From 09b8a4738fb87cad81fd3d3a8950a81219b6655f Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Fri, 23 Apr 2021 16:42:15 +0200 Subject: [PATCH 01/57] Implemented websocket error handler. --- Dockerfile | 4 +- .../vaultserver/config/SecurityConfig.java | 2 + .../config/WebSocketChannelFilter.java | 13 ++++--- .../vaultserver/config/WebSocketConfig.java | 3 ++ .../controllers/WebsocketController.java | 37 +++++++++++++++---- .../vaultserver/helpers/Config.java | 1 + .../model/dto/wserrors/GenericWSError.java | 19 ++++++++++ .../model/dto/wserrors/UploadData.java | 31 ++++++++++++++++ .../model/dto/wserrors/WSErrorData.java | 4 ++ .../model/dto/wserrors/WS_ERROR.java | 7 ++++ .../resource/SessionRepository.java | 2 +- .../vaultserver/service/FileService.java | 1 - 12 files changed, 107 insertions(+), 17 deletions(-) create mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/GenericWSError.java create mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java create mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WSErrorData.java create mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java diff --git a/Dockerfile b/Dockerfile index 205ad6c..341e807 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM maven:3.6.3-openjdk-14 as build_step +FROM maven:3.8.1-openjdk-15 as build_step ADD ./pom.xml ./pom.xml RUN mvn dependency:go-offline -B @@ -7,7 +7,7 @@ ADD . /home/vaultionizer/project ADD scripts/build_project_docker.sh build_project.sh RUN bash build_project.sh -FROM openjdk:14-alpine +FROM openjdk:15-alpine COPY --from=build_step /home/vaultionizer/vaultionizer_server.jar /home/vaultionizer/vaultionizer_server.jar EXPOSE 443 ENTRYPOINT ["java", "-jar", "/home/vaultionizer/vaultionizer_server.jar"] diff --git a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java index 9af6869..47da5f1 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java @@ -26,6 +26,8 @@ protected void configure(HttpSecurity http) throws Exception { public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("https://www.vault.gottwuerfeltnicht.de")); + // for testing: + // configuration.setAllowedOrigins(Arrays.asList("http://localhost:63342")); configuration.setAllowedMethods(Arrays.asList("POST", "PUT", "GET", "OPTIONS", "DELETE")); configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token")); configuration.setExposedHeaders(Arrays.asList("x-auth-token")); diff --git a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java index 9ca1346..4882276 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java @@ -8,8 +8,7 @@ import org.springframework.messaging.support.ChannelInterceptor; import org.springframework.messaging.support.MessageHeaderAccessor; -import static com.vaultionizer.vaultserver.helpers.Config.WEBSOCKET_DOWNLOAD; -import static com.vaultionizer.vaultserver.helpers.Config.WEBSOCKET_UPLOAD; +import static com.vaultionizer.vaultserver.helpers.Config.*; public class WebSocketChannelFilter implements ChannelInterceptor { private final SessionService sessionService; @@ -25,10 +24,14 @@ public Message preSend(Message message, MessageChannel channel) { // TODO: check whether user has rights to subscribe String dest = accessor.getDestination(); if (dest == null) return null; - if (!dest.startsWith(WEBSOCKET_DOWNLOAD)){ - return null; // TODO: send error + if (!dest.startsWith(WEBSOCKET_DOWNLOAD) && !dest.startsWith(WEBSOCKET_ERROR)){ + return null; } - String websocketToken = dest.substring(WEBSOCKET_DOWNLOAD.length()); + + String[] token = dest.split("/"); + if (token.length == 0) return null; + + String websocketToken = token[token.length - 1]; String sessionKey = accessor.getFirstNativeHeader("sessionKey"); String userID = accessor.getFirstNativeHeader("userID"); if (userID == null || sessionKey == null || websocketToken.length() == 0 || userID.length() == 0) return null; diff --git a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java index d853b79..ab2e4e6 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java @@ -30,6 +30,9 @@ public void configureMessageBroker(MessageBrokerRegistry config) { @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint(Config.WEBSOCKET_CONNECT).withSockJS(); + + // for testing: + // registry.addEndpoint(Config.WEBSOCKET_CONNECT).setAllowedOrigins("http://localhost:63342").withSockJS(); } @Override diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java index 46d8e51..8601a0b 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java @@ -2,6 +2,7 @@ import com.vaultionizer.vaultserver.helpers.Config; import com.vaultionizer.vaultserver.model.dto.WebsocketFileDto; +import com.vaultionizer.vaultserver.model.dto.wserrors.*; import com.vaultionizer.vaultserver.service.FileService; import com.vaultionizer.vaultserver.service.PendingUploadService; import com.vaultionizer.vaultserver.service.SessionService; @@ -43,21 +44,37 @@ public void upload(@Payload WebsocketFileDto content, Message file){ Long spaceID = parseLongFromHeader(nativeHeaders, "spaceID"); Long saveIndex = parseLongFromHeader(nativeHeaders, "saveIndex"); String sessionKey = nativeHeaders.getFirst("sessionKey"); + String wsToken = nativeHeaders.getFirst("websocketToken"); + + if (sessionKey == null || wsToken == null) return; - if (userID == null || spaceID == null || saveIndex == null || sessionKey == null) return; Long sessID = sessionService.getSessionID(userID, sessionKey); - if (sessID == -1) return; + if (sessID == -1) { + return; + } + + if (userID == null || spaceID == null || saveIndex == null) { + sendError(wsToken, new GenericWSError(WS_ERROR.MISSHAPEN_UPLOAD, + new UploadData(userID, spaceID, saveIndex, sessionKey) + )); + return; + } + boolean granted = pendingUploadService.uploadFile(spaceID, sessID, saveIndex); - if (!granted) return; + if (!granted) { + sendError(wsToken, new GenericWSError(WS_ERROR.UPLOAD_NOT_GRANTED, + new UploadData(userID, spaceID, saveIndex, sessionKey) + )); + return; + } fileService.setUploadFile(spaceID, saveIndex); boolean success = fileService.writeToFile(content.getContent(), spaceID, saveIndex); - if (!success) { reportError(userID, sessionKey, 500); } - } - - private void reportError(Long userID, String sessionKey, int status){ - System.out.println("Error"); + if (!success) { + sendError(wsToken, new GenericWSError(WS_ERROR.UPLOAD_UNSUCCESSFUL, + new UploadData(userID, spaceID, saveIndex, sessionKey))); + } } public synchronized void download(String websocketToken, Long spaceID, Long saveIndex){ @@ -66,6 +83,10 @@ public synchronized void download(String websocketToken, Long spaceID, Long save fileService.makeDownload(spaceID, saveIndex)); } + public void sendError(String websocketToken, GenericWSError error){ + simpMessagingTemplate.convertAndSend( Config.WEBSOCKET_ERROR + websocketToken, error); + } + private Long parseLongFromHeader(LinkedMultiValueMap map, String key){ if (map.getFirst(key) == null) return null; return Long.parseLong(map.getFirst(key)); diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java b/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java index c75e8fb..5a448e2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java @@ -23,6 +23,7 @@ public class Config { public static final String WEBSOCKET_PREFIX = "/api/ws"; public static final String WEBSOCKET_RES = "/api/wsres"; public static final String WEBSOCKET_DOWNLOAD = WEBSOCKET_RES + "/download/"; + public static final String WEBSOCKET_ERROR = WEBSOCKET_RES + "/error/"; public static final String WEBSOCKET_UPLOAD = WEBSOCKET_PREFIX + "/upload"; // is adjusted in the tests (thus not final) diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/GenericWSError.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/GenericWSError.java new file mode 100644 index 0000000..6fc07a3 --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/GenericWSError.java @@ -0,0 +1,19 @@ +package com.vaultionizer.vaultserver.model.dto.wserrors; + +public class GenericWSError { + private final WS_ERROR type; + private final WSErrorData data; + + public GenericWSError(WS_ERROR type, WSErrorData data) { + this.type = type; + this.data = data; + } + + public WS_ERROR getType() { + return type; + } + + public WSErrorData getData() { + return data; + } +} diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java new file mode 100644 index 0000000..3b05fb9 --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java @@ -0,0 +1,31 @@ +package com.vaultionizer.vaultserver.model.dto.wserrors; + +public class UploadData extends WSErrorData{ + private final Long userID; + private final Long spaceID; + private final Long saveIndex; + private final String sessionKey; + + public UploadData(Long userID, Long spaceID, Long saveIndex, String sessionKey) { + this.userID = userID; + this.spaceID = spaceID; + this.saveIndex = saveIndex; + this.sessionKey = sessionKey; + } + + public String getSessionKey() { + return sessionKey; + } + + public Long getUserID() { + return userID; + } + + public Long getSpaceID() { + return spaceID; + } + + public Long getSaveIndex() { + return saveIndex; + } +} diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WSErrorData.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WSErrorData.java new file mode 100644 index 0000000..2d96bd0 --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WSErrorData.java @@ -0,0 +1,4 @@ +package com.vaultionizer.vaultserver.model.dto.wserrors; + +public class WSErrorData { +} diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java new file mode 100644 index 0000000..d195182 --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java @@ -0,0 +1,7 @@ +package com.vaultionizer.vaultserver.model.dto.wserrors; + +public enum WS_ERROR{ + MISSHAPEN_UPLOAD, + UPLOAD_NOT_GRANTED, + UPLOAD_UNSUCCESSFUL +} \ No newline at end of file diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/SessionRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/SessionRepository.java index ce6c99a..f70569e 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/SessionRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/SessionRepository.java @@ -17,7 +17,7 @@ public interface SessionRepository extends JpaRepository { int checkUnique(String webSocketToken, String sessionKey); @Query("SELECT COUNT(it) FROM SessionModel it " + - "WHERE it.userID = ?1 AND it.webSocketToken = ?2 AND it.sessionKey = ?3 AND it.lastQuery > ?4") + "WHERE it.userID = ?1 AND it.webSocketToken = ?2 AND it.sessionKey = ?3 AND it.lastQuery >= ?4") int checkValidWebsocketToken(Long userID, String webSocketToken, String sessionKey, Instant now); @Transactional diff --git a/src/main/java/com/vaultionizer/vaultserver/service/FileService.java b/src/main/java/com/vaultionizer/vaultserver/service/FileService.java index 70af31e..05affde 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/FileService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/FileService.java @@ -72,7 +72,6 @@ public boolean writeToFile(String content, Long spaceID, Long saveIndex){ File f = new File(getFilePath(spaceID, saveIndex)); if (!f.exists()){ try { - System.out.println(f.getParentFile().toString()); f.getParentFile().mkdirs(); f.createNewFile(); } catch (IOException e) { From 5b1a42b456acf46fb4a99c7360ac02f55fb7cdbd Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sat, 24 Apr 2021 01:22:02 +0200 Subject: [PATCH 02/57] Implemented update file. --- .../controllers/FileController.java | 32 +++++++++++++-- .../controllers/WebsocketController.java | 20 +++++++--- .../model/db/PendingUploadModel.java | 10 ++++- .../vaultserver/resource/FileRepository.java | 7 ++++ .../resource/PendingUploadRepository.java | 4 ++ .../vaultserver/service/FileService.java | 39 ++++++++++++++++++- .../service/PendingUploadService.java | 23 ++++++++--- 7 files changed, 119 insertions(+), 16 deletions(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index f94128b..f4d0806 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -5,6 +5,7 @@ import com.vaultionizer.vaultserver.model.dto.DeleteFileDto; import com.vaultionizer.vaultserver.model.dto.FileDownloadDto; import com.vaultionizer.vaultserver.model.dto.FileUploadDto; +import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.*; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -65,7 +66,6 @@ public FileController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); } - if (userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ Long refFileID = spaceService.getRefFileID(req.getSpaceID()); if (refFileID == -1){ @@ -143,8 +143,6 @@ public void run() { }) public @ResponseBody ResponseEntity deleteFile(@RequestBody DeleteFileDto req){ - String websocketToken = sessionService. - getSessionWebsocketToken(req.getAuth().getUserID(), req.getAuth().getSessionKey()); if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -159,4 +157,32 @@ public void run() { } return new ResponseEntity<>(null, HttpStatus.OK); } + + + @RequestMapping(value = "/api/file/update/{spaceID}/{saveIndex}", method = RequestMethod.POST) + @ApiOperation(value = "Requests to update a specific file.") + @ApiResponses(value = { + @ApiResponse(code = 200, message = "File has successfully been marked for updating."), + @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), + @ApiResponse(code = 403, message = "The user has no rights for the requested space."), + @ApiResponse(code = 409, message = "Some conflict occurred."), + }) + public @ResponseBody ResponseEntity + updateFile(@RequestBody GenericAuthDto req, @PathVariable Long spaceID, @PathVariable Long saveIndex){ + if (!sessionService.getSession(req.getUserID(), req.getSessionKey())){ + return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); + } + if (!userAccessService.userHasAccess(req.getUserID(), spaceID)){ + return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); + } + + boolean granted = pendingUploadService.updateFile(spaceID, + sessionService.getSessionID(req.getUserID(), + req.getSessionKey()), saveIndex); + + if (!granted){ + return new ResponseEntity<>(null, HttpStatus.CONFLICT); + } + return new ResponseEntity<>(null, HttpStatus.ACCEPTED); + } } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java index 8601a0b..5a65fbd 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java @@ -2,7 +2,9 @@ import com.vaultionizer.vaultserver.helpers.Config; import com.vaultionizer.vaultserver.model.dto.WebsocketFileDto; -import com.vaultionizer.vaultserver.model.dto.wserrors.*; +import com.vaultionizer.vaultserver.model.dto.wserrors.GenericWSError; +import com.vaultionizer.vaultserver.model.dto.wserrors.UploadData; +import com.vaultionizer.vaultserver.model.dto.wserrors.WS_ERROR; import com.vaultionizer.vaultserver.service.FileService; import com.vaultionizer.vaultserver.service.PendingUploadService; import com.vaultionizer.vaultserver.service.SessionService; @@ -60,21 +62,29 @@ public void upload(@Payload WebsocketFileDto content, Message file){ return; } - boolean granted = pendingUploadService.uploadFile(spaceID, sessID, saveIndex); - if (!granted) { + int granted = pendingUploadService.uploadFile(spaceID, sessID, saveIndex); + if (granted == 0) { sendError(wsToken, new GenericWSError(WS_ERROR.UPLOAD_NOT_GRANTED, new UploadData(userID, spaceID, saveIndex, sessionKey) )); return; } - fileService.setUploadFile(spaceID, saveIndex); + boolean success; + if (granted == 1){ + // usual upload + success = fileService.writeToFile(content.getContent(), spaceID, saveIndex); + } + else{ + // updating requested + success = fileService.tryUpdating(content.getContent(), spaceID, saveIndex); + } - boolean success = fileService.writeToFile(content.getContent(), spaceID, saveIndex); if (!success) { sendError(wsToken, new GenericWSError(WS_ERROR.UPLOAD_UNSUCCESSFUL, new UploadData(userID, spaceID, saveIndex, sessionKey))); } + fileService.setUploadFile(spaceID, saveIndex); } public synchronized void download(String websocketToken, Long spaceID, Long saveIndex){ diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/PendingUploadModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/PendingUploadModel.java index 2a5e633..859e383 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/PendingUploadModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/PendingUploadModel.java @@ -27,17 +27,21 @@ public class PendingUploadModel { @Min(value = 0, message = "PermittedSessionID cannot be below zero...") private Long permittedSessionID; // not the token but the id of the session + @NotNull(message = "IsUpdate must either be true or false!") + private Boolean isUpdate; // not the token but the id of the session + @PastOrPresent(message = "The upload cannot possibly have been requested in the future!") private Instant requested; public PendingUploadModel() { } - public PendingUploadModel(Long spaceID, Long saveIndex, Long permittedSessionID) { + public PendingUploadModel(Long spaceID, Long saveIndex, Long permittedSessionID, boolean isUpdate) { this.spaceID = spaceID; this.saveIndex = saveIndex; this.permittedSessionID = permittedSessionID; this.requested = Instant.now(); + this.isUpdate = isUpdate; } public Long getUploadID() { @@ -59,4 +63,8 @@ public Long getPermittedSessionID() { public Instant getRequested() { return requested; } + + public Boolean getUpdate() { + return isUpdate; + } } diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/FileRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/FileRepository.java index a9afd15..b1554b2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/FileRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/FileRepository.java @@ -1,5 +1,6 @@ package com.vaultionizer.vaultserver.resource; +import com.vaultionizer.vaultserver.helpers.FileStatus; import com.vaultionizer.vaultserver.model.db.FileModel; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Modifying; @@ -24,4 +25,10 @@ public interface FileRepository extends JpaRepository { @Query("SELECT it FROM FileModel it WHERE it.spaceID = ?1") Set getAllFiles(Long spaceID); + + + @Transactional + @Modifying + @Query("UPDATE FileModel SET status = ?3 WHERE spaceID = ?1 AND saveIndex = ?2") + void updateFileStatus(Long spaceID, Long saveIndex, FileStatus status); } \ No newline at end of file diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/PendingUploadRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/PendingUploadRepository.java index a1bef95..c4b0b28 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/PendingUploadRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/PendingUploadRepository.java @@ -17,6 +17,10 @@ public interface PendingUploadRepository extends JpaRepository 0) return false; + PendingUploadModel model; + model = new PendingUploadModel(spaceID, saveIndex, sessionID, true); + this.pendingUploadRepository.save(model); + return true; } public void deleteAllPendingUploads(Long spaceID){ From e27df26574d06acca2376ce8852a56e867fd4952 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 2 May 2021 14:12:46 +0200 Subject: [PATCH 03/57] Implemented some unit tests for services. --- .../vaultserver/model/db/UserModel.java | 1 + .../services/SpaceServiceUnitTests.java | 78 +++++++++++++++ .../services/UserAccessServiceUnitTests.java | 60 ++++++++++++ .../services/UserServiceUnitTests.java | 98 +++++++++++++++++++ 4 files changed, 237 insertions(+) create mode 100644 src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java create mode 100644 src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java create mode 100644 src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java index 3b6bc30..fc9f938 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java @@ -6,6 +6,7 @@ import javax.persistence.*; import javax.validation.constraints.NotNull; +import java.util.Objects; @Entity(name = "users") public class UserModel { diff --git a/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java b/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java new file mode 100644 index 0000000..8a0b9d4 --- /dev/null +++ b/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java @@ -0,0 +1,78 @@ +package com.vaultionizer.vaultserver.services; + +import com.vaultionizer.vaultserver.helpers.Hashing; +import com.vaultionizer.vaultserver.model.db.SpaceModel; +import com.vaultionizer.vaultserver.model.db.UserModel; +import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; +import com.vaultionizer.vaultserver.resource.SpaceRepository; +import com.vaultionizer.vaultserver.resource.UserAccessRepository; +import com.vaultionizer.vaultserver.resource.UserRepository; +import com.vaultionizer.vaultserver.service.RefFileService; +import com.vaultionizer.vaultserver.service.SpaceService; +import com.vaultionizer.vaultserver.service.UserAccessService; +import com.vaultionizer.vaultserver.service.UserService; +import org.junit.jupiter.api.*; +import org.mockito.Mockito; +import org.springframework.boot.test.mock.mockito.MockBean; + +import java.util.HashSet; +import java.util.Optional; + +@TestInstance(TestInstance.Lifecycle.PER_CLASS) +@DisplayName("SpaceService") +public class SpaceServiceUnitTests { + @MockBean + private SpaceRepository spaceRepository; + + @MockBean + private RefFileService refFileService; + + @MockBean + private UserAccessService userAccessService; + + private SpaceService spaceService; + + private GetSpacesResponseDto resGetSpace = new GetSpacesResponseDto((long)2, false, true); + + @BeforeEach + private void initialize() { + spaceRepository = Mockito.mock(SpaceRepository.class); + refFileService = Mockito.mock(RefFileService.class); + userAccessService = Mockito.mock(UserAccessService.class); + + Mockito.when(spaceRepository.findById((long)1)).thenReturn(Optional.ofNullable(null)); + Mockito.when(spaceRepository.findById((long)2)).thenReturn(Optional.of(new SpaceModel((long)2, (long)2, false, ""))); + Mockito.when(spaceRepository.save(Mockito.any())).thenReturn(new SpaceModel((long)1, (long)0, (long)0, false, "")); + spaceService = new SpaceService(spaceRepository, refFileService, userAccessService); + } + + @Test + @DisplayName("getSpace that does not exist.") + public void getSpaceNotExisting() { + GetSpacesResponseDto res = spaceService.getSpace((long)1, (long)1); + Assertions.assertNull(res); + } + @Test + @DisplayName("getSpace.") + public void getSpace() { + GetSpacesResponseDto res = spaceService.getSpace((long)2, (long)2); + Assertions.assertNotNull(res); + Assertions.assertEquals(resGetSpace.getSpaceID(), res.getSpaceID()); + Assertions.assertEquals(resGetSpace.isCreator(), res.isCreator()); + Assertions.assertEquals(resGetSpace.isPrivate(), res.isPrivate()); + } + + + @Test + @DisplayName("Create space.") + public void createSpaceTest() { + Assertions.assertEquals((long)1, spaceService.createSpace((long)1, "", true, "")); + } + + + @Test + @DisplayName("Get spaces accessible.") + public void getSpacesAccess() { + Assertions.assertEquals(0, spaceService.getSpacesAccessible((long) 1).size()); + } +} \ No newline at end of file diff --git a/src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java b/src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java new file mode 100644 index 0000000..484bca2 --- /dev/null +++ b/src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java @@ -0,0 +1,60 @@ +package com.vaultionizer.vaultserver.services; + +import com.vaultionizer.vaultserver.helpers.Hashing; +import com.vaultionizer.vaultserver.model.db.UserModel; +import com.vaultionizer.vaultserver.resource.UserAccessRepository; +import com.vaultionizer.vaultserver.resource.UserRepository; +import com.vaultionizer.vaultserver.service.UserAccessService; +import com.vaultionizer.vaultserver.service.UserService; +import org.junit.jupiter.api.*; +import org.mockito.Mockito; +import org.springframework.boot.test.mock.mockito.MockBean; + +import java.util.HashSet; + +@TestInstance(TestInstance.Lifecycle.PER_CLASS) +@DisplayName("UserAccessService") +public class UserAccessServiceUnitTests { + @MockBean + private UserAccessRepository userAccessRepository; + + private UserAccessService userAccessService; + + @BeforeEach + private void initialize(){ + userAccessRepository = Mockito.mock(UserAccessRepository.class); + Mockito.when(userAccessRepository.hasAccess((long)1, (long)1)).thenReturn((long)0); + Mockito.when(userAccessRepository.hasAccess((long)1, (long)2)).thenReturn((long)1); + + userAccessService = new UserAccessService(userAccessRepository); + } + + @Test + @DisplayName("Add user access.") + public void getUserIdOneResult(){ + userAccessService.addUserAccess((long)1, (long)1); + } + + @Test + @DisplayName("Check user access without access.") + public void checkUserAccessNoAccess(){ + Assertions.assertFalse(userAccessService.userHasAccess((long)1, (long)1)); + } + + @Test + @DisplayName("Check user access.") + public void checkUserAccess(){ + Assertions.assertTrue(userAccessService.userHasAccess((long)1, (long)2)); + } + + @Test + @DisplayName("Remove access although user has no access.") + public void removeAccessTestNoAccess(){ + Assertions.assertFalse(userAccessService.removeAccess((long)1, (long)1)); + } + @Test + @DisplayName("Remove access.") + public void removeAccessTest(){ + Assertions.assertTrue(userAccessService.removeAccess((long)1, (long)2)); + } +} \ No newline at end of file diff --git a/src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java b/src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java new file mode 100644 index 0000000..496cf3e --- /dev/null +++ b/src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java @@ -0,0 +1,98 @@ +package com.vaultionizer.vaultserver.services; + +import com.vaultionizer.vaultserver.helpers.Hashing; +import com.vaultionizer.vaultserver.model.db.UserModel; +import com.vaultionizer.vaultserver.resource.UserRepository; +import com.vaultionizer.vaultserver.service.*; +import org.junit.jupiter.api.*; +import org.mockito.Mockito; +import org.springframework.boot.test.mock.mockito.MockBean; +import java.util.HashSet; + +@TestInstance(TestInstance.Lifecycle.PER_CLASS) +@DisplayName("UserService") +public class UserServiceUnitTests { + @MockBean + private UserRepository userRepository; + + private UserService userService; + + @BeforeEach + private void initialize(){ + userRepository = Mockito.mock(UserRepository.class); + Long id = 1L; + var hashsetExactlyOne = new HashSet(); + hashsetExactlyOne.add(new UserModel(id,"exactlyOne", Hashing.hashBcrypt("pwd"))); + Mockito.when(userRepository.getPwd("exactlyOne")).thenReturn(hashsetExactlyOne); + + + Mockito.when(userRepository.getPwd("none")).thenReturn(new HashSet<>()); + + + var hashsetMultiple = new HashSet(); + hashsetMultiple.add(new UserModel(id, "moreThanOne", Hashing.hashBcrypt("pwd"))); + hashsetMultiple.add(new UserModel(id, "moreThanOne", Hashing.hashBcrypt("pwd"))); + Mockito.when(userRepository.getPwd("moreThanOne")).thenReturn(hashsetMultiple); + + Mockito.when(userRepository.save(new UserModel("create", Mockito.anyString()))) + .thenReturn(new UserModel((long)1, "create", "pwd")); + Mockito.when(userRepository.save(new UserModel("failCreate", "pwd"))) + .thenReturn(null); + + userService = new UserService(userRepository); + } + + @Test + @DisplayName("getUserIDCheckCredentials with exactly one.") + public void getUserIdOneResult(){ + Long id = userService.getUserIDCheckCredentials("exactlyOne", "pwd"); + Assertions.assertEquals(1, id); + } + + @Test + @DisplayName("getUserIDCheckCredentials with none.") + public void getUserIdNone(){ + Long id = userService.getUserIDCheckCredentials("none", "pwd"); + Assertions.assertEquals(-1, id); + } + + @Test + @DisplayName("getUserIDCheckCredentials with more than one.") + public void getUserIdMoreThanOne(){ + Long id = userService.getUserIDCheckCredentials("moreThanOne", "pwd"); + Assertions.assertEquals(-1, id); + } + + @Test + @DisplayName("Create user success.") + public void createUser(){ + Long id = userService.createUser("create", "pwd"); + Assertions.assertEquals(null, id); // TODO: Mockito does not like news + } + + @Test + @DisplayName("Create user failing because of null.") + public void createUserException(){ + Long id = userService.createUser("failCreate", "pwd"); + Assertions.assertNull(id); + } + + @Test + @DisplayName("Delete user while already in deletion process.") + public void deleteUserFailing(){ + boolean success = userService.setDeleted((long)2); + Assertions.assertTrue(success); + success = userService.setDeleted((long)2); + Assertions.assertFalse(success); + } + + @Test + @DisplayName("Normal delete user.") + public void deleteUserNormal(){ + boolean success = userService.setDeleted((long)2); + Assertions.assertTrue(success); + userService.setDeletionDone((long)2); + } + + +} From fa9ada0b9265fad97635a6e8a93d633f57c9d3bc Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 2 May 2021 16:28:48 +0200 Subject: [PATCH 04/57] Changed permission aspects for spaces. --- .../controllers/FileController.java | 12 ++++++++++ .../controllers/RefFileController.java | 5 ++++ .../controllers/SpaceController.java | 20 +++++++++------- .../controllers/UserController.java | 2 +- .../vaultserver/model/db/SpaceModel.java | 24 +++++++++++++++++-- .../vaultserver/model/dto/CreateSpaceDto.java | 10 ++++++++ .../model/dto/GetSpacesResponseDto.java | 14 ++++++++++- .../vaultserver/resource/SpaceRepository.java | 8 +++++++ .../vaultserver/service/SpaceService.java | 21 ++++++++++++---- .../controllers/SpaceControllerTest.java | 15 +++++++++--- .../cucumber/steps/DeleteSpaceSteps.java | 4 ++-- .../cucumber/steps/DownloadFileSteps.java | 2 +- .../cucumber/steps/UploadFileSteps.java | 2 +- .../services/SpaceServiceUnitTests.java | 8 +++---- .../vaultserver/testdata/SpaceTestData.java | 3 ++- 15 files changed, 121 insertions(+), 29 deletions(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index f4d0806..5c34bc4 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -54,6 +54,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 400, message = "SpaceID is invalid (< 0) or amount of files to be uploaded is invalid (<= 0)."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), @ApiResponse(code = 403, message = "The user has no rights for the requested space."), + @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 404, message = "A consistency error occurred.") }) public @ResponseBody ResponseEntity @@ -67,6 +68,9 @@ public FileController(SessionService sessionService, SpaceService spaceService, } if (userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ + if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())){ + return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); + } Long refFileID = spaceService.getRefFileID(req.getSpaceID()); if (refFileID == -1){ return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); @@ -109,6 +113,9 @@ public FileController(SessionService sessionService, SpaceService spaceService, if (!userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } + if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())){ + return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); + } FileStatus status = fileService.setDownloadFile(req.getSpaceID(), req.getSaveIndex()); if (status == null){ @@ -139,6 +146,7 @@ public void run() { @ApiResponse(code = 200, message = "File has successfully been deleted."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), @ApiResponse(code = 403, message = "The user has no rights for the requested space."), + @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 423, message = "The requested file is currently either being uploaded or modified. Thus, the file is locked."), }) public @ResponseBody ResponseEntity @@ -151,6 +159,9 @@ public void run() { return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } + if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())) + return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); + boolean success = fileService.deleteFile(req.getSpaceID(), req.getSaveIndex()); if (!success){ return new ResponseEntity<>(null, HttpStatus.LOCKED); @@ -165,6 +176,7 @@ public void run() { @ApiResponse(code = 200, message = "File has successfully been marked for updating."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), @ApiResponse(code = 403, message = "The user has no rights for the requested space."), + @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 409, message = "Some conflict occurred."), }) public @ResponseBody ResponseEntity diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index f0c57fe..5dc0224 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -74,6 +74,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 200, message = "The response contains the content of the current ref file."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), @ApiResponse(code = 403, message = "Either the space with given ID does not exist or the user has no access to that space."), + @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) @ResponseBody ResponseEntity @@ -83,6 +84,10 @@ public RefFileController(SessionService sessionService, UserAccessService userAc } if (userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ + if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())){ + return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); + } + Long refFileID = spaceService.getRefFileID(req.getSpaceID()); if (refFileID == -1L) { return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index 5681413..5ee5250 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -36,7 +36,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, - @RequestMapping(value = "/api/spaces/getAll", method = RequestMethod.POST) + @RequestMapping(value = "/api/spaces/get", method = RequestMethod.POST) @ApiOperation(value = "Returns all spaces a user has access to.", response = GetSpacesResponseDto.class, responseContainer = "List" @@ -68,7 +68,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - Long spaceID = spaceService.createSpace(req.getAuth().getUserID(), req.getReferenceFile(), req.isPrivate(), req.getAuthKey()); + Long spaceID = spaceService.createSpace(req.getAuth().getUserID(), req.getReferenceFile(), req.isPrivate(), + req.getUsersWriteAccess(), req.getUsersAuthAccess(), req.getAuthKey()); return new ResponseEntity<>(spaceID, HttpStatus.CREATED); } @@ -122,20 +123,23 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponses(value = { @ApiResponse(code = 200, message = "The auth key is returned."