Make sure that when initialize hasn't been called yet for a tenant, that authentication fails with 40x status code rather than an internal server error.
diff --git a/component-test/src/main/java/TestAnubisInitialize.java b/component-test/src/main/java/TestAnubisInitialize.java
index 9d6343d..69ad24f 100644
--- a/component-test/src/main/java/TestAnubisInitialize.java
+++ b/component-test/src/main/java/TestAnubisInitialize.java
@@ -16,6 +16,7 @@
import io.mifos.anubis.api.v1.client.Anubis;
import io.mifos.anubis.api.v1.client.AnubisApiFactory;
+import io.mifos.anubis.api.v1.domain.AllowedOperation;
import io.mifos.anubis.api.v1.domain.Signature;
import io.mifos.anubis.example.simple.Example;
import io.mifos.anubis.example.simple.ExampleConfiguration;
@@ -158,6 +159,20 @@
}
}
+ @Test(expected = InvalidTokenException.class)
+ public void testAuthenticateWithoutInitialize() {
+ try (final TenantDataStoreTestContext ignored = TenantDataStoreTestContext.forRandomTenantName(cassandraInitializer)) {
+
+ final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
+ = new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);
+ final String permissionToken = tenantApplicationSecurityEnvironment.getPermissionToken("bubba", "foo", AllowedOperation.READ);
+ try (final AutoUserContext ignored2 = new AutoUserContext("bubba", permissionToken)) {
+ Assert.assertFalse(example.foo());
+ Assert.fail("Not found exception should be thrown when authentication is attempted ");
+ }
+ }
+ }
+
private void initialize() {
final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
= new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);
diff --git a/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java b/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java
index 928a41f..4a3f29c 100644
--- a/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java
+++ b/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java
@@ -30,4 +30,7 @@
@RequestMapping(value = "initialize", method = RequestMethod.DELETE)
void uninitialize();
+
+ @RequestMapping(value = "foo", method = RequestMethod.GET)
+ boolean foo();
}
diff --git a/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java b/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java
index acc4229..d988f27 100644
--- a/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java
+++ b/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java
@@ -54,4 +54,10 @@
initialized = false;
return new ResponseEntity<>(HttpStatus.OK);
}
+
+ @RequestMapping(value = "/foo", method = RequestMethod.GET)
+ @Permittable(AcceptedTokenType.TENANT)
+ public ResponseEntity<Boolean> foo() {
+ return ResponseEntity.ok(false);
+ }
}
diff --git a/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java b/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
index 5590ace..ef1f118 100644
--- a/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
+++ b/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
@@ -16,6 +16,7 @@
package io.mifos.anubis.repository;
import com.datastax.driver.core.*;
+import com.datastax.driver.core.exceptions.InvalidQueryException;
import com.datastax.driver.core.querybuilder.QueryBuilder;
import com.datastax.driver.core.querybuilder.Select;
import com.datastax.driver.core.querybuilder.Update;
@@ -26,6 +27,7 @@
import io.mifos.anubis.config.TenantSignatureRepository;
import io.mifos.core.cassandra.core.CassandraSessionProvider;
import io.mifos.core.lang.ApplicationName;
+import io.mifos.core.lang.ServiceException;
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.core.lang.security.RsaPrivateKeyBuilder;
import io.mifos.core.lang.security.RsaPublicKeyBuilder;
@@ -256,13 +258,18 @@
final Session tenantSession = cassandraSessionProvider.getTenantSession();
final Select.Where query = timestampToSignatureQueryMap.computeIfAbsent(timestamp, timestampKey ->
QueryBuilder.select().from(tableName).where(QueryBuilder.eq(TIMESTAMP_COLUMN, timestampKey)));
- final Row row = tenantSession.execute(query).one();
- final Optional<Row> ret = Optional.ofNullable(row);
- ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
- if (!valid)
- logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
- });
- return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
+ try {
+ final Row row = tenantSession.execute(query).one();
+ final Optional<Row> ret = Optional.ofNullable(row);
+ ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
+ if (!valid)
+ logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
+ });
+ return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
+ }
+ catch (final InvalidQueryException authorizationDataTableProbablyIsntConfiguredYet) {
+ throw new IllegalArgumentException("Tenant not found.");
+ }
}
private static Boolean mapRowToValid(final @Nonnull Row row) {