Google Git
Sign in
apache / fineract-cn-anubis / 735776fc136f1a0c365b9c4401eae094241408eb^! / .
commit735776fc136f1a0c365b9c4401eae094241408eb[log] [tgz]
authormyrle-krantz <mkrantz@mifos.org>Sat Apr 29 22:01:54 2017 +0200
committermyrle-krantz <mkrantz@mifos.org>Sat Apr 29 22:01:54 2017 +0200
treee34d5b82e3c80e64011dac21d629697d737c9f84
parent57dca2e8f1ebf66f9854cc93b7eba7f52f41f1c4 [diff]
Make sure that when initialize hasn't been called yet for a tenant, that authentication fails with 40x status code rather than an internal server error.

diff --git a/component-test/src/main/java/TestAnubisInitialize.java b/component-test/src/main/java/TestAnubisInitialize.java
index 9d6343d..69ad24f 100644
--- a/component-test/src/main/java/TestAnubisInitialize.java
+++ b/component-test/src/main/java/TestAnubisInitialize.java

@@ -16,6 +16,7 @@
 
 import io.mifos.anubis.api.v1.client.Anubis;
 import io.mifos.anubis.api.v1.client.AnubisApiFactory;
+import io.mifos.anubis.api.v1.domain.AllowedOperation;
 import io.mifos.anubis.api.v1.domain.Signature;
 import io.mifos.anubis.example.simple.Example;
 import io.mifos.anubis.example.simple.ExampleConfiguration;
@@ -158,6 +159,20 @@
     }
   }
 
+  @Test(expected = InvalidTokenException.class)
+  public void testAuthenticateWithoutInitialize() {
+    try (final TenantDataStoreTestContext ignored = TenantDataStoreTestContext.forRandomTenantName(cassandraInitializer)) {
+
+      final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
+              = new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);
+      final String permissionToken = tenantApplicationSecurityEnvironment.getPermissionToken("bubba", "foo", AllowedOperation.READ);
+      try (final AutoUserContext ignored2 = new AutoUserContext("bubba", permissionToken)) {
+        Assert.assertFalse(example.foo());
+        Assert.fail("Not found exception should be thrown when authentication is attempted ");
+      }
+    }
+  }
+
   private void initialize() {
     final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
             = new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);

diff --git a/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java b/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java
index 928a41f..4a3f29c 100644
--- a/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java
+++ b/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java

@@ -30,4 +30,7 @@
 
   @RequestMapping(value = "initialize", method = RequestMethod.DELETE)
   void uninitialize();
+
+  @RequestMapping(value = "foo", method = RequestMethod.GET)
+  boolean foo();
 }

diff --git a/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java b/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java
index acc4229..d988f27 100644
--- a/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java
+++ b/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java

@@ -54,4 +54,10 @@
     initialized = false;
     return new ResponseEntity<>(HttpStatus.OK);
   }
+
+  @RequestMapping(value = "/foo", method = RequestMethod.GET)
+  @Permittable(AcceptedTokenType.TENANT)
+  public ResponseEntity<Boolean> foo() {
+    return ResponseEntity.ok(false);
+  }
 }

diff --git a/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java b/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
index 5590ace..ef1f118 100644
--- a/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
+++ b/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java

@@ -16,6 +16,7 @@
 package io.mifos.anubis.repository;
 
 import com.datastax.driver.core.*;
+import com.datastax.driver.core.exceptions.InvalidQueryException;
 import com.datastax.driver.core.querybuilder.QueryBuilder;
 import com.datastax.driver.core.querybuilder.Select;
 import com.datastax.driver.core.querybuilder.Update;
@@ -26,6 +27,7 @@
 import io.mifos.anubis.config.TenantSignatureRepository;
 import io.mifos.core.cassandra.core.CassandraSessionProvider;
 import io.mifos.core.lang.ApplicationName;
+import io.mifos.core.lang.ServiceException;
 import io.mifos.core.lang.security.RsaKeyPairFactory;
 import io.mifos.core.lang.security.RsaPrivateKeyBuilder;
 import io.mifos.core.lang.security.RsaPublicKeyBuilder;
@@ -256,13 +258,18 @@
     final Session tenantSession = cassandraSessionProvider.getTenantSession();
     final Select.Where query = timestampToSignatureQueryMap.computeIfAbsent(timestamp, timestampKey ->
             QueryBuilder.select().from(tableName).where(QueryBuilder.eq(TIMESTAMP_COLUMN, timestampKey)));
-    final Row row = tenantSession.execute(query).one();
-    final Optional<Row> ret = Optional.ofNullable(row);
-    ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
-      if (!valid)
-        logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
-    });
-    return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
+    try {
+      final Row row = tenantSession.execute(query).one();
+      final Optional<Row> ret = Optional.ofNullable(row);
+      ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
+        if (!valid)
+          logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
+      });
+      return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
+    }
+    catch (final InvalidQueryException authorizationDataTableProbablyIsntConfiguredYet) {
+      throw new IllegalArgumentException("Tenant not found.");
+    }
   }
 
   private static Boolean mapRowToValid(final @Nonnull Row row) {