diff options
6 files changed, 44 insertions, 54 deletions
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/model/User.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/model/User.java index 1e182a6..61293b9 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/model/User.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/model/User.java @@ -7,40 +7,35 @@ import com.fasterxml.jackson.annotation.JsonProperty; public class User { - @JsonProperty("username") - private final String username; - @JsonProperty("passwordHash") - private int passwordHash; - @JsonProperty("basket") - private final List<Need> basket; - - /** - * Create a new user - * - * @param username The name of the user - */ - public User(String username) { - this.username = username; - basket = new ArrayList<>(); + public enum UserType { + HELPER, + MANAGER } + @JsonProperty("username") private final String username; + @JsonProperty("passwordHash") private int passwordHash; + @JsonProperty("basket") private final List<Need> basket; + @JsonProperty("type") private final UserType type; + /** * Create a new user * * @param username The name of the user * @param basket A basket to copy from */ - public User(@JsonProperty("username") String username, @JsonProperty("passwordHash") int passwordHash, @JsonProperty("basket") List<Need> basket) { + public User(@JsonProperty("username") String username, @JsonProperty("passwordHash") int passwordHash, @JsonProperty("basket") List<Need> basket, @JsonProperty("type") UserType userType) { this.username = username; this.basket = basket; this.passwordHash = passwordHash; + this.type = userType; } public static User create(String username, String password) { return new User( username, password.hashCode(), - new ArrayList<>() + new ArrayList<>(), + UserType.HELPER ); } @@ -65,7 +60,11 @@ public class User { } public User withoutPasswordHash() { - return new User(this.username, 0, this.basket); + return new User(this.username, 0, this.basket, this.type); + } + + public UserType getType() { + return type; } } diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/persistence/CupboardFileDAO.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/persistence/CupboardFileDAO.java index c4aaca3..521acae 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/persistence/CupboardFileDAO.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/persistence/CupboardFileDAO.java @@ -22,7 +22,7 @@ public class CupboardFileDAO implements CupboardDAO { this.filename = filename; this.objectMapper = objectMapper; needs = new TreeMap<>(); - load(); // load the heroes from the file + load(); } private synchronized static int nextId() { diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java index 591d891..5a1a492 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java @@ -1,5 +1,6 @@ package com.ufund.api.ufundapi.service; +import com.ufund.api.ufundapi.model.User; import com.ufund.api.ufundapi.model.UserAuth; import com.ufund.api.ufundapi.persistence.UserAuthDAO; import org.springframework.stereotype.Component; @@ -20,13 +21,19 @@ public class AuthService { /** * Check if the provided key has access to the provided user. * - * @param username The username of the user trying to be accessed. + * @param targetUsername The targetUsername of the user trying to be accessed. * @param key The api key obtained by the client from logging in. * @throws IllegalAccessException Thrown if access was denied to the user. */ - public void authenticate(String username, String key) throws IllegalAccessException, IOException { + public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException { var userAuth = userAuthDAO.getUserAuth(key); - if (userAuth == null || !userAuth.getUsername().equals(username)) { + if (userAuth == null) { + throw new IllegalAccessException("Unauthenticated"); + } + + var username = userAuth.getUsername(); + var userType = userService.getUser(username).getType(); + if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) { throw new IllegalAccessException("Unauthorized"); } } diff --git a/ufund-api/src/test/java/com/ufund/api/ufundapi/controller/UserControllerTest.java b/ufund-api/src/test/java/com/ufund/api/ufundapi/controller/UserControllerTest.java index a25ec8a..7bedd3e 100644 --- a/ufund-api/src/test/java/com/ufund/api/ufundapi/controller/UserControllerTest.java +++ b/ufund-api/src/test/java/com/ufund/api/ufundapi/controller/UserControllerTest.java @@ -44,9 +44,9 @@ public class UserControllerTest { public void testGetUser() throws IOException { // getUser may throw IOException // Setup String username = "Test"; - User user = new User(username); - String key = UserAuth.generate(username).getKey(); - // When the same id is passed in, our mock User service will return the User object + User user = User.create(username, "pass"); + String key = UserAuth.generate(username).getKey( ); + // When the same id is passed in, our mock User DAO will return the User object when(mockUserService.getUser(username)).thenReturn(user); @@ -112,7 +112,7 @@ public class UserControllerTest { // Setup String username = "Test"; String password = "Pass"; - User user = new User(username); + User user = User.create(username, "pass"); // when createUser is called, return true simulating successful // creation and save when(mockUserService.createUser(username, password)).thenReturn(user); @@ -183,7 +183,7 @@ public class UserControllerTest { public void testUpdateUser() throws IOException { // updateUser may throw IOException // Setup String username = "Test"; - User user = new User("Bob"); + User user = User.create("Bob", "pass"); String key = UserAuth.generate(username).getKey(); // when updateUser is called, return true simulating successful // update and save @@ -201,7 +201,7 @@ public class UserControllerTest { public void testUpdateUserFailed() throws IOException { // updateUser may throw IOException // Setup String username = "Test"; - User user = new User("Bob"); + User user = User.create("Bob", "pass"); String key = UserAuth.generate(username).getKey(); // when updateUser is called, return true simulating successful // update and save @@ -218,25 +218,9 @@ public class UserControllerTest { public void testUpdateUserInvalidParameter() throws IOException { // updateUser may throw IOException // Setup String username = "Test"; - User user = new User("Bob"); - String key = UserAuth.generate(username).getKey(); - // When updateUser is called on the Mock User service, throw a Invalid Parameter exception - doThrow(new InvalidParameterException()).when(mockUserService).updateUser(user, username); - - // Invoke - ResponseEntity<User> response = userController.updateUser(user, username, key); - - // Analyze - assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode()); - } - - @Test - public void testUpdateUserHandleException() throws IOException { // updateUser may throw IOException - // Setup - String username = "Test"; - User user = new User("Bob"); + User user = User.create("Bob", "pass"); String key = UserAuth.generate(username).getKey(); - // When updateUser is called on the Mock User service, throw an IOException + // When updateUser is called on the Mock User DAO, throw an IOException doThrow(new IOException()).when(mockUserService).updateUser(user, username); // Invoke diff --git a/ufund-api/src/test/java/com/ufund/api/ufundapi/model/UserTest.java b/ufund-api/src/test/java/com/ufund/api/ufundapi/model/UserTest.java index 1725190..5e017dd 100644 --- a/ufund-api/src/test/java/com/ufund/api/ufundapi/model/UserTest.java +++ b/ufund-api/src/test/java/com/ufund/api/ufundapi/model/UserTest.java @@ -13,7 +13,7 @@ public class UserTest { String name = "Bob"; - User user = new User(name); + User user = User.create(name, "pass"); assertNotNull(user); @@ -36,7 +36,7 @@ public class UserTest { String expectedName = "Bob"; - User user = new User(expectedName); + User user = User.create(expectedName, "pass"); Need need = new Need("Test", 0, 100, Need.GoalType.MONETARY); Need[] needs = { need }; @@ -51,7 +51,7 @@ public class UserTest { String expectedName = "Bob"; - User user = new User(expectedName); + User user = User.create(expectedName, "pass"); Need need = new Need("Test", 0, 100, Need.GoalType.MONETARY); Need need2 = new Need("Test2", 0, 100, Need.GoalType.MONETARY); @@ -68,7 +68,7 @@ public class UserTest { String expectedName = "Bob"; - User user = new User(expectedName); + User user = User.create(expectedName, "pass"); assertFalse(user.verifyPassword(expectedName)); diff --git a/ufund-api/src/test/java/com/ufund/api/ufundapi/persistence/UserFileDAOTest.java b/ufund-api/src/test/java/com/ufund/api/ufundapi/persistence/UserFileDAOTest.java index b802669..9361188 100644 --- a/ufund-api/src/test/java/com/ufund/api/ufundapi/persistence/UserFileDAOTest.java +++ b/ufund-api/src/test/java/com/ufund/api/ufundapi/persistence/UserFileDAOTest.java @@ -27,9 +27,9 @@ public class UserFileDAOTest { public void setupHeroFileDAO() throws IOException { mockObjectMapper = mock(ObjectMapper.class); testUsers = new User[3]; - testUsers[0] = new User("bob"); - testUsers[1] = new User("admin"); - testUsers[2] = new User("jelly12"); + testUsers[0] = User.create("bob", "pass"); + testUsers[1] = User.create("admin", "pass"); + testUsers[2] = User.create("jelly12", "pass"); // When the object mapper is supposed to read from the file // the mock object mapper will return the hero array above @@ -75,7 +75,7 @@ public class UserFileDAOTest { @Test public void createUserTest() throws IOException { - User newUser = new User("keshey"); + User newUser = User.create("keshey", "pass"); userFileDAO.addUser(newUser); User actualUser = userFileDAO.getUser("keshey"); |