Merge branch 'userinfo-call' into add-comments

Dennis Labordus · Dennis Labordus · commit 6d647463dd7a · 2021-09-01T13:25:36.000+02:00
diff --git a/README.md b/README.md
@@ -72,6 +72,23 @@ You can then execute your native executable with: `./app/target/code-with-quarku
 If you want to learn more about building native executables, please consult https://quarkus.io/guides/maven-tooling.html
 .
 
+## Environment variables
+
+Below environment variable(s) can be used to configure the connection to BaseX, if BaseX Server is used.
+
+| Environment variable             | Java Property             | Description                                   | Example          |
+| -------------------------------- | ------------------------- | --------------------------------------------- | ---------------- |
+| BASEX_HOST                       | basex.host                | Name of the Host where BaseX runs.            | localhost        |
+| BASEX_PORT                       | basex.port                | Port on the Host on which BaseX runs.         | 1984             |
+| BASEX_USERNAME                   | basex.username            | Username under which the application logs in. | admin            |
+| BASEX_PASSWORD                   | basex.password            | Password of the username used above.          | admin            |
+
+Below environment variable(s) can be used to configure which claims are used to fill the UserInfo response.
+
+| Environment variable             | Java Property                  | Description                                   | Example          |
+| -------------------------------- | ------------------------------ | --------------------------------------------- | ---------------- |
+| USERINFO_NAME_CLAIMNAME          | compas.userinfo.name.claimname | The Name of the user logged in.               | name             |
+
 ## Security
 
 To use most of the endpoints the users needs to be authenticated using JWT in the authorization header. There are 4
diff --git a/app/pom.xml b/app/pom.xml
@@ -104,7 +104,7 @@ SPDX-License-Identifier: Apache-2.0
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-test-security</artifactId>
+            <artifactId>quarkus-test-security-jwt</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/app/src/main/java/org/lfenergy/compas/scl/data/rest/UserInfoProperties.java b/app/src/main/java/org/lfenergy/compas/scl/data/rest/UserInfoProperties.java
@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: 2021 Alliander N.V.
+//
+// SPDX-License-Identifier: Apache-2.0
+package org.lfenergy.compas.scl.data.rest;
+
+import io.smallrye.config.ConfigMapping;
+import io.smallrye.config.WithName;
+
+@ConfigMapping(prefix = "compas.userinfo")
+public interface UserInfoProperties {
+    @WithName("name.claimname")
+    String name();
+}
diff --git a/app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResource.java b/app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResource.java
@@ -4,10 +4,12 @@
 package org.lfenergy.compas.scl.data.rest.v1;
 
 import io.quarkus.security.Authenticated;
-import io.quarkus.security.identity.SecurityIdentity;
+import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.lfenergy.compas.scl.data.model.SclType;
+import org.lfenergy.compas.scl.data.rest.UserInfoProperties;
 import org.lfenergy.compas.scl.data.rest.v1.model.Type;
 import org.lfenergy.compas.scl.data.rest.v1.model.TypeListResponse;
+import org.lfenergy.compas.scl.data.rest.v1.model.UserInfoResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -31,16 +33,19 @@ public class CompasCommonResource {
     private static final Logger LOGGER = LoggerFactory.getLogger(CompasCommonResource.class);
 
     @Inject
-    SecurityIdentity securityIdentity;
+    JsonWebToken jsonWebToken;
+
+    @Inject
+    UserInfoProperties userInfoProperties;
 
     @GET
     @Path("/type/list")
     @Produces(MediaType.APPLICATION_XML)
     public TypeListResponse list(@HeaderParam("Authorization") String authHeader) {
-        LOGGER.debug("Authorization Header '{}'", authHeader);
+        LOGGER.trace("Authorization Header '{}'", authHeader);
 
         // Retrieve the roles the logged in user has.
-        var roles = securityIdentity.getRoles();
+        var roles = jsonWebToken.getGroups();
 
