = jwt.getSubject(); + final String roles = jsonObject.getString("roles"); + final String iss = jsonObject.getString("iss"); + final String aud = jsonObject.getString("aud"); + final int exp = jsonObject.getInt("exp"); + final int iat = jsonObject.getInt("iat"); + final String email = jsonObject.getString("email"); + return JwtPayload.builder() + .sub(sub) + .roles(roles) + .iss(iss) + .aud(aud) + .exp(exp) + .iat(iat) + .email(email) + .build(); + } } diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantController.java b/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantController.java index 92b34371..4108adfd 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantController.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantController.java @@ -40,9 +40,8 @@ public ResponseEntity getGrantApplicantById() { final String familyName = jwtPayload.getFamilyName(); final String givenName = jwtPayload.getGivenName(); final String fullName = String.format("%s %s", givenName, familyName); - UUID applicantId = UUID.fromString(jwtPayload.getSub()); - final GrantApplicant applicant = grantApplicantService.getApplicantById(applicantId); + final GrantApplicant applicant = grantApplicantService.getApplicantById(jwtPayload.getSub()); GetGrantApplicantDto applicantDto = modelMapper.map(applicant, GetGrantApplicantDto.class); applicantDto.setFullName(WordUtils.capitalize(fullName)); @@ -53,10 +52,9 @@ public ResponseEntity getGrantApplicantById() { @GetMapping("/does-exist") public ResponseEntity doesApplicantExist(){ JwtPayload jwtPayload = (JwtPayload) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - UUID applicantId = UUID.fromString(jwtPayload.getSub()); GrantApplicant applicant = null; try { - applicant = grantApplicantService.getApplicantById(applicantId); + applicant = grantApplicantService.getApplicantById(jwtPayload.getSub()); }catch (NotFoundException ignored){ } return ResponseEntity.ok(applicant != null); @@ -65,9 +63,8 @@ public ResponseEntity doesApplicantExist(){ @PostMapping("/create") public ResponseEntity createApplicant(){ final JwtPayload jwtPayload = (JwtPayload) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - final UUID applicantId = UUID.fromString(jwtPayload.getSub()); final GrantApplicant applicant = GrantApplicant.builder() - .userId(applicantId) + .userId(jwtPayload.getSub()) .build(); grantApplicantService.saveApplicant(applicant); @@ -75,7 +72,7 @@ public ResponseEntity createApplicant(){ final GrantApplicantOrganisationProfile profile = GrantApplicantOrganisationProfile .builder() .build(); - grantApplicantOrganisationProfileService.createOrganisation(applicantId, profile); + grantApplicantOrganisationProfileService.createOrganisation(jwtPayload.getSub(), profile); return ResponseEntity.ok("User has been created"); } diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileController.java b/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileController.java index ac01a144..a319bf7c 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileController.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileController.java @@ -58,9 +58,8 @@ public ResponseEntity updateOrganisation(@PathVariable long organisation }) public ResponseEntity createOrganisation(@RequestBody CreateGrantApplicantOrganisationProfileDto organisation) { JwtPayload jwtPayload = (JwtPayload) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - final UUID userId = UUID.fromString(jwtPayload.getSub()); GrantApplicantOrganisationProfile grantApplicantOrganisationProfile = modelMapper.map(organisation, GrantApplicantOrganisationProfile.class); - grantApplicantOrganisationProfileService.createOrganisation(userId, grantApplicantOrganisationProfile); + grantApplicantOrganisationProfileService.createOrganisation(jwtPayload.getSub(), grantApplicantOrganisationProfile); return new ResponseEntity<>(String.format("An organisation with the id %s has been created", grantApplicantOrganisationProfile.getId()), HttpStatus.CREATED); } } diff --git a/src/main/java/gov/cabinetoffice/gap/applybackend/web/SubmissionController.java b/src/main/java/gov/cabinetoffice/gap/applybackend/web/SubmissionController.java index adfa72ca..b5256d53 100644 --- a/src/main/java/gov/cabinetoffice/gap/applybackend/web/SubmissionController.java +++ b/src/main/java/gov/cabinetoffice/gap/applybackend/web/SubmissionController.java @@ -43,8 +43,7 @@ public class SubmissionController { @GetMapping public ResponseEntity> getSubmissions() { JwtPayload jwtPayload = (JwtPayload) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - final UUID applicantId = UUID.fromString(jwtPayload.getSub()); - GrantApplicant applicant = grantApplicantService.getApplicantById((applicantId)); + GrantApplicant applicant = grantApplicantService.getApplicantById(jwtPayload.getSub()); return