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), - @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong.") + @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong."), + @ApiResponse(code = 406, message = "User is not allowed to get the auth key.") }) public @ResponseBody ResponseEntity getAuthKey(@RequestBody SpaceAuthKeyDto req){ if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - - if (spaceService.checkDeleted(req.getSpaceID()) && - userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ - return new ResponseEntity<>(spaceService.getSpaceAuthKey(req.getSpaceID()), HttpStatus.OK); + if (spaceService.checkDeleted(req.getSpaceID()) || + !userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ + return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); + } + if (!spaceService.userHasAuthKeyAccess(req.getSpaceID(), req.getAuth().getUserID())){ + return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); + return new ResponseEntity<>(spaceService.getSpaceAuthKey(req.getSpaceID()), HttpStatus.OK); } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java index 6c5c3bc..033dfa2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java @@ -68,7 +68,7 @@ public UserController(UserService userService, SessionService sessionService, if (userID == null) { return new ResponseEntity<>(null, HttpStatus.CONFLICT); } - spaceService.createSpace(userID, req.getRefFile(), true, null); + spaceService.createSpace(userID, req.getRefFile(), true, false, false, null); return new ResponseEntity<>(sessionService.addSession(userID), HttpStatus.CREATED); } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java index 7553523..d21614a 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java @@ -22,24 +22,36 @@ public class SpaceModel { @NotNull(message = "Boolean whether it is a private space cannot be null!") private boolean isPrivateSpace; + @NotNull(message = "Boolean whether normal users have write access cannot be null!") + private boolean usersHaveWriteAccess; + + @NotNull(message = "Boolean whether normal users can obtain auth key cannot be null!") + private boolean usersCanGetAuthKey; + private String authKey; public SpaceModel() { } - public SpaceModel(Long spaceID, Long creatorID, Long refFileID, boolean isPrivateSpace, String authKey) { + public SpaceModel(Long spaceID, Long creatorID, Long refFileID, boolean isPrivateSpace, boolean usersHaveWriteAccess, + boolean usersCanGetAuthKey, String authKey) { this.spaceID = spaceID; this.creatorID = creatorID; this.refFileID = refFileID; this.isPrivateSpace = isPrivateSpace; this.authKey = authKey; + this.usersHaveWriteAccess = usersHaveWriteAccess; + this.usersCanGetAuthKey = usersCanGetAuthKey; } - public SpaceModel(Long creatorID, Long refFileID, boolean isPrivateSpace, String authKey) { + public SpaceModel(Long creatorID, Long refFileID, boolean isPrivateSpace, boolean usersHaveWriteAccess, + boolean usersCanGetAuthKey, String authKey) { this.creatorID = creatorID; this.refFileID = refFileID; this.isPrivateSpace = isPrivateSpace; this.authKey = authKey; + this.usersHaveWriteAccess = usersHaveWriteAccess; + this.usersCanGetAuthKey = usersCanGetAuthKey; } public SpaceModel(Long creatorID, Long refFileID) { @@ -67,4 +79,12 @@ public boolean isPrivateSpace() { public String getAuthKey() { return authKey; } + + public boolean getUsersHaveWriteAccess() { + return usersHaveWriteAccess; + } + + public boolean getUsersCanGetAuthKey() { + return usersCanGetAuthKey; + } } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java index 4743aac..03e8a90 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java @@ -5,6 +5,8 @@ public class CreateSpaceDto { private GenericAuthDto auth; private boolean isPrivate; + private boolean usersWriteAccess; + private boolean usersAuthAccess; private String authKey; private String referenceFile; @@ -12,6 +14,14 @@ public GenericAuthDto getAuth() { return auth; } + public boolean getUsersWriteAccess() { + return usersWriteAccess; + } + + public boolean getUsersAuthAccess() { + return usersAuthAccess; + } + @JsonProperty("isPrivate") public boolean isPrivate() { return isPrivate; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpacesResponseDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpacesResponseDto.java index c76beef..0c35e51 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpacesResponseDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpacesResponseDto.java @@ -4,11 +4,23 @@ public class GetSpacesResponseDto { private Long spaceID; private boolean isPrivate; private boolean isCreator; + private boolean hasWriteAccess; + private boolean hasAuthKeyAccess; - public GetSpacesResponseDto(Long spaceID, boolean isPrivate, boolean isCreator) { + public GetSpacesResponseDto(Long spaceID, boolean isPrivate, boolean isCreator, boolean hasWriteAccess, boolean hasAuthKeyAccess) { this.spaceID = spaceID; this.isPrivate = isPrivate; this.isCreator = isCreator; + this.hasWriteAccess = hasWriteAccess; + this.hasAuthKeyAccess = hasAuthKeyAccess; + } + + public boolean isHasWriteAccess() { + return hasWriteAccess; + } + + public boolean isHasAuthKeyAccess() { + return hasAuthKeyAccess; } public Long getSpaceID() { diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java index 79924fd..a0a3134 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java @@ -32,4 +32,12 @@ public interface SpaceRepository extends JpaRepository { @Modifying @Query("DELETE FROM SpaceModel it WHERE it.spaceID = ?1") void deleteSpace(Long spaceID); + + @Query("SELECT COUNT(it) FROM SpaceModel it WHERE it.spaceID = ?1 " + + "AND (it.creatorID = ?2 OR it.usersHaveWriteAccess = true)") + int getUserWriteAccess(Long spaceID, Long userID); // user has write access if creator or normal users have write access + + @Query("SELECT COUNT(it) FROM SpaceModel it WHERE it.spaceID = ?1 " + + "AND (it.creatorID = ?2 OR it.usersCanGetAuthKey = true)") + int getUserAuthKeyAccess(Long spaceID, Long userID); // user has access to auth key if creator or normal users have access to auth key } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java index 5318df6..1fc3eaa 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java @@ -1,6 +1,5 @@ package com.vaultionizer.vaultserver.service; -import com.vaultionizer.vaultserver.model.db.RefFilesModel; import com.vaultionizer.vaultserver.model.db.SpaceModel; import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; import com.vaultionizer.vaultserver.model.dto.SpaceAuthKeyResponseDto; @@ -8,7 +7,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import java.util.*; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Optional; +import java.util.Set; @Service public class SpaceService { @@ -32,12 +34,14 @@ public SpaceService(SpaceRepository spaceRepository, RefFileService refFileServi public GetSpacesResponseDto getSpace(Long spaceID, Long userID){ Optional model = spaceRepository.findById(spaceID); if (model.isEmpty()) return null; - return new GetSpacesResponseDto(spaceID, model.get().isPrivateSpace(), model.get().getCreatorID().equals(userID)); + return new GetSpacesResponseDto(spaceID, model.get().isPrivateSpace(), model.get().getCreatorID().equals(userID), + model.get().getUsersHaveWriteAccess(), model.get().getUsersCanGetAuthKey()); } - public Long createSpace(Long userID, String refFileContent, boolean isPrivate, String authKey){ + public Long createSpace(Long userID, String refFileContent, boolean isPrivate, boolean usersWriteAccess, + boolean usersCanInvite, String authKey){ Long refFileID = refFileService.addNewRefFile(refFileContent); - SpaceModel model = new SpaceModel(userID, refFileID, isPrivate, authKey); + SpaceModel model = new SpaceModel(userID, refFileID, isPrivate, usersWriteAccess, usersCanInvite, authKey); model = spaceRepository.save(model); userAccessService.addUserAccess(model.getSpaceID(), userID); return model.getSpaceID(); @@ -100,4 +104,11 @@ public void deleteSpace(Long spaceID){ public synchronized boolean checkDeleted(Long spaceID){ return this.isDeleted.contains(spaceID); } + + public boolean userHasWriteAccess(Long spaceID, Long userID){ + return spaceRepository.getUserWriteAccess(spaceID, userID) == 1; + } + public boolean userHasAuthKeyAccess(Long spaceID, Long userID){ + return spaceRepository.getUserAuthKeyAccess(spaceID, userID) == 1; + } } diff --git a/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java b/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java index 7e38c0c..c07d83a 100644 --- a/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java +++ b/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java @@ -68,6 +68,11 @@ private void initialize(){ SpaceTestData.joinSpaces[2].getAuthKey()) ).thenReturn(true); + Mockito.when(sessionService.getSession( + SpaceTestData.getAuthKeys[3].getAuth().getUserID(), + SpaceTestData.getAuthKeys[3].getAuth().getSessionKey()) + ).thenReturn(true); + Mockito.when(spaceService.getSpacesAccessible(SpaceTestData.getAllSpaces[0].getAuth().getUserID())) .thenReturn(null); @@ -80,10 +85,14 @@ private void initialize(){ SpaceTestData.getAuthKeys[2].getAuth().getUserID(), SpaceTestData.getAuthKeys[2].getSpaceID()) ).thenReturn(true); + Mockito.when(userAccessService.userHasAccess( + SpaceTestData.getAuthKeys[3].getAuth().getUserID(), + SpaceTestData.getAuthKeys[3].getSpaceID()) + ).thenReturn(true); Mockito.when(spaceService.createSpace(SpaceTestData.createSpace[1].getAuth().getUserID(), SpaceTestData.createSpace[1].getReferenceFile(), SpaceTestData.createSpace[1].isPrivate(), - SpaceTestData.createSpace[1].getAuthKey()) + false, false, SpaceTestData.createSpace[1].getAuthKey()) ).thenReturn(1L); @@ -162,8 +171,8 @@ public void getAuthKeyWithoutPermission(){ @Test @DisplayName("Tests getting the authentication key of a space the user access to.") public void getAuthKey(){ - ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeys[1]); - Assertions.assertEquals(403, res.getStatusCodeValue()); + ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeys[3]); + Assertions.assertEquals(406, res.getStatusCodeValue()); Assertions.assertNull(res.getBody()); } } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java index e1a32c1..522a451 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java @@ -49,7 +49,7 @@ public void theUserIsLoggedInProperly() { @And("the user created the space") public void theUserCreatedTheSpace() { - spaceID = spaceService.createSpace(userID, "", false, "authKey"); + spaceID = spaceService.createSpace(userID, "", false, false, false, "authKey"); } @When("the user wants to delete the space") @@ -90,7 +90,7 @@ public void theSpaceWasDeleted() throws Throwable{ @And("another user created the space") public void anotherUserCreatedTheSpace() { - spaceID = spaceService.createSpace(10000000L, "", false, "authKey"); + spaceID = spaceService.createSpace(10000000L, "", false, false, false, "authKey"); } @And("the user has access to the space") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java index c6ef586..4e9240b 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java @@ -41,7 +41,7 @@ public DownloadFileSteps(SpaceService spaceService, UserService userService, @Given("the user has successfully created an account with username {string}") public void theUserHasSuccessfullyCreatedAnAccountWithUsername(String username) { userID = this.userService.createUser(username, UserTestData.registerData[3].getKey()); - spaceID = spaceService.createSpace(userID, "Genki-DAMA", false, "broly"); + spaceID = spaceService.createSpace(userID, "Genki-DAMA", false, false, false, "broly"); sessionKey = sessionService.addSession(userID).getSessionKey(); } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java index 7a64b09..070fde5 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java @@ -39,7 +39,7 @@ public UploadFileSteps(SpaceService spaceService, UserService userService, public void theUserHasAnAccountWithName(String username) { userID = this.userService.createUser(username, UserTestData.registerData[3].getKey()); sessionKey = sessionService.addSession(userID).getSessionKey(); - spaceID = spaceService.createSpace(userID, "NANI", false, "dbz"); + spaceID = spaceService.createSpace(userID, "NANI", false, false, false, "dbz"); } @When("the user requests to upload {int} files") diff --git a/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java b/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java index 8a0b9d4..29d2a21 100644 --- a/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java +++ b/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java @@ -32,7 +32,7 @@ public class SpaceServiceUnitTests { private SpaceService spaceService; - private GetSpacesResponseDto resGetSpace = new GetSpacesResponseDto((long)2, false, true); + private GetSpacesResponseDto resGetSpace = new GetSpacesResponseDto((long)2, false, true, true, true); @BeforeEach private void initialize() { @@ -41,8 +41,8 @@ private void initialize() { userAccessService = Mockito.mock(UserAccessService.class); Mockito.when(spaceRepository.findById((long)1)).thenReturn(Optional.ofNullable(null)); - Mockito.when(spaceRepository.findById((long)2)).thenReturn(Optional.of(new SpaceModel((long)2, (long)2, false, ""))); - Mockito.when(spaceRepository.save(Mockito.any())).thenReturn(new SpaceModel((long)1, (long)0, (long)0, false, "")); + Mockito.when(spaceRepository.findById((long)2)).thenReturn(Optional.of(new SpaceModel((long)2, (long)2, false, false, false, ""))); + Mockito.when(spaceRepository.save(Mockito.any())).thenReturn(new SpaceModel((long)1, (long)0, (long)0, false,false, false, "")); spaceService = new SpaceService(spaceRepository, refFileService, userAccessService); } @@ -66,7 +66,7 @@ public void getSpace() { @Test @DisplayName("Create space.") public void createSpaceTest() { - Assertions.assertEquals((long)1, spaceService.createSpace((long)1, "", true, "")); + Assertions.assertEquals((long)1, spaceService.createSpace((long)1, "", true, false, false, "")); } diff --git a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java index e68a91b..f59651b 100644 --- a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java +++ b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java @@ -38,6 +38,7 @@ public class SpaceTestData { public static final SpaceAuthKeyDto[] getAuthKeys = { new SpaceAuthKeyDto(new GenericAuthDto(1L, "definitely wrong"), 3L), new SpaceAuthKeyDto(new GenericAuthDto(1L, "correctTestSessionKey"), 3L), - new SpaceAuthKeyDto(new GenericAuthDto(1L, "correctTestSessionKey"), 4L) + new SpaceAuthKeyDto(new GenericAuthDto(1L, "correctTestSessionKey"), 4L), + new SpaceAuthKeyDto(new GenericAuthDto(2L, "correctTestSessionKey"), 3L) }; } From a29922c685330185aeea191035f128fe26234bd9 Mon Sep 17 00:00:00 2001 From: Johannes Quast <54998646+jatsqi@users.noreply.github.com> Date: Mon, 3 May 2021 21:01:47 +0200 Subject: [PATCH 05/57] Update pom.xml --- pom.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pom.xml b/pom.xml index f653360..d44b877 100644 --- a/pom.xml +++ b/pom.xml @@ -16,6 +16,9 @@ 14 + Vaultionizer_vault-server + vaultionizer + https://sonarcloud.io From 2ff28737570a3b5b86235d683a65c084eeac80df Mon Sep 17 00:00:00 2001 From: Johannes Quast <54998646+jatsqi@users.noreply.github.com> Date: Mon, 3 May 2021 21:03:19 +0200 Subject: [PATCH 06/57] Create sonarcloud.yml --- .github/workflows/sonarcloud.yml | 37 ++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000..18c9a8a --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,37 @@ +name: SonarCloud +on: + push: + branches: + - develop + - master + pull_request: + types: [opened, synchronize, reopened] +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 11 + - name: Cache SonarCloud packages + uses: actions/cache@v1 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v1 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar From 55bc2c75ce1d3ece65b2e187d4aa34ace60a578c Mon Sep 17 00:00:00 2001 From: Johannes Quast <54998646+jatsqi@users.noreply.github.com> Date: Mon, 3 May 2021 21:04:41 +0200 Subject: [PATCH 07/57] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 18c9a8a..387f3d7 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -1,9 +1,7 @@ name: SonarCloud on: push: - branches: - - develop - - master + branches: [ master, develop ] pull_request: types: [opened, synchronize, reopened] jobs: From 0bcb0d05a7c8f3d9cac361ce2d07193ed14a8ce9 Mon Sep 17 00:00:00 2001 From: Johannes Quast <54998646+jatsqi@users.noreply.github.com> Date: Mon, 3 May 2021 21:08:11 +0200 Subject: [PATCH 08/57] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 387f3d7..9eb2345 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -12,10 +12,10 @@ jobs: - uses: actions/checkout@v2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Set up JDK 11 + - name: Set up JDK 14 uses: actions/setup-java@v1 with: - java-version: 11 + java-version: 14 - name: Cache SonarCloud packages uses: actions/cache@v1 with: From f244bd8ca47321f486b0939c3e83f8771f244d9f Mon Sep 17 00:00:00 2001 From: keksklauer4 Date: Mon, 3 May 2021 21:29:56 +0200 Subject: [PATCH 09/57] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d41aa44..c76da7e 100644 --- a/README.md +++ b/README.md @@ -16,4 +16,4 @@ All semantic data (like filenames, contents etc.) is stored in a custom (JSON-ba The backend can easily be deployed using Docker and then used by the Android application. ## Swagger-API -For the current API, see [here](https://v2202006123966120989.bestsrv.de/swagger-ui.html#/). +For the current API, see [here](https://api.vault.jatsqi/swagger-ui.html#/). From 7e98a99b7d3879602f0a72920c355178fedb6897 Mon Sep 17 00:00:00 2001 From: keksklauer4 Date: Mon, 3 May 2021 21:38:12 +0200 Subject: [PATCH 10/57] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index c76da7e..fc6b201 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,9 @@ Hey, welcome to the Github repository for the backend for the [Vaultionizer Android application](https://github.com/Vaultionizer/vault-android-app). +[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=Vaultionizer_vault-server&metric=ncloc)](https://sonarcloud.io/dashboard?id=Vaultionizer_vault-server)[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=Vaultionizer_vault-server&metric=alert_status)](https://sonarcloud.io/dashboard?id=Vaultionizer_vault-server) +[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=Vaultionizer_vault-server&metric=coverage)](https://sonarcloud.io/dashboard?id=Vaultionizer_vault-server)[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=Vaultionizer_vault-server&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=Vaultionizer_vault-server) + The application aims at enabling a user to securely store data online without having to fear the data being analyzed, breached or anything similar. Our goal is to put zero trust into server instances and instead rely solely on the user knowing what to do. Before reading any further, note that this application is explorative and should not be used in practice (since for debugging purposes, the data is not encrypted yet)! From 8e2b9aef1f5516ad4de3dfcd65248dfdbb61d967 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Tue, 4 May 2021 13:01:09 +0200 Subject: [PATCH 11/57] Fixed tests and included cucumba. --- Dockerfile | 3 ++- docker-compose.yml | 2 +- pom.xml | 6 ++++++ scripts/build_project_docker.sh | 5 +---- scripts/docker-compose.yml | 10 ++++++++++ scripts/test.sh | 15 +++++++++++++++ .../vaultserver/config/SecurityConfig.java | 3 +-- .../controllers/WebsocketController.java | 5 ++--- .../vaultserver/service/FileService.java | 3 +-- src/main/resources/application.properties | 4 +--- 10 files changed, 40 insertions(+), 16 deletions(-) create mode 100644 scripts/docker-compose.yml create mode 100644 scripts/test.sh diff --git a/Dockerfile b/Dockerfile index 341e807..df01f86 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,11 @@ ADD ./pom.xml ./pom.xml RUN mvn dependency:go-offline -B ADD . /home/vaultionizer/project +ADD scripts/test.sh test.sh ADD scripts/build_project_docker.sh build_project.sh RUN bash build_project.sh FROM openjdk:15-alpine COPY --from=build_step /home/vaultionizer/vaultionizer_server.jar /home/vaultionizer/vaultionizer_server.jar -EXPOSE 443 +EXPOSE 8080 ENTRYPOINT ["java", "-jar", "/home/vaultionizer/vaultionizer_server.jar"] diff --git a/docker-compose.yml b/docker-compose.yml index 1d7fa7e..f2753fc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: image: vaultionizer_app build: ./ ports: - - "443:443" + - "8080:8080" depends_on: - postgres_vault environment: diff --git a/pom.xml b/pom.xml index f653360..1da1859 100644 --- a/pom.xml +++ b/pom.xml @@ -133,6 +133,12 @@ 6.8.0 test + + org.junit.vintage + junit-vintage-engine + 5.7.1 + test + diff --git a/scripts/build_project_docker.sh b/scripts/build_project_docker.sh index 239a3dd..29ae641 100644 --- a/scripts/build_project_docker.sh +++ b/scripts/build_project_docker.sh @@ -1,12 +1,9 @@ +bash test.sh cd /home/vaultionizer/project rm target/vaultserver* export MAVEN_OPTS="-Xmx1024m" -echo "installing dependencies..." -mvn clean install -o > /home/vaultionizer/log_install.txt -echo "Finished installing dependencies." - echo "Packaging project" mvn package diff --git a/scripts/docker-compose.yml b/scripts/docker-compose.yml new file mode 100644 index 0000000..07be7d2 --- /dev/null +++ b/scripts/docker-compose.yml @@ -0,0 +1,10 @@ +version: '3.1' +services: + postgres_vault_test: + image: postgres + ports: + - "5432:5432" + environment: + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=password + - POSTGRES_DB=mydb \ No newline at end of file diff --git a/scripts/test.sh b/scripts/test.sh new file mode 100644 index 0000000..e00908e --- /dev/null +++ b/scripts/test.sh @@ -0,0 +1,15 @@ +# start test vaultionizer postgres + +export VAULT_ENABLE_SSL=false +export VAULT_DB_USER=postgres +export VAULT_DB_PASSWORD=password +export VAULT_DB_DATABASE=mydb +export VAULT_DB_HOST=localhost:5432 + +docker-compose up --build -d + +cd .. +mvn test +docker stop scripts_postgres_vault_test_1 +docker rm scripts_postgres_vault_test_1 + diff --git a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java index 47da5f1..cae3439 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java @@ -18,8 +18,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http.cors().and().authorizeRequests() .antMatchers("/**") - .permitAll() - .and().csrf().disable(); + .permitAll(); } @Bean diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java index 5a65fbd..d823d5b 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java @@ -1,5 +1,6 @@ package com.vaultionizer.vaultserver.controllers; + import com.vaultionizer.vaultserver.helpers.Config; import com.vaultionizer.vaultserver.model.dto.WebsocketFileDto; import com.vaultionizer.vaultserver.model.dto.wserrors.GenericWSError; @@ -15,9 +16,7 @@ import org.springframework.messaging.simp.SimpMessagingTemplate; import org.springframework.stereotype.Controller; import org.springframework.util.LinkedMultiValueMap; -import org.springframework.web.bind.annotation.CrossOrigin; -@CrossOrigin(maxAge = 3600) @Controller public class WebsocketController { private final SessionService sessionService; @@ -73,6 +72,7 @@ public void upload(@Payload WebsocketFileDto content, Message file){ boolean success; if (granted == 1){ // usual upload + fileService.setUploadFile(spaceID, saveIndex); success = fileService.writeToFile(content.getContent(), spaceID, saveIndex); } else{ @@ -84,7 +84,6 @@ public void upload(@Payload WebsocketFileDto content, Message file){ sendError(wsToken, new GenericWSError(WS_ERROR.UPLOAD_UNSUCCESSFUL, new UploadData(userID, spaceID, saveIndex, sessionKey))); } - fileService.setUploadFile(spaceID, saveIndex); } public synchronized void download(String websocketToken, Long spaceID, Long saveIndex){ diff --git a/src/main/java/com/vaultionizer/vaultserver/service/FileService.java b/src/main/java/com/vaultionizer/vaultserver/service/FileService.java index 21c6722..39fb08b 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/FileService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/FileService.java @@ -68,7 +68,7 @@ public FileStatus setDownloadFile(Long spaceID, Long saveIndex){ public boolean writeToFile(String content, Long spaceID, Long saveIndex){ FileModel model = findFile(spaceID, saveIndex); - if (model != null) return false; + if (model == null || model.getStatus() != FileStatus.UPLOADING) return false; File f = new File(getFilePath(spaceID, saveIndex)); if (!f.exists()){ try { @@ -86,7 +86,6 @@ public boolean writeToFile(String content, Long spaceID, Long saveIndex){ e.printStackTrace(); return false; } - model = new FileModel(spaceID, saveIndex); model.setStatus(FileStatus.ACCESSIBLE); fileRepository.save(model); return true; diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index c6d291a..148ccff 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,4 @@ - -server.port=443 +server.port=8080 spring.application.name=vaultserver # set password here (next line)! @@ -15,4 +14,3 @@ spring.datasource.username=${VAULT_DB_USER} spring.datasource.password=${VAULT_DB_PASSWORD} spring.jpa.hibernate.ddl-auto=create - From cb37c6bacee8fcb7a81907640bb9c70b4f8c50fb Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Tue, 4 May 2021 13:08:24 +0200 Subject: [PATCH 12/57] Trying to make CICD tests run. --- .github/workflows/build-test-dev-master.yml | 5 +++++ scripts/build_project_docker.sh | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-test-dev-master.yml b/.github/workflows/build-test-dev-master.yml index 92cffc8..4751f9c 100644 --- a/.github/workflows/build-test-dev-master.yml +++ b/.github/workflows/build-test-dev-master.yml @@ -21,5 +21,10 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- + - name: Test code + run: | + cd scripts + bash test.sh + cd .. - name: Run docker run: docker-compose build diff --git a/scripts/build_project_docker.sh b/scripts/build_project_docker.sh index 29ae641..7c323b8 100644 --- a/scripts/build_project_docker.sh +++ b/scripts/build_project_docker.sh @@ -1,4 +1,3 @@ -bash test.sh cd /home/vaultionizer/project rm target/vaultserver* From 1cb12b65aa6d1a7a7670c0a435e6172202b549e5 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 9 May 2021 20:12:52 +0200 Subject: [PATCH 13/57] Added space management functionality. --- .github/workflows/build-test-dev-master.yml | 5 +- .../controllers/SpaceController.java | 54 +++++++++++++++++++ .../model/dto/ConfigureSpaceDto.java | 19 +++++++ .../vaultserver/resource/SpaceRepository.java | 5 ++ .../resource/UserAccessRepository.java | 5 ++ .../vaultserver/service/SpaceService.java | 4 ++ .../service/UserAccessService.java | 4 ++ 7 files changed, 92 insertions(+), 4 deletions(-) create mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java diff --git a/.github/workflows/build-test-dev-master.yml b/.github/workflows/build-test-dev-master.yml index 4751f9c..1e4e374 100644 --- a/.github/workflows/build-test-dev-master.yml +++ b/.github/workflows/build-test-dev-master.yml @@ -24,7 +24,4 @@ jobs: - name: Test code run: | cd scripts - bash test.sh - cd .. - - name: Run docker - run: docker-compose build + bash test.sh \ No newline at end of file diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index 5ee5250..fbf8e3d 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -142,6 +142,60 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(spaceService.getSpaceAuthKey(req.getSpaceID()), HttpStatus.OK); } + @RequestMapping(value = "/api/spaces/config/{spaceID}", method = RequestMethod.POST) + @ApiOperation( value = "Returns the authentication key of a file.", + response = ConfigureSpaceDto.class + ) + @ApiResponses(value = { + @ApiResponse(code = 202, message = "The auth key is returned."), + @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), + @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong."), + @ApiResponse(code = 406, message = "User is not the creator.") + }) + public @ResponseBody ResponseEntity + configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID){ + HttpStatus status = checkPrivilegeLevel(req.getAuth(), spaceID); + if (status != null) return new ResponseEntity<>(null, status); + + spaceService.configureSpace(spaceID, req.getUsersWriteAccess(), req.getUsersAuthAccess()); + return new ResponseEntity<>(null, HttpStatus.ACCEPTED); + } + + @RequestMapping(value = "/api/spaces/{spaceID}/kickall", method = RequestMethod.POST) + @ApiOperation( value = "Returns the authentication key of a file.", + response = GenericAuthDto.class + ) + @ApiResponses(value = { + @ApiResponse(code = 200, message = "The auth key is returned."), + @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), + @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong."), + @ApiResponse(code = 406, message = "User is not the creator.") + }) + public @ResponseBody ResponseEntity + kickUsers(@RequestBody GenericAuthDto req, @PathVariable Long spaceID){ + HttpStatus status = checkPrivilegeLevel(req, spaceID); + if (status != null) return new ResponseEntity<>(null, status); + + userAccessService.kickAll(spaceID, req.getUserID()); + return new ResponseEntity<>(null, HttpStatus.OK); + } + + // check whether user is logged in, has access and whether user is creator. If so, returns null + private HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + return HttpStatus.UNAUTHORIZED; + } + if (spaceService.checkDeleted(spaceID) || + !userAccessService.userHasAccess(auth.getUserID(), spaceID)){ + return HttpStatus.FORBIDDEN; + } + if (!spaceService.checkCreator(spaceID, auth.getUserID())){ + return HttpStatus.NOT_ACCEPTABLE; + } + return null; + } + + @RequestMapping(value = "/api/spaces/delete/{spaceID}", method = RequestMethod.DELETE) @ApiOperation( value = "Deletes the specified space if permitted.", diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java new file mode 100644 index 0000000..2e0a42d --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java @@ -0,0 +1,19 @@ +package com.vaultionizer.vaultserver.model.dto; + +public class ConfigureSpaceDto { + private GenericAuthDto auth; + private boolean usersWriteAccess; + private boolean usersAuthAccess; + + public GenericAuthDto getAuth() { + return auth; + } + + public boolean getUsersWriteAccess() { + return usersWriteAccess; + } + + public boolean getUsersAuthAccess() { + return usersAuthAccess; + } +} diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java index a0a3134..96c939f 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java @@ -40,4 +40,9 @@ public interface SpaceRepository extends JpaRepository { @Query("SELECT COUNT(it) FROM SpaceModel it WHERE it.spaceID = ?1 " + "AND (it.creatorID = ?2 OR it.usersCanGetAuthKey = true)") int getUserAuthKeyAccess(Long spaceID, Long userID); // user has access to auth key if creator or normal users have access to auth key + + @Transactional + @Modifying + @Query("UPDATE SpaceModel it SET it.usersHaveWriteAccess = ?2, it.usersCanGetAuthKey = ?3 WHERE it.spaceID = ?1") + void configureSpace(Long spaceID, boolean writeAccess, boolean authKeyAccess); } diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/UserAccessRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/UserAccessRepository.java index 87aba6c..81384bf 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/UserAccessRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/UserAccessRepository.java @@ -20,6 +20,11 @@ public interface UserAccessRepository extends JpaRepository ?2") + void kickAllUsers(Long spaceID, Long creatorID); + @Transactional @Modifying @Query("DELETE FROM UserAccessModel it WHERE it.userID = ?1") diff --git a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java index 1fc3eaa..754df9e 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java @@ -111,4 +111,8 @@ public boolean userHasWriteAccess(Long spaceID, Long userID){ public boolean userHasAuthKeyAccess(Long spaceID, Long userID){ return spaceRepository.getUserAuthKeyAccess(spaceID, userID) == 1; } + + public void configureSpace(Long spaceID, boolean writeAccess, boolean authKeyAccess) { + spaceRepository.configureSpace(spaceID, writeAccess, authKeyAccess); + } } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java b/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java index 294e9fd..748f889 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java @@ -45,4 +45,8 @@ public boolean removeAccess(Long userID, Long spaceID){ } return false; } + + public void kickAll(Long spaceID, Long creatorID){ + userAccessRepository.kickAllUsers(spaceID, creatorID); + } } From 61398657f078cb3bb766f4a922cceebf35c45d5e Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 9 May 2021 20:20:25 +0200 Subject: [PATCH 14/57] Get Cucumber tests to work #1 --- .github/workflows/build-test-dev-master.yml | 1 + scripts/test.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-test-dev-master.yml b/.github/workflows/build-test-dev-master.yml index 1e4e374..b50342e 100644 --- a/.github/workflows/build-test-dev-master.yml +++ b/.github/workflows/build-test-dev-master.yml @@ -24,4 +24,5 @@ jobs: - name: Test code run: | cd scripts + ls bash test.sh \ No newline at end of file diff --git a/scripts/test.sh b/scripts/test.sh index e00908e..444e57c 100644 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -6,7 +6,7 @@ export VAULT_DB_PASSWORD=password export VAULT_DB_DATABASE=mydb export VAULT_DB_HOST=localhost:5432 -docker-compose up --build -d +docker-compose up --build cd .. mvn test From 24af7c03f02173872528671b71a85b5a3f0614ca Mon Sep 17 00:00:00 2001 From: keksklauer4 Date: Sun, 9 May 2021 20:22:14 +0200 Subject: [PATCH 15/57] Update test.sh --- scripts/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/test.sh b/scripts/test.sh index 444e57c..e00908e 100644 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -6,7 +6,7 @@ export VAULT_DB_PASSWORD=password export VAULT_DB_DATABASE=mydb export VAULT_DB_HOST=localhost:5432 -docker-compose up --build +docker-compose up --build -d cd .. mvn test From c19c88ef096796e520d8047669cb0b70ac920dad Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 9 May 2021 20:32:52 +0200 Subject: [PATCH 16/57] Changed workflow. --- .github/workflows/build-test-dev-master.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-test-dev-master.yml b/.github/workflows/build-test-dev-master.yml index b50342e..b9f91ec 100644 --- a/.github/workflows/build-test-dev-master.yml +++ b/.github/workflows/build-test-dev-master.yml @@ -21,6 +21,11 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- + - name: Set up JDK 11 + uses: actions/setup-java@v2 + with: + java-version: '15' + distribution: 'adopt' - name: Test code run: | cd scripts From 02c6b991c6cdf8445ce3101326f97aea6c32df0a Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 9 May 2021 20:39:50 +0200 Subject: [PATCH 17/57] Cucumber tests in sonarcloud. --- .github/workflows/sonarcloud.yml | 5 ++++- scripts/sonarcloud.sh | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 scripts/sonarcloud.sh diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 9eb2345..b84f07d 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -32,4 +32,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar + run: | + cd scripts + bash sonarcloud.sh + diff --git a/scripts/sonarcloud.sh b/scripts/sonarcloud.sh new file mode 100644 index 0000000..2cca30b --- /dev/null +++ b/scripts/sonarcloud.sh @@ -0,0 +1,15 @@ +# start test vaultionizer postgres + +export VAULT_ENABLE_SSL=false +export VAULT_DB_USER=postgres +export VAULT_DB_PASSWORD=password +export VAULT_DB_DATABASE=mydb +export VAULT_DB_HOST=localhost:5432 + +docker-compose up --build -d + +cd .. +mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar +docker stop scripts_postgres_vault_test_1 +docker rm scripts_postgres_vault_test_1 + From 2a8f9d296c75018e2e2d2e7b8843708f6b28d5dd Mon Sep 17 00:00:00 2001 From: keksklauer4 Date: Sun, 9 May 2021 20:46:38 +0200 Subject: [PATCH 18/57] Update build-test-dev-master.yml --- .github/workflows/build-test-dev-master.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-test-dev-master.yml b/.github/workflows/build-test-dev-master.yml index b9f91ec..cc3d763 100644 --- a/.github/workflows/build-test-dev-master.yml +++ b/.github/workflows/build-test-dev-master.yml @@ -21,7 +21,7 @@ jobs: key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - - name: Set up JDK 11 + - name: Set up JDK 15 uses: actions/setup-java@v2 with: java-version: '15' @@ -30,4 +30,4 @@ jobs: run: | cd scripts ls - bash test.sh \ No newline at end of file + bash test.sh From 68c53a4f27f5771e49ef128d464fa62793e93b97 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Mon, 10 May 2021 02:36:46 +0200 Subject: [PATCH 19/57] Implemented some tests to make sonarcloud shut up... --- .../controllers/SpaceController.java | 4 +- .../vaultserver/model/db/SpaceModel.java | 4 + .../model/dto/ConfigureSpaceDto.java | 5 ++ .../vaultserver/service/SpaceService.java | 12 +++ .../cucumber/steps/ManageSpaceSteps.java | 82 +++++++++++++++++++ .../resources/features/manageSpace.feature | 29 +++++++ 6 files changed, 134 insertions(+), 2 deletions(-) create mode 100644 src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java create mode 100644 src/test/resources/features/manageSpace.feature diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index fbf8e3d..460c9d5 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -156,7 +156,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID){ HttpStatus status = checkPrivilegeLevel(req.getAuth(), spaceID); if (status != null) return new ResponseEntity<>(null, status); - + if (req.getSharedSpace() != null) spaceService.changeSharedState(spaceID, req.getAuth().getUserID(), req.getSharedSpace()); spaceService.configureSpace(spaceID, req.getUsersWriteAccess(), req.getUsersAuthAccess()); return new ResponseEntity<>(null, HttpStatus.ACCEPTED); } @@ -168,7 +168,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponses(value = { @ApiResponse(code = 200, message = "The auth key is returned."