Add audit logging to optout

Author: cYKatherine

pom.xml

@@ -16,7 +16,7 @@
         <vertx.version>4.5.13</vertx.version>
         <!-- check micrometer.version vertx-micrometer-metrics consumes before bumping up -->
         <micrometer.version>1.1.0</micrometer.version>
-        <uid2-shared.version>9.4.11</uid2-shared.version>
+        <uid2-shared.version>9.5.0</uid2-shared.version>
         <image.version>${project.version}</image.version>
         <junit-jupiter.version>5.10.1</junit-jupiter.version>
         <junit-vintage.version>5.10.1</junit-vintage.version>

src/main/java/com/uid2/optout/auth/InternalAuthMiddleware.java

@@ -1,5 +1,7 @@
 package com.uid2.optout.auth;
 
+import com.uid2.shared.audit.Audit;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.OperatorKey;
 import com.uid2.shared.middleware.AuthMiddleware;
 import io.vertx.core.Handler;
@@ -48,15 +50,29 @@ public void handle(RoutingContext rc) {
             }
         }
     }
-
+    private final Audit audit;
     private final String internalApiToken;
 
-    public InternalAuthMiddleware(String internalApiToken) {
+    private Handler<RoutingContext> logAndHandle(Handler<RoutingContext> handler, AuditParams auditParams) {
+        return ctx -> {
+            ctx.addBodyEndHandler(v -> this.audit.log(ctx, auditParams));
+            handler.handle(ctx);
+        };
+    }
+
+    public InternalAuthMiddleware(String internalApiToken, String auditSource) {
         this.internalApiToken = internalApiToken;
+        this.audit = new Audit(auditSource);
     }
 
-    public Handler<RoutingContext> handle(Handler<RoutingContext> handler) {
-        final InternalAuthHandler h = new InternalAuthHandler(handler, this.internalApiToken);
+    public Handler<RoutingContext> handleWithAudit(Handler<RoutingContext> handler, AuditParams auditParams, Boolean enableAuditLog) {
+        InternalAuthHandler h;
+        if (enableAuditLog) {
+            final Handler<RoutingContext> loggedHandler = logAndHandle(handler, auditParams);
+            h = new InternalAuthHandler(loggedHandler, this.internalApiToken);
+        } else {
+            h = new InternalAuthHandler(handler, this.internalApiToken);
+        }
         return h::handle;
     }
 }

src/main/java/com/uid2/optout/vertx/OptOutServiceVerticle.java

@@ -105,7 +105,7 @@ public OptOutServiceVerticle(Vertx vertx,
         this.defaultDeliveryOptions.setSendTimeout(addEntryTimeoutMs);
 
         this.internalApiKey = jsonConfig.getString(Const.Config.OptOutInternalApiTokenProp);
-        this.internalAuth = new InternalAuthMiddleware(this.internalApiKey);
+        this.internalAuth = new InternalAuthMiddleware(this.internalApiKey, "optout");
         this.enableOptOutPartnerMock = jsonConfig.getBoolean(Const.Config.OptOutPartnerEndpointMockProp);
     }
 
@@ -170,7 +170,7 @@ private Router createRouter() {
                 .allowedHeader("Content-Type"));
 
         router.route(Endpoints.OPTOUT_WRITE.toString())
-                .handler(internalAuth.handle(this::handleWrite));
+                .handler(internalAuth.handleWithAudit(this::handleWrite, new AuditParams(), this.enableAuditLogging));
         router.route(Endpoints.OPTOUT_REPLICATE.toString())
                 .handler(auth.handleWithAudit(this::handleReplicate, new AuditParams(), this.enableAuditLogging, Role.OPTOUT));
         router.route(Endpoints.OPTOUT_REFRESH.toString())

src/test/java/com/uid2/optout/auth/InternalAuthMiddlewareTest.java

@@ -0,0 +1,62 @@
+package com.uid2.optout.auth;
+
+import org.junit.jupiter.api.BeforeEach;
+import com.uid2.shared.audit.AuditParams;
+import com.uid2.shared.auth.Role;
+import io.vertx.core.Handler;
+import io.vertx.core.http.HttpServerRequest;
+import io.vertx.ext.web.RoutingContext;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.mockito.junit.jupiter.MockitoSettings;import org.mockito.quality.Strictness;
+
+import static org.mockito.Mockito.*;
+
+@ExtendWith(MockitoExtension.class)
+@MockitoSettings(strictness = Strictness.LENIENT)
+public class InternalAuthMiddlewareTest {
+    @Mock
+    private RoutingContext routingContext;
+    @Mock
+    private HttpServerRequest request;
+    @Mock
+    private Handler<RoutingContext> nextHandler;
+    private InternalAuthMiddleware internalAuth;
+
+    @BeforeEach
+    public void setup(){
+        internalAuth = new InternalAuthMiddleware("apiToken", "test");
+        when(routingContext.request()).thenReturn(request);
+    }
+
+    @Test
+    public void internalAuthHandlerNoAuthorizationHeader() {
+        Handler<RoutingContext> handler = internalAuth.handleWithAudit(nextHandler, new AuditParams(), true);
+        handler.handle(routingContext);
+        verifyNoInteractions(nextHandler);
+        verify(routingContext).fail(401);
+        verify(routingContext, times(0)).addBodyEndHandler(ArgumentMatchers.<Handler<Void>>any());
+    }
+
+    @Test public void authHandlerInvalidAuthorizationHeader() {
+        when(request.getHeader("Authorization")).thenReturn("Bogus Header Value");
+        Handler<RoutingContext> handler = internalAuth.handleWithAudit(nextHandler, new AuditParams(), true);
+        handler.handle(routingContext);
+        verifyNoInteractions(nextHandler);
+        verify(routingContext).fail(401);
+        verify(routingContext, times(0)).addBodyEndHandler(ArgumentMatchers.<Handler<Void>>any());
+    }
+
+    @Test public void authHandlerUnknownKey() {
+        when(request.getHeader("Authorization")).thenReturn("Bearer unknown-key");
+        Handler<RoutingContext> handler = internalAuth.handleWithAudit(nextHandler, new AuditParams(), true);
+        handler.handle(routingContext);
+        verifyNoInteractions(nextHandler);
+        verify(routingContext).fail(401);
+        verify(routingContext, times(0)).addBodyEndHandler(ArgumentMatchers.<Handler<Void>>any());
+    }
+}