ResponseEntity.ok(applicant.getSubmissions().stream() .map(this::buildSubmissionDto) .toList() @@ -183,8 +182,7 @@ public ResponseEntity createApplication(@PathVariab final GrantApplication grantApplication = grantApplicationService.getGrantApplicationById(applicationId); JwtPayload jwtPayload = (JwtPayload) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - final UUID userId = UUID.fromString(jwtPayload.getSub()); - final GrantApplicant grantApplicant = grantApplicantService.getApplicantById(userId); + final GrantApplicant grantApplicant = grantApplicantService.getApplicantById(jwtPayload.getSub()); final boolean submissionExists = submissionService.doesSubmissionExist(grantApplicant, grantApplication); if (submissionExists) { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b33b22e0..4bf7428b 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -35,4 +35,6 @@ gov-notify.submissionConfirmationTemplate=a-notify-template-id frontEndUri=a-front-end-url environmentName=an-environment-name -lambda.secret=lambdaSecretKey \ No newline at end of file +lambda.secret=lambdaSecretKey + +feature.onelogin.enabled=false \ No newline at end of file diff --git a/src/test/java/gov/cabinetoffice/gap/applybackend/generators/SubmissionGenerator.java b/src/test/java/gov/cabinetoffice/gap/applybackend/generators/SubmissionGenerator.java index e22bef7a..fe73d824 100644 --- a/src/test/java/gov/cabinetoffice/gap/applybackend/generators/SubmissionGenerator.java +++ b/src/test/java/gov/cabinetoffice/gap/applybackend/generators/SubmissionGenerator.java @@ -32,6 +32,6 @@ private static GrantApplication.GrantApplicationBuilder randomGrantApplicationGe private static GrantApplicant.GrantApplicantBuilder randomGrantApplicantGenerator() { return GrantApplicant.builder() .id(1) - .userId(UUID.fromString("75ab5fbd-0682-4d3d-a467-01c7a447f07c")); + .userId("75ab5fbd-0682-4d3d-a467-01c7a447f07c"); } } diff --git a/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileServiceTest.java b/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileServiceTest.java index 293432ed..7942d05f 100644 --- a/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileServiceTest.java +++ b/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantOrganisationProfileServiceTest.java @@ -29,7 +29,7 @@ class GrantApplicantOrganisationProfileServiceTest { @InjectMocks private GrantApplicantOrganisationProfileService serviceUnderTest; - private final UUID APPLICANT_ID = UUID.fromString("75ab5fbd-0682-4d3d-a467-01c7a447f07c"); + private final String APPLICANT_ID = "75ab5fbd-0682-4d3d-a467-01c7a447f07c"; @Test void getOrganisationById_ReturnsCorrectOrganisation() { diff --git a/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantServiceTest.java b/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantServiceTest.java index a3bad75e..b39c6d63 100644 --- a/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantServiceTest.java +++ b/src/test/java/gov/cabinetoffice/gap/applybackend/service/GrantApplicantServiceTest.java @@ -21,7 +21,7 @@ @ExtendWith(MockitoExtension.class) class GrantApplicantServiceTest { - private final UUID APPLICANT_ID = UUID.fromString("75ab5fbd-0682-4d3d-a467-01c7a447f07c"); + private final String APPLICANT_ID = "75ab5fbd-0682-4d3d-a467-01c7a447f07c"; @Mock private GrantApplicantRepository grantApplicantRepository; @InjectMocks @@ -56,8 +56,7 @@ void getOrganisationById_OrgNotFound() { void createApplicant() { final ArgumentCaptor grantApplicantArgumentCaptor = ArgumentCaptor .forClass(GrantApplicant.class); - UUID userId = UUID.randomUUID(); - GrantApplicant grantApplicant = GrantApplicant.builder().id(1L).userId(userId).build(); + GrantApplicant grantApplicant = GrantApplicant.builder().id(1L).userId("sdfghsdgs").build(); serviceUnderTest.saveApplicant(grantApplicant); diff --git a/src/test/java/gov/cabinetoffice/gap/applybackend/service/SubmissionServiceTest.java b/src/test/java/gov/cabinetoffice/gap/applybackend/service/SubmissionServiceTest.java index 3310209b..534afad3 100644 --- a/src/test/java/gov/cabinetoffice/gap/applybackend/service/SubmissionServiceTest.java +++ b/src/test/java/gov/cabinetoffice/gap/applybackend/service/SubmissionServiceTest.java @@ -74,7 +74,7 @@ class SubmissionServiceTest { final String companiesHouseNo = "1234"; final String charityNo = "1234"; final String[] beneficiaryLocation = new String[]{"South West England", "Midlands", "Scotland"}; - final UUID userId = UUID.fromString("75ab5fbd-0682-4d3d-a467-01c7a447f07c"); + final String userId = "75ab5fbd-0682-4d3d-a467-01c7a447f07c"; private SubmissionQuestion question; private SubmissionSection section; diff --git a/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantControllerTest.java b/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantControllerTest.java