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), - @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong."), + @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the user has no access."), @ApiResponse(code = 406, message = "User is not the creator.") }) public @ResponseBody ResponseEntity diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java index d21614a..8a84179 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/SpaceModel.java @@ -87,4 +87,8 @@ public boolean getUsersHaveWriteAccess() { public boolean getUsersCanGetAuthKey() { return usersCanGetAuthKey; } + + public void setPrivateSpace(boolean privateSpace) { + isPrivateSpace = privateSpace; + } } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java index 2e0a42d..3cd4938 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java @@ -4,11 +4,16 @@ public class ConfigureSpaceDto { private GenericAuthDto auth; private boolean usersWriteAccess; private boolean usersAuthAccess; + private Boolean sharedSpace; public GenericAuthDto getAuth() { return auth; } + public Boolean getSharedSpace() { + return sharedSpace; + } + public boolean getUsersWriteAccess() { return usersWriteAccess; } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java index 754df9e..dfa1b11 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java @@ -115,4 +115,16 @@ public boolean userHasAuthKeyAccess(Long spaceID, Long userID){ public void configureSpace(Long spaceID, boolean writeAccess, boolean authKeyAccess) { spaceRepository.configureSpace(spaceID, writeAccess, authKeyAccess); } + + public void changeSharedState(Long spaceID, Long creatorID, Boolean shared){ + var spaceModel = spaceRepository.findById(spaceID); + if (spaceModel.isEmpty() || spaceModel.get().isPrivateSpace() == !shared) return; + SpaceModel model = spaceModel.get(); + model.setPrivateSpace(!shared); + spaceRepository.save(model); + if (!shared){ + // shared -> private: remove all accesses + userAccessService.kickAll(spaceID, creatorID); + } + } } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java new file mode 100644 index 0000000..f81f14e --- /dev/null +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java @@ -0,0 +1,82 @@ +package com.vaultionizer.vaultserver.cucumber.steps; + +import com.vaultionizer.vaultserver.controllers.FileController; +import com.vaultionizer.vaultserver.controllers.SessionController; +import com.vaultionizer.vaultserver.controllers.SpaceController; +import com.vaultionizer.vaultserver.controllers.UserController; +import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; +import com.vaultionizer.vaultserver.service.*; +import com.vaultionizer.vaultserver.testdata.UserTestData; +import io.cucumber.java.en.And; +import io.cucumber.java.en.Given; +import io.cucumber.java.en.Then; +import io.cucumber.java.en.When; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; + +public class ManageSpaceSteps extends Services { + private Long userID; + private Long spaceID; + private Long otherUserID; + private ResponseEntity res; + + @Autowired + public ManageSpaceSteps(SpaceService spaceService, UserService userService, + UserAccessService userAccessService, SessionService sessionService, + RefFileService refFileService, PendingUploadService pendingUploadService, + FileService fileService, UserController userController, + SpaceController spaceController, SessionController sessionController, + FileController fileController) { + + super(spaceService, userService, userAccessService, sessionService, refFileService, + pendingUploadService, fileService, userController, spaceController, sessionController, fileController); + } + + @Then("the return code is {int}") + public void theReturnCodeIs(int status) throws Exception { + if (res.getStatusCode().value() != status) throw new Exception("Wrong status code."); + } + + @Given("the user has created an account with name {string}") + public void theUserHasCreatedAnAccountWithName(String name) { + userID = userService.createUser(name, UserTestData.registerData[3].getKey()); + spaceID = spaceService.createSpace(userID, "sd", false, true, true, "abc"); + } + + @And("another user has an account with name {string}") + public void anotherUserHasAnAccountWithName(String name) { + otherUserID = userService.createUser(name, UserTestData.registerData[3].getKey()); + } + + @And("the other user has access") + public void theOtherUserHasAccess() { + userAccessService.addUserAccess(spaceID, otherUserID); + } + + @When("the user kicks all users") + public void theUserKicksAllUsers() { + var session = sessionService.addSession(userID); + res = spaceController.kickUsers(new GenericAuthDto(userID, session.getSessionKey()), spaceID); + } + + @And("the other user has no access") + public void theOtherUserHasNoAccess() { + if (userAccessService.userHasAccess(otherUserID, spaceID)) userAccessService.removeAccess(otherUserID, spaceID); + } + + @And("the user still has access") + public void theUserStillHasAccess() throws Exception { + if (!userAccessService.userHasAccess(userID, spaceID)) throw new Exception("User has no more access"); + } + + @When("the other user kicks all users") + public void theOtherUserKicksAllUsers() { + var session = sessionService.addSession(otherUserID); + res = spaceController.kickUsers(new GenericAuthDto(otherUserID, session.getSessionKey()), spaceID); + } + + @And("the other user still has access") + public void theOtherUserStillHasAccess() throws Exception { + if (!userAccessService.userHasAccess(otherUserID, spaceID)) throw new Exception("Other user has no more access"); + } +} diff --git a/src/test/resources/features/manageSpace.feature b/src/test/resources/features/manageSpace.feature new file mode 100644 index 0000000..f733cbc --- /dev/null +++ b/src/test/resources/features/manageSpace.feature @@ -0,0 +1,29 @@ +Feature: Space can be managed + Scenario: User can kick other users + Given the user has created an account with name "test1" + And another user has an account with name "other1" + And the other user has access + When the user kicks all users + Then the return code is 200 + And the other user has no access + And the user still has access + + Scenario: Only creator can kick users + Given the user has created an account with name "test2" + And another user has an account with name "other2" + And the other user has access + When the other user kicks all users + Then the return code is 406 + And the user still has access + And the other user still has access + + Scenario: Users without access cannot kick + Given the user has created an account with name "test3" + And another user has an account with name "other3" + When the other user kicks all users + Then the return code is 403 + And the user still has access + + Scenario: + + From eb7c0a1226d1fcc77a48a539386a42eefa73d869 Mon Sep 17 00:00:00 2001 From: keksklauer4 Date: Mon, 10 May 2021 10:18:49 +0200 Subject: [PATCH 20/57] Update CucumberIntegrationTest.java Trying to enable publishing in Cucumber --- .../vaultionizer/vaultserver/CucumberIntegrationTest.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/test/java/com/vaultionizer/vaultserver/CucumberIntegrationTest.java b/src/test/java/com/vaultionizer/vaultserver/CucumberIntegrationTest.java index 22dfc81..ccc1460 100644 --- a/src/test/java/com/vaultionizer/vaultserver/CucumberIntegrationTest.java +++ b/src/test/java/com/vaultionizer/vaultserver/CucumberIntegrationTest.java @@ -8,9 +8,10 @@ @RunWith(Cucumber.class) @CucumberOptions( - features = "src/test/resources/features") + features = "src/test/resources/features", + publish = true) @CucumberContextConfiguration @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) public class CucumberIntegrationTest { -} \ No newline at end of file +} From 483a12a4d8aa39273aefeb8e0b8da8f49beb5a12 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Mon, 10 May 2021 12:48:01 +0200 Subject: [PATCH 21/57] Implemented more tests and get config. --- .../controllers/SpaceController.java | 31 +++++++++-- .../model/dto/ConfigureSpaceDto.java | 7 +++ .../model/dto/GetSpaceConfigResponseDto.java | 25 +++++++++ .../vaultserver/resource/SpaceRepository.java | 5 ++ .../vaultserver/service/SpaceService.java | 10 ++++ .../cucumber/steps/ManageSpaceSteps.java | 38 ++++++++++++- .../resources/features/manageSpace.feature | 55 +++++++++++++++++++ 7 files changed, 165 insertions(+), 6 deletions(-) create mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpaceConfigResponseDto.java diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index 460c9d5..89eb85a 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -142,7 +142,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(spaceService.getSpaceAuthKey(req.getSpaceID()), HttpStatus.OK); } - @RequestMapping(value = "/api/spaces/config/{spaceID}", method = RequestMethod.POST) + @RequestMapping(value = "/api/spaces/{spaceID}/config", method = RequestMethod.POST) @ApiOperation( value = "Returns the authentication key of a file.", response = ConfigureSpaceDto.class ) @@ -180,8 +180,24 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.OK); } - // check whether user is logged in, has access and whether user is creator. If so, returns null - private HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ + @RequestMapping(value = "/api/spaces/{spaceID}/config/get", method = RequestMethod.POST) + @ApiOperation( value = "Returns the authentication key of a file.", + response = GenericAuthDto.class + ) + @ApiResponses(value = { + @ApiResponse(code = 200, message = "The config is returned."), + @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), + @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the user has no access.") + }) + public @ResponseBody ResponseEntity + getSpaceConfig(@RequestBody GenericAuthDto req, @PathVariable Long spaceID){ + HttpStatus status = checkAccess(req, spaceID); + if (status != null) return new ResponseEntity<>(null, status); + + return new ResponseEntity<>(spaceService.getSpaceConfig(spaceID), HttpStatus.OK); + } + + private HttpStatus checkAccess(GenericAuthDto auth, Long spaceID){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return HttpStatus.UNAUTHORIZED; } @@ -189,14 +205,19 @@ private HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ !userAccessService.userHasAccess(auth.getUserID(), spaceID)){ return HttpStatus.FORBIDDEN; } + return null; + } + + // check whether user is logged in, has access and whether user is creator. If so, returns null + private HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ + HttpStatus accessStatus = checkAccess(auth, spaceID); + if (accessStatus != null) return accessStatus; if (!spaceService.checkCreator(spaceID, auth.getUserID())){ return HttpStatus.NOT_ACCEPTABLE; } return null; } - - @RequestMapping(value = "/api/spaces/delete/{spaceID}", method = RequestMethod.DELETE) @ApiOperation( value = "Deletes the specified space if permitted.", response = SpaceAuthKeyResponseDto.class diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java index 3cd4938..b5c5b23 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java @@ -6,6 +6,13 @@ public class ConfigureSpaceDto { private boolean usersAuthAccess; private Boolean sharedSpace; + public ConfigureSpaceDto(GenericAuthDto auth, boolean usersWriteAccess, boolean usersAuthAccess, Boolean sharedSpace) { + this.auth = auth; + this.usersWriteAccess = usersWriteAccess; + this.usersAuthAccess = usersAuthAccess; + this.sharedSpace = sharedSpace; + } + public GenericAuthDto getAuth() { return auth; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpaceConfigResponseDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpaceConfigResponseDto.java new file mode 100644 index 0000000..06b0e39 --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/GetSpaceConfigResponseDto.java @@ -0,0 +1,25 @@ +package com.vaultionizer.vaultserver.model.dto; + +public class GetSpaceConfigResponseDto { + private boolean isPrivate; + private boolean usersHaveWriteAccess; + private boolean usersCanInvite; + + public GetSpaceConfigResponseDto(boolean isPrivate, boolean usersHaveWriteAccess, boolean usersCanInvite) { + this.isPrivate = isPrivate; + this.usersHaveWriteAccess = usersHaveWriteAccess; + this.usersCanInvite = usersCanInvite; + } + + public boolean isPrivate() { + return isPrivate; + } + + public boolean isUsersHaveWriteAccess() { + return usersHaveWriteAccess; + } + + public boolean isUsersCanInvite() { + return usersCanInvite; + } +} diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java index 96c939f..f7502c2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java @@ -1,6 +1,7 @@ package com.vaultionizer.vaultserver.resource; import com.vaultionizer.vaultserver.model.db.SpaceModel; +import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; import com.vaultionizer.vaultserver.model.dto.SpaceAuthKeyResponseDto; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Modifying; @@ -45,4 +46,8 @@ public interface SpaceRepository extends JpaRepository { @Modifying @Query("UPDATE SpaceModel it SET it.usersHaveWriteAccess = ?2, it.usersCanGetAuthKey = ?3 WHERE it.spaceID = ?1") void configureSpace(Long spaceID, boolean writeAccess, boolean authKeyAccess); + + @Query("SELECT new com.vaultionizer.vaultserver.model.dto.GetSpaceConfigResponseDto(it.isPrivateSpace, it.usersHaveWriteAccess, it.usersCanGetAuthKey) " + + "FROM SpaceModel it WHERE it.spaceID = ?1") + GetSpacesResponseDto getSpaceConfig(Long spaceID); } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java index dfa1b11..03fec2c 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java @@ -127,4 +127,14 @@ public void changeSharedState(Long spaceID, Long creatorID, Boolean shared){ userAccessService.kickAll(spaceID, creatorID); } } + + public Boolean checkShared(Long spaceID){ + var model = spaceRepository.findById(spaceID); + if (model.isEmpty()) return null; + return !model.get().isPrivateSpace(); + } + + public GetSpacesResponseDto getSpaceConfig(Long spaceID){ + return spaceRepository.getSpaceConfig(spaceID); + } } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java index f81f14e..ffe4687 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java @@ -4,6 +4,7 @@ import com.vaultionizer.vaultserver.controllers.SessionController; import com.vaultionizer.vaultserver.controllers.SpaceController; import com.vaultionizer.vaultserver.controllers.UserController; +import com.vaultionizer.vaultserver.model.dto.ConfigureSpaceDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; @@ -77,6 +78,41 @@ public void theOtherUserKicksAllUsers() { @And("the other user still has access") public void theOtherUserStillHasAccess() throws Exception { - if (!userAccessService.userHasAccess(otherUserID, spaceID)) throw new Exception("Other user has no more access"); + if (!userAccessService.userHasAccess(otherUserID, spaceID)) + throw new Exception("Other user has no more access"); + } + + @And("the user creates a space that is {string}") + public void theUserCreatesASpaceThatIs(String sharedState) { + spaceID = spaceService.createSpace(userID, "sd", !parseSharedState(sharedState), true, true, "abc"); + + } + + @When("the user sets the space {string}") + public void theUserSetsTheSpace(String newSharedState) { + var session = sessionService.addSession(userID); + res = spaceController.configureSpace( + new ConfigureSpaceDto( + new GenericAuthDto(userID, session.getSessionKey()), + true, true, !parseSharedState(newSharedState)), spaceID); + } + + @When("the other user configures space") + public void theOtherUserConfiguresSpace() { + var session = sessionService.addSession(otherUserID); + res = spaceController.configureSpace( + new ConfigureSpaceDto(new GenericAuthDto(otherUserID, session.getSessionKey()), + true, true, false), spaceID); + + } + + private boolean parseSharedState(String state) { + return state.equals("shared"); + } + + @And("the space is configured as {string}") + public void theSpaceIsConfiguredAs(String sharedState) throws Exception { + Boolean shared = spaceService.checkShared(spaceID); + if (shared == null || shared == parseSharedState(sharedState)) throw new Exception("Configuration failed. State is now "+shared); } } diff --git a/src/test/resources/features/manageSpace.feature b/src/test/resources/features/manageSpace.feature index f733cbc..b7451b1 100644 --- a/src/test/resources/features/manageSpace.feature +++ b/src/test/resources/features/manageSpace.feature @@ -24,6 +24,61 @@ Feature: Space can be managed Then the return code is 403 And the user still has access + Scenario: User can make space private + Given the user has created an account with name "test4" + And the user creates a space that is "shared" + And another user has an account with name "other4" + And the other user has access + When the user sets the space "private" + Then the return code is 202 + And the user still has access + And the space is configured as "private" + And the other user has no access + + Scenario: User can make space private + Given the user has created an account with name "test5" + And the user creates a space that is "private" + And another user has an account with name "other5" + And the other user has access + When the user sets the space "shared" + Then the return code is 202 + And the user still has access + And the space is configured as "shared" + And the other user has no access + + + Scenario: Only creator can configure + Given the user has created an account with name "test6" + And another user has an account with name "other6" + And the other user has access + When the other user configures space + Then the return code is 406 + And the user still has access + And the other user still has access + + + Scenario: Configuration needs access + Given the user has created an account with name "test7" + And another user has an account with name "other7" + When the other user configures space + Then the return code is 403 + And the user still has access + And the other user has no access + + Scenario Outline: User can make space + Given the user has created an account with name "" + And the user creates a space that is "" + And another user has an account with name "" + And the other user has access + When the user sets the space "" + Then the return code is 202 + And the user still has access + And the space is configured as "" + Examples: + | shared_state | username | other_user | + | private | test8 | other8 | + | shared | test9 | other9 | + Scenario: From 2b482f639af5e5090813f8332188deccae7091c8 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Mon, 10 May 2021 21:31:42 +0200 Subject: [PATCH 22/57] Implemented cucumber tests and some additional functionality. --- .../controllers/SpaceController.java | 25 ++++++-- .../model/dto/ChangeAuthKeyDto.java | 19 ++++++ .../vaultserver/resource/SpaceRepository.java | 9 ++- .../vaultserver/service/SpaceService.java | 7 ++- src/main/resources/application.properties | 8 +-- .../cucumber/steps/ManageSpaceSteps.java | 59 +++++++++++++++---- .../resources/features/manageSpace.feature | 38 +++++++++++- 7 files changed, 144 insertions(+), 21 deletions(-) create mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index 89eb85a..bd6a1bd 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -1,8 +1,6 @@ package com.vaultionizer.vaultserver.controllers; -import com.vaultionizer.vaultserver.model.db.SpaceModel; import com.vaultionizer.vaultserver.model.dto.*; -import com.vaultionizer.vaultserver.resource.SpaceRepository; import com.vaultionizer.vaultserver.service.*; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -180,9 +178,28 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.OK); } + @RequestMapping(value = "/api/spaces/{spaceID}/authkey", method = RequestMethod.POST) + @ApiOperation( value = "Changes the authentication key of a space.", + response = ChangeAuthKeyDto.class + ) + @ApiResponses(value = { + @ApiResponse(code = 200, message = "The auth key was replaced."), + @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), + @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the user has no access."), + @ApiResponse(code = 406, message = "User is not the creator.") + }) + public @ResponseBody ResponseEntity + changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID){ + HttpStatus status = checkPrivilegeLevel(req.getAuth(), spaceID); + if (status != null) return new ResponseEntity<>(null, status); + + spaceService.changeAuthKey(spaceID, req.getAuthKey()); + return new ResponseEntity<>(null, HttpStatus.OK); + } + @RequestMapping(value = "/api/spaces/{spaceID}/config/get", method = RequestMethod.POST) - @ApiOperation( value = "Returns the authentication key of a file.", - response = GenericAuthDto.class + @ApiOperation( value = "Returns the configuration of a space.", + response = GetSpacesResponseDto.class ) @ApiResponses(value = { @ApiResponse(code = 200, message = "The config is returned."), diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java new file mode 100644 index 0000000..f073e61 --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java @@ -0,0 +1,19 @@ +package com.vaultionizer.vaultserver.model.dto; + +public class ChangeAuthKeyDto { + private final GenericAuthDto auth; + private final String authKey; + + public ChangeAuthKeyDto(GenericAuthDto auth, String authKey) { + this.auth = auth; + this.authKey = authKey; + } + + public GenericAuthDto getAuth() { + return auth; + } + + public String getAuthKey() { + return authKey; + } +} diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java index f7502c2..f63f5ac 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java @@ -1,6 +1,7 @@ package com.vaultionizer.vaultserver.resource; import com.vaultionizer.vaultserver.model.db.SpaceModel; +import com.vaultionizer.vaultserver.model.dto.GetSpaceConfigResponseDto; import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; import com.vaultionizer.vaultserver.model.dto.SpaceAuthKeyResponseDto; import org.springframework.data.jpa.repository.JpaRepository; @@ -49,5 +50,11 @@ public interface SpaceRepository extends JpaRepository { @Query("SELECT new com.vaultionizer.vaultserver.model.dto.GetSpaceConfigResponseDto(it.isPrivateSpace, it.usersHaveWriteAccess, it.usersCanGetAuthKey) " + "FROM SpaceModel it WHERE it.spaceID = ?1") - GetSpacesResponseDto getSpaceConfig(Long spaceID); + GetSpaceConfigResponseDto getSpaceConfig(Long spaceID); + + + @Transactional + @Modifying + @Query("UPDATE SpaceModel it SET it.authKey = ?2 WHERE it.spaceID = ?1") + void updateAuthKey(Long spaceID, String authKey); } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java index 03fec2c..f4ef8d1 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java @@ -1,6 +1,7 @@ package com.vaultionizer.vaultserver.service; import com.vaultionizer.vaultserver.model.db.SpaceModel; +import com.vaultionizer.vaultserver.model.dto.GetSpaceConfigResponseDto; import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; import com.vaultionizer.vaultserver.model.dto.SpaceAuthKeyResponseDto; import com.vaultionizer.vaultserver.resource.SpaceRepository; @@ -134,7 +135,11 @@ public Boolean checkShared(Long spaceID){ return !model.get().isPrivateSpace(); } - public GetSpacesResponseDto getSpaceConfig(Long spaceID){ + public GetSpaceConfigResponseDto getSpaceConfig(Long spaceID){ return spaceRepository.getSpaceConfig(spaceID); } + + public void changeAuthKey(Long spaceID, String authKey){ + spaceRepository.updateAuthKey(spaceID, authKey); + } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 148ccff..efa7b05 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -6,11 +6,11 @@ server.ssl.key-store-password=test-password-vaultionizer server.ssl.key-store-type=PKCS12 server.ssl.key-store=classpath:keystore/vaultionizerServer.p12 server.ssl.key-alias=vaultionizerServer -server.ssl.enabled=${VAULT_ENABLE_SSL} +server.ssl.enabled=false spring.datasource.driver-class-name=org.postgresql.Driver -spring.datasource.url=jdbc:postgresql://${VAULT_DB_HOST}/${VAULT_DB_DATABASE} -spring.datasource.username=${VAULT_DB_USER} -spring.datasource.password=${VAULT_DB_PASSWORD} +spring.datasource.url=jdbc:postgresql://localhost:5432/mydb +spring.datasource.username=postgres +spring.datasource.password=password spring.jpa.hibernate.ddl-auto=create diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java index ffe4687..3375e1c 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java @@ -6,6 +6,8 @@ import com.vaultionizer.vaultserver.controllers.UserController; import com.vaultionizer.vaultserver.model.dto.ConfigureSpaceDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; +import com.vaultionizer.vaultserver.model.dto.GetSpaceConfigResponseDto; +import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; import io.cucumber.java.en.And; @@ -56,8 +58,7 @@ public void theOtherUserHasAccess() { @When("the user kicks all users") public void theUserKicksAllUsers() { - var session = sessionService.addSession(userID); - res = spaceController.kickUsers(new GenericAuthDto(userID, session.getSessionKey()), spaceID); + res = spaceController.kickUsers(getUserAuth(userID), spaceID); } @And("the other user has no access") @@ -72,8 +73,7 @@ public void theUserStillHasAccess() throws Exception { @When("the other user kicks all users") public void theOtherUserKicksAllUsers() { - var session = sessionService.addSession(otherUserID); - res = spaceController.kickUsers(new GenericAuthDto(otherUserID, session.getSessionKey()), spaceID); + res = spaceController.kickUsers(getUserAuth(otherUserID), spaceID); } @And("the other user still has access") @@ -90,18 +90,15 @@ public void theUserCreatesASpaceThatIs(String sharedState) { @When("the user sets the space {string}") public void theUserSetsTheSpace(String newSharedState) { - var session = sessionService.addSession(userID); res = spaceController.configureSpace( - new ConfigureSpaceDto( - new GenericAuthDto(userID, session.getSessionKey()), + new ConfigureSpaceDto(getUserAuth(userID), true, true, !parseSharedState(newSharedState)), spaceID); } @When("the other user configures space") public void theOtherUserConfiguresSpace() { - var session = sessionService.addSession(otherUserID); res = spaceController.configureSpace( - new ConfigureSpaceDto(new GenericAuthDto(otherUserID, session.getSessionKey()), + new ConfigureSpaceDto(getUserAuth(otherUserID), true, true, false), spaceID); } @@ -113,6 +110,48 @@ private boolean parseSharedState(String state) { @And("the space is configured as {string}") public void theSpaceIsConfiguredAs(String sharedState) throws Exception { Boolean shared = spaceService.checkShared(spaceID); - if (shared == null || shared == parseSharedState(sharedState)) throw new Exception("Configuration failed. State is now "+shared); + if (shared == null || shared == parseSharedState(sharedState)) + throw new Exception("Configuration failed. State is now " + shared); + } + + @When("the user queries the config") + public void theUserQueriesTheConfig() { + res = spaceController.getSpaceConfig(getUserAuth(userID), spaceID); + } + + @And("the config is correct.") + public void theConfigIsCorrect() { + } + + @When("the other user queries the config") + public void theOtherUserQueriesTheConfig() { + res = spaceController.getSpaceConfig(getUserAuth(otherUserID), spaceID); + } + + @When("the user configures the space to write access {string} and invite {string}") + public void theUserConfiguresTheSpaceToWriteAccessAndInvite(String writeAccess, String inviteAccess) { + res = spaceController.configureSpace(new ConfigureSpaceDto( + getUserAuth(userID), Boolean.parseBoolean(writeAccess), Boolean.parseBoolean(inviteAccess), true), + spaceID); + } + + @And("the config has write access {string} and invite {string}") + public void theConfigHasWriteAccessAndInvite(String writeAccess, String inviteAccess) throws Exception { + res = spaceController.getSpaceConfig(getUserAuth(userID), spaceID); + if (res == null || !res.hasBody() || res.getBody() == null) throw new Exception("Querying config failed"); + var body = (GetSpaceConfigResponseDto)res.getBody(); + + if (body.isUsersHaveWriteAccess() != Boolean.parseBoolean(writeAccess) || body.isUsersCanInvite() != Boolean.parseBoolean(inviteAccess)) + throw new Exception("Error. Wrong config. Write access: "+body.isUsersHaveWriteAccess()+" auth key access: "+body.isUsersCanInvite()); + } + + @When("the other user configures the space") + public void theOtherUserConfiguresTheSpace() { + res = spaceController.configureSpace(new ConfigureSpaceDto(getUserAuth(otherUserID), false, false, false), spaceID); + } + + private GenericAuthDto getUserAuth(Long _userID){ + var session = sessionService.addSession(_userID); + return new GenericAuthDto(_userID, session.getSessionKey()); } } diff --git a/src/test/resources/features/manageSpace.feature b/src/test/resources/features/manageSpace.feature index b7451b1..3725987 100644 --- a/src/test/resources/features/manageSpace.feature +++ b/src/test/resources/features/manageSpace.feature @@ -79,6 +79,42 @@ Feature: Space can be managed | private | test8 | other8 | | shared | test9 | other9 | - Scenario: + Scenario: User can get config + Given the user has created an account with name "test10" + When the user queries the config + Then the return code is 200 + And the config is correct. + + Scenario: User can only get config with access + Given the user has created an account with name "test11" + And another user has an account with name "other11" + When the other user queries the config + Then the return code is 403 + + Scenario Outline: User can configure space + Given the user has created an account with name "" + When the user configures the space to write access "" and invite "" + Then the return code is 202 + And the config has write access "" and invite "" + Examples: + | username | writeAccess | inviteAllowed | + | test12 | false | false | + | test13 | false | true | + | test14 | true | false | + | test15 | true | true | + + Scenario: User without access cannot configure + Given the user has created an account with name "test16" + And another user has an account with name "other16" + When the other user configures the space + Then the return code is 403 + + Scenario: User without access cannot configure + Given the user has created an account with name "test17" + And another user has an account with name "other17" + And the other user has access + When the other user configures the space + Then the return code is 406 + From 681849e9e2a7bb2fd137ddfff900193f84f42d09 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Mon, 10 May 2021 21:53:28 +0200 Subject: [PATCH 23/57] Implemented more tests and some additional functionality. --- .../controllers/SpaceController.java | 8 ++-- .../model/dto/SpaceAuthKeyResponseDto.java | 8 ++++ src/main/resources/application.properties | 8 ++-- .../cucumber/steps/ManageSpaceSteps.java | 39 ++++++++++++++++--- .../resources/features/manageSpace.feature | 22 +++++++++++ 5 files changed, 72 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index bd6a1bd..c3f48ce 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -122,7 +122,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 200, message = "The auth key is returned."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong."), - @ApiResponse(code = 406, message = "User is not allowed to get the auth key.") + @ApiResponse(code = 406, message = "User is not allowed to get the auth key."), + @ApiResponse(code = 417, message = "Some other error occurred.") }) public @ResponseBody ResponseEntity getAuthKey(@RequestBody SpaceAuthKeyDto req){ @@ -136,8 +137,9 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, if (!spaceService.userHasAuthKeyAccess(req.getSpaceID(), req.getAuth().getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } - - return new ResponseEntity<>(spaceService.getSpaceAuthKey(req.getSpaceID()), HttpStatus.OK); + var authKey = spaceService.getSpaceAuthKey(req.getSpaceID()); + if (authKey.isEmpty()) return new ResponseEntity<>(null, HttpStatus.EXPECTATION_FAILED); + return new ResponseEntity<>(authKey.get(), HttpStatus.OK); } @RequestMapping(value = "/api/spaces/{spaceID}/config", method = RequestMethod.POST) diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java index 2dca7da..42ccbd9 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java @@ -8,4 +8,12 @@ public SpaceAuthKeyResponseDto(Long spaceID, String authKey) { this.spaceID = spaceID; this.authKey = authKey; } + + public Long getSpaceID() { + return spaceID; + } + + public String getAuthKey() { + return authKey; + } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index efa7b05..148ccff 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -6,11 +6,11 @@ server.ssl.key-store-password=test-password-vaultionizer server.ssl.key-store-type=PKCS12 server.ssl.key-store=classpath:keystore/vaultionizerServer.p12 server.ssl.key-alias=vaultionizerServer -server.ssl.enabled=false +server.ssl.enabled=${VAULT_ENABLE_SSL} spring.datasource.driver-class-name=org.postgresql.Driver -spring.datasource.url=jdbc:postgresql://localhost:5432/mydb -spring.datasource.username=postgres -spring.datasource.password=password +spring.datasource.url=jdbc:postgresql://${VAULT_DB_HOST}/${VAULT_DB_DATABASE} +spring.datasource.username=${VAULT_DB_USER} +spring.datasource.password=${VAULT_DB_PASSWORD} spring.jpa.hibernate.ddl-auto=create diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java index 3375e1c..467dcc8 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java @@ -4,10 +4,7 @@ import com.vaultionizer.vaultserver.controllers.SessionController; import com.vaultionizer.vaultserver.controllers.SpaceController; import com.vaultionizer.vaultserver.controllers.UserController; -import com.vaultionizer.vaultserver.model.dto.ConfigureSpaceDto; -import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; -import com.vaultionizer.vaultserver.model.dto.GetSpaceConfigResponseDto; -import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; +import com.vaultionizer.vaultserver.model.dto.*; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; import io.cucumber.java.en.And; @@ -22,6 +19,7 @@ public class ManageSpaceSteps extends Services { private Long spaceID; private Long otherUserID; private ResponseEntity res; + private String DEFAULT_AUTH = "abc"; @Autowired public ManageSpaceSteps(SpaceService spaceService, UserService userService, @@ -43,7 +41,7 @@ public void theReturnCodeIs(int status) throws Exception { @Given("the user has created an account with name {string}") public void theUserHasCreatedAnAccountWithName(String name) { userID = userService.createUser(name, UserTestData.registerData[3].getKey()); - spaceID = spaceService.createSpace(userID, "sd", false, true, true, "abc"); + spaceID = spaceService.createSpace(userID, "sd", false, true, true, DEFAULT_AUTH); } @And("another user has an account with name {string}") @@ -84,7 +82,7 @@ public void theOtherUserStillHasAccess() throws Exception { @And("the user creates a space that is {string}") public void theUserCreatesASpaceThatIs(String sharedState) { - spaceID = spaceService.createSpace(userID, "sd", !parseSharedState(sharedState), true, true, "abc"); + spaceID = spaceService.createSpace(userID, "sd", !parseSharedState(sharedState), true, true, DEFAULT_AUTH); } @@ -154,4 +152,33 @@ private GenericAuthDto getUserAuth(Long _userID){ var session = sessionService.addSession(_userID); return new GenericAuthDto(_userID, session.getSessionKey()); } + + @When("the user changes the auth key to {string}") + public void theUserChangesTheAuthKeyTo(String authKey) { + res = spaceController.changeAuthKey(new ChangeAuthKeyDto(getUserAuth(userID), authKey), spaceID); + } + + @And("the auth key is {string}") + public void theAuthKeyIs(String authKey) throws Exception { + checkAuthKey(authKey); + } + + @When("the other user changes the auth key") + public void theOtherUserChangesTheAuthKey() { + res = spaceController.changeAuthKey(new ChangeAuthKeyDto(getUserAuth(otherUserID), ""), spaceID); + } + + @And("the auth key remains unchanged") + public void theAuthKeyRemainsUnchanged() throws Exception { + checkAuthKey(DEFAULT_AUTH); + } + + public void checkAuthKey(String expected) throws Exception { + var result = spaceController.getAuthKey(new SpaceAuthKeyDto(getUserAuth(userID), spaceID)); + if (!result.hasBody() || result.getBody() == null) + throw new Exception("Getting auth key failed. " + result.getStatusCode().value() + " -> "+result.getStatusCode().name()); + var auth = (SpaceAuthKeyResponseDto)result.getBody(); + if (auth == null || !auth.getAuthKey().equals(expected)) + throw new Exception("Auth key expected: "+ expected+ " is not actual: "+auth.getAuthKey()); + } } diff --git a/src/test/resources/features/manageSpace.feature b/src/test/resources/features/manageSpace.feature index 3725987..e30d031 100644 --- a/src/test/resources/features/manageSpace.feature +++ b/src/test/resources/features/manageSpace.feature @@ -118,3 +118,25 @@ Feature: Space can be managed When the other user configures the space Then the return code is 406 + Scenario: User can change auth key + Given the user has created an account with name "test18" + When the user changes the auth key to "PizzaPasta" + Then the return code is 200 + And the auth key is "PizzaPasta" + + + Scenario: Users without access cannot change auth key + Given the user has created an account with name "test19" + And another user has an account with name "other19" + When the other user changes the auth key + Then the return code is 403 + And the auth key remains unchanged + + + Scenario: Only creator can change auth key + Given the user has created an account with name "test20" + And another user has an account with name "other20" + And the other user has access + When the other user changes the auth key + Then the return code is 406 + And the auth key remains unchanged \ No newline at end of file From 68e717a7dec121cb6c18af9b67eb6e34ae3f808d Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sat, 15 May 2021 01:22:09 +0200 Subject: [PATCH 24/57] Moved auth to header. --- .../controllers/FileController.java | 34 ++++++------ .../controllers/RefFileController.java | 15 +++--- .../controllers/SessionController.java | 5 +- .../controllers/SpaceController.java | 54 +++++++++---------- .../controllers/UserController.java | 3 +- .../model/dto/ChangeAuthKeyDto.java | 8 +-- .../model/dto/ConfigureSpaceDto.java | 8 +-- .../vaultserver/model/dto/CreateSpaceDto.java | 8 +-- .../vaultserver/model/dto/DeleteFileDto.java | 5 -- .../model/dto/FileDownloadDto.java | 8 +-- .../vaultserver/model/dto/FileUploadDto.java | 8 +-- .../vaultserver/model/dto/JoinSpaceDto.java | 8 +-- .../vaultserver/model/dto/ReadRefFileDto.java | 8 +-- .../model/dto/SpaceAuthKeyDto.java | 8 +-- .../model/dto/UpdateRefFileDto.java | 8 +-- .../cucumber/steps/CreateSpaceSteps.java | 2 +- .../cucumber/steps/DeleteSpaceSteps.java | 2 +- .../cucumber/steps/DeleteUserStep.java | 2 +- .../cucumber/steps/DownloadFileSteps.java | 2 +- .../cucumber/steps/ManageSpaceSteps.java | 28 +++++----- .../cucumber/steps/UploadFileSteps.java | 2 +- 21 files changed, 82 insertions(+), 144 deletions(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index 5c34bc4..7df9fa2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -58,8 +58,8 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 404, message = "A consistency error occurred.") }) public @ResponseBody ResponseEntity - uploadFiles(@RequestBody FileUploadDto req){ - Long sessionID = sessionService.getSessionID(req.getAuth().getUserID(), req.getAuth().getSessionKey()); + uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("auth") GenericAuthDto auth){ + Long sessionID = sessionService.getSessionID(auth.getUserID(), auth.getSessionKey()); if (sessionID == -1){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -67,8 +67,8 @@ public FileController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); } - if (userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ - if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())){ + if (userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ + if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } Long refFileID = spaceService.getRefFileID(req.getSpaceID()); @@ -103,17 +103,17 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 500, message = "A consistency error occurred. Should never be the case. Bug the developer!") }) public @ResponseBody ResponseEntity - downloadFile(@RequestBody FileDownloadDto req){ + downloadFile(@RequestBody FileDownloadDto req, @RequestHeader("auth") GenericAuthDto auth){ String websocketToken = sessionService. - getSessionWebsocketToken(req.getAuth().getUserID(), req.getAuth().getSessionKey()); + getSessionWebsocketToken(auth.getUserID(), auth.getSessionKey()); if (websocketToken == null){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (!userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ + if (!userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())){ + if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } @@ -150,16 +150,16 @@ public void run() { @ApiResponse(code = 423, message = "The requested file is currently either being uploaded or modified. Thus, the file is locked."), }) public @ResponseBody ResponseEntity - deleteFile(@RequestBody DeleteFileDto req){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + deleteFile(@RequestBody DeleteFileDto req, @RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (!userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ + if (!userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())) + if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())) return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); boolean success = fileService.deleteFile(req.getSpaceID(), req.getSaveIndex()); @@ -180,17 +180,17 @@ public void run() { @ApiResponse(code = 409, message = "Some conflict occurred."), }) public @ResponseBody ResponseEntity - updateFile(@RequestBody GenericAuthDto req, @PathVariable Long spaceID, @PathVariable Long saveIndex){ - if (!sessionService.getSession(req.getUserID(), req.getSessionKey())){ + updateFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (!userAccessService.userHasAccess(req.getUserID(), spaceID)){ + if (!userAccessService.userHasAccess(auth.getUserID(), spaceID)){ return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } boolean granted = pendingUploadService.updateFile(spaceID, - sessionService.getSessionID(req.getUserID(), - req.getSessionKey()), saveIndex); + sessionService.getSessionID(auth.getUserID(), + auth.getSessionKey()), saveIndex); if (!granted){ return new ResponseEntity<>(null, HttpStatus.CONFLICT); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index 5dc0224..7019c7f 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -1,6 +1,7 @@ package com.vaultionizer.vaultserver.controllers; +import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.model.dto.ReadRefFileDto; import com.vaultionizer.vaultserver.model.dto.UpdateRefFileDto; import com.vaultionizer.vaultserver.service.RefFileService; @@ -43,12 +44,12 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) @ResponseBody ResponseEntity - readRefFile(@RequestBody ReadRefFileDto req){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ + if (userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ Long refFileID = spaceService.getRefFileID(req.getSpaceID()); if (refFileID == -1L) { return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); @@ -78,13 +79,13 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) @ResponseBody ResponseEntity - updateRefFile(@RequestBody UpdateRefFileDto req){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ - if (!spaceService.userHasWriteAccess(req.getSpaceID(), req.getAuth().getUserID())){ + if (userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ + if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java index 89167b3..8e06aba 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java @@ -1,6 +1,7 @@ package com.vaultionizer.vaultserver.controllers; import com.vaultionizer.vaultserver.model.dto.AuthWrapperDto; +import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.SessionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -29,8 +30,8 @@ public SessionController(SessionService sessionService) { }) @ResponseBody ResponseEntity - renewSession(@RequestBody AuthWrapperDto req){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + renewSession(@RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } // if the session exists, the session has just indirectly been renewed. return new ResponseEntity<>(null, HttpStatus.OK); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index c3f48ce..c6a26d2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -44,8 +44,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), }) public @ResponseBody ResponseEntity - getAllSpaces(@RequestBody AuthWrapperDto req){ - GenericAuthDto auth = req.getAuth(); + getAllSpaces(@RequestHeader("auth") GenericAuthDto auth){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -62,11 +61,11 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong."), }) public @ResponseBody ResponseEntity - createSpace(@RequestBody CreateSpaceDto req){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + createSpace(@RequestBody CreateSpaceDto req, @RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - Long spaceID = spaceService.createSpace(req.getAuth().getUserID(), req.getReferenceFile(), req.isPrivate(), + Long spaceID = spaceService.createSpace(auth.getUserID(), req.getReferenceFile(), req.isPrivate(), req.getUsersWriteAccess(), req.getUsersAuthAccess(), req.getAuthKey()); return new ResponseEntity<>(spaceID, HttpStatus.CREATED); @@ -80,13 +79,13 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong.") }) public @ResponseBody ResponseEntity - joinSpace(@RequestBody JoinSpaceDto req){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } if (spaceService.checkSpaceCredentials(req.getSpaceID(), req.getAuthKey())){ - userAccessService.addUserAccess(req.getSpaceID(), req.getAuth().getUserID()); + userAccessService.addUserAccess(req.getSpaceID(), auth.getUserID()); return new ResponseEntity<>(null, HttpStatus.OK); } @@ -102,14 +101,14 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "The user is the creator of the space and thus must delete the space manually.") }) public @ResponseBody ResponseEntity - quitSpace(@RequestBody AuthWrapperDto req, @PathVariable Long spaceID){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + quitSpace(@RequestBody AuthWrapperDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (spaceService.checkCreator(spaceID, req.getAuth().getUserID())){ + if (spaceService.checkCreator(spaceID, auth.getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } - return new ResponseEntity<>(null, userAccessService.removeAccess(req.getAuth().getUserID(), spaceID) ? + return new ResponseEntity<>(null, userAccessService.removeAccess(auth.getUserID(), spaceID) ? HttpStatus.OK : HttpStatus.NOT_FOUND); } @@ -126,15 +125,15 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 417, message = "Some other error occurred.") }) public @ResponseBody ResponseEntity - getAuthKey(@RequestBody SpaceAuthKeyDto req){ - if (!sessionService.getSession(req.getAuth().getUserID(), req.getAuth().getSessionKey())){ + getAuthKey(@RequestBody SpaceAuthKeyDto req, @RequestHeader("auth") GenericAuthDto auth){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } if (spaceService.checkDeleted(req.getSpaceID()) || - !userAccessService.userHasAccess(req.getAuth().getUserID(), req.getSpaceID())){ + !userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - if (!spaceService.userHasAuthKeyAccess(req.getSpaceID(), req.getAuth().getUserID())){ + if (!spaceService.userHasAuthKeyAccess(req.getSpaceID(), auth.getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } var authKey = spaceService.getSpaceAuthKey(req.getSpaceID()); @@ -153,10 +152,10 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "User is not the creator.") }) public @ResponseBody ResponseEntity - configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID){ - HttpStatus status = checkPrivilegeLevel(req.getAuth(), spaceID); + configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + HttpStatus status = checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); - if (req.getSharedSpace() != null) spaceService.changeSharedState(spaceID, req.getAuth().getUserID(), req.getSharedSpace()); + if (req.getSharedSpace() != null) spaceService.changeSharedState(spaceID, auth.getUserID(), req.getSharedSpace()); spaceService.configureSpace(spaceID, req.getUsersWriteAccess(), req.getUsersAuthAccess()); return new ResponseEntity<>(null, HttpStatus.ACCEPTED); } @@ -172,11 +171,11 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "User is not the creator.") }) public @ResponseBody ResponseEntity - kickUsers(@RequestBody GenericAuthDto req, @PathVariable Long spaceID){ - HttpStatus status = checkPrivilegeLevel(req, spaceID); + kickUsers(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + HttpStatus status = checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); - userAccessService.kickAll(spaceID, req.getUserID()); + userAccessService.kickAll(spaceID, auth.getUserID()); return new ResponseEntity<>(null, HttpStatus.OK); } @@ -191,8 +190,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "User is not the creator.") }) public @ResponseBody ResponseEntity - changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID){ - HttpStatus status = checkPrivilegeLevel(req.getAuth(), spaceID); + changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + HttpStatus status = checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); spaceService.changeAuthKey(spaceID, req.getAuthKey()); @@ -209,8 +208,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the user has no access.") }) public @ResponseBody ResponseEntity - getSpaceConfig(@RequestBody GenericAuthDto req, @PathVariable Long spaceID){ - HttpStatus status = checkAccess(req, spaceID); + getSpaceConfig(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + HttpStatus status = checkAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); return new ResponseEntity<>(spaceService.getSpaceConfig(spaceID), HttpStatus.OK); @@ -248,8 +247,7 @@ private HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ @ApiResponse(code = 412, message = "Space is probably currently in deletion process.") }) public @ResponseBody ResponseEntity - deleteSpace(@RequestBody AuthWrapperDto req, @PathVariable Long spaceID){ - GenericAuthDto auth = req.getAuth(); + deleteSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java index 033dfa2..549bfbd 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java @@ -109,8 +109,7 @@ public UserController(UserService userService, SessionService sessionService, @ApiResponse(code = 401, message = "The user authorization failed.") }) public @ResponseBody ResponseEntity - deleteUser(@RequestBody AuthWrapperDto req){ - GenericAuthDto auth = req.getAuth(); + deleteUser(@RequestHeader("auth") GenericAuthDto auth){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java index f073e61..852d900 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java @@ -1,18 +1,12 @@ package com.vaultionizer.vaultserver.model.dto; public class ChangeAuthKeyDto { - private final GenericAuthDto auth; private final String authKey; - public ChangeAuthKeyDto(GenericAuthDto auth, String authKey) { - this.auth = auth; + public ChangeAuthKeyDto(String authKey) { this.authKey = authKey; } - public GenericAuthDto getAuth() { - return auth; - } - public String getAuthKey() { return authKey; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java index b5c5b23..d4695c8 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java @@ -1,22 +1,16 @@ package com.vaultionizer.vaultserver.model.dto; public class ConfigureSpaceDto { - private GenericAuthDto auth; private boolean usersWriteAccess; private boolean usersAuthAccess; private Boolean sharedSpace; - public ConfigureSpaceDto(GenericAuthDto auth, boolean usersWriteAccess, boolean usersAuthAccess, Boolean sharedSpace) { - this.auth = auth; + public ConfigureSpaceDto(boolean usersWriteAccess, boolean usersAuthAccess, Boolean sharedSpace) { this.usersWriteAccess = usersWriteAccess; this.usersAuthAccess = usersAuthAccess; this.sharedSpace = sharedSpace; } - public GenericAuthDto getAuth() { - return auth; - } - public Boolean getSharedSpace() { return sharedSpace; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java index 03e8a90..e2a3011 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java @@ -3,17 +3,12 @@ import com.fasterxml.jackson.annotation.JsonProperty; public class CreateSpaceDto { - private GenericAuthDto auth; private boolean isPrivate; private boolean usersWriteAccess; private boolean usersAuthAccess; private String authKey; private String referenceFile; - public GenericAuthDto getAuth() { - return auth; - } - public boolean getUsersWriteAccess() { return usersWriteAccess; } @@ -35,8 +30,7 @@ public String getReferenceFile() { return referenceFile; } - public CreateSpaceDto(GenericAuthDto auth, boolean isPrivate, String authKey, String referenceFile) { - this.auth = auth; + public CreateSpaceDto(boolean isPrivate, String authKey, String referenceFile) { this.isPrivate = isPrivate; this.authKey = authKey; this.referenceFile = referenceFile; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java index d25231d..9e013ef 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java @@ -1,14 +1,9 @@ package com.vaultionizer.vaultserver.model.dto; public class DeleteFileDto { - private GenericAuthDto auth; private Long spaceID; private Long saveIndex; - public GenericAuthDto getAuth() { - return auth; - } - public Long getSpaceID() { return spaceID; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java index 9b58f3c..72ded79 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java @@ -1,23 +1,17 @@ package com.vaultionizer.vaultserver.model.dto; public class FileDownloadDto { - private GenericAuthDto auth; private Long spaceID; private Long saveIndex; public FileDownloadDto() { } - public FileDownloadDto(GenericAuthDto auth, Long spaceID, Long saveIndex) { - this.auth = auth; + public FileDownloadDto(Long spaceID, Long saveIndex) { this.spaceID = spaceID; this.saveIndex = saveIndex; } - public GenericAuthDto getAuth() { - return auth; - } - public Long getSpaceID() { return spaceID; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java index de63519..d3dce3f 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java @@ -1,20 +1,14 @@ package com.vaultionizer.vaultserver.model.dto; public class FileUploadDto { - private GenericAuthDto auth; private Long spaceID; private int amountFiles; - public FileUploadDto(GenericAuthDto auth, Long spaceID, int amountFiles) { - this.auth = auth; + public FileUploadDto(Long spaceID, int amountFiles) { this.spaceID = spaceID; this.amountFiles = amountFiles; } - public GenericAuthDto getAuth() { - return auth; - } - public Long getSpaceID() { return spaceID; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java index d05714e..1350fa6 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java @@ -1,16 +1,10 @@ package com.vaultionizer.vaultserver.model.dto; public class JoinSpaceDto { - private GenericAuthDto auth; private Long spaceID; private String authKey; - public GenericAuthDto getAuth() { - return auth; - } - - public JoinSpaceDto(GenericAuthDto auth, Long spaceID, String authKey) { - this.auth = auth; + public JoinSpaceDto(Long spaceID, String authKey) { this.spaceID = spaceID; this.authKey = authKey; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java index 8b29480..c46a01a 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java @@ -4,20 +4,14 @@ import java.time.Instant; public class ReadRefFileDto { - private GenericAuthDto auth; private Long spaceID; private Instant lastRead; - public ReadRefFileDto(GenericAuthDto auth, Long spaceID, Instant lastRead) { - this.auth = auth; + public ReadRefFileDto(Long spaceID, Instant lastRead) { this.spaceID = spaceID; this.lastRead = lastRead; } - public GenericAuthDto getAuth() { - return auth; - } - public Long getSpaceID() { return spaceID; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java index 32736de..d93af14 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java @@ -1,18 +1,12 @@ package com.vaultionizer.vaultserver.model.dto; public class SpaceAuthKeyDto { - private GenericAuthDto auth; private Long spaceID; - public SpaceAuthKeyDto(GenericAuthDto auth, Long spaceID) { - this.auth = auth; + public SpaceAuthKeyDto(Long spaceID) { this.spaceID = spaceID; } - public GenericAuthDto getAuth() { - return auth; - } - public Long getSpaceID() { return spaceID; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java index 86decc3..3f858fb 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java @@ -1,20 +1,14 @@ package com.vaultionizer.vaultserver.model.dto; public class UpdateRefFileDto { - private GenericAuthDto auth; private Long spaceID; private String content; - public UpdateRefFileDto(GenericAuthDto auth, Long spaceID, String content) { - this.auth = auth; + public UpdateRefFileDto(Long spaceID, String content) { this.spaceID = spaceID; this.content = content; } - public GenericAuthDto getAuth() { - return auth; - } - public Long getSpaceID() { return spaceID; } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java index 3c0297b..73ea872 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java @@ -50,7 +50,7 @@ public void theSpaceShouldBePrivateTrue(String isPrivate) { @When("the user wants to create a space") public void theUserWantsToCreateASpace() { - res = spaceController.createSpace(new CreateSpaceDto(new GenericAuthDto(userID, sessionKey), isPrivate, authKey, "")); + res = spaceController.createSpace(new CreateSpaceDto(isPrivate, authKey, ""), new GenericAuthDto(userID, sessionKey)); } @Then("the status code of create space is {int}") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java index 522a451..49b1d0e 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java @@ -55,7 +55,7 @@ public void theUserCreatedTheSpace() { @When("the user wants to delete the space") public void theUserWantsToDeleteTheSpace() { refFileID = spaceService.getRefFileID(spaceID); - res = spaceController.deleteSpace(new AuthWrapperDto(new GenericAuthDto(userID, sessionKey)), spaceID); + res = spaceController.deleteSpace(spaceID, new GenericAuthDto(userID, sessionKey)); } @Then("the response is {int}") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java index 2916c8f..3477f06 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java @@ -47,7 +47,7 @@ public void theUserCreatedAnAccountWithName(String username) { @When("the user requests to delete the user") public void theUserRequestsToDeleteTheUser() { - res = userController.deleteUser(new AuthWrapperDto(new GenericAuthDto(userID, sessionKey))); + res = userController.deleteUser(new GenericAuthDto(userID, sessionKey)); } @Then("the status code delete user is {int}") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java index 4e9240b..f3c7a92 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java @@ -56,7 +56,7 @@ public void theFileWithSaveIndexWasUploaded(Long saveIndex) { @When("the user requests to download the file with saveIndex {long}") public void theUserRequestsToDownloadTheFileWithSaveIndex(Long saveIndex) { - res = fileController.downloadFile(new FileDownloadDto(new GenericAuthDto(userID, sessionKey), spaceID, saveIndex)); + res = fileController.downloadFile(new FileDownloadDto(spaceID, saveIndex), new GenericAuthDto(userID, sessionKey)); } @Then("the status code of download is {int}") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java index 467dcc8..d36e038 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java @@ -56,7 +56,7 @@ public void theOtherUserHasAccess() { @When("the user kicks all users") public void theUserKicksAllUsers() { - res = spaceController.kickUsers(getUserAuth(userID), spaceID); + res = spaceController.kickUsers(spaceID, getUserAuth(userID)); } @And("the other user has no access") @@ -71,7 +71,7 @@ public void theUserStillHasAccess() throws Exception { @When("the other user kicks all users") public void theOtherUserKicksAllUsers() { - res = spaceController.kickUsers(getUserAuth(otherUserID), spaceID); + res = spaceController.kickUsers(spaceID, getUserAuth(otherUserID)); } @And("the other user still has access") @@ -89,15 +89,13 @@ public void theUserCreatesASpaceThatIs(String sharedState) { @When("the user sets the space {string}") public void theUserSetsTheSpace(String newSharedState) { res = spaceController.configureSpace( - new ConfigureSpaceDto(getUserAuth(userID), - true, true, !parseSharedState(newSharedState)), spaceID); + new ConfigureSpaceDto(true, true, !parseSharedState(newSharedState)), spaceID, getUserAuth(userID)); } @When("the other user configures space") public void theOtherUserConfiguresSpace() { res = spaceController.configureSpace( - new ConfigureSpaceDto(getUserAuth(otherUserID), - true, true, false), spaceID); + new ConfigureSpaceDto(true, true, false), spaceID, getUserAuth(otherUserID)); } @@ -114,7 +112,7 @@ public void theSpaceIsConfiguredAs(String sharedState) throws Exception { @When("the user queries the config") public void theUserQueriesTheConfig() { - res = spaceController.getSpaceConfig(getUserAuth(userID), spaceID); + res = spaceController.getSpaceConfig(spaceID, getUserAuth(userID)); } @And("the config is correct.") @@ -123,19 +121,19 @@ public void theConfigIsCorrect() { @When("the other user queries the config") public void theOtherUserQueriesTheConfig() { - res = spaceController.getSpaceConfig(getUserAuth(otherUserID), spaceID); + res = spaceController.getSpaceConfig(spaceID, getUserAuth(otherUserID)); } @When("the user configures the space to write access {string} and invite {string}") public void theUserConfiguresTheSpaceToWriteAccessAndInvite(String writeAccess, String inviteAccess) { res = spaceController.configureSpace(new ConfigureSpaceDto( - getUserAuth(userID), Boolean.parseBoolean(writeAccess), Boolean.parseBoolean(inviteAccess), true), - spaceID); + Boolean.parseBoolean(writeAccess), Boolean.parseBoolean(inviteAccess), true), + spaceID, getUserAuth(userID)); } @And("the config has write access {string} and invite {string}") public void theConfigHasWriteAccessAndInvite(String writeAccess, String inviteAccess) throws Exception { - res = spaceController.getSpaceConfig(getUserAuth(userID), spaceID); + res = spaceController.getSpaceConfig(spaceID, getUserAuth(userID)); if (res == null || !res.hasBody() || res.getBody() == null) throw new Exception("Querying config failed"); var body = (GetSpaceConfigResponseDto)res.getBody(); @@ -145,7 +143,7 @@ public void theConfigHasWriteAccessAndInvite(String writeAccess, String inviteAc @When("the other user configures the space") public void theOtherUserConfiguresTheSpace() { - res = spaceController.configureSpace(new ConfigureSpaceDto(getUserAuth(otherUserID), false, false, false), spaceID); + res = spaceController.configureSpace(new ConfigureSpaceDto(false, false, false), spaceID, getUserAuth(otherUserID)); } private GenericAuthDto getUserAuth(Long _userID){ @@ -155,7 +153,7 @@ private GenericAuthDto getUserAuth(Long _userID){ @When("the user changes the auth key to {string}") public void theUserChangesTheAuthKeyTo(String authKey) { - res = spaceController.changeAuthKey(new ChangeAuthKeyDto(getUserAuth(userID), authKey), spaceID); + res = spaceController.changeAuthKey(new ChangeAuthKeyDto(authKey), spaceID, getUserAuth(userID)); } @And("the auth key is {string}") @@ -165,7 +163,7 @@ public void theAuthKeyIs(String authKey) throws Exception { @When("the other user changes the auth key") public void theOtherUserChangesTheAuthKey() { - res = spaceController.changeAuthKey(new ChangeAuthKeyDto(getUserAuth(otherUserID), ""), spaceID); + res = spaceController.changeAuthKey(new ChangeAuthKeyDto(""), spaceID, getUserAuth(otherUserID)); } @And("the auth key remains unchanged") @@ -174,7 +172,7 @@ public void theAuthKeyRemainsUnchanged() throws Exception { } public void checkAuthKey(String expected) throws Exception { - var result = spaceController.getAuthKey(new SpaceAuthKeyDto(getUserAuth(userID), spaceID)); + var result = spaceController.getAuthKey(new SpaceAuthKeyDto(spaceID), getUserAuth(userID)); if (!result.hasBody() || result.getBody() == null) throw new Exception("Getting auth key failed. " + result.getStatusCode().value() + " -> "+result.getStatusCode().name()); var auth = (SpaceAuthKeyResponseDto)result.getBody(); diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java index 070fde5..860bb89 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java @@ -44,7 +44,7 @@ public void theUserHasAnAccountWithName(String username) { @When("the user requests to upload {int} files") public void theUserRequestsToUploadFiles(int amount) { - res = fileController.uploadFiles(new FileUploadDto(new GenericAuthDto(userID, sessionKey), spaceID, amount)); + res = fileController.uploadFiles(new FileUploadDto(spaceID, amount), new GenericAuthDto(userID, sessionKey)); } @Then("the status code of upload is {int}") From 8225e6bc4ba2dba68d56d0cb4f37ff1e197b6196 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 16 May 2021 15:11:38 +0200 Subject: [PATCH 25/57] Continued refactoring. --- .../controllers/FileController.java | 72 ++++++----------- .../controllers/RefFileController.java | 18 ++--- .../controllers/SpaceController.java | 77 +++++++------------ .../helpers/AccessCheckerUtil.java | 58 ++++++++++++++ .../vaultserver/model/dto/FileUploadDto.java | 8 +- .../vaultserver/model/dto/JoinSpaceDto.java | 8 +- .../vaultserver/model/dto/ReadRefFileDto.java | 8 +- .../model/dto/UpdateRefFileDto.java | 6 -- .../vaultserver/testdata/SpaceTestData.java | 14 ++-- 9 files changed, 130 insertions(+), 139 deletions(-) create mode 100644 src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index 7df9fa2..873e5eb 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -1,6 +1,7 @@ package com.vaultionizer.vaultserver.controllers; +import com.vaultionizer.vaultserver.helpers.AccessCheckerUtil; import com.vaultionizer.vaultserver.helpers.FileStatus; import com.vaultionizer.vaultserver.model.dto.DeleteFileDto; import com.vaultionizer.vaultserver.model.dto.FileDownloadDto; @@ -26,6 +27,7 @@ public class FileController { private final PendingUploadService pendingUploadService; private final FileService fileService; private final WebsocketController websocketController; + private final AccessCheckerUtil accessCheckerUtil; @Autowired @@ -40,12 +42,10 @@ public FileController(SessionService sessionService, SpaceService spaceService, this.pendingUploadService = pendingUploadService; this.fileService = fileService; this.websocketController = websocketController; + accessCheckerUtil = new AccessCheckerUtil(sessionService, userAccessService, spaceService); } - - - - @RequestMapping(value = "/api/file/upload", method = RequestMethod.POST) + @RequestMapping(value = "/api/file/{spaceID}/upload", method = RequestMethod.POST) @ApiOperation(value = "Requests to upload a variable amount of files.", response = Long.class ) @@ -58,20 +58,20 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 404, message = "A consistency error occurred.") }) public @ResponseBody ResponseEntity - uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("auth") GenericAuthDto auth){ + uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable("spaceID") Long spaceID){ Long sessionID = sessionService.getSessionID(auth.getUserID(), auth.getSessionKey()); if (sessionID == -1){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (req.getAmountFiles() <= 0 || req.getSpaceID() < 0){ + if (req.getAmountFiles() <= 0 || spaceID < 0){ return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); } - if (userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ - if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())){ + if (userAccessService.userHasAccess(auth.getUserID(), spaceID)){ + if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } - Long refFileID = spaceService.getRefFileID(req.getSpaceID()); + Long refFileID = spaceService.getRefFileID(spaceID); if (refFileID == -1){ return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); } @@ -84,7 +84,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, } // add files to pending upload table (with appropriate sessionID) - pendingUploadService.addFilesToUpload(req.getSpaceID(), sessionID, (long) req.getAmountFiles(), saveIndex); + pendingUploadService.addFilesToUpload(spaceID, sessionID, (long) req.getAmountFiles(), saveIndex); return new ResponseEntity<>(saveIndex, HttpStatus.ACCEPTED); } @@ -92,7 +92,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/file/download", method = RequestMethod.PUT) + @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/download", method = RequestMethod.PUT) @ApiOperation(value = "Requests to download a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The file will be send via websocket to respective location (taking the websocketToken into account)."), @@ -103,44 +103,34 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 500, message = "A consistency error occurred. Should never be the case. Bug the developer!") }) public @ResponseBody ResponseEntity - downloadFile(@RequestBody FileDownloadDto req, @RequestHeader("auth") GenericAuthDto auth){ + downloadFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex){ String websocketToken = sessionService. getSessionWebsocketToken(auth.getUserID(), auth.getSessionKey()); if (websocketToken == null){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (!userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); - } - if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())){ - return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); - } + HttpStatus httpStatus = accessCheckerUtil.checkAccess(auth, spaceID); + if (httpStatus != null) return new ResponseEntity<>(null, httpStatus); - FileStatus status = fileService.setDownloadFile(req.getSpaceID(), req.getSaveIndex()); + FileStatus status = fileService.setDownloadFile(spaceID, saveIndex); if (status == null){ return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); } switch (status){ case READ_FROM: // read file and send to websocket endpoint - Runnable runnable = new Runnable() { - @Override - public void run() { - websocketController.download(websocketToken, req.getSpaceID(), req.getSaveIndex()); - } - }; + Runnable runnable = () -> websocketController.download(websocketToken, spaceID, saveIndex); (new Thread(runnable)).start(); return new ResponseEntity<>(null, HttpStatus.OK); - case MODIFYING: - case UPLOADING: + case MODIFYING, UPLOADING: return new ResponseEntity<>(null, HttpStatus.LOCKED); default: return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } } - @RequestMapping(value = "/api/file/delete", method = RequestMethod.DELETE) + @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/delete", method = RequestMethod.DELETE) @ApiOperation(value = "Requests to delete a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "File has successfully been deleted."), @@ -150,19 +140,11 @@ public void run() { @ApiResponse(code = 423, message = "The requested file is currently either being uploaded or modified. Thus, the file is locked."), }) public @ResponseBody ResponseEntity - deleteFile(@RequestBody DeleteFileDto req, @RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + deleteFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex){ + HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); + if (status != null) return new ResponseEntity<>(null, status); - if (!userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); - } - - if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())) - return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); - - boolean success = fileService.deleteFile(req.getSpaceID(), req.getSaveIndex()); + boolean success = fileService.deleteFile(spaceID, saveIndex); if (!success){ return new ResponseEntity<>(null, HttpStatus.LOCKED); } @@ -170,7 +152,7 @@ public void run() { } - @RequestMapping(value = "/api/file/update/{spaceID}/{saveIndex}", method = RequestMethod.POST) + @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/update", method = RequestMethod.POST) @ApiOperation(value = "Requests to update a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "File has successfully been marked for updating."), @@ -181,12 +163,8 @@ public void run() { }) public @ResponseBody ResponseEntity updateFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } - if (!userAccessService.userHasAccess(auth.getUserID(), spaceID)){ - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); - } + HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); + if (status != null) return new ResponseEntity<>(null, status); boolean granted = pendingUploadService.updateFile(spaceID, sessionService.getSessionID(auth.getUserID(), diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index 7019c7f..fa7b2a4 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -34,7 +34,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc this.refFileService = refFileService; } - @RequestMapping(value = "/api/refFile/read", method = RequestMethod.POST) + @RequestMapping(value = "/api/refFile/{spaceID}/read", method = RequestMethod.POST) @ApiOperation(value = "Read the reference file of the specified space or if lastRead is older than last update on reference file, NOT_MODIFIED is sent as status.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The response contains the content of the current ref file."), @@ -44,13 +44,13 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) @ResponseBody ResponseEntity - readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("auth") GenericAuthDto auth){ + readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ - Long refFileID = spaceService.getRefFileID(req.getSpaceID()); + if (userAccessService.userHasAccess(auth.getUserID(), spaceID)){ + Long refFileID = spaceService.getRefFileID(spaceID); if (refFileID == -1L) { return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } @@ -69,7 +69,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - @RequestMapping(value = "/api/refFile/update", method = RequestMethod.POST) + @RequestMapping(value = "/api/refFile/{spaceID}/update", method = RequestMethod.POST) @ApiOperation(value = "Update the reference file of the specified space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The response contains the content of the current ref file."), @@ -79,17 +79,17 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) @ResponseBody ResponseEntity - updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("auth") GenericAuthDto auth){ + updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ - if (!spaceService.userHasWriteAccess(req.getSpaceID(), auth.getUserID())){ + if (userAccessService.userHasAccess(auth.getUserID(), spaceID)){ + if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())){ return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } - Long refFileID = spaceService.getRefFileID(req.getSpaceID()); + Long refFileID = spaceService.getRefFileID(spaceID); if (refFileID == -1L) { return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index c6a26d2..c3b47e7 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -1,5 +1,6 @@ package com.vaultionizer.vaultserver.controllers; +import com.vaultionizer.vaultserver.helpers.AccessCheckerUtil; import com.vaultionizer.vaultserver.model.dto.