         var response = new TypeListResponse();
         response.setTypes(
@@ -52,4 +57,15 @@ public TypeListResponse list(@HeaderParam("Authorization") String authHeader) {
                         .collect(Collectors.toList()));
         return response;
     }
+
+    @GET
+    @Path("/userinfo")
+    @Produces(MediaType.APPLICATION_XML)
+    public UserInfoResponse getUserInfo(@HeaderParam("Authorization") String authHeader) {
+        LOGGER.trace("Authorization Header '{}'", authHeader);
+
+        var response = new UserInfoResponse();
+        response.setName(jsonWebToken.getClaim(userInfoProperties.name()));
+        return response;
+    }
 }
diff --git a/app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/model/UserInfoResponse.java b/app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/model/UserInfoResponse.java
@@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: 2021 Alliander N.V.
+//
+// SPDX-License-Identifier: Apache-2.0
+package org.lfenergy.compas.scl.data.rest.v1.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import static org.lfenergy.compas.scl.data.SclDataServiceConstants.SCL_DATA_SERVICE_V1_NS_URI;
+
+@XmlRootElement(name = "UserInfoResponse", namespace = SCL_DATA_SERVICE_V1_NS_URI)
+@XmlAccessorType(XmlAccessType.FIELD)
+public class UserInfoResponse {
+    @XmlElement(name = "Name", namespace = SCL_DATA_SERVICE_V1_NS_URI)
+    private String name;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+}
diff --git a/app/src/main/resources/application.properties b/app/src/main/resources/application.properties
@@ -2,6 +2,8 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
+compas.userinfo.name.claimname    = ${USERINFO_NAME_CLAIMNAME:name}
+
 quarkus.http.cors                 = false
 quarkus.http.root-path            = /compas-scl-data-service/
 quarkus.http.limits.max-body-size = 150M
diff --git a/app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResourceTest.java b/app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResourceTest.java
@@ -6,17 +6,20 @@
 import io.quarkus.test.common.http.TestHTTPEndpoint;
 import io.quarkus.test.junit.QuarkusTest;
 import io.quarkus.test.security.TestSecurity;
+import io.quarkus.test.security.jwt.Claim;
+import io.quarkus.test.security.jwt.JwtSecurity;
 import org.junit.jupiter.api.Test;
 
 import static io.restassured.RestAssured.given;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.lfenergy.compas.scl.data.rest.Constants.READ_ROLE;
+import static org.lfenergy.compas.scl.data.rest.Constants.UPDATE_ROLE;
 
 @QuarkusTest
 @TestHTTPEndpoint(CompasCommonResource.class)
 class CompasCommonResourceTest {
     @Test
-    @TestSecurity(user = "test-user", roles = {"IID_" + READ_ROLE, "SCD_" + READ_ROLE})
+    @TestSecurity(user = "test-user", roles = {"IID_" + READ_ROLE, "SCD_" + READ_ROLE, "SED_" + UPDATE_ROLE})
     void list_WhenCalledWithMultipleReadRights_ThenMultipleItemResponseRetrieved() {
         var response = given()
                 .when().get("/type/list")
@@ -44,7 +47,7 @@ void list_WhenCalledWithOneReadRights_ThenOneItemResponseRetrieved() {
                 .response();
 
         var xmlPath = response.xmlPath();
-        // User has read rights for 2 types, so these types are returned.
+        // User has read rights for one type, so this type is returned.
         var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
         assertEquals(1, sclTypes.size());
         assertEquals("SCD", sclTypes.get(0));
@@ -61,8 +64,27 @@ void list_WhenCalledWithNoReadRights_ThenNoItemResponseRetrieved() {
                 .response();
 
         var xmlPath = response.xmlPath();
-        // User has read rights for 2 types, so these types are returned.
+        // User has read rights for no types, so empty list is returned.
         var sclTypes = xmlPath.getList("TypeListResponse.Type.Code");
         assertEquals(0, sclTypes.size());
     }
+
+    @Test
+    @TestSecurity(user = "test-user")
+    @JwtSecurity(claims = {
+            // Default the claim "name" is configured, so we will set this claim for the test.
+            @Claim(key = "name", value = "Test User")
+    })
+    void getUserInfo_WhenCalled_ThenUserInfoResponseRetrieved() {
+        var response = given()
+                .when().get("/userinfo")
+                .then()
+                .statusCode(200)
+                .extract()
+                .response();
+
+        var xmlPath = response.xmlPath();
+        var name = xmlPath.get("UserInfoResponse.Name");
+        assertEquals("Test User", name);
+    }
 }
diff --git a/app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/model/UserInfoResponseTest.java b/app/src/test/java/org/lfenergy/compas/scl/data/rest/v1/model/UserInfoResponseTest.java
@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: 2021 Alliander N.V.
+//
+// SPDX-License-Identifier: Apache-2.0
+package org.lfenergy.compas.scl.data.rest.v1.model;
+
+class UserInfoResponseTest extends AbstractPojoTester {
+    @Override
+    protected Class<?> getClassToBeTested() {
+        return UserInfoResponse.class;
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@`
`2`	`2`	`#`
`3`	`3`	`# SPDX-License-Identifier: Apache-2.0`
`4`	`4`
	`5`	`+compas.userinfo.name.claimname = ${USERINFO_NAME_CLAIMNAME:name}`
	`6`	`+`
`5`	`7`	`quarkus.http.cors = false`
`6`	`8`	`quarkus.http.root-path = /compas-scl-data-service/`
`7`	`9`	`quarkus.http.limits.max-body-size = 150M`