index ef7ea133..08564a9b 100644 --- a/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantControllerTest.java +++ b/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantControllerTest.java @@ -33,7 +33,7 @@ class GrantApplicantControllerTest { private final long APPLICANT_ID = 1; private final long PROFILE_ID = 1; - private final UUID APPLICANT_USER_ID = UUID.fromString("75ab5fbd-0682-4d3d-a467-01c7a447f07c"); + private final String APPLICANT_USER_ID = "75ab5fbd-0682-4d3d-a467-01c7a447f07c"; @Mock private Authentication authentication; @Mock diff --git a/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileControllerTest.java b/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileControllerTest.java index aa2c8caa..4128a1ee 100644 --- a/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileControllerTest.java +++ b/src/test/java/gov/cabinetoffice/gap/applybackend/web/GrantApplicantOrganisationProfileControllerTest.java @@ -27,9 +27,8 @@ @ExtendWith(MockitoExtension.class) class GrantApplicantOrganisationProfileControllerTest { - private final long APPLICANT_ID = 1; private final long PROFILE_ID = 1; - private final UUID APPLICANT_USER_ID = UUID.fromString("75ab5fbd-0682-4d3d-a467-01c7a447f07c"); + private final String APPLICANT_USER_ID = "75ab5fbd-0682-4d3d-a467-01c7a447f07c"; @Mock private GrantApplicantOrganisationProfileService grantApplicantOrganisationProfileService; @Mock @@ -104,8 +103,7 @@ void createOrganisation_Success() { when(securityContext.getAuthentication()).thenReturn(authentication); SecurityContextHolder.setContext(securityContext); - JwtPayload jwtPayload = JwtPayload.builder().sub(APPLICANT_USER_ID.toString()).build(); - final UUID applicantId = UUID.fromString(jwtPayload.getSub()); + JwtPayload jwtPayload = JwtPayload.builder().sub(APPLICANT_USER_ID).build(); when(SecurityContextHolder.getContext().getAuthentication().getPrincipal()).thenReturn(jwtPayload); when(modelMapper.map(createGrantApplicantOrganisationProfileDto, GrantApplicantOrganisationProfile.class)) .thenReturn(grantApplicantOrganisationProfile); @@ -115,7 +113,7 @@ void createOrganisation_Success() { ResponseEntity response = controllerUnderTest .createOrganisation(createGrantApplicantOrganisationProfileDto); - verify(grantApplicantOrganisationProfileService).createOrganisation(applicantId, grantApplicantOrganisationProfile); + verify(grantApplicantOrganisationProfileService).createOrganisation(jwtPayload.getSub(), grantApplicantOrganisationProfile); assertEquals(HttpStatus.CREATED, response.getStatusCode()); assertEquals(response.getBody(), String.format("An organisation with the id %s has been created", grantApplicantOrganisationProfile.getId())); diff --git a/src/test/java/gov/cabinetoffice/gap/applybackend/web/SubmissionControllerTest.java b/src/test/java/gov/cabinetoffice/gap/applybackend/web/SubmissionControllerTest.java index 5bbc189a..f649a085 100644 --- a/src/test/java/gov/cabinetoffice/gap/applybackend/web/SubmissionControllerTest.java +++ b/src/test/java/gov/cabinetoffice/gap/applybackend/web/SubmissionControllerTest.java @@ -164,7 +164,7 @@ class SubmissionControllerTest { .postcode("G2 1QQ") .county("Renfrewshire") .build(); - private final UUID APPLICANT_USER_ID = UUID.fromString("75ab5fbd-0682-4d3d-a467-01c7a447f07c"); + private final String APPLICANT_USER_ID = "75ab5fbd-0682-4d3d-a467-01c7a447f07c"; final GrantApplicant grantApplicant = GrantApplicant.builder() .id(APPLICANT_ID) .userId(APPLICANT_USER_ID) @@ -487,14 +487,13 @@ void createApplication() throws JsonProcessingException { .build(); when(securityContext.getAuthentication()).thenReturn(authentication); SecurityContextHolder.setContext(securityContext); - JwtPayload jwtPayload = JwtPayload.builder().sub(APPLICANT_USER_ID.toString()).build(); - final UUID applicantId = UUID.fromString(jwtPayload.getSub()); - final GrantApplicant grantApplicant = GrantApplicant.builder().userId(applicantId).build(); + JwtPayload jwtPayload = JwtPayload.builder().sub(APPLICANT_USER_ID).build(); + final GrantApplicant grantApplicant = GrantApplicant.builder().userId(jwtPayload.getSub()).build(); when(SecurityContextHolder.getContext().getAuthentication().getPrincipal()).thenReturn(jwtPayload); when(grantApplicationService.isGrantApplicationPublished(1)).thenReturn(true); when(grantApplicationService.getGrantApplicationById(1)).thenReturn(grantApplication); - when(grantApplicantService.getApplicantById(applicantId)).thenReturn(grantApplicant); + when(grantApplicantService.getApplicantById(jwtPayload.getSub())).thenReturn(grantApplicant); when(submissionService.createSubmissionFromApplication(grantApplicant, grantApplication)).thenReturn(createSubmissionResponseDto); ResponseEntity response = controllerUnderTest.createApplication(1);