*; import com.vaultionizer.vaultserver.service.*; import io.swagger.annotations.Api; @@ -20,6 +21,7 @@ public class SpaceController { private final PendingUploadService pendingUploadService; private final FileService fileService; private final UserAccessService userAccessService; + private final AccessCheckerUtil accessCheckerUtil; @Autowired public SpaceController(SessionService sessionService, SpaceService spaceService, RefFileService refFileService, @@ -30,11 +32,12 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, this.pendingUploadService = pendingUploadService; this.fileService = fileService; this.userAccessService = userAccessService; + accessCheckerUtil = new AccessCheckerUtil(sessionService, userAccessService, spaceService); } - @RequestMapping(value = "/api/spaces/get", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/get", method = RequestMethod.POST) @ApiOperation(value = "Returns all spaces a user has access to.", response = GetSpacesResponseDto.class, responseContainer = "List" @@ -53,7 +56,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/spaces/create", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/create", method = RequestMethod.POST) @ApiOperation(value = "Creates a new space.", response = Long.class) @ApiResponses(value = { @@ -71,7 +74,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(spaceID, HttpStatus.CREATED); } - @RequestMapping(value = "/api/spaces/join", method = RequestMethod.PUT) + @RequestMapping(value = "/api/space/{spaceID}/join", method = RequestMethod.PUT) @ApiOperation(value = "Adds the user to the space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The user was successfully added to the space."), @@ -79,20 +82,20 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong.") }) public @ResponseBody ResponseEntity - joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("auth") GenericAuthDto auth){ + joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (spaceService.checkSpaceCredentials(req.getSpaceID(), req.getAuthKey())){ - userAccessService.addUserAccess(req.getSpaceID(), auth.getUserID()); + if (spaceService.checkSpaceCredentials(spaceID, req.getAuthKey())){ + userAccessService.addUserAccess(spaceID, auth.getUserID()); return new ResponseEntity<>(null, HttpStatus.OK); } return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - @RequestMapping(value = "/api/spaces/quit/{spaceID}", method = RequestMethod.DELETE) + @RequestMapping(value = "/api/space/{spaceID}/quit/{spaceID}", method = RequestMethod.DELETE) @ApiOperation(value = "Removes the user from the space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The user successfully quit the space."), @@ -101,7 +104,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "The user is the creator of the space and thus must delete the space manually.") }) public @ResponseBody ResponseEntity - quitSpace(@RequestBody AuthWrapperDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + quitSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -113,7 +116,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/spaces/key", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/authkey/get", method = RequestMethod.POST) @ApiOperation( value = "Returns the authentication key of a file.", response = SpaceAuthKeyResponseDto.class ) @@ -125,23 +128,16 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 417, message = "Some other error occurred.") }) public @ResponseBody ResponseEntity - getAuthKey(@RequestBody SpaceAuthKeyDto req, @RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } - if (spaceService.checkDeleted(req.getSpaceID()) || - !userAccessService.userHasAccess(auth.getUserID(), req.getSpaceID())){ - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); - } - if (!spaceService.userHasAuthKeyAccess(req.getSpaceID(), auth.getUserID())){ - return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); - } - var authKey = spaceService.getSpaceAuthKey(req.getSpaceID()); + getAuthKey(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ + HttpStatus status = accessCheckerUtil.checkAuthKeyAccess(auth, spaceID); + if (status != null) return new ResponseEntity<>(null, status); + + var authKey = spaceService.getSpaceAuthKey(spaceID); if (authKey.isEmpty()) return new ResponseEntity<>(null, HttpStatus.EXPECTATION_FAILED); return new ResponseEntity<>(authKey.get(), HttpStatus.OK); } - @RequestMapping(value = "/api/spaces/{spaceID}/config", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/config/set", method = RequestMethod.POST) @ApiOperation( value = "Returns the authentication key of a file.", response = ConfigureSpaceDto.class ) @@ -153,14 +149,14 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ - HttpStatus status = checkPrivilegeLevel(auth, spaceID); + HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); if (req.getSharedSpace() != null) spaceService.changeSharedState(spaceID, auth.getUserID(), req.getSharedSpace()); spaceService.configureSpace(spaceID, req.getUsersWriteAccess(), req.getUsersAuthAccess()); return new ResponseEntity<>(null, HttpStatus.ACCEPTED); } - @RequestMapping(value = "/api/spaces/{spaceID}/kickall", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/kickall", method = RequestMethod.POST) @ApiOperation( value = "Returns the authentication key of a file.", response = GenericAuthDto.class ) @@ -172,14 +168,14 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity kickUsers(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ - HttpStatus status = checkPrivilegeLevel(auth, spaceID); + HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); userAccessService.kickAll(spaceID, auth.getUserID()); return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/spaces/{spaceID}/authkey", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/authkey/set", method = RequestMethod.POST) @ApiOperation( value = "Changes the authentication key of a space.", response = ChangeAuthKeyDto.class ) @@ -191,14 +187,14 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ - HttpStatus status = checkPrivilegeLevel(auth, spaceID); + HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); spaceService.changeAuthKey(spaceID, req.getAuthKey()); return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/spaces/{spaceID}/config/get", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/config/get", method = RequestMethod.POST) @ApiOperation( value = "Returns the configuration of a space.", response = GetSpacesResponseDto.class ) @@ -209,34 +205,13 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity getSpaceConfig(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ - HttpStatus status = checkAccess(auth, spaceID); + HttpStatus status = accessCheckerUtil.checkAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); return new ResponseEntity<>(spaceService.getSpaceConfig(spaceID), HttpStatus.OK); } - private HttpStatus checkAccess(GenericAuthDto auth, Long spaceID){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ - return HttpStatus.UNAUTHORIZED; - } - if (spaceService.checkDeleted(spaceID) || - !userAccessService.userHasAccess(auth.getUserID(), spaceID)){ - return HttpStatus.FORBIDDEN; - } - return null; - } - - // check whether user is logged in, has access and whether user is creator. If so, returns null - private HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ - HttpStatus accessStatus = checkAccess(auth, spaceID); - if (accessStatus != null) return accessStatus; - if (!spaceService.checkCreator(spaceID, auth.getUserID())){ - return HttpStatus.NOT_ACCEPTABLE; - } - return null; - } - - @RequestMapping(value = "/api/spaces/delete/{spaceID}", method = RequestMethod.DELETE) + @RequestMapping(value = "/api/space/{spaceID}/delete", method = RequestMethod.DELETE) @ApiOperation( value = "Deletes the specified space if permitted.", response = SpaceAuthKeyResponseDto.class ) diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java b/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java new file mode 100644 index 0000000..5a8e4af --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java @@ -0,0 +1,58 @@ +package com.vaultionizer.vaultserver.helpers; + +import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; +import com.vaultionizer.vaultserver.service.SessionService; +import com.vaultionizer.vaultserver.service.SpaceService; +import com.vaultionizer.vaultserver.service.UserAccessService; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; + +public class AccessCheckerUtil { + private SessionService sessionService; + private UserAccessService userAccessService; + private SpaceService spaceService; + + public AccessCheckerUtil(SessionService sessionService, UserAccessService userAccessService, SpaceService spaceService) { + this.sessionService = sessionService; + this.userAccessService = userAccessService; + this.spaceService = spaceService; + } + + public HttpStatus checkAccess(GenericAuthDto auth, Long spaceID){ + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + return HttpStatus.UNAUTHORIZED; + } + if (spaceService.checkDeleted(spaceID) || + !userAccessService.userHasAccess(auth.getUserID(), spaceID)){ + return HttpStatus.FORBIDDEN; + } + return null; + } + + // check whether user is logged in, has access and whether user is creator. If so, returns null + public HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ + HttpStatus accessStatus = checkAccess(auth, spaceID); + if (accessStatus != null) return accessStatus; + if (!spaceService.checkCreator(spaceID, auth.getUserID())){ + return HttpStatus.NOT_ACCEPTABLE; + } + return null; + } + + public HttpStatus checkAuthKeyAccess(GenericAuthDto auth, Long spaceID){ + var status = checkAccess(auth, spaceID); + if (status != null) return status; + if (!spaceService.userHasAuthKeyAccess(spaceID, auth.getUserID())) { + return HttpStatus.NOT_ACCEPTABLE; + } + return null; + } + + public HttpStatus checkWriteAccess(GenericAuthDto auth, Long spaceID){ + var status = checkAccess(auth, spaceID); + if (status != null) return status; + if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())) + return HttpStatus.NOT_ACCEPTABLE; + return null; + } +} diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java index d3dce3f..a44d19d 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java @@ -1,18 +1,12 @@ package com.vaultionizer.vaultserver.model.dto; public class FileUploadDto { - private Long spaceID; private int amountFiles; - public FileUploadDto(Long spaceID, int amountFiles) { - this.spaceID = spaceID; + public FileUploadDto(int amountFiles) { this.amountFiles = amountFiles; } - public Long getSpaceID() { - return spaceID; - } - public int getAmountFiles() { return amountFiles; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java index 1350fa6..180879f 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java @@ -1,18 +1,12 @@ package com.vaultionizer.vaultserver.model.dto; public class JoinSpaceDto { - private Long spaceID; private String authKey; - public JoinSpaceDto(Long spaceID, String authKey) { - this.spaceID = spaceID; + public JoinSpaceDto(String authKey) { this.authKey = authKey; } - public Long getSpaceID() { - return spaceID; - } - public String getAuthKey() { return authKey; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java index c46a01a..f9079a9 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java @@ -4,18 +4,12 @@ import java.time.Instant; public class ReadRefFileDto { - private Long spaceID; private Instant lastRead; - public ReadRefFileDto(Long spaceID, Instant lastRead) { - this.spaceID = spaceID; + public ReadRefFileDto(Instant lastRead) { this.lastRead = lastRead; } - public Long getSpaceID() { - return spaceID; - } - public Instant getLastRead() { return lastRead; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java index 3f858fb..0a0c1b2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java @@ -1,18 +1,12 @@ package com.vaultionizer.vaultserver.model.dto; public class UpdateRefFileDto { - private Long spaceID; private String content; public UpdateRefFileDto(Long spaceID, String content) { - this.spaceID = spaceID; this.content = content; } - public Long getSpaceID() { - return spaceID; - } - public String getContent() { return content; } diff --git a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java index f59651b..666a82d 100644 --- a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java +++ b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java @@ -35,10 +35,14 @@ public class SpaceTestData { new AuthWrapperDto(new GenericAuthDto(1L, "correctTestSessionKey")) }; - public static final SpaceAuthKeyDto[] getAuthKeys = { - new SpaceAuthKeyDto(new GenericAuthDto(1L, "definitely wrong"), 3L), - new SpaceAuthKeyDto(new GenericAuthDto(1L, "correctTestSessionKey"), 3L), - new SpaceAuthKeyDto(new GenericAuthDto(1L, "correctTestSessionKey"), 4L), - new SpaceAuthKeyDto(new GenericAuthDto(2L, "correctTestSessionKey"), 3L) + public static final Long[] getAuthKeys = { + 3L, 3L, 4L, 3L + }; + + public static final GenericAuthDto[] getAuthKeyCredentials = { + new GenericAuthDto(1L, "definitely wrong"), + new GenericAuthDto(1L, "correctTestSessionKey"), + new GenericAuthDto(1L, "correctTestSessionKey"), + new GenericAuthDto(2L, "correctTestSessionKey") }; } From c8974462b521650b1300e1a2382f8ad8224affa8 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 16 May 2021 15:29:00 +0200 Subject: [PATCH 26/57] Fixed all tests. --- .../controllers/SpaceControllerTest.java | 79 ++++++++++--------- .../cucumber/steps/DownloadFileSteps.java | 2 +- .../cucumber/steps/ManageSpaceSteps.java | 2 +- .../cucumber/steps/UploadFileSteps.java | 2 +- .../vaultserver/testdata/SpaceTestData.java | 47 +++++------ 5 files changed, 68 insertions(+), 64 deletions(-) diff --git a/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java b/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java index c07d83a..8111e10 100644 --- a/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java +++ b/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java @@ -35,11 +35,10 @@ public class SpaceControllerTest { private FileService fileService; - private SpaceController spaceController; @BeforeEach - private void initialize(){ + private void initialize() { spaceService = Mockito.mock(SpaceService.class); sessionService = Mockito.mock(SessionService.class); refFileService = Mockito.mock(RefFileService.class); @@ -49,48 +48,49 @@ private void initialize(){ Mockito.when(sessionService.getSession( - SpaceTestData.createSpace[0].getAuth().getUserID(), - SpaceTestData.createSpace[0].getAuth().getSessionKey()) + SpaceTestData.createSpaceAuths[0].getUserID(), + SpaceTestData.createSpaceAuths[0].getSessionKey()) ).thenReturn(false); Mockito.when(sessionService.getSession( - SpaceTestData.createSpace[1].getAuth().getUserID(), - SpaceTestData.createSpace[1].getAuth().getSessionKey()) + SpaceTestData.createSpaceAuths[1].getUserID(), + SpaceTestData.createSpaceAuths[1].getSessionKey()) ).thenReturn(true); Mockito.when(spaceService.checkSpaceCredentials( - SpaceTestData.joinSpaces[1].getSpaceID(), + SpaceTestData.joinSpacesSpaceIDs[1], SpaceTestData.joinSpaces[1].getAuthKey()) ).thenReturn(false); Mockito.when(spaceService.checkSpaceCredentials( - SpaceTestData.joinSpaces[2].getSpaceID(), + SpaceTestData.joinSpacesSpaceIDs[2], SpaceTestData.joinSpaces[2].getAuthKey()) ).thenReturn(true); + Mockito.when(spaceService.getSpacesAccessible(SpaceTestData.getAllSpaces[0].getUserID())) + .thenReturn(null); + Mockito.when(sessionService.getSession( - SpaceTestData.getAuthKeys[3].getAuth().getUserID(), - SpaceTestData.getAuthKeys[3].getAuth().getSessionKey()) + SpaceTestData.getAuthKeyCredentials[3].getUserID(), + SpaceTestData.getAuthKeyCredentials[3].getSessionKey()) ).thenReturn(true); - Mockito.when(spaceService.getSpacesAccessible(SpaceTestData.getAllSpaces[0].getAuth().getUserID())) - .thenReturn(null); Mockito.when(userAccessService.userHasAccess( - SpaceTestData.getAuthKeys[1].getAuth().getUserID(), - SpaceTestData.getAuthKeys[1].getSpaceID()) + SpaceTestData.getAuthKeyCredentials[1].getUserID(), + SpaceTestData.getAuthKeysSpaceIds[1]) ).thenReturn(false); Mockito.when(userAccessService.userHasAccess( - SpaceTestData.getAuthKeys[2].getAuth().getUserID(), - SpaceTestData.getAuthKeys[2].getSpaceID()) + SpaceTestData.getAuthKeyCredentials[2].getUserID(), + SpaceTestData.getAuthKeysSpaceIds[2]) ).thenReturn(true); Mockito.when(userAccessService.userHasAccess( - SpaceTestData.getAuthKeys[3].getAuth().getUserID(), - SpaceTestData.getAuthKeys[3].getSpaceID()) + SpaceTestData.getAuthKeyCredentials[3].getUserID(), + SpaceTestData.getAuthKeysSpaceIds[3]) ).thenReturn(true); - Mockito.when(spaceService.createSpace(SpaceTestData.createSpace[1].getAuth().getUserID(), + Mockito.when(spaceService.createSpace(SpaceTestData.createSpaceAuths[1].getUserID(), SpaceTestData.createSpace[1].getReferenceFile(), SpaceTestData.createSpace[1].isPrivate(), false, false, SpaceTestData.createSpace[1].getAuthKey()) ).thenReturn(1L); @@ -102,52 +102,55 @@ private void initialize(){ // Tests create space api @Test @DisplayName("Tests creating a new space using a wrong session key.") - public void createSpaceWrongSessionKey(){ - ResponseEntity res = spaceController.createSpace(SpaceTestData.createSpace[0]); + public void createSpaceWrongSessionKey() { + ResponseEntity res = spaceController.createSpace(SpaceTestData.createSpace[0], SpaceTestData.createSpaceAuths[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests creating a new space using a correct session key.") - public void createSpace(){ - ResponseEntity res = spaceController.createSpace(SpaceTestData.createSpace[1]); + public void createSpace() { + ResponseEntity res = spaceController.createSpace(SpaceTestData.createSpace[1], SpaceTestData.createSpaceAuths[1]); Assertions.assertEquals(201, res.getStatusCodeValue()); - Assertions.assertEquals(1L, ((Long)(res.getBody()))); + Assertions.assertEquals(1L, ((Long) (res.getBody()))); } // Tests join space api @Test @DisplayName("Tests joining a space using a wrong session key.") - public void joinSpaceWrongSessionKey(){ - ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[0]); + public void joinSpaceWrongSessionKey() { + ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[0], + SpaceTestData.joinSpacesAuth[0], SpaceTestData.joinSpacesSpaceIDs[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests joining a space using a correct session key but wrong authkey.") - public void joinSpaceWrongAuthKey(){ - ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[1]); + public void joinSpaceWrongAuthKey() { + ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[1], + SpaceTestData.joinSpacesAuth[1], SpaceTestData.joinSpacesSpaceIDs[1]); Assertions.assertEquals(403, res.getStatusCodeValue()); } @Test @DisplayName("Tests joining a space using a correct session key with correct authkey.") - public void joinSpace(){ - ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[2]); + public void joinSpace() { + ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[2], + SpaceTestData.joinSpacesAuth[2], SpaceTestData.joinSpacesSpaceIDs[2]); Assertions.assertEquals(200, res.getStatusCodeValue()); } // Tests get all spaces @Test @DisplayName("Tests getting all space a user is part of using a wrong session key.") - public void getAllSpacesWrongSessionKey(){ + public void getAllSpacesWrongSessionKey() { ResponseEntity res = spaceController.getAllSpaces(SpaceTestData.getAllSpaces[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests getting all space a user is part of using a wrong session key.") - public void getAllSpaces(){ + public void getAllSpaces() { ResponseEntity res = spaceController.getAllSpaces(SpaceTestData.getAllSpaces[1]); Assertions.assertEquals(200, res.getStatusCodeValue()); Assertions.assertNull(res.getBody()); @@ -156,22 +159,22 @@ public void getAllSpaces(){ // Tests get authentication key of a specified space @Test @DisplayName("Tests getting the authentication key of a space using a wrong session key.") - public void getAuthKeyWrongSessionKey(){ - ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeys[0]); + public void getAuthKeyWrongSessionKey() { + ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeyCredentials[0], SpaceTestData.getAuthKeysSpaceIds[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests getting the authentication key of a space the user has no permission for.") - public void getAuthKeyWithoutPermission(){ - ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeys[1]); + public void getAuthKeyWithoutPermission() { + ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeyCredentials[1], SpaceTestData.getAuthKeysSpaceIds[1]); Assertions.assertEquals(403, res.getStatusCodeValue()); } @Test @DisplayName("Tests getting the authentication key of a space the user access to.") - public void getAuthKey(){ - ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeys[3]); + public void getAuthKey() { + ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeyCredentials[3], SpaceTestData.getAuthKeysSpaceIds[3]); Assertions.assertEquals(406, res.getStatusCodeValue()); Assertions.assertNull(res.getBody()); } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java index f3c7a92..8b5a525 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java @@ -56,7 +56,7 @@ public void theFileWithSaveIndexWasUploaded(Long saveIndex) { @When("the user requests to download the file with saveIndex {long}") public void theUserRequestsToDownloadTheFileWithSaveIndex(Long saveIndex) { - res = fileController.downloadFile(new FileDownloadDto(spaceID, saveIndex), new GenericAuthDto(userID, sessionKey)); + res = fileController.downloadFile(new GenericAuthDto(userID, sessionKey), spaceID, saveIndex); } @Then("the status code of download is {int}") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java index d36e038..1e9c919 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java @@ -172,7 +172,7 @@ public void theAuthKeyRemainsUnchanged() throws Exception { } public void checkAuthKey(String expected) throws Exception { - var result = spaceController.getAuthKey(new SpaceAuthKeyDto(spaceID), getUserAuth(userID)); + var result = spaceController.getAuthKey(getUserAuth(userID), spaceID); if (!result.hasBody() || result.getBody() == null) throw new Exception("Getting auth key failed. " + result.getStatusCode().value() + " -> "+result.getStatusCode().name()); var auth = (SpaceAuthKeyResponseDto)result.getBody(); diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java index 860bb89..3bfe3c8 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java @@ -44,7 +44,7 @@ public void theUserHasAnAccountWithName(String username) { @When("the user requests to upload {int} files") public void theUserRequestsToUploadFiles(int amount) { - res = fileController.uploadFiles(new FileUploadDto(spaceID, amount), new GenericAuthDto(userID, sessionKey)); + res = fileController.uploadFiles(new FileUploadDto(amount), new GenericAuthDto(userID, sessionKey), spaceID); } @Then("the status code of upload is {int}") diff --git a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java index 666a82d..5708239 100644 --- a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java +++ b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java @@ -4,38 +4,39 @@ public class SpaceTestData { public static final CreateSpaceDto[] createSpace = { - new CreateSpaceDto(new GenericAuthDto( + new CreateSpaceDto(true, "", ""), + new CreateSpaceDto(true, "0", "000") + }; + public static final GenericAuthDto[] createSpaceAuths = { + new GenericAuthDto( 1L, "testSessionKey" - ), true, "", ""), - new CreateSpaceDto(new GenericAuthDto( - 1L, - "correctTestSessionKey" - ), true, "0", "000") - }; + ), new GenericAuthDto( + 1L, + "correctTestSessionKey" + )}; public static final JoinSpaceDto[] joinSpaces = { - new JoinSpaceDto(new GenericAuthDto( - 1L, - "testSessionKey" - ), 2L, "definitely wrong"), - new JoinSpaceDto(new GenericAuthDto( - 1L, - "correctTestSessionKey" - ), 2L, "definitely wrong"), - new JoinSpaceDto(new GenericAuthDto( - 1L, - "correctTestSessionKey" - ), 2L, "thatWasTheAuthKey!") + new JoinSpaceDto("definitely wrong"), + new JoinSpaceDto("definitely wrong"), + new JoinSpaceDto( "thatWasTheAuthKey!") + }; + + public static final GenericAuthDto[] joinSpacesAuth = { + new GenericAuthDto(1L, "testSessionKey"), + new GenericAuthDto(1L, "correctTestSessionKey"), + new GenericAuthDto(1L, "correctTestSessionKey") }; - public static final AuthWrapperDto[] getAllSpaces = { - new AuthWrapperDto(new GenericAuthDto(1L, "definitely wrong")), - new AuthWrapperDto(new GenericAuthDto(1L, "correctTestSessionKey")) + public static final Long[] joinSpacesSpaceIDs = { 2L, 2L, 2L }; + + public static final GenericAuthDto[] getAllSpaces = { + new GenericAuthDto(1L, "definitely wrong"), + new GenericAuthDto(1L, "correctTestSessionKey") }; - public static final Long[] getAuthKeys = { + public static final Long[] getAuthKeysSpaceIds = { 3L, 3L, 4L, 3L }; From b54a6510ac7bca169f082dbc19e7d2aaa9029451 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 16 May 2021 17:26:50 +0200 Subject: [PATCH 27/57] Adjusted REST API. --- .github/workflows/docker-publish-develop.yml | 5 +++++ .github/workflows/docker-publish-master.yml | 5 +++++ scripts/build_project_docker.sh | 2 +- .../vaultserver/controllers/FileController.java | 4 ++-- .../controllers/RefFileController.java | 2 +- .../vaultserver/controllers/SpaceController.java | 16 ++++++++-------- .../vaultserver/controllers/UserController.java | 8 ++++---- 7 files changed, 26 insertions(+), 16 deletions(-) diff --git a/.github/workflows/docker-publish-develop.yml b/.github/workflows/docker-publish-develop.yml index 2aa6f5c..6bffb46 100644 --- a/.github/workflows/docker-publish-develop.yml +++ b/.github/workflows/docker-publish-develop.yml @@ -20,6 +20,11 @@ jobs: env: CR_PAT: ${{ secrets.CR_PAT }} + - name: Run tests + run: | + cd scripts + bash test.sh + - name: Build image run: docker build . --file Dockerfile --tag $IMAGE_NAME diff --git a/.github/workflows/docker-publish-master.yml b/.github/workflows/docker-publish-master.yml index 690eac4..728861a 100644 --- a/.github/workflows/docker-publish-master.yml +++ b/.github/workflows/docker-publish-master.yml @@ -18,6 +18,11 @@ jobs: steps: - uses: actions/checkout@v2 + - name: Run tests + run: | + cd scripts + bash test.sh + - name: Build image run: docker build . --file Dockerfile --tag $IMAGE_NAME diff --git a/scripts/build_project_docker.sh b/scripts/build_project_docker.sh index 7c323b8..6e928f2 100644 --- a/scripts/build_project_docker.sh +++ b/scripts/build_project_docker.sh @@ -4,7 +4,7 @@ rm target/vaultserver* export MAVEN_OPTS="-Xmx1024m" echo "Packaging project" -mvn package +mvn package -Dmaven.test.skip=true mv target/*jar ../vaultionizer_server.jar cd .. diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index 873e5eb..68500ea 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -130,7 +130,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, } } - @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/delete", method = RequestMethod.DELETE) + @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}", method = RequestMethod.DELETE) @ApiOperation(value = "Requests to delete a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "File has successfully been deleted."), @@ -152,7 +152,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/update", method = RequestMethod.POST) + @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/update", method = RequestMethod.PUT) @ApiOperation(value = "Requests to update a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "File has successfully been marked for updating."), diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index fa7b2a4..88931a8 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -69,7 +69,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - @RequestMapping(value = "/api/refFile/{spaceID}/update", method = RequestMethod.POST) + @RequestMapping(value = "/api/refFile/{spaceID}/update", method = RequestMethod.PUT) @ApiOperation(value = "Update the reference file of the specified space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The response contains the content of the current ref file."), diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index c3b47e7..2dbed21 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -37,7 +37,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, - @RequestMapping(value = "/api/space/get", method = RequestMethod.POST) + @RequestMapping(value = "/api/space", method = RequestMethod.GET) @ApiOperation(value = "Returns all spaces a user has access to.", response = GetSpacesResponseDto.class, responseContainer = "List" @@ -95,7 +95,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - @RequestMapping(value = "/api/space/{spaceID}/quit/{spaceID}", method = RequestMethod.DELETE) + @RequestMapping(value = "/api/space/{spaceID}/quit", method = RequestMethod.DELETE) @ApiOperation(value = "Removes the user from the space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The user successfully quit the space."), @@ -116,7 +116,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/space/{spaceID}/authkey/get", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/authkey", method = RequestMethod.GET) @ApiOperation( value = "Returns the authentication key of a file.", response = SpaceAuthKeyResponseDto.class ) @@ -137,7 +137,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(authKey.get(), HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}/config/set", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/config", method = RequestMethod.PUT) @ApiOperation( value = "Returns the authentication key of a file.", response = ConfigureSpaceDto.class ) @@ -156,7 +156,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.ACCEPTED); } - @RequestMapping(value = "/api/space/{spaceID}/kickall", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/kickall", method = RequestMethod.DELETE) @ApiOperation( value = "Returns the authentication key of a file.", response = GenericAuthDto.class ) @@ -175,7 +175,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}/authkey/set", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/authkey", method = RequestMethod.PUT) @ApiOperation( value = "Changes the authentication key of a space.", response = ChangeAuthKeyDto.class ) @@ -194,7 +194,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}/config/get", method = RequestMethod.POST) + @RequestMapping(value = "/api/space/{spaceID}/config", method = RequestMethod.GET) @ApiOperation( value = "Returns the configuration of a space.", response = GetSpacesResponseDto.class ) @@ -211,7 +211,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(spaceService.getSpaceConfig(spaceID), HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}/delete", method = RequestMethod.DELETE) + @RequestMapping(value = "/api/space/{spaceID}", method = RequestMethod.DELETE) @ApiOperation( value = "Deletes the specified space if permitted.", response = SpaceAuthKeyResponseDto.class ) diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java index 549bfbd..f69d1b3 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java @@ -39,7 +39,7 @@ public UserController(UserService userService, SessionService sessionService, - @RequestMapping(value = "/api/users/create", method = RequestMethod.POST) + @RequestMapping(value = "/api/user/create", method = RequestMethod.POST) @ApiOperation(value = "Creates a new user, a new private space and adds a session.", response = LoginUserResponseDto.class) @ApiResponses(value = { @@ -72,7 +72,7 @@ public UserController(UserService userService, SessionService sessionService, return new ResponseEntity<>(sessionService.addSession(userID), HttpStatus.CREATED); } - @RequestMapping(value = "/api/users/login", method = RequestMethod.POST) + @RequestMapping(value = "/api/user/login", method = RequestMethod.POST) @ApiOperation(value = "Logs the user in and returns a session.", response = LoginUserResponseDto.class) @ApiResponses(value = { @@ -90,7 +90,7 @@ public UserController(UserService userService, SessionService sessionService, return new ResponseEntity<>(sessionService.addSession(userID), HttpStatus.OK); } - @RequestMapping(value = "/api/users/logout", method = RequestMethod.PUT) + @RequestMapping(value = "/api/user/logout", method = RequestMethod.PUT) @ApiOperation(value = "Logs the user out.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The user was logged out successfully.") @@ -102,7 +102,7 @@ public UserController(UserService userService, SessionService sessionService, return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/users/delete", method = RequestMethod.DELETE) + @RequestMapping(value = "/api/user", method = RequestMethod.DELETE) @ApiOperation(value = "Deletes the specified user and all spaces the user created.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The deletion process was successful."), From c2468f31495f9b5a6347b3591974c2499d7266a0 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 16 May 2021 22:06:45 +0200 Subject: [PATCH 28/57] Adjusted code so that Sonarcloud is silent. --- .../vaultserver/VaultserverApplication.java | 12 +- .../vaultserver/config/SecurityConfig.java | 4 +- .../vaultserver/config/SwaggerConfig.java | 16 +-- .../config/WebSocketChannelFilter.java | 13 +- .../vaultserver/config/WebSocketConfig.java | 5 +- .../config/WebSocketConfigTomcat.java | 2 +- .../controllers/FileController.java | 54 +++++---- .../controllers/MiscController.java | 14 ++- .../controllers/RefFileController.java | 30 ++--- .../controllers/SessionController.java | 14 ++- .../controllers/SpaceController.java | 114 ++++++++++-------- .../controllers/UserController.java | 40 +++--- .../controllers/WebsocketController.java | 30 +++-- .../helpers/AccessCheckerUtil.java | 15 ++- .../vaultserver/helpers/Config.java | 6 +- .../vaultserver/helpers/Hashing.java | 11 +- .../vaultserver/helpers/SessionTokenGen.java | 7 +- .../vaultserver/jobs/PendingUploadJob.java | 2 +- .../vaultserver/jobs/SessionJob.java | 2 +- .../vaultserver/model/db/FileModel.java | 2 +- .../vaultserver/model/db/RefFilesModel.java | 1 - .../vaultserver/model/db/SessionModel.java | 2 +- .../vaultserver/model/db/UserModel.java | 6 +- .../model/dto/wserrors/UploadData.java | 2 +- .../model/dto/wserrors/WS_ERROR.java | 2 +- .../vaultserver/resource/SpaceRepository.java | 1 - .../vaultserver/service/FileService.java | 74 ++++++------ .../service/PendingUploadService.java | 20 +-- .../vaultserver/service/RefFileService.java | 17 +-- .../vaultserver/service/SessionService.java | 40 +++--- .../vaultserver/service/SpaceService.java | 43 +++---- .../service/UserAccessService.java | 16 +-- .../vaultserver/service/UserService.java | 17 ++- .../vaultionizer/vaultserver/TestHelpers.java | 4 +- .../controllers/MiscControllerTest.java | 4 +- .../controllers/SpaceControllerTest.java | 28 ++--- .../controllers/UserControllerTest.java | 36 +++--- .../cucumber/steps/CreateSpaceSteps.java | 14 +-- .../cucumber/steps/CreateUserSteps.java | 13 +- .../cucumber/steps/DeleteSpaceSteps.java | 19 ++- .../cucumber/steps/DeleteUserStep.java | 25 ++-- .../cucumber/steps/DownloadFileSteps.java | 17 ++- .../cucumber/steps/ManageSpaceSteps.java | 14 +-- .../cucumber/steps/UploadFileSteps.java | 9 +- .../services/SpaceServiceUnitTests.java | 31 ++--- .../services/UserAccessServiceUnitTests.java | 35 +++--- .../services/UserServiceUnitTests.java | 35 +++--- .../vaultserver/testdata/SpaceTestData.java | 8 +- .../vaultserver/testdata/UserTestData.java | 4 +- .../resources/features/createSpace.feature | 1 + .../resources/features/createUser.feature | 1 + .../resources/features/deleteSpace.feature | 1 + .../resources/features/deleteUser.feature | 1 + .../resources/features/downloadFile.feature | 1 + .../resources/features/manageSpace.feature | 28 ++--- .../resources/features/uploadFile.feature | 1 + 56 files changed, 485 insertions(+), 479 deletions(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/VaultserverApplication.java b/src/main/java/com/vaultionizer/vaultserver/VaultserverApplication.java index a0d4fb8..b610182 100644 --- a/src/main/java/com/vaultionizer/vaultserver/VaultserverApplication.java +++ b/src/main/java/com/vaultionizer/vaultserver/VaultserverApplication.java @@ -5,14 +5,14 @@ import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.data.jpa.repository.config.EnableJpaAuditing; -@SpringBootApplication(exclude = {SecurityAutoConfiguration.class }) +@SpringBootApplication(exclude = {SecurityAutoConfiguration.class}) @EnableJpaAuditing public class VaultserverApplication { - public static void main(String[] args) { - SpringApplication app = new SpringApplication(VaultserverApplication.class); - app.setAdditionalProfiles("ssl"); - app.run(args); - } + public static void main(String[] args) { + var app = new SpringApplication(VaultserverApplication.class); + app.setAdditionalProfiles("ssl"); + app.run(args); + } } diff --git a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java index cae3439..7982d23 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java @@ -23,7 +23,7 @@ protected void configure(HttpSecurity http) throws Exception { @Bean public CorsConfigurationSource corsConfigurationSource() { - CorsConfiguration configuration = new CorsConfiguration(); + var configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("https://www.vault.gottwuerfeltnicht.de")); // for testing: // configuration.setAllowedOrigins(Arrays.asList("http://localhost:63342")); @@ -31,7 +31,7 @@ public CorsConfigurationSource corsConfigurationSource() { configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token")); configuration.setExposedHeaders(Arrays.asList("x-auth-token")); configuration.setAllowCredentials(true); - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + var source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } diff --git a/src/main/java/com/vaultionizer/vaultserver/config/SwaggerConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/SwaggerConfig.java index a8893f2..1be48b2 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/SwaggerConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/SwaggerConfig.java @@ -41,14 +41,14 @@ public LinkDiscoverers discoverers() { } private static final ApiInfo apiInfo = new ApiInfo( // TODO: work on that - "Vaultionizer API", - "A safe space for everybody that seeks after privacy.", - "1.0.0", - "https://www.vault.gottwuerfeltnicht.de", - new Contact("Team Vaultionizer", "https://vaultionizer.com/", "contact@vaultionizer.com"), - "ODC DbCL v1.0 License", - "https://opendatacommons.org/licenses/dbcl/1.0/", - new ArrayList<>() + "Vaultionizer API", + "A safe space for everybody that seeks after privacy.", + "1.0.0", + "https://www.vault.gottwuerfeltnicht.de", + new Contact("Team Vaultionizer", "https://vaultionizer.com/", "contact@vaultionizer.com"), + "ODC DbCL v1.0 License", + "https://opendatacommons.org/licenses/dbcl/1.0/", + new ArrayList<>() ); } diff --git a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java index 4882276..8efe02e 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketChannelFilter.java @@ -20,11 +20,11 @@ public WebSocketChannelFilter(SessionService sessionService) { @Override public Message preSend(Message message, MessageChannel channel) { StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class); - if (StompCommand.SUBSCRIBE.equals(accessor.getCommand())){ + if (StompCommand.SUBSCRIBE.equals(accessor.getCommand())) { // TODO: check whether user has rights to subscribe String dest = accessor.getDestination(); if (dest == null) return null; - if (!dest.startsWith(WEBSOCKET_DOWNLOAD) && !dest.startsWith(WEBSOCKET_ERROR)){ + if (!dest.startsWith(WEBSOCKET_DOWNLOAD) && !dest.startsWith(WEBSOCKET_ERROR)) { return null; } @@ -34,18 +34,17 @@ public Message preSend(Message message, MessageChannel channel) { String websocketToken = token[token.length - 1]; String sessionKey = accessor.getFirstNativeHeader("sessionKey"); String userID = accessor.getFirstNativeHeader("userID"); - if (userID == null || sessionKey == null || websocketToken.length() == 0 || userID.length() == 0) return null; + if (userID == null || sessionKey == null || websocketToken.length() == 0 || userID.length() == 0) + return null; if (!sessionService.checkValidWebsocketToken(Long.parseLong(userID), websocketToken, sessionKey)) { return null; } // subscription is valid - } - - else if (StompCommand.SEND.equals(accessor.getCommand())){ + } else if (StompCommand.SEND.equals(accessor.getCommand())) { // check whether to upload endpoint (only one that is legitimate) String dest = accessor.getDestination(); if (dest == null) return null; - if (!dest.startsWith(WEBSOCKET_UPLOAD)){ + if (!dest.startsWith(WEBSOCKET_UPLOAD)) { return null; // TODO: send error } } diff --git a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java index ab2e4e6..56d9233 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfig.java @@ -6,7 +6,10 @@ import org.springframework.context.annotation.Configuration; import org.springframework.messaging.simp.config.ChannelRegistration; import org.springframework.messaging.simp.config.MessageBrokerRegistry; -import org.springframework.web.socket.config.annotation.*; +import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker; +import org.springframework.web.socket.config.annotation.StompEndpointRegistry; +import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer; +import org.springframework.web.socket.config.annotation.WebSocketTransportRegistration; import static com.vaultionizer.vaultserver.helpers.Config.WEBSOCKET_PREFIX; diff --git a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfigTomcat.java b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfigTomcat.java index aeda5de..f90c721 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfigTomcat.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/WebSocketConfigTomcat.java @@ -12,7 +12,7 @@ public class WebSocketConfigTomcat implements WebSocketConfigurer { @Bean public ServletServerContainerFactoryBean createWebSocketContainer() { - ServletServerContainerFactoryBean container = new ServletServerContainerFactoryBean(); + var container = new ServletServerContainerFactoryBean(); container.setMaxTextMessageBufferSize(Config.MSG_SIZE_LIMITS); container.setMaxBinaryMessageBufferSize(Config.MSG_SIZE_LIMITS); return container; diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index 68500ea..27fac00 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -3,8 +3,6 @@ import com.vaultionizer.vaultserver.helpers.AccessCheckerUtil; import com.vaultionizer.vaultserver.helpers.FileStatus; -import com.vaultionizer.vaultserver.model.dto.DeleteFileDto; -import com.vaultionizer.vaultserver.model.dto.FileDownloadDto; import com.vaultionizer.vaultserver.model.dto.FileUploadDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.*; @@ -45,7 +43,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, accessCheckerUtil = new AccessCheckerUtil(sessionService, userAccessService, spaceService); } - @RequestMapping(value = "/api/file/{spaceID}/upload", method = RequestMethod.POST) + @PostMapping(value = "/api/file/{spaceID}/upload") @ApiOperation(value = "Requests to upload a variable amount of files.", response = Long.class ) @@ -57,29 +55,30 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 404, message = "A consistency error occurred.") }) - public @ResponseBody ResponseEntity - uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable("spaceID") Long spaceID){ + public @ResponseBody + ResponseEntity + uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable("spaceID") Long spaceID) { Long sessionID = sessionService.getSessionID(auth.getUserID(), auth.getSessionKey()); - if (sessionID == -1){ + if (sessionID == -1) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (req.getAmountFiles() <= 0 || spaceID < 0){ + if (req.getAmountFiles() <= 0 || spaceID < 0) { return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); } - if (userAccessService.userHasAccess(auth.getUserID(), spaceID)){ - if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())){ + if (userAccessService.userHasAccess(auth.getUserID(), spaceID)) { + if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())) { return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } Long refFileID = spaceService.getRefFileID(spaceID); - if (refFileID == -1){ + if (refFileID == -1) { return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); } // retrieving the index the files will be saved as Long saveIndex = refFileService.requestUploadFiles(refFileID, (long) req.getAmountFiles()); - if (saveIndex == -1){ + if (saveIndex == -1) { return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); } @@ -92,7 +91,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/download", method = RequestMethod.PUT) + @PutMapping(value = "/api/file/{spaceID}/{saveIndex}/download") @ApiOperation(value = "Requests to download a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The file will be send via websocket to respective location (taking the websocketToken into account)."), @@ -102,22 +101,23 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 423, message = "The requested file is currently either being uploaded or modified. Thus, the file is locked."), @ApiResponse(code = 500, message = "A consistency error occurred. Should never be the case. Bug the developer!") }) - public @ResponseBody ResponseEntity - downloadFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex){ + public @ResponseBody + ResponseEntity + downloadFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { String websocketToken = sessionService. getSessionWebsocketToken(auth.getUserID(), auth.getSessionKey()); - if (websocketToken == null){ + if (websocketToken == null) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - HttpStatus httpStatus = accessCheckerUtil.checkAccess(auth, spaceID); + var httpStatus = accessCheckerUtil.checkAccess(auth, spaceID); if (httpStatus != null) return new ResponseEntity<>(null, httpStatus); FileStatus status = fileService.setDownloadFile(spaceID, saveIndex); - if (status == null){ + if (status == null) { return new ResponseEntity<>(null, HttpStatus.NOT_FOUND); } - switch (status){ + switch (status) { case READ_FROM: // read file and send to websocket endpoint Runnable runnable = () -> websocketController.download(websocketToken, spaceID, saveIndex); @@ -130,7 +130,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, } } - @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}", method = RequestMethod.DELETE) + @DeleteMapping(value = "/api/file/{spaceID}/{saveIndex}") @ApiOperation(value = "Requests to delete a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "File has successfully been deleted."), @@ -139,20 +139,21 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 423, message = "The requested file is currently either being uploaded or modified. Thus, the file is locked."), }) - public @ResponseBody ResponseEntity - deleteFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex){ + public @ResponseBody + ResponseEntity + deleteFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); boolean success = fileService.deleteFile(spaceID, saveIndex); - if (!success){ + if (!success) { return new ResponseEntity<>(null, HttpStatus.LOCKED); } return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/file/{spaceID}/{saveIndex}/update", method = RequestMethod.PUT) + @PutMapping(value = "/api/file/{spaceID}/{saveIndex}/update") @ApiOperation(value = "Requests to update a specific file.") @ApiResponses(value = { @ApiResponse(code = 200, message = "File has successfully been marked for updating."), @@ -161,8 +162,9 @@ public FileController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 409, message = "Some conflict occurred."), }) - public @ResponseBody ResponseEntity - updateFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex){ + public @ResponseBody + ResponseEntity + updateFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -170,7 +172,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, sessionService.getSessionID(auth.getUserID(), auth.getSessionKey()), saveIndex); - if (!granted){ + if (!granted) { return new ResponseEntity<>(null, HttpStatus.CONFLICT); } return new ResponseEntity<>(null, HttpStatus.ACCEPTED); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/MiscController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/MiscController.java index 66d6a66..5fec538 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/MiscController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/MiscController.java @@ -21,22 +21,24 @@ public class MiscController { @ApiResponses(value = { @ApiResponse(code = 200, message = "The server's version is returned.") }) - @ResponseBody ResponseEntity - getVersion(){ + public @ResponseBody + ResponseEntity + getVersion() { return new ResponseEntity<>(Config.VERSION, HttpStatus.OK); } - @RequestMapping(value = "/api/misc/checkAuthenticated", method = RequestMethod.POST) + @PostMapping(value = "/api/misc/checkAuthenticated") @ApiOperation(value = "Returns whether the authentication for the server is correct.") @ApiResponses(value = { @ApiResponse(code = 202, message = "The authentication is correct."), @ApiResponse(code = 403, message = "The authentication failed.") }) - @ResponseBody ResponseEntity - checkAuthenticated(@RequestBody CheckAuthenticatedDto req){ + public @ResponseBody + ResponseEntity + checkAuthenticated(@RequestBody CheckAuthenticatedDto req) { return new ResponseEntity<>((!Config.VERSION.isHasAuthKey() || (Config.SERVER_USER.equals(req.getServerUser()) && Config.SERVER_AUTH.equals(req.getServerAuthKey()))) - ? HttpStatus.ACCEPTED : HttpStatus.FORBIDDEN); + ? HttpStatus.ACCEPTED : HttpStatus.FORBIDDEN); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index 88931a8..73ecdfb 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -34,7 +34,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc this.refFileService = refFileService; } - @RequestMapping(value = "/api/refFile/{spaceID}/read", method = RequestMethod.POST) + @PostMapping(value = "/api/refFile/{spaceID}/read") @ApiOperation(value = "Read the reference file of the specified space or if lastRead is older than last update on reference file, NOT_MODIFIED is sent as status.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The response contains the content of the current ref file."), @@ -43,24 +43,25 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 403, message = "Either the space with given ID does not exist or the user has no access to that space."), @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) - @ResponseBody ResponseEntity - readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (userAccessService.userHasAccess(auth.getUserID(), spaceID)){ + if (userAccessService.userHasAccess(auth.getUserID(), spaceID)) { Long refFileID = spaceService.getRefFileID(spaceID); if (refFileID == -1L) { return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } // if the last fetched version is latest, just tell user not modified - if (req.getLastRead() != null && !refFileService.hasNewVersion(refFileID, req.getLastRead())){ + if (req.getLastRead() != null && !refFileService.hasNewVersion(refFileID, req.getLastRead())) { return new ResponseEntity<>(null, HttpStatus.NOT_MODIFIED); } String content = refFileService.readRefFile(refFileID); - if (content == null){ + if (content == null) { return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } return new ResponseEntity<>(content, HttpStatus.OK); @@ -69,7 +70,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - @RequestMapping(value = "/api/refFile/{spaceID}/update", method = RequestMethod.PUT) + @PutMapping(value = "/api/refFile/{spaceID}/update") @ApiOperation(value = "Update the reference file of the specified space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The response contains the content of the current ref file."), @@ -78,14 +79,15 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 406, message = "The user has no write access."), @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) - @ResponseBody ResponseEntity - updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (userAccessService.userHasAccess(auth.getUserID(), spaceID)){ - if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())){ + if (userAccessService.userHasAccess(auth.getUserID(), spaceID)) { + if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())) { return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } @@ -94,7 +96,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } boolean success = refFileService.updateRefFile(refFileID, req.getContent()); - if (!success){ + if (!success) { return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } return new ResponseEntity<>(null, HttpStatus.OK); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java index 8e06aba..b095de7 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java @@ -1,6 +1,5 @@ package com.vaultionizer.vaultserver.controllers; -import com.vaultionizer.vaultserver.model.dto.AuthWrapperDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.SessionService; import io.swagger.annotations.Api; @@ -10,7 +9,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestHeader; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @Api(value = "/api/session/", description = "Controller that allows renewing the session.") @RestController @@ -22,16 +24,16 @@ public SessionController(SessionService sessionService) { this.sessionService = sessionService; } - @RequestMapping(value = "/api/session/renew", method = RequestMethod.PUT) + @PutMapping(value = "/api/session/renew") @ApiOperation(value = "Renews the session with specified key.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The session has been renewed successfully."), @ApiResponse(code = 403, message = "The session either does not exist or has become invalid already."), }) - @ResponseBody + public @ResponseBody ResponseEntity - renewSession(@RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + renewSession(@RequestHeader("auth") GenericAuthDto auth) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } // if the session exists, the session has just indirectly been renewed. return new ResponseEntity<>(null, HttpStatus.OK); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index 2dbed21..fc2c0ca 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -36,19 +36,19 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, } - - @RequestMapping(value = "/api/space", method = RequestMethod.GET) + @GetMapping(value = "/api/space") @ApiOperation(value = "Returns all spaces a user has access to.", - response = GetSpacesResponseDto.class, - responseContainer = "List" + response = GetSpacesResponseDto.class, + responseContainer = "List" ) @ApiResponses(value = { @ApiResponse(code = 200, message = "The response contains all spaces the user has access to."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), }) - public @ResponseBody ResponseEntity - getAllSpaces(@RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + getAllSpaces(@RequestHeader("auth") GenericAuthDto auth) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } return new ResponseEntity<>( @@ -56,16 +56,17 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/space/create", method = RequestMethod.POST) + @PostMapping(value = "/api/space/create") @ApiOperation(value = "Creates a new space.", - response = Long.class) + response = Long.class) @ApiResponses(value = { @ApiResponse(code = 201, message = "The space was created successfully. The returned value is the space's ID."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong."), }) - public @ResponseBody ResponseEntity - createSpace(@RequestBody CreateSpaceDto req, @RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + createSpace(@RequestBody CreateSpaceDto req, @RequestHeader("auth") GenericAuthDto auth) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } Long spaceID = spaceService.createSpace(auth.getUserID(), req.getReferenceFile(), req.isPrivate(), @@ -74,20 +75,21 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(spaceID, HttpStatus.CREATED); } - @RequestMapping(value = "/api/space/{spaceID}/join", method = RequestMethod.PUT) + @PutMapping(value = "/api/space/{spaceID}/join") @ApiOperation(value = "Adds the user to the space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The user was successfully added to the space."), @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong.") }) - public @ResponseBody ResponseEntity - joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (spaceService.checkSpaceCredentials(spaceID, req.getAuthKey())){ + if (spaceService.checkSpaceCredentials(spaceID, req.getAuthKey())) { userAccessService.addUserAccess(spaceID, auth.getUserID()); return new ResponseEntity<>(null, HttpStatus.OK); } @@ -95,7 +97,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - @RequestMapping(value = "/api/space/{spaceID}/quit", method = RequestMethod.DELETE) + @DeleteMapping(value = "/api/space/{spaceID}/quit") @ApiOperation(value = "Removes the user from the space.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The user successfully quit the space."), @@ -103,12 +105,13 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 404, message = "The spaceID does not exist or you do not have access in the first place."), @ApiResponse(code = 406, message = "The user is the creator of the space and thus must delete the space manually.") }) - public @ResponseBody ResponseEntity - quitSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + quitSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } - if (spaceService.checkCreator(spaceID, auth.getUserID())){ + if (spaceService.checkCreator(spaceID, auth.getUserID())) { return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } return new ResponseEntity<>(null, userAccessService.removeAccess(auth.getUserID(), spaceID) ? @@ -116,9 +119,9 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, } - @RequestMapping(value = "/api/space/{spaceID}/authkey", method = RequestMethod.GET) - @ApiOperation( value = "Returns the authentication key of a file.", - response = SpaceAuthKeyResponseDto.class + @GetMapping(value = "/api/space/{spaceID}/authkey") + @ApiOperation(value = "Returns the authentication key of a file.", + response = SpaceAuthKeyResponseDto.class ) @ApiResponses(value = { @ApiResponse(code = 200, message = "The auth key is returned."), @@ -127,8 +130,9 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 406, message = "User is not allowed to get the auth key."), @ApiResponse(code = 417, message = "Some other error occurred.") }) - public @ResponseBody ResponseEntity - getAuthKey(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID){ + public @ResponseBody + ResponseEntity + getAuthKey(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { HttpStatus status = accessCheckerUtil.checkAuthKeyAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -137,8 +141,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(authKey.get(), HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}/config", method = RequestMethod.PUT) - @ApiOperation( value = "Returns the authentication key of a file.", + @PutMapping(value = "/api/space/{spaceID}/config") + @ApiOperation(value = "Returns the authentication key of a file.", response = ConfigureSpaceDto.class ) @ApiResponses(value = { @@ -147,17 +151,19 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the authorization key is wrong."), @ApiResponse(code = 406, message = "User is not the creator.") }) - public @ResponseBody ResponseEntity - configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + public @ResponseBody + ResponseEntity + configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); - if (req.getSharedSpace() != null) spaceService.changeSharedState(spaceID, auth.getUserID(), req.getSharedSpace()); + if (req.getSharedSpace() != null) + spaceService.changeSharedState(spaceID, auth.getUserID(), req.getSharedSpace()); spaceService.configureSpace(spaceID, req.getUsersWriteAccess(), req.getUsersAuthAccess()); return new ResponseEntity<>(null, HttpStatus.ACCEPTED); } - @RequestMapping(value = "/api/space/{spaceID}/kickall", method = RequestMethod.DELETE) - @ApiOperation( value = "Returns the authentication key of a file.", + @DeleteMapping(value = "/api/space/{spaceID}/kickall") + @ApiOperation(value = "Returns the authentication key of a file.", response = GenericAuthDto.class ) @ApiResponses(value = { @@ -166,8 +172,9 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the user has no access."), @ApiResponse(code = 406, message = "User is not the creator.") }) - public @ResponseBody ResponseEntity - kickUsers(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + public @ResponseBody + ResponseEntity + kickUsers(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -175,8 +182,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}/authkey", method = RequestMethod.PUT) - @ApiOperation( value = "Changes the authentication key of a space.", + @PutMapping(value = "/api/space/{spaceID}/authkey") + @ApiOperation(value = "Changes the authentication key of a space.", response = ChangeAuthKeyDto.class ) @ApiResponses(value = { @@ -185,8 +192,9 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the user has no access."), @ApiResponse(code = 406, message = "User is not the creator.") }) - public @ResponseBody ResponseEntity - changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + public @ResponseBody + ResponseEntity + changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -194,8 +202,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}/config", method = RequestMethod.GET) - @ApiOperation( value = "Returns the configuration of a space.", + @GetMapping(value = "/api/space/{spaceID}/config") + @ApiOperation(value = "Returns the configuration of a space.", response = GetSpacesResponseDto.class ) @ApiResponses(value = { @@ -203,16 +211,17 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 401, message = "The user either does not exist or the sessionKey is wrong. User is thus not authorized."), @ApiResponse(code = 403, message = "Either the space with given ID does not exist, it is private or the user has no access.") }) - public @ResponseBody ResponseEntity - getSpaceConfig(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ + public @ResponseBody + ResponseEntity + getSpaceConfig(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); return new ResponseEntity<>(spaceService.getSpaceConfig(spaceID), HttpStatus.OK); } - @RequestMapping(value = "/api/space/{spaceID}", method = RequestMethod.DELETE) - @ApiOperation( value = "Deletes the specified space if permitted.", + @DeleteMapping(value = "/api/space/{spaceID}") + @ApiOperation(value = "Deletes the specified space if permitted.", response = SpaceAuthKeyResponseDto.class ) @ApiResponses(value = { @@ -221,18 +230,19 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, @ApiResponse(code = 403, message = "Either the space with given ID does not exist."), @ApiResponse(code = 412, message = "Space is probably currently in deletion process.") }) - public @ResponseBody ResponseEntity - deleteSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + deleteSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } if (!userAccessService.userHasAccess(auth.getUserID(), spaceID) || - !spaceService.checkCreator(spaceID, auth.getUserID())){ + !spaceService.checkCreator(spaceID, auth.getUserID())) { return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } - if (!spaceService.markSpaceDeleted(spaceID)){ + if (!spaceService.markSpaceDeleted(spaceID)) { return new ResponseEntity<>(null, HttpStatus.PRECONDITION_FAILED); } deleteSpaceRoutine(spaceID); @@ -240,7 +250,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, return new ResponseEntity<>(null, HttpStatus.OK); } - public void deleteSpaceRoutine(Long spaceID){ + public void deleteSpaceRoutine(Long spaceID) { userAccessService.deleteAllWithSpace(spaceID); fileService.deleteAllFilesInSpace(spaceID); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java index f69d1b3..a420958 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java @@ -38,8 +38,7 @@ public UserController(UserService userService, SessionService sessionService, } - - @RequestMapping(value = "/api/user/create", method = RequestMethod.POST) + @PostMapping(value = "/api/user/create") @ApiOperation(value = "Creates a new user, a new private space and adds a session.", response = LoginUserResponseDto.class) @ApiResponses(value = { @@ -48,19 +47,19 @@ public UserController(UserService userService, SessionService sessionService, @ApiResponse(code = 403, message = "The server credentials are wrong."), @ApiResponse(code = 409, message = "The username is in use.") }) - public @ResponseBody ResponseEntity - createUser(@RequestBody RegisterUserDto req){ + public @ResponseBody + ResponseEntity + createUser(@RequestBody RegisterUserDto req) { if (Config.VERSION.isHasAuthKey() && - ( req.getServerUser() == null || req.getServerAuthKey() == null || - !req.getServerUser().equals(Config.SERVER_USER) || !req.getServerAuthKey().equals(Config.SERVER_AUTH))) - { + (req.getServerUser() == null || req.getServerAuthKey() == null || + !req.getServerUser().equals(Config.SERVER_USER) || !req.getServerAuthKey().equals(Config.SERVER_AUTH))) { return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } if (req.getKey() == null || req.getRefFile() == null || req.getKey().length() < Config.MIN_USER_KEY_LENGTH || req.getRefFile().length() == 0 || req.getUsername() == null || req.getUsername().length() < Config.MIN_USERNAME_LENGTH - ){ + ) { return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); } @@ -72,17 +71,18 @@ public UserController(UserService userService, SessionService sessionService, return new ResponseEntity<>(sessionService.addSession(userID), HttpStatus.CREATED); } - @RequestMapping(value = "/api/user/login", method = RequestMethod.POST) + @PostMapping(value = "/api/user/login") @ApiOperation(value = "Logs the user in and returns a session.", response = LoginUserResponseDto.class) @ApiResponses(value = { @ApiResponse(code = 200, message = "The user was signed in successfully. The response is a session key."), @ApiResponse(code = 401, message = "The user authorization failed.") }) - public @ResponseBody ResponseEntity - loginUser(@RequestBody LoginUserDto req){ + public @ResponseBody + ResponseEntity + loginUser(@RequestBody LoginUserDto req) { Long userID = userService.getUserIDCheckCredentials(req.getUsername(), req.getKey()); - if (userID == -1){ + if (userID == -1) { // no user has that id in combination with the key return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -90,27 +90,29 @@ public UserController(UserService userService, SessionService sessionService, return new ResponseEntity<>(sessionService.addSession(userID), HttpStatus.OK); } - @RequestMapping(value = "/api/user/logout", method = RequestMethod.PUT) + @PutMapping(value = "/api/user/logout") @ApiOperation(value = "Logs the user out.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The user was logged out successfully.") }) - public @ResponseBody ResponseEntity - logoutUser(@RequestBody AuthWrapperDto req){ + public @ResponseBody + ResponseEntity + logoutUser(@RequestBody AuthWrapperDto req) { GenericAuthDto auth = req.getAuth(); sessionService.deleteSession(auth.getUserID(), auth.getSessionKey()); return new ResponseEntity<>(null, HttpStatus.OK); } - @RequestMapping(value = "/api/user", method = RequestMethod.DELETE) + @DeleteMapping(value = "/api/user") @ApiOperation(value = "Deletes the specified user and all spaces the user created.") @ApiResponses(value = { @ApiResponse(code = 200, message = "The deletion process was successful."), @ApiResponse(code = 401, message = "The user authorization failed.") }) - public @ResponseBody ResponseEntity - deleteUser(@RequestHeader("auth") GenericAuthDto auth){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public @ResponseBody + ResponseEntity + deleteUser(@RequestHeader("auth") GenericAuthDto auth) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } userService.setDeleted(auth.getUserID()); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java index d823d5b..13ed69d 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/WebsocketController.java @@ -34,16 +34,15 @@ public WebsocketController(SessionService sessionService, PendingUploadService p } @MessageMapping("/upload") - public void upload(@Payload WebsocketFileDto content, Message file){ - // TODO: check how to send errors + public void upload(@Payload WebsocketFileDto content, Message file) { if (content == null || content.getContent() == null) return; LinkedMultiValueMap nativeHeaders = parseNativeHeaders(file.getHeaders().get("nativeHeaders")); if (nativeHeaders == null) return; // parse headers - Long userID = parseLongFromHeader(nativeHeaders, "userID"); - Long spaceID = parseLongFromHeader(nativeHeaders, "spaceID"); - Long saveIndex = parseLongFromHeader(nativeHeaders, "saveIndex"); + var userID = parseLongFromHeader(nativeHeaders, "userID"); + var spaceID = parseLongFromHeader(nativeHeaders, "spaceID"); + var saveIndex = parseLongFromHeader(nativeHeaders, "saveIndex"); String sessionKey = nativeHeaders.getFirst("sessionKey"); String wsToken = nativeHeaders.getFirst("websocketToken"); @@ -70,12 +69,11 @@ public void upload(@Payload WebsocketFileDto content, Message file){ } boolean success; - if (granted == 1){ + if (granted == 1) { // usual upload fileService.setUploadFile(spaceID, saveIndex); success = fileService.writeToFile(content.getContent(), spaceID, saveIndex); - } - else{ + } else { // updating requested success = fileService.tryUpdating(content.getContent(), spaceID, saveIndex); } @@ -86,25 +84,25 @@ public void upload(@Payload WebsocketFileDto content, Message file){ } } - public synchronized void download(String websocketToken, Long spaceID, Long saveIndex){ + public synchronized void download(String websocketToken, Long spaceID, Long saveIndex) { // TODO: check how to set headers (namely: spaceID and saveIndex) - simpMessagingTemplate.convertAndSend( Config.WEBSOCKET_DOWNLOAD + websocketToken, + simpMessagingTemplate.convertAndSend(Config.WEBSOCKET_DOWNLOAD + websocketToken, fileService.makeDownload(spaceID, saveIndex)); } - public void sendError(String websocketToken, GenericWSError error){ - simpMessagingTemplate.convertAndSend( Config.WEBSOCKET_ERROR + websocketToken, error); + public void sendError(String websocketToken, GenericWSError error) { + simpMessagingTemplate.convertAndSend(Config.WEBSOCKET_ERROR + websocketToken, error); } - private Long parseLongFromHeader(LinkedMultiValueMap map, String key){ + private Long parseLongFromHeader(LinkedMultiValueMap map, String key) { if (map.getFirst(key) == null) return null; return Long.parseLong(map.getFirst(key)); } - private LinkedMultiValueMap parseNativeHeaders(Object o){ + private LinkedMultiValueMap parseNativeHeaders(Object o) { if (o == null) return null; - if (o instanceof LinkedMultiValueMap){ - return (LinkedMultiValueMap)o; + if (o instanceof LinkedMultiValueMap) { + return (LinkedMultiValueMap) o; } return null; } diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java b/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java index 5a8e4af..ed44930 100644 --- a/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java @@ -5,7 +5,6 @@ import com.vaultionizer.vaultserver.service.SpaceService; import com.vaultionizer.vaultserver.service.UserAccessService; import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; public class AccessCheckerUtil { private SessionService sessionService; @@ -18,28 +17,28 @@ public AccessCheckerUtil(SessionService sessionService, UserAccessService userAc this.spaceService = spaceService; } - public HttpStatus checkAccess(GenericAuthDto auth, Long spaceID){ - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())){ + public HttpStatus checkAccess(GenericAuthDto auth, Long spaceID) { + if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return HttpStatus.UNAUTHORIZED; } if (spaceService.checkDeleted(spaceID) || - !userAccessService.userHasAccess(auth.getUserID(), spaceID)){ + !userAccessService.userHasAccess(auth.getUserID(), spaceID)) { return HttpStatus.FORBIDDEN; } return null; } // check whether user is logged in, has access and whether user is creator. If so, returns null - public HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID){ + public HttpStatus checkPrivilegeLevel(GenericAuthDto auth, Long spaceID) { HttpStatus accessStatus = checkAccess(auth, spaceID); if (accessStatus != null) return accessStatus; - if (!spaceService.checkCreator(spaceID, auth.getUserID())){ + if (!spaceService.checkCreator(spaceID, auth.getUserID())) { return HttpStatus.NOT_ACCEPTABLE; } return null; } - public HttpStatus checkAuthKeyAccess(GenericAuthDto auth, Long spaceID){ + public HttpStatus checkAuthKeyAccess(GenericAuthDto auth, Long spaceID) { var status = checkAccess(auth, spaceID); if (status != null) return status; if (!spaceService.userHasAuthKeyAccess(spaceID, auth.getUserID())) { @@ -48,7 +47,7 @@ public HttpStatus checkAuthKeyAccess(GenericAuthDto auth, Long spaceID){ return null; } - public HttpStatus checkWriteAccess(GenericAuthDto auth, Long spaceID){ + public HttpStatus checkWriteAccess(GenericAuthDto auth, Long spaceID) { var status = checkAccess(auth, spaceID); if (status != null) return status; if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())) diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java b/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java index 5a448e2..7291850 100644 --- a/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/Config.java @@ -23,16 +23,18 @@ public class Config { public static final String WEBSOCKET_PREFIX = "/api/ws"; public static final String WEBSOCKET_RES = "/api/wsres"; public static final String WEBSOCKET_DOWNLOAD = WEBSOCKET_RES + "/download/"; - public static final String WEBSOCKET_ERROR = WEBSOCKET_RES + "/error/"; + public static final String WEBSOCKET_ERROR = WEBSOCKET_RES + "/error/"; public static final String WEBSOCKET_UPLOAD = WEBSOCKET_PREFIX + "/upload"; // is adjusted in the tests (thus not final) public static String SPACE_PATH = "/home/vaultionizer/spaces/"; - public static final int SESSION_JOB_DELAY = 3600 * 1000; public static final int PENDING_UPLOAD_JOB_DELAY = 86400 * 1000; public static final String RANDOM_ALGO = "SHA1PRNG"; + + private Config() { + } } diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/Hashing.java b/src/main/java/com/vaultionizer/vaultserver/helpers/Hashing.java index 8024e9a..7c61714 100644 --- a/src/main/java/com/vaultionizer/vaultserver/helpers/Hashing.java +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/Hashing.java @@ -3,13 +3,16 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; public class Hashing { - public static String hashBcrypt(String s){ - BCryptPasswordEncoder bcrypt = new BCryptPasswordEncoder(); + private Hashing() { + } + + public static String hashBcrypt(String s) { + var bcrypt = new BCryptPasswordEncoder(); return bcrypt.encode(s); } - public static boolean checkMatchingHash(String hashed, String plain){ - BCryptPasswordEncoder bcrypt = new BCryptPasswordEncoder(); + public static boolean checkMatchingHash(String hashed, String plain) { + var bcrypt = new BCryptPasswordEncoder(); return bcrypt.matches(plain, hashed); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/SessionTokenGen.java b/src/main/java/com/vaultionizer/vaultserver/helpers/SessionTokenGen.java index 039c980..de88512 100644 --- a/src/main/java/com/vaultionizer/vaultserver/helpers/SessionTokenGen.java +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/SessionTokenGen.java @@ -6,13 +6,16 @@ import java.util.UUID; public class SessionTokenGen { + private SessionTokenGen() { + } + public static String generateToken() throws NoSuchAlgorithmException { - byte[] content = new byte[64]; + var content = new byte[64]; SecureRandom.getInstance(Config.RANDOM_ALGO).nextBytes(content); return Base64.getEncoder().encodeToString(content); } - public static String generateUUID(){ + public static String generateUUID() { return UUID.randomUUID().toString(); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/jobs/PendingUploadJob.java b/src/main/java/com/vaultionizer/vaultserver/jobs/PendingUploadJob.java index d1de21e..2486ee6 100644 --- a/src/main/java/com/vaultionizer/vaultserver/jobs/PendingUploadJob.java +++ b/src/main/java/com/vaultionizer/vaultserver/jobs/PendingUploadJob.java @@ -16,7 +16,7 @@ public PendingUploadJob(PendingUploadService pendingUploadService) { } @Scheduled(fixedDelay = Config.PENDING_UPLOAD_JOB_DELAY) - public void cleanOldPendingUploads(){ + public void cleanOldPendingUploads() { pendingUploadService.deleteOldPendingUploads(); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/jobs/SessionJob.java b/src/main/java/com/vaultionizer/vaultserver/jobs/SessionJob.java index be95f3f..c2f9eea 100644 --- a/src/main/java/com/vaultionizer/vaultserver/jobs/SessionJob.java +++ b/src/main/java/com/vaultionizer/vaultserver/jobs/SessionJob.java @@ -16,7 +16,7 @@ public SessionJob(SessionService sessionService) { } @Scheduled(fixedDelay = Config.SESSION_JOB_DELAY) - public void cleanSessionsExpired(){ + public void cleanSessionsExpired() { sessionService.cleanAllSessionsExpired(); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/FileModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/FileModel.java index bfc5892..39e2b8f 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/FileModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/FileModel.java @@ -45,7 +45,7 @@ public FileStatus getStatus() { } - public void setStatus(FileStatus status){ + public void setStatus(FileStatus status) { this.status = status; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/RefFilesModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/RefFilesModel.java index ef35431..15275bf 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/RefFilesModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/RefFilesModel.java @@ -26,7 +26,6 @@ public class RefFilesModel { private String content; - public RefFilesModel() { } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/SessionModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/SessionModel.java index ad7b1ed..9c85d39 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/SessionModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/SessionModel.java @@ -70,7 +70,7 @@ public String getWebSocketToken() { return webSocketToken; } - public void update(){ + public void update() { this.lastQuery = Instant.now(); } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java b/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java index fc9f938..875fb3b 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/db/UserModel.java @@ -2,11 +2,9 @@ import com.vaultionizer.vaultserver.helpers.Config; import org.hibernate.validator.constraints.Length; -import org.hibernate.validator.constraints.UniqueElements; import javax.persistence.*; import javax.validation.constraints.NotNull; -import java.util.Objects; @Entity(name = "users") public class UserModel { @@ -20,9 +18,9 @@ public class UserModel { private String username; @NotNull(message = "Key cannot be null!") - @Length(min = Config.MIN_USER_KEY_LENGTH, message = "Hashed key must be at least "+Config.MIN_USER_KEY_LENGTH+" characters long!") + @Length(min = Config.MIN_USER_KEY_LENGTH, message = "Hashed key must be at least " + Config.MIN_USER_KEY_LENGTH + " characters long!") private String key; // Note: key can be blank because a cryptographic key is randomly distributed. - // The length must have a minimum size. + // The length must have a minimum size. public UserModel() { } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java index 3b05fb9..62443fc 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/UploadData.java @@ -1,6 +1,6 @@ package com.vaultionizer.vaultserver.model.dto.wserrors; -public class UploadData extends WSErrorData{ +public class UploadData extends WSErrorData { private final Long userID; private final Long spaceID; private final Long saveIndex; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java index d195182..615d963 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/wserrors/WS_ERROR.java @@ -1,6 +1,6 @@ package com.vaultionizer.vaultserver.model.dto.wserrors; -public enum WS_ERROR{ +public enum WS_ERROR { MISSHAPEN_UPLOAD, UPLOAD_NOT_GRANTED, UPLOAD_UNSUCCESSFUL diff --git a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java index f63f5ac..36b9942 100644 --- a/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java +++ b/src/main/java/com/vaultionizer/vaultserver/resource/SpaceRepository.java @@ -2,7 +2,6 @@ import com.vaultionizer.vaultserver.model.db.SpaceModel; import com.vaultionizer.vaultserver.model.dto.GetSpaceConfigResponseDto; -import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; import com.vaultionizer.vaultserver.model.dto.SpaceAuthKeyResponseDto; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Modifying; diff --git a/src/main/java/com/vaultionizer/vaultserver/service/FileService.java b/src/main/java/com/vaultionizer/vaultserver/service/FileService.java index 39fb08b..7c16d82 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/FileService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/FileService.java @@ -25,11 +25,11 @@ public FileService(FileRepository fileRepository) { this.readMap = new HashMap<>(); } - public long countFilesInSpace(Long spaceID){ + public long countFilesInSpace(Long spaceID) { return fileRepository.countFilesInSpace(spaceID); } - public void deleteAllFilesInSpace(Long spaceID){ + public void deleteAllFilesInSpace(Long spaceID) { var ids = fileRepository.getAllFiles(spaceID); fileRepository.deleteFiles(spaceID); synchronized (readMap) { @@ -39,7 +39,7 @@ public void deleteAllFilesInSpace(Long spaceID){ } - public boolean setUploadFile(Long spaceID, Long saveIndex){ + public boolean setUploadFile(Long spaceID, Long saveIndex) { FileModel model = findFile(spaceID, saveIndex); if (model != null) return false; @@ -48,10 +48,10 @@ public boolean setUploadFile(Long spaceID, Long saveIndex){ return true; } - public FileStatus setDownloadFile(Long spaceID, Long saveIndex){ + public FileStatus setDownloadFile(Long spaceID, Long saveIndex) { FileModel model = findFile(spaceID, saveIndex); if (model == null) return null; - switch (model.getStatus()){ + switch (model.getStatus()) { case ACCESSIBLE: model.setStatus(FileStatus.READ_FROM); fileRepository.save(model); @@ -66,11 +66,11 @@ public FileStatus setDownloadFile(Long spaceID, Long saveIndex){ } } - public boolean writeToFile(String content, Long spaceID, Long saveIndex){ + public boolean writeToFile(String content, Long spaceID, Long saveIndex) { FileModel model = findFile(spaceID, saveIndex); if (model == null || model.getStatus() != FileStatus.UPLOADING) return false; - File f = new File(getFilePath(spaceID, saveIndex)); - if (!f.exists()){ + var f = new File(getFilePath(spaceID, saveIndex)); + if (!f.exists()) { try { f.getParentFile().mkdirs(); f.createNewFile(); @@ -79,7 +79,7 @@ public boolean writeToFile(String content, Long spaceID, Long saveIndex){ return false; } } - try (PrintWriter writer = new PrintWriter(new FileWriter(f, false))){ + try (var writer = new PrintWriter(new FileWriter(f, false))) { writer.print(content); writer.flush(); } catch (IOException e) { @@ -91,12 +91,12 @@ public boolean writeToFile(String content, Long spaceID, Long saveIndex){ return true; } - public boolean tryUpdating(String content, Long spaceID, Long saveIndex){ + public boolean tryUpdating(String content, Long spaceID, Long saveIndex) { if (!setUpdating(spaceID, saveIndex)) return false; - File file = new File(getFilePath(spaceID, saveIndex)); + var file = new File(getFilePath(spaceID, saveIndex)); if (!file.exists()) return false; - try (PrintWriter writer = new PrintWriter(new FileWriter(file, false))){ + try (var writer = new PrintWriter(new FileWriter(file, false))) { writer.print(content); writer.flush(); } catch (IOException e) { @@ -108,18 +108,17 @@ public boolean tryUpdating(String content, Long spaceID, Long saveIndex){ return true; } - public String makeDownload(Long spaceID, Long saveIndex){ - FileModel fileModel = findFile(spaceID, saveIndex); + public String makeDownload(Long spaceID, Long saveIndex) { + var fileModel = findFile(spaceID, saveIndex); if (fileModel == null) return null; if (readMap.get(fileModel.getFileID()) == 0 || readMap.get(fileModel.getFileID()) == null || fileModel.getStatus() != FileStatus.READ_FROM) return null; String content = readFromFile(spaceID, saveIndex); - if (readMap.get(fileModel.getFileID()) == 1){ + if (readMap.get(fileModel.getFileID()) == 1) { readMap.remove(fileModel.getFileID()); fileModel.setStatus(FileStatus.ACCESSIBLE); - } - else{ + } else { Integer amount = readMap.get(fileModel.getFileID()); if (amount <= 0) return null; amount--; @@ -128,31 +127,30 @@ public String makeDownload(Long spaceID, Long saveIndex){ return content; } - public String readFromFile(Long spaceID, Long saveIndex){ - File f = new File(getFilePath(spaceID, saveIndex)); + public String readFromFile(Long spaceID, Long saveIndex) { + var f = new File(getFilePath(spaceID, saveIndex)); if (!f.exists()) return null; - StringBuilder builder = new StringBuilder(); - try{ + try { return Files.readString(f.toPath().toAbsolutePath()); } catch (IOException e) { return null; } } - private String getFilePath(Long spaceID, Long saveIndex){ - return Config.SPACE_PATH +spaceID+"/"+saveIndex+".bin"; + private String getFilePath(Long spaceID, Long saveIndex) { + return Config.SPACE_PATH + spaceID + "/" + saveIndex + ".bin"; } - private String getFilePath(Long spaceID){ - return Config.SPACE_PATH +spaceID; + private String getFilePath(Long spaceID) { + return Config.SPACE_PATH + spaceID; } - private synchronized FileModel findFile(Long spaceID, Long saveIndex){ + private synchronized FileModel findFile(Long spaceID, Long saveIndex) { return fileRepository.findFile(spaceID, saveIndex); } - private synchronized boolean setUpdating(Long spaceID, Long saveIndex){ + private synchronized boolean setUpdating(Long spaceID, Long saveIndex) { FileModel file = fileRepository.findFile(spaceID, saveIndex); if (file.getStatus() == FileStatus.UPLOADING || file.getStatus() == FileStatus.MODIFYING) return false; file.setStatus(FileStatus.MODIFYING); @@ -164,10 +162,10 @@ private synchronized void setDoneUpdating(Long spaceID, Long saveIndex) { fileRepository.updateFileStatus(spaceID, saveIndex, FileStatus.ACCESSIBLE); } - public boolean deleteFile(Long spaceID, Long saveIndex){ + public boolean deleteFile(Long spaceID, Long saveIndex) { FileModel file = fileRepository.findFile(spaceID, saveIndex); if (file == null) return true; - switch (file.getStatus()){ + switch (file.getStatus()) { case ACCESSIBLE: case READ_FROM: fileRepository.delete(file); @@ -177,29 +175,29 @@ public boolean deleteFile(Long spaceID, Long saveIndex){ } } - private void deleteDirectory(Long spaceID){ - File file = new File(getFilePath(spaceID)); - if (file.isDirectory()){ + private void deleteDirectory(Long spaceID) { + var file = new File(getFilePath(spaceID)); + if (file.isDirectory()) { file.delete(); } } - private boolean removeFileFromDisk(Long spaceID, Long saveIndex){ - File file = new File(getFilePath(spaceID, saveIndex)); + private boolean removeFileFromDisk(Long spaceID, Long saveIndex) { + var file = new File(getFilePath(spaceID, saveIndex)); if (file.exists()) return file.delete(); return true; } // for testing - public void setModified(Long spaceID, Long saveIndex){ - FileModel fileModel = findFile(spaceID, saveIndex); + public void setModified(Long spaceID, Long saveIndex) { + var fileModel = findFile(spaceID, saveIndex); fileModel.setStatus(FileStatus.MODIFYING); fileRepository.save(fileModel); } - public boolean fileExists(Long spaceID, Long saveIndex){ - File file = new File(getFilePath(spaceID, saveIndex)); + public boolean fileExists(Long spaceID, Long saveIndex) { + var file = new File(getFilePath(spaceID, saveIndex)); return file.exists() && findFile(spaceID, saveIndex) != null; } } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/PendingUploadService.java b/src/main/java/com/vaultionizer/vaultserver/service/PendingUploadService.java index 2d90b8a..83958b0 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/PendingUploadService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/PendingUploadService.java @@ -19,18 +19,18 @@ public PendingUploadService(PendingUploadRepository pendingUploadRepository, Fil this.fileService = fileService; } - public void addFilesToUpload(Long spaceID, Long sessionID, Long amountValues, Long saveIndex){ + public void addFilesToUpload(Long spaceID, Long sessionID, Long amountValues, Long saveIndex) { PendingUploadModel model; for (long i = 0; i < amountValues; i++) { - model = new PendingUploadModel(spaceID, saveIndex+i, sessionID, false); + model = new PendingUploadModel(spaceID, saveIndex + i, sessionID, false); this.pendingUploadRepository.save(model); } } // returns 0 if not granted, 1 if usual upload and 2 if update - public int uploadFile(Long spaceID, Long sessionID, Long saveIndex){ + public int uploadFile(Long spaceID, Long sessionID, Long saveIndex) { var model = pendingUploadRepository.findItem(spaceID, sessionID, saveIndex); - if (model != null){ + if (model != null) { pendingUploadRepository.delete(model); if (!model.getUpdate()) return 1; else return 2; @@ -38,8 +38,8 @@ public int uploadFile(Long spaceID, Long sessionID, Long saveIndex){ return 0; } - public boolean updateFile(Long spaceID, Long sessionID, Long saveIndex){ - if(!fileService.fileExists(spaceID, saveIndex)) return false; + public boolean updateFile(Long spaceID, Long sessionID, Long saveIndex) { + if (!fileService.fileExists(spaceID, saveIndex)) return false; if (pendingUploadRepository.isPending(spaceID, saveIndex) > 0) return false; PendingUploadModel model; model = new PendingUploadModel(spaceID, saveIndex, sessionID, true); @@ -47,19 +47,19 @@ public boolean updateFile(Long spaceID, Long sessionID, Long saveIndex){ return true; } - public void deleteAllPendingUploads(Long spaceID){ + public void deleteAllPendingUploads(Long spaceID) { pendingUploadRepository.deletePendingUploads(spaceID); } - public void deletePendingUploadsByUser(Long userID){ + public void deletePendingUploadsByUser(Long userID) { pendingUploadRepository.deleteAllByUser(userID); } - public void deleteOldPendingUploads(){ + public void deleteOldPendingUploads() { pendingUploadRepository.deleteOldUploads(Instant.now().minusSeconds(Config.MAX_UPLOAD_AGE)); } - public long countPendingUploadsForSpace(Long spaceID){ + public long countPendingUploadsForSpace(Long spaceID) { return pendingUploadRepository.countBySpace(spaceID); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/RefFileService.java b/src/main/java/com/vaultionizer/vaultserver/service/RefFileService.java index 6905a27..60c29b5 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/RefFileService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/RefFileService.java @@ -4,6 +4,7 @@ import com.vaultionizer.vaultserver.resource.RefFileRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; + import java.time.Instant; import java.util.Optional; import java.util.Set; @@ -17,11 +18,11 @@ public RefFileService(RefFileRepository refFileRepository) { this.refFileRepository = refFileRepository; } - public Long addNewRefFile(String content){ + public Long addNewRefFile(String content) { return refFileRepository.save(new RefFilesModel(content)).getRefFileId(); } - public Long requestUploadFiles(Long refFileID, Long amountValues){ + public Long requestUploadFiles(Long refFileID, Long amountValues) { Optional model = this.refFileRepository.findById(refFileID); if (model.isEmpty()) return -1L; RefFilesModel m = model.get(); @@ -31,17 +32,17 @@ public Long requestUploadFiles(Long refFileID, Long amountValues){ return saveIndex; } - public String readRefFile(Long refFileID){ + public String readRefFile(Long refFileID) { Set refFileContents = refFileRepository.getRefFileContent(refFileID); - if (refFileContents == null || refFileContents.size() != 1){ + if (refFileContents == null || refFileContents.size() != 1) { return null; } return refFileContents.stream().findFirst().get(); } - public boolean updateRefFile(Long refFileID, String content){ + public boolean updateRefFile(Long refFileID, String content) { Set models = refFileRepository.getRefFile(refFileID); - if (models == null || models.size() != 1){ + if (models == null || models.size() != 1) { return false; } RefFilesModel model = models.stream().findFirst().get(); @@ -50,11 +51,11 @@ public boolean updateRefFile(Long refFileID, String content){ return true; } - public boolean hasNewVersion(Long refFileID, Instant lastFetched){ + public boolean hasNewVersion(Long refFileID, Instant lastFetched) { return refFileRepository.checkNewVersion(refFileID, lastFetched) == 1; } - public void deleteRefFile(Long refFileID){ + public void deleteRefFile(Long refFileID) { this.refFileRepository.deleteRefFile(refFileID); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/SessionService.java b/src/main/java/com/vaultionizer/vaultserver/service/SessionService.java index d4e921e..ff076bd 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/SessionService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/SessionService.java @@ -20,69 +20,67 @@ public SessionService(SessionRepository sessionRepository) { this.sessionRepository = sessionRepository; } - private void updateSessionTimeStamp(SessionModel model){ + private void updateSessionTimeStamp(SessionModel model) { model.update(); sessionRepository.save(model); } public LoginUserResponseDto addSession(Long userID) { SessionModel session = null; - do - { + do { try { session = new SessionModel(userID); - } - catch(NoSuchAlgorithmException e) { + } catch (NoSuchAlgorithmException e) { e.printStackTrace(); continue; } - } while(sessionRepository.checkUnique(session.getWebSocketToken(), session.getSessionKey()) > 0); + } while (sessionRepository.checkUnique(session.getWebSocketToken(), session.getSessionKey()) > 0); session = sessionRepository.save(session); return new LoginUserResponseDto(session.getUserID(), session.getSessionKey(), session.getWebSocketToken()); } - public boolean getSession(Long userID, String sessionKey){ - SessionModel model = getSessionModel(userID, sessionKey); - return model!=null; + public boolean getSession(Long userID, String sessionKey) { + var model = getSessionModel(userID, sessionKey); + return model != null; } - public Long getSessionID(Long userID, String sessionKey){ - SessionModel model = getSessionModel(userID, sessionKey); + public Long getSessionID(Long userID, String sessionKey) { + var model = getSessionModel(userID, sessionKey); return model == null ? -1L : model.getId(); } - public String getSessionWebsocketToken(Long userID, String sessionKey){ - SessionModel model = getSessionModel(userID, sessionKey); + public String getSessionWebsocketToken(Long userID, String sessionKey) { + var model = getSessionModel(userID, sessionKey); return model == null ? null : model.getWebSocketToken(); } - private SessionModel getSessionModel(Long userID, String sessionKey){ + private SessionModel getSessionModel(Long userID, String sessionKey) { Set sessions = sessionRepository.getSessionModelByKey(userID, sessionKey, getAllowedAge()); - if(sessions.size() == 1) { - SessionModel sessionModel = sessions.stream().findFirst().get(); + if (sessions.size() == 1) { + var sessionModel = sessions.stream().findFirst().get(); updateSessionTimeStamp(sessionModel); return sessionModel; } return null; } - public boolean checkValidWebsocketToken(Long userID, String websocketToken, String sessionKey){ + public boolean checkValidWebsocketToken(Long userID, String websocketToken, String sessionKey) { return sessionRepository.checkValidWebsocketToken(userID, websocketToken, sessionKey, getAllowedAge()) == 1; } - public void deleteSession(Long userID, String sessionKey){ + public void deleteSession(Long userID, String sessionKey) { sessionRepository.deleteSession(userID, sessionKey); } - public void deleteAllSessionsWithUser(Long userID){ + public void deleteAllSessionsWithUser(Long userID) { sessionRepository.logOutUser(userID); } - private Instant getAllowedAge(){ + private Instant getAllowedAge() { return Instant.now().minusSeconds(Config.MAX_SESSION_AGE); } - public void cleanAllSessionsExpired(){ + public void cleanAllSessionsExpired() { this.sessionRepository.deleteAllOldSessions(getAllowedAge()); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java index f4ef8d1..0403ecb 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/SpaceService.java @@ -32,7 +32,7 @@ public SpaceService(SpaceRepository spaceRepository, RefFileService refFileServi deleteLock = new Object(); } - public GetSpacesResponseDto getSpace(Long spaceID, Long userID){ + public GetSpacesResponseDto getSpace(Long spaceID, Long userID) { Optional model = spaceRepository.findById(spaceID); if (model.isEmpty()) return null; return new GetSpacesResponseDto(spaceID, model.get().isPrivateSpace(), model.get().getCreatorID().equals(userID), @@ -40,20 +40,20 @@ public GetSpacesResponseDto getSpace(Long spaceID, Long userID){ } public Long createSpace(Long userID, String refFileContent, boolean isPrivate, boolean usersWriteAccess, - boolean usersCanInvite, String authKey){ + boolean usersCanInvite, String authKey) { Long refFileID = refFileService.addNewRefFile(refFileContent); - SpaceModel model = new SpaceModel(userID, refFileID, isPrivate, usersWriteAccess, usersCanInvite, authKey); + var model = new SpaceModel(userID, refFileID, isPrivate, usersWriteAccess, usersCanInvite, authKey); model = spaceRepository.save(model); userAccessService.addUserAccess(model.getSpaceID(), userID); return model.getSpaceID(); } - public Optional getSpaceAuthKey(Long spaceID){ + public Optional getSpaceAuthKey(Long spaceID) { return spaceRepository.getSpaceAuthKey(spaceID); } // returns the spaces a user has access to - public ArrayList getSpacesAccessible(Long userID){ + public ArrayList getSpacesAccessible(Long userID) { ArrayList spaces = new ArrayList<>(); Set spaceIDs = userAccessService.getAllWithUser(userID); spaceIDs.forEach(spaceID -> { @@ -66,25 +66,25 @@ public ArrayList getSpacesAccessible(Long userID){ } // checks whether a space's credentials equal the given ones. - public boolean checkSpaceCredentials(Long spaceID, String authKey){ + public boolean checkSpaceCredentials(Long spaceID, String authKey) { return spaceRepository.checkJoinableWithCredentials(spaceID, authKey) == 1; } - public Long getRefFileID(Long spaceID){ + public Long getRefFileID(Long spaceID) { var id = this.spaceRepository.getRefFileID(spaceID); if (id.isEmpty()) return -1L; return id.get(); } - public Set getAllOwnedSpaces(Long userID){ + public Set getAllOwnedSpaces(Long userID) { return spaceRepository.getAllOwnedSpaces(userID); } - public boolean checkCreator(Long spaceID, Long userID){ + public boolean checkCreator(Long spaceID, Long userID) { return spaceRepository.checkIsCreator(spaceID, userID) == 1; } - public boolean markSpaceDeleted(Long spaceID){ + public boolean markSpaceDeleted(Long spaceID) { synchronized (deleteLock) { if (this.isDeleted.contains(spaceID)) { return false; @@ -95,21 +95,22 @@ public boolean markSpaceDeleted(Long spaceID){ return true; } - public void deleteSpace(Long spaceID){ + public void deleteSpace(Long spaceID) { spaceRepository.deleteSpace(spaceID); - synchronized (deleteLock){ + synchronized (deleteLock) { this.isDeleted.remove(spaceID); } } - public synchronized boolean checkDeleted(Long spaceID){ + public synchronized boolean checkDeleted(Long spaceID) { return this.isDeleted.contains(spaceID); } - public boolean userHasWriteAccess(Long spaceID, Long userID){ + public boolean userHasWriteAccess(Long spaceID, Long userID) { return spaceRepository.getUserWriteAccess(spaceID, userID) == 1; } - public boolean userHasAuthKeyAccess(Long spaceID, Long userID){ + + public boolean userHasAuthKeyAccess(Long spaceID, Long userID) { return spaceRepository.getUserAuthKeyAccess(spaceID, userID) == 1; } @@ -117,29 +118,29 @@ public void configureSpace(Long spaceID, boolean writeAccess, boolean authKeyAcc spaceRepository.configureSpace(spaceID, writeAccess, authKeyAccess); } - public void changeSharedState(Long spaceID, Long creatorID, Boolean shared){ + public void changeSharedState(Long spaceID, Long creatorID, boolean shared) { var spaceModel = spaceRepository.findById(spaceID); if (spaceModel.isEmpty() || spaceModel.get().isPrivateSpace() == !shared) return; - SpaceModel model = spaceModel.get(); + var model = spaceModel.get(); model.setPrivateSpace(!shared); spaceRepository.save(model); - if (!shared){ + if (!shared) { // shared -> private: remove all accesses userAccessService.kickAll(spaceID, creatorID); } } - public Boolean checkShared(Long spaceID){ + public Boolean checkShared(Long spaceID) { var model = spaceRepository.findById(spaceID); if (model.isEmpty()) return null; return !model.get().isPrivateSpace(); } - public GetSpaceConfigResponseDto getSpaceConfig(Long spaceID){ + public GetSpaceConfigResponseDto getSpaceConfig(Long spaceID) { return spaceRepository.getSpaceConfig(spaceID); } - public void changeAuthKey(Long spaceID, String authKey){ + public void changeAuthKey(Long spaceID, String authKey) { spaceRepository.updateAuthKey(spaceID, authKey); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java b/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java index 748f889..434ab67 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/UserAccessService.java @@ -17,36 +17,36 @@ public UserAccessService(UserAccessRepository userAccessRepository) { this.userAccessRepository = userAccessRepository; } - public void addUserAccess(Long spaceID, Long userID){ + public void addUserAccess(Long spaceID, Long userID) { userAccessRepository.save(new UserAccessModel(userID, spaceID)); } - public void deleteAllWithSpace(Long spaceID){ + public void deleteAllWithSpace(Long spaceID) { userAccessRepository.deleteSpace(spaceID); } - public void deleteAllWithUser(Long userID){ + public void deleteAllWithUser(Long userID) { userAccessRepository.removeUser(userID); } // returns all spaceIDs a userID is associated with - public Set getAllWithUser(Long userID){ + public Set getAllWithUser(Long userID) { return userAccessRepository.getSpacesAccessible(userID); } - public boolean userHasAccess(Long userID, Long spaceID){ + public boolean userHasAccess(Long userID, Long spaceID) { return userAccessRepository.hasAccess(userID, spaceID) == 1; } - public boolean removeAccess(Long userID, Long spaceID){ - if (this.userAccessRepository.hasAccess(userID, spaceID) == 1){ + public boolean removeAccess(Long userID, Long spaceID) { + if (this.userAccessRepository.hasAccess(userID, spaceID) == 1) { this.userAccessRepository.removeUserFromSpace(userID, spaceID); return true; } return false; } - public void kickAll(Long spaceID, Long creatorID){ + public void kickAll(Long spaceID, Long creatorID) { userAccessRepository.kickAllUsers(spaceID, creatorID); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/service/UserService.java b/src/main/java/com/vaultionizer/vaultserver/service/UserService.java index f1cc88d..505452e 100644 --- a/src/main/java/com/vaultionizer/vaultserver/service/UserService.java +++ b/src/main/java/com/vaultionizer/vaultserver/service/UserService.java @@ -3,9 +3,7 @@ import com.vaultionizer.vaultserver.helpers.Hashing; import com.vaultionizer.vaultserver.model.db.UserModel; import com.vaultionizer.vaultserver.resource.UserRepository; -import org.apache.catalina.User; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; import java.util.HashSet; @@ -22,9 +20,9 @@ public UserService(UserRepository userRepository) { deletedUsers = new HashSet<>(); } - public Long getUserIDCheckCredentials(String username, String key){ + public Long getUserIDCheckCredentials(String username, String key) { Set users = userRepository.getPwd(username); - if (users.size() != 1){ + if (users.size() != 1) { return -1L; } UserModel model = users.stream().findFirst().get(); @@ -32,20 +30,21 @@ public Long getUserIDCheckCredentials(String username, String key){ return deletedUsers.contains(userID) ? -1L : userID; } - public Long createUser(String username, String key){ - try {return userRepository.save(new UserModel(username, Hashing.hashBcrypt(key))).getId();} - catch (Exception e){ // in case that username exists + public Long createUser(String username, String key) { + try { + return userRepository.save(new UserModel(username, Hashing.hashBcrypt(key))).getId(); + } catch (Exception e) { // in case that username exists return null; } } - public synchronized boolean setDeleted(Long userID){ + public synchronized boolean setDeleted(Long userID) { if (deletedUsers.contains(userID)) return false; deletedUsers.add(userID); return true; } - public synchronized void setDeletionDone(Long userID){ + public synchronized void setDeletionDone(Long userID) { userRepository.deleteUser(userID); deletedUsers.remove(userID); } diff --git a/src/test/java/com/vaultionizer/vaultserver/TestHelpers.java b/src/test/java/com/vaultionizer/vaultserver/TestHelpers.java index ac46266..d8ef174 100644 --- a/src/test/java/com/vaultionizer/vaultserver/TestHelpers.java +++ b/src/test/java/com/vaultionizer/vaultserver/TestHelpers.java @@ -3,10 +3,10 @@ import com.fasterxml.jackson.databind.ObjectMapper; public class TestHelpers { - public static String convertToJSON(final Object obj){ + public static String convertToJSON(final Object obj) { try { return new ObjectMapper().writeValueAsString(obj); - }catch (Exception e){ + } catch (Exception e) { throw new RuntimeException(e); } } diff --git a/src/test/java/com/vaultionizer/vaultserver/controllers/MiscControllerTest.java b/src/test/java/com/vaultionizer/vaultserver/controllers/MiscControllerTest.java index 24a1980..a4abf5b 100644 --- a/src/test/java/com/vaultionizer/vaultserver/controllers/MiscControllerTest.java +++ b/src/test/java/com/vaultionizer/vaultserver/controllers/MiscControllerTest.java @@ -4,10 +4,10 @@ import org.junit.jupiter.api.Test; import org.springframework.http.ResponseEntity; -public class MiscControllerTest { +class MiscControllerTest { @Test - public void testGetVersion(){ + void testGetVersion() { ResponseEntity res = (new MiscController()).getVersion(); Assertions.assertEquals(200, res.getStatusCodeValue()); Assertions.assertTrue(res.hasBody()); diff --git a/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java b/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java index 8111e10..33a4d93 100644 --- a/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java +++ b/src/test/java/com/vaultionizer/vaultserver/controllers/SpaceControllerTest.java @@ -1,21 +1,15 @@ package com.vaultionizer.vaultserver.controllers; -import com.vaultionizer.vaultserver.model.db.RefFilesModel; -import com.vaultionizer.vaultserver.model.db.SpaceModel; -import com.vaultionizer.vaultserver.resource.SpaceRepository; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.SpaceTestData; import org.junit.jupiter.api.*; -import org.mockito.Mock; import org.mockito.Mockito; import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.http.ResponseEntity; -import static org.mockito.ArgumentMatchers.any; - @TestInstance(TestInstance.Lifecycle.PER_CLASS) @DisplayName("Space Controller") -public class SpaceControllerTest { +class SpaceControllerTest { @MockBean private SessionService sessionService; @@ -102,14 +96,14 @@ private void initialize() { // Tests create space api @Test @DisplayName("Tests creating a new space using a wrong session key.") - public void createSpaceWrongSessionKey() { + void createSpaceWrongSessionKey() { ResponseEntity res = spaceController.createSpace(SpaceTestData.createSpace[0], SpaceTestData.createSpaceAuths[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests creating a new space using a correct session key.") - public void createSpace() { + void createSpace() { ResponseEntity res = spaceController.createSpace(SpaceTestData.createSpace[1], SpaceTestData.createSpaceAuths[1]); Assertions.assertEquals(201, res.getStatusCodeValue()); Assertions.assertEquals(1L, ((Long) (res.getBody()))); @@ -118,7 +112,7 @@ public void createSpace() { // Tests join space api @Test @DisplayName("Tests joining a space using a wrong session key.") - public void joinSpaceWrongSessionKey() { + void joinSpaceWrongSessionKey() { ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[0], SpaceTestData.joinSpacesAuth[0], SpaceTestData.joinSpacesSpaceIDs[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); @@ -126,7 +120,7 @@ public void joinSpaceWrongSessionKey() { @Test @DisplayName("Tests joining a space using a correct session key but wrong authkey.") - public void joinSpaceWrongAuthKey() { + void joinSpaceWrongAuthKey() { ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[1], SpaceTestData.joinSpacesAuth[1], SpaceTestData.joinSpacesSpaceIDs[1]); Assertions.assertEquals(403, res.getStatusCodeValue()); @@ -134,7 +128,7 @@ public void joinSpaceWrongAuthKey() { @Test @DisplayName("Tests joining a space using a correct session key with correct authkey.") - public void joinSpace() { + void joinSpace() { ResponseEntity res = spaceController.joinSpace(SpaceTestData.joinSpaces[2], SpaceTestData.joinSpacesAuth[2], SpaceTestData.joinSpacesSpaceIDs[2]); Assertions.assertEquals(200, res.getStatusCodeValue()); @@ -143,14 +137,14 @@ public void joinSpace() { // Tests get all spaces @Test @DisplayName("Tests getting all space a user is part of using a wrong session key.") - public void getAllSpacesWrongSessionKey() { + void getAllSpacesWrongSessionKey() { ResponseEntity res = spaceController.getAllSpaces(SpaceTestData.getAllSpaces[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests getting all space a user is part of using a wrong session key.") - public void getAllSpaces() { + void getAllSpaces() { ResponseEntity res = spaceController.getAllSpaces(SpaceTestData.getAllSpaces[1]); Assertions.assertEquals(200, res.getStatusCodeValue()); Assertions.assertNull(res.getBody()); @@ -159,21 +153,21 @@ public void getAllSpaces() { // Tests get authentication key of a specified space @Test @DisplayName("Tests getting the authentication key of a space using a wrong session key.") - public void getAuthKeyWrongSessionKey() { + void getAuthKeyWrongSessionKey() { ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeyCredentials[0], SpaceTestData.getAuthKeysSpaceIds[0]); Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests getting the authentication key of a space the user has no permission for.") - public void getAuthKeyWithoutPermission() { + void getAuthKeyWithoutPermission() { ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeyCredentials[1], SpaceTestData.getAuthKeysSpaceIds[1]); Assertions.assertEquals(403, res.getStatusCodeValue()); } @Test @DisplayName("Tests getting the authentication key of a space the user access to.") - public void getAuthKey() { + void getAuthKey() { ResponseEntity res = spaceController.getAuthKey(SpaceTestData.getAuthKeyCredentials[3], SpaceTestData.getAuthKeysSpaceIds[3]); Assertions.assertEquals(406, res.getStatusCodeValue()); Assertions.assertNull(res.getBody()); diff --git a/src/test/java/com/vaultionizer/vaultserver/controllers/UserControllerTest.java b/src/test/java/com/vaultionizer/vaultserver/controllers/UserControllerTest.java index c8e7f58..7c6a4e1 100644 --- a/src/test/java/com/vaultionizer/vaultserver/controllers/UserControllerTest.java +++ b/src/test/java/com/vaultionizer/vaultserver/controllers/UserControllerTest.java @@ -10,12 +10,10 @@ import java.util.Objects; -import static org.mockito.ArgumentMatchers.any; - @TestInstance(TestInstance.Lifecycle.PER_CLASS) @DisplayName("User Controller") -public class UserControllerTest { +class UserControllerTest { @MockBean private UserService userService; @@ -39,7 +37,7 @@ public class UserControllerTest { private UserController userController; @BeforeEach - private void initialize(){ + private void initialize() { userService = Mockito.mock(UserService.class); spaceService = Mockito.mock(SpaceService.class); sessionService = Mockito.mock(SessionService.class); @@ -68,51 +66,51 @@ private void initialize(){ // testing register controller @Test @DisplayName("Tests create user with key and ref file being null.") - public void createUserKeyRefFileNull(){ + void createUserKeyRefFileNull() { ResponseEntity res = userController.createUser(UserTestData.registerData[0]); - Assertions.assertEquals(res.getStatusCodeValue(), 400); + Assertions.assertEquals(400, res.getStatusCodeValue()); } @Test @DisplayName("Tests create user with key and ref file being empty.") - public void createUserKeyRefFileEmpty(){ + void createUserKeyRefFileEmpty() { ResponseEntity res = userController.createUser(UserTestData.registerData[1]); - Assertions.assertEquals(res.getStatusCodeValue(), 400); + Assertions.assertEquals(400, res.getStatusCodeValue()); } @Test @DisplayName("Tests create user with key and ref file being empty.") - public void createUserKeyTooShort(){ + void createUserKeyTooShort() { ResponseEntity res = userController.createUser(UserTestData.registerData[2]); - Assertions.assertEquals(res.getStatusCodeValue(), 400); + Assertions.assertEquals(400, res.getStatusCodeValue()); } @Test @DisplayName("Tests create user with key matching the constraints.") - public void createUser(){ + void createUser() { ResponseEntity res = userController.createUser(UserTestData.registerData[3]); - Assertions.assertEquals(res.getStatusCodeValue(), 201); + Assertions.assertEquals(201, res.getStatusCodeValue()); Assertions.assertTrue(res.hasBody()); - Assertions.assertEquals(((LoginUserResponseDto)(Objects.requireNonNull(res.getBody()))).getUserID(), 0); - Assertions.assertEquals(((LoginUserResponseDto)(Objects.requireNonNull(res.getBody()))).getSessionKey(), "testSessionKey"); + Assertions.assertEquals(0, ((LoginUserResponseDto) (Objects.requireNonNull(res.getBody()))).getUserID()); + Assertions.assertEquals("testSessionKey", ((LoginUserResponseDto) (Objects.requireNonNull(res.getBody()))).getSessionKey()); } // testing login method @Test @DisplayName("Tests login with wrong key") - public void loginUserWrongKey(){ + void loginUserWrongKey() { ResponseEntity res = userController.loginUser(UserTestData.loginUser[0]); System.out.println(res); - Assertions.assertEquals(res.getStatusCodeValue(), 401); + Assertions.assertEquals(401, res.getStatusCodeValue()); } @Test @DisplayName("Tests login with correct key") - public void loginUser(){ + void loginUser() { ResponseEntity res = userController.loginUser(UserTestData.loginUser[1]); - Assertions.assertEquals(res.getStatusCodeValue(), 200); + Assertions.assertEquals(200, res.getStatusCodeValue()); Assertions.assertTrue(res.hasBody()); - Assertions.assertEquals(((LoginUserResponseDto)(Objects.requireNonNull(res.getBody()))).getSessionKey(), "testSession"); + Assertions.assertEquals("testSession", ((LoginUserResponseDto) (Objects.requireNonNull(res.getBody()))).getSessionKey()); } } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java index 73ea872..d9e4279 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateSpaceSteps.java @@ -4,10 +4,8 @@ import com.vaultionizer.vaultserver.controllers.SessionController; import com.vaultionizer.vaultserver.controllers.SpaceController; import com.vaultionizer.vaultserver.controllers.UserController; -import com.vaultionizer.vaultserver.cucumber.steps.Services; import com.vaultionizer.vaultserver.model.dto.CreateSpaceDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; -import com.vaultionizer.vaultserver.model.dto.LoginUserResponseDto; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; import io.cucumber.java.en.And; @@ -54,24 +52,24 @@ public void theUserWantsToCreateASpace() { } @Then("the status code of create space is {int}") - public void theStatusCodeOfCreateSpaceIs(int status) throws Throwable{ + public void theStatusCodeOfCreateSpaceIs(int status) throws Throwable { if (res.getStatusCode().value() != status) throw new Throwable(String.valueOf(res.getStatusCodeValue())); } @And("the returned ID is legitimate") - public void theReturnedIDIsLegitimate() throws Throwable{ - spaceID = (Long)res.getBody(); + public void theReturnedIDIsLegitimate() throws Throwable { + spaceID = (Long) res.getBody(); if (spaceID == null) throw new Throwable("No space created"); } @And("the space is private") - public void theSpaceIsPrivate() throws Throwable{ + public void theSpaceIsPrivate() throws Throwable { if (!spaceService.getSpace(spaceID, userID).isPrivate()) throw new Throwable("Not private"); } @And("the user has access") - public void theUserHasAccess() throws Throwable{ - if(!userAccessService.userHasAccess(userID, spaceID)) throw new Throwable("Has no access"); + public void theUserHasAccess() throws Throwable { + if (!userAccessService.userHasAccess(userID, spaceID)) throw new Throwable("Has no access"); } @And("the space is shared") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateUserSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateUserSteps.java index ceae882..2945603 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateUserSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/CreateUserSteps.java @@ -4,7 +4,6 @@ import com.vaultionizer.vaultserver.controllers.SessionController; import com.vaultionizer.vaultserver.controllers.SpaceController; import com.vaultionizer.vaultserver.controllers.UserController; -import com.vaultionizer.vaultserver.cucumber.steps.Services; import com.vaultionizer.vaultserver.model.dto.LoginUserResponseDto; import com.vaultionizer.vaultserver.model.dto.RegisterUserDto; import com.vaultionizer.vaultserver.service.*; @@ -48,12 +47,12 @@ public void theClientWantsToRegister() { @And("the user has a sessionKey") - public void theUserHasASessionKey() throws Throwable{ + public void theUserHasASessionKey() throws Throwable { if (responseDto.getSessionKey() == null) throw new Throwable("No sessionKey"); } @And("the user has a websocketToken") - public void theUserHasAWebsocketToken() throws Throwable{ + public void theUserHasAWebsocketToken() throws Throwable { if (responseDto.getWebsocketToken() == null) throw new Throwable("No webSocketToken..."); } @@ -61,11 +60,11 @@ public void theUserHasAWebsocketToken() throws Throwable{ @Then("the status code of register is {int}") public void theStatusCodeOfRegisterIs(int status) throws Throwable { if (res.getStatusCode().value() != status) throw new Throwable(String.valueOf(res.getStatusCode().value())); - responseDto = (LoginUserResponseDto)res.getBody(); + responseDto = (LoginUserResponseDto) res.getBody(); } @And("the user has a userID") - public void theUserHasAUserID() throws Throwable{ + public void theUserHasAUserID() throws Throwable { if (responseDto.getUserID() == null) throw new Throwable("No userID"); } @@ -82,8 +81,8 @@ public void theKeyIs(String key) { @And("the key is long enough") public void theKeyIsLongEnough() { this.key = "------------------------------------" + - "------------------------------------------------------------"+ - "------------------------------------------------------------"+ + "------------------------------------------------------------" + + "------------------------------------------------------------" + "------------------------------------------------------------"; } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java index 49b1d0e..fa2c70f 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteSpaceSteps.java @@ -4,8 +4,6 @@ import com.vaultionizer.vaultserver.controllers.SessionController; import com.vaultionizer.vaultserver.controllers.SpaceController; import com.vaultionizer.vaultserver.controllers.UserController; -import com.vaultionizer.vaultserver.cucumber.steps.Services; -import com.vaultionizer.vaultserver.model.dto.AuthWrapperDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; @@ -41,7 +39,7 @@ public DeleteSpaceSteps(SpaceService spaceService, UserService userService, @Given("the user is logged in properly") public void theUserIsLoggedInProperly() { userID = userService.getUserIDCheckCredentials("luigi", UserTestData.registerData[3].getKey()); - if ( userID == null){ + if (userID == null) { userID = userService.createUser("luigi", UserTestData.registerData[3].getKey()); } sessionKey = sessionService.addSession(userID).getSessionKey(); @@ -59,32 +57,33 @@ public void theUserWantsToDeleteTheSpace() { } @Then("the response is {int}") - public void theResponseIs(int status) throws Throwable{ + public void theResponseIs(int status) throws Throwable { if (res.getStatusCodeValue() != status) throw new Throwable(String.valueOf(res.getStatusCodeValue())); } @And("the user has no access") - public void theUserHasNoAccess() throws Throwable{ + public void theUserHasNoAccess() throws Throwable { if (userAccessService.userHasAccess(userID, spaceID)) throw new Throwable("Has access"); } @And("there is no file in that space") - public void thereIsNoFileInThatSpace() throws Throwable{ + public void thereIsNoFileInThatSpace() throws Throwable { if (fileService.countFilesInSpace(spaceID) != 0) throw new Throwable("Files were not deleted"); } @And("all pending uploads are deleted") - public void allPendingUploadsAreDeleted() throws Throwable{ - if (pendingUploadService.countPendingUploadsForSpace(spaceID) != 0) throw new Throwable("Not all uploads were deleted"); + public void allPendingUploadsAreDeleted() throws Throwable { + if (pendingUploadService.countPendingUploadsForSpace(spaceID) != 0) + throw new Throwable("Not all uploads were deleted"); } @And("the refFile was deleted") - public void theRefFileWasDeleted() throws Throwable{ + public void theRefFileWasDeleted() throws Throwable { if (refFileService.readRefFile(refFileID) != null) throw new Throwable("Ref file was not deleted"); } @And("the space was deleted") - public void theSpaceWasDeleted() throws Throwable{ + public void theSpaceWasDeleted() throws Throwable { if (spaceService.getSpace(spaceID, userID) != null) throw new Throwable("Space was not deleted"); } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java index 3477f06..c7bab8e 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DeleteUserStep.java @@ -4,7 +4,6 @@ import com.vaultionizer.vaultserver.controllers.SessionController; import com.vaultionizer.vaultserver.controllers.SpaceController; import com.vaultionizer.vaultserver.controllers.UserController; -import com.vaultionizer.vaultserver.model.dto.AuthWrapperDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; @@ -29,11 +28,11 @@ public class DeleteUserStep extends Services { @Autowired public DeleteUserStep(SpaceService spaceService, UserService userService, - UserAccessService userAccessService, SessionService sessionService, - RefFileService refFileService, PendingUploadService pendingUploadService, - FileService fileService, UserController userController, - SpaceController spaceController, SessionController sessionController, - FileController fileController) { + UserAccessService userAccessService, SessionService sessionService, + RefFileService refFileService, PendingUploadService pendingUploadService, + FileService fileService, UserController userController, + SpaceController spaceController, SessionController sessionController, + FileController fileController) { super(spaceService, userService, userAccessService, sessionService, refFileService, pendingUploadService, fileService, userController, spaceController, sessionController, fileController); @@ -51,19 +50,21 @@ public void theUserRequestsToDeleteTheUser() { } @Then("the status code delete user is {int}") - public void theStatusCodeDeleteUserIs(int status) throws Throwable{ - if (res.getStatusCodeValue() != status) throw new Throwable("Status code wrong: "+res.getStatusCodeValue()); + public void theStatusCodeDeleteUserIs(int status) throws Throwable { + if (res.getStatusCodeValue() != status) throw new Throwable("Status code wrong: " + res.getStatusCodeValue()); } @And("the user's spaces are deleted") - public void theUserSSpacesAreDeleted() throws Throwable{ + public void theUserSSpacesAreDeleted() throws Throwable { var spaces = spaceService.getAllOwnedSpaces(userID); - if (spaces.size() != 0) throw new Throwable("Not all own spaces deleted!: "+ Arrays.toString(spaces.toArray())); + if (spaces.size() != 0) + throw new Throwable("Not all own spaces deleted!: " + Arrays.toString(spaces.toArray())); } @And("the user has no access to any spaces") - public void theUserHasNoAccessToAnySpaces() throws Throwable{ + public void theUserHasNoAccessToAnySpaces() throws Throwable { Set accessible = userAccessService.getAllWithUser(userID); - if (accessible.size() != 0) throw new Throwable("Not all accesses deleted!: "+ Arrays.toString(accessible.toArray())); + if (accessible.size() != 0) + throw new Throwable("Not all accesses deleted!: " + Arrays.toString(accessible.toArray())); } } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java index 8b5a525..1938c6c 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/DownloadFileSteps.java @@ -5,7 +5,6 @@ import com.vaultionizer.vaultserver.controllers.SpaceController; import com.vaultionizer.vaultserver.controllers.UserController; import com.vaultionizer.vaultserver.helpers.Config; -import com.vaultionizer.vaultserver.model.dto.FileDownloadDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; @@ -28,11 +27,11 @@ public class DownloadFileSteps extends Services { @Autowired public DownloadFileSteps(SpaceService spaceService, UserService userService, - UserAccessService userAccessService, SessionService sessionService, - RefFileService refFileService, PendingUploadService pendingUploadService, - FileService fileService, UserController userController, - SpaceController spaceController, SessionController sessionController, - FileController fileController) { + UserAccessService userAccessService, SessionService sessionService, + RefFileService refFileService, PendingUploadService pendingUploadService, + FileService fileService, UserController userController, + SpaceController spaceController, SessionController sessionController, + FileController fileController) { super(spaceService, userService, userAccessService, sessionService, refFileService, pendingUploadService, fileService, userController, spaceController, sessionController, fileController); @@ -49,7 +48,7 @@ public void theUserHasSuccessfullyCreatedAnAccountWithUsername(String username) public void theFileWithSaveIndexWasUploaded(Long saveIndex) { File dir = new File("trash/cucumberTestAssets/"); dir.mkdirs(); - Config.SPACE_PATH = (dir.getAbsolutePath()+"/"); + Config.SPACE_PATH = (dir.getAbsolutePath() + "/"); fileService.setUploadFile(spaceID, saveIndex); fileService.writeToFile("Kame-hame-HAAAA", spaceID, saveIndex); } @@ -60,8 +59,8 @@ public void theUserRequestsToDownloadTheFileWithSaveIndex(Long saveIndex) { } @Then("the status code of download is {int}") - public void theStatusCodeOfDownloadIs(int status) throws Throwable{ - if (res.getStatusCodeValue() != status) throw new Throwable("Wrong status code: "+res.getStatusCodeValue()); + public void theStatusCodeOfDownloadIs(int status) throws Throwable { + if (res.getStatusCodeValue() != status) throw new Throwable("Wrong status code: " + res.getStatusCodeValue()); } @And("the space id is set inappropriately") diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java index 1e9c919..d8423b8 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/ManageSpaceSteps.java @@ -127,7 +127,7 @@ public void theOtherUserQueriesTheConfig() { @When("the user configures the space to write access {string} and invite {string}") public void theUserConfiguresTheSpaceToWriteAccessAndInvite(String writeAccess, String inviteAccess) { res = spaceController.configureSpace(new ConfigureSpaceDto( - Boolean.parseBoolean(writeAccess), Boolean.parseBoolean(inviteAccess), true), + Boolean.parseBoolean(writeAccess), Boolean.parseBoolean(inviteAccess), true), spaceID, getUserAuth(userID)); } @@ -135,10 +135,10 @@ public void theUserConfiguresTheSpaceToWriteAccessAndInvite(String writeAccess, public void theConfigHasWriteAccessAndInvite(String writeAccess, String inviteAccess) throws Exception { res = spaceController.getSpaceConfig(spaceID, getUserAuth(userID)); if (res == null || !res.hasBody() || res.getBody() == null) throw new Exception("Querying config failed"); - var body = (GetSpaceConfigResponseDto)res.getBody(); + var body = (GetSpaceConfigResponseDto) res.getBody(); if (body.isUsersHaveWriteAccess() != Boolean.parseBoolean(writeAccess) || body.isUsersCanInvite() != Boolean.parseBoolean(inviteAccess)) - throw new Exception("Error. Wrong config. Write access: "+body.isUsersHaveWriteAccess()+" auth key access: "+body.isUsersCanInvite()); + throw new Exception("Error. Wrong config. Write access: " + body.isUsersHaveWriteAccess() + " auth key access: " + body.isUsersCanInvite()); } @When("the other user configures the space") @@ -146,7 +146,7 @@ public void theOtherUserConfiguresTheSpace() { res = spaceController.configureSpace(new ConfigureSpaceDto(false, false, false), spaceID, getUserAuth(otherUserID)); } - private GenericAuthDto getUserAuth(Long _userID){ + private GenericAuthDto getUserAuth(Long _userID) { var session = sessionService.addSession(_userID); return new GenericAuthDto(_userID, session.getSessionKey()); } @@ -174,9 +174,9 @@ public void theAuthKeyRemainsUnchanged() throws Exception { public void checkAuthKey(String expected) throws Exception { var result = spaceController.getAuthKey(getUserAuth(userID), spaceID); if (!result.hasBody() || result.getBody() == null) - throw new Exception("Getting auth key failed. " + result.getStatusCode().value() + " -> "+result.getStatusCode().name()); - var auth = (SpaceAuthKeyResponseDto)result.getBody(); + throw new Exception("Getting auth key failed. " + result.getStatusCode().value() + " -> " + result.getStatusCode().name()); + var auth = (SpaceAuthKeyResponseDto) result.getBody(); if (auth == null || !auth.getAuthKey().equals(expected)) - throw new Exception("Auth key expected: "+ expected+ " is not actual: "+auth.getAuthKey()); + throw new Exception("Auth key expected: " + expected + " is not actual: " + auth.getAuthKey()); } } diff --git a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java index 3bfe3c8..3758f79 100644 --- a/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java +++ b/src/test/java/com/vaultionizer/vaultserver/cucumber/steps/UploadFileSteps.java @@ -6,7 +6,6 @@ import com.vaultionizer.vaultserver.controllers.UserController; import com.vaultionizer.vaultserver.model.dto.FileUploadDto; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; -import com.vaultionizer.vaultserver.model.dto.LoginUserResponseDto; import com.vaultionizer.vaultserver.service.*; import com.vaultionizer.vaultserver.testdata.UserTestData; import io.cucumber.java.en.And; @@ -48,13 +47,13 @@ public void theUserRequestsToUploadFiles(int amount) { } @Then("the status code of upload is {int}") - public void theStatusCodeOfUploadIs(int status) throws Throwable{ - if (res.getStatusCodeValue() != status) throw new Throwable("Status code wrong: "+ res.getStatusCodeValue()); + public void theStatusCodeOfUploadIs(int status) throws Throwable { + if (res.getStatusCodeValue() != status) throw new Throwable("Status code wrong: " + res.getStatusCodeValue()); } @And("the saveIndex is {long}") - public void theSaveIndexIs(Long saveIndex) throws Throwable{ - if (res.getBody() != saveIndex) throw new Throwable("Wrong body (saveIndex): "+ res.getBody()); + public void theSaveIndexIs(Long saveIndex) throws Throwable { + if (res.getBody() != saveIndex) throw new Throwable("Wrong body (saveIndex): " + res.getBody()); } @And("the spaceID is {long}") diff --git a/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java b/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java index 29d2a21..c2454a3 100644 --- a/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java +++ b/src/test/java/com/vaultionizer/vaultserver/services/SpaceServiceUnitTests.java @@ -1,26 +1,20 @@ package com.vaultionizer.vaultserver.services; -import com.vaultionizer.vaultserver.helpers.Hashing; import com.vaultionizer.vaultserver.model.db.SpaceModel; -import com.vaultionizer.vaultserver.model.db.UserModel; import com.vaultionizer.vaultserver.model.dto.GetSpacesResponseDto; import com.vaultionizer.vaultserver.resource.SpaceRepository; -import com.vaultionizer.vaultserver.resource.UserAccessRepository; -import com.vaultionizer.vaultserver.resource.UserRepository; import com.vaultionizer.vaultserver.service.RefFileService; import com.vaultionizer.vaultserver.service.SpaceService; import com.vaultionizer.vaultserver.service.UserAccessService; -import com.vaultionizer.vaultserver.service.UserService; import org.junit.jupiter.api.*; import org.mockito.Mockito; import org.springframework.boot.test.mock.mockito.MockBean; -import java.util.HashSet; import java.util.Optional; @TestInstance(TestInstance.Lifecycle.PER_CLASS) @DisplayName("SpaceService") -public class SpaceServiceUnitTests { +class SpaceServiceUnitTests { @MockBean private SpaceRepository spaceRepository; @@ -32,7 +26,7 @@ public class SpaceServiceUnitTests { private SpaceService spaceService; - private GetSpacesResponseDto resGetSpace = new GetSpacesResponseDto((long)2, false, true, true, true); + private GetSpacesResponseDto resGetSpace = new GetSpacesResponseDto((long) 2, false, true, true, true); @BeforeEach private void initialize() { @@ -40,22 +34,23 @@ private void initialize() { refFileService = Mockito.mock(RefFileService.class); userAccessService = Mockito.mock(UserAccessService.class); - Mockito.when(spaceRepository.findById((long)1)).thenReturn(Optional.ofNullable(null)); - Mockito.when(spaceRepository.findById((long)2)).thenReturn(Optional.of(new SpaceModel((long)2, (long)2, false, false, false, ""))); - Mockito.when(spaceRepository.save(Mockito.any())).thenReturn(new SpaceModel((long)1, (long)0, (long)0, false,false, false, "")); + Mockito.when(spaceRepository.findById((long) 1)).thenReturn(Optional.ofNullable(null)); + Mockito.when(spaceRepository.findById((long) 2)).thenReturn(Optional.of(new SpaceModel((long) 2, (long) 2, false, false, false, ""))); + Mockito.when(spaceRepository.save(Mockito.any())).thenReturn(new SpaceModel((long) 1, (long) 0, (long) 0, false, false, false, "")); spaceService = new SpaceService(spaceRepository, refFileService, userAccessService); } @Test @DisplayName("getSpace that does not exist.") - public void getSpaceNotExisting() { - GetSpacesResponseDto res = spaceService.getSpace((long)1, (long)1); + void getSpaceNotExisting() { + GetSpacesResponseDto res = spaceService.getSpace((long) 1, (long) 1); Assertions.assertNull(res); } + @Test @DisplayName("getSpace.") - public void getSpace() { - GetSpacesResponseDto res = spaceService.getSpace((long)2, (long)2); + void getSpace() { + GetSpacesResponseDto res = spaceService.getSpace((long) 2, (long) 2); Assertions.assertNotNull(res); Assertions.assertEquals(resGetSpace.getSpaceID(), res.getSpaceID()); Assertions.assertEquals(resGetSpace.isCreator(), res.isCreator()); @@ -65,14 +60,14 @@ public void getSpace() { @Test @DisplayName("Create space.") - public void createSpaceTest() { - Assertions.assertEquals((long)1, spaceService.createSpace((long)1, "", true, false, false, "")); + void createSpaceTest() { + Assertions.assertEquals((long) 1, spaceService.createSpace((long) 1, "", true, false, false, "")); } @Test @DisplayName("Get spaces accessible.") - public void getSpacesAccess() { + void getSpacesAccess() { Assertions.assertEquals(0, spaceService.getSpacesAccessible((long) 1).size()); } } \ No newline at end of file diff --git a/src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java b/src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java index 484bca2..73d60fa 100644 --- a/src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java +++ b/src/test/java/com/vaultionizer/vaultserver/services/UserAccessServiceUnitTests.java @@ -1,60 +1,55 @@ package com.vaultionizer.vaultserver.services; -import com.vaultionizer.vaultserver.helpers.Hashing; -import com.vaultionizer.vaultserver.model.db.UserModel; import com.vaultionizer.vaultserver.resource.UserAccessRepository; -import com.vaultionizer.vaultserver.resource.UserRepository; import com.vaultionizer.vaultserver.service.UserAccessService; -import com.vaultionizer.vaultserver.service.UserService; import org.junit.jupiter.api.*; import org.mockito.Mockito; import org.springframework.boot.test.mock.mockito.MockBean; -import java.util.HashSet; - @TestInstance(TestInstance.Lifecycle.PER_CLASS) @DisplayName("UserAccessService") -public class UserAccessServiceUnitTests { +class UserAccessServiceUnitTests { @MockBean private UserAccessRepository userAccessRepository; private UserAccessService userAccessService; @BeforeEach - private void initialize(){ + private void initialize() { userAccessRepository = Mockito.mock(UserAccessRepository.class); - Mockito.when(userAccessRepository.hasAccess((long)1, (long)1)).thenReturn((long)0); - Mockito.when(userAccessRepository.hasAccess((long)1, (long)2)).thenReturn((long)1); + Mockito.when(userAccessRepository.hasAccess((long) 1, (long) 1)).thenReturn((long) 0); + Mockito.when(userAccessRepository.hasAccess((long) 1, (long) 2)).thenReturn((long) 1); userAccessService = new UserAccessService(userAccessRepository); } @Test @DisplayName("Add user access.") - public void getUserIdOneResult(){ - userAccessService.addUserAccess((long)1, (long)1); + void getUserIdOneResult() { + userAccessService.addUserAccess((long) 1, (long) 1); } @Test @DisplayName("Check user access without access.") - public void checkUserAccessNoAccess(){ - Assertions.assertFalse(userAccessService.userHasAccess((long)1, (long)1)); + void checkUserAccessNoAccess() { + Assertions.assertFalse(userAccessService.userHasAccess((long) 1, (long) 1)); } @Test @DisplayName("Check user access.") - public void checkUserAccess(){ - Assertions.assertTrue(userAccessService.userHasAccess((long)1, (long)2)); + void checkUserAccess() { + Assertions.assertTrue(userAccessService.userHasAccess((long) 1, (long) 2)); } @Test @DisplayName("Remove access although user has no access.") - public void removeAccessTestNoAccess(){ - Assertions.assertFalse(userAccessService.removeAccess((long)1, (long)1)); + void removeAccessTestNoAccess() { + Assertions.assertFalse(userAccessService.removeAccess((long) 1, (long) 1)); } + @Test @DisplayName("Remove access.") - public void removeAccessTest(){ - Assertions.assertTrue(userAccessService.removeAccess((long)1, (long)2)); + void removeAccessTest() { + Assertions.assertTrue(userAccessService.removeAccess((long) 1, (long) 2)); } } \ No newline at end of file diff --git a/src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java b/src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java index 496cf3e..b8f3974 100644 --- a/src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java +++ b/src/test/java/com/vaultionizer/vaultserver/services/UserServiceUnitTests.java @@ -3,26 +3,27 @@ import com.vaultionizer.vaultserver.helpers.Hashing; import com.vaultionizer.vaultserver.model.db.UserModel; import com.vaultionizer.vaultserver.resource.UserRepository; -import com.vaultionizer.vaultserver.service.*; +import com.vaultionizer.vaultserver.service.UserService; import org.junit.jupiter.api.*; import org.mockito.Mockito; import org.springframework.boot.test.mock.mockito.MockBean; + import java.util.HashSet; @TestInstance(TestInstance.Lifecycle.PER_CLASS) @DisplayName("UserService") -public class UserServiceUnitTests { +class UserServiceUnitTests { @MockBean private UserRepository userRepository; private UserService userService; @BeforeEach - private void initialize(){ + private void initialize() { userRepository = Mockito.mock(UserRepository.class); Long id = 1L; var hashsetExactlyOne = new HashSet(); - hashsetExactlyOne.add(new UserModel(id,"exactlyOne", Hashing.hashBcrypt("pwd"))); + hashsetExactlyOne.add(new UserModel(id, "exactlyOne", Hashing.hashBcrypt("pwd"))); Mockito.when(userRepository.getPwd("exactlyOne")).thenReturn(hashsetExactlyOne); @@ -35,7 +36,7 @@ private void initialize(){ Mockito.when(userRepository.getPwd("moreThanOne")).thenReturn(hashsetMultiple); Mockito.when(userRepository.save(new UserModel("create", Mockito.anyString()))) - .thenReturn(new UserModel((long)1, "create", "pwd")); + .thenReturn(new UserModel((long) 1, "create", "pwd")); Mockito.when(userRepository.save(new UserModel("failCreate", "pwd"))) .thenReturn(null); @@ -44,54 +45,54 @@ private void initialize(){ @Test @DisplayName("getUserIDCheckCredentials with exactly one.") - public void getUserIdOneResult(){ + void getUserIdOneResult() { Long id = userService.getUserIDCheckCredentials("exactlyOne", "pwd"); Assertions.assertEquals(1, id); } @Test @DisplayName("getUserIDCheckCredentials with none.") - public void getUserIdNone(){ + void getUserIdNone() { Long id = userService.getUserIDCheckCredentials("none", "pwd"); Assertions.assertEquals(-1, id); } @Test @DisplayName("getUserIDCheckCredentials with more than one.") - public void getUserIdMoreThanOne(){ + void getUserIdMoreThanOne() { Long id = userService.getUserIDCheckCredentials("moreThanOne", "pwd"); Assertions.assertEquals(-1, id); } @Test @DisplayName("Create user success.") - public void createUser(){ + void createUser() { Long id = userService.createUser("create", "pwd"); - Assertions.assertEquals(null, id); // TODO: Mockito does not like news + Assertions.assertNull(id); // TODO: Mockito does not like news } @Test @DisplayName("Create user failing because of null.") - public void createUserException(){ + void createUserException() { Long id = userService.createUser("failCreate", "pwd"); Assertions.assertNull(id); } @Test @DisplayName("Delete user while already in deletion process.") - public void deleteUserFailing(){ - boolean success = userService.setDeleted((long)2); + void deleteUserFailing() { + boolean success = userService.setDeleted((long) 2); Assertions.assertTrue(success); - success = userService.setDeleted((long)2); + success = userService.setDeleted((long) 2); Assertions.assertFalse(success); } @Test @DisplayName("Normal delete user.") - public void deleteUserNormal(){ - boolean success = userService.setDeleted((long)2); + void deleteUserNormal() { + boolean success = userService.setDeleted((long) 2); Assertions.assertTrue(success); - userService.setDeletionDone((long)2); + userService.setDeletionDone((long) 2); } diff --git a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java index 5708239..0a068c4 100644 --- a/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java +++ b/src/test/java/com/vaultionizer/vaultserver/testdata/SpaceTestData.java @@ -1,6 +1,8 @@ package com.vaultionizer.vaultserver.testdata; -import com.vaultionizer.vaultserver.model.dto.*; +import com.vaultionizer.vaultserver.model.dto.CreateSpaceDto; +import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; +import com.vaultionizer.vaultserver.model.dto.JoinSpaceDto; public class SpaceTestData { public static final CreateSpaceDto[] createSpace = { @@ -20,7 +22,7 @@ public class SpaceTestData { public static final JoinSpaceDto[] joinSpaces = { new JoinSpaceDto("definitely wrong"), new JoinSpaceDto("definitely wrong"), - new JoinSpaceDto( "thatWasTheAuthKey!") + new JoinSpaceDto("thatWasTheAuthKey!") }; public static final GenericAuthDto[] joinSpacesAuth = { @@ -29,7 +31,7 @@ public class SpaceTestData { new GenericAuthDto(1L, "correctTestSessionKey") }; - public static final Long[] joinSpacesSpaceIDs = { 2L, 2L, 2L }; + public static final Long[] joinSpacesSpaceIDs = {2L, 2L, 2L}; public static final GenericAuthDto[] getAllSpaces = { new GenericAuthDto(1L, "definitely wrong"), diff --git a/src/test/java/com/vaultionizer/vaultserver/testdata/UserTestData.java b/src/test/java/com/vaultionizer/vaultserver/testdata/UserTestData.java index 1534fab..5e68275 100644 --- a/src/test/java/com/vaultionizer/vaultserver/testdata/UserTestData.java +++ b/src/test/java/com/vaultionizer/vaultserver/testdata/UserTestData.java @@ -8,8 +8,8 @@ public class UserTestData { public static final RegisterUserDto[] registerData = new RegisterUserDto[]{ new RegisterUserDto("", null, null, Config.SERVER_USER, Config.SERVER_AUTH), // key and ref file are null - new RegisterUserDto("","", "", Config.SERVER_USER, Config.SERVER_AUTH), // key and ref file are empty - new RegisterUserDto("","-----", "---", Config.SERVER_USER, Config.SERVER_AUTH),// key is too short + new RegisterUserDto("", "", "", Config.SERVER_USER, Config.SERVER_AUTH), // key and ref file are empty + new RegisterUserDto("", "-----", "---", Config.SERVER_USER, Config.SERVER_AUTH),// key is too short new RegisterUserDto("1234", new String("--------|--------|--------|--------|--------|--------|--------|--------"), "test", Config.SERVER_USER, Config.SERVER_AUTH) // legitimate key (correct length) diff --git a/src/test/resources/features/createSpace.feature b/src/test/resources/features/createSpace.feature index 73a29b2..6a0d603 100644 --- a/src/test/resources/features/createSpace.feature +++ b/src/test/resources/features/createSpace.feature @@ -1,4 +1,5 @@ Feature: A space can be created + Scenario: Private space can be created Given the user is logged in with name "shiggy" And the space should be private: "true" diff --git a/src/test/resources/features/createUser.feature b/src/test/resources/features/createUser.feature index f2f0d29..8ec9866 100644 --- a/src/test/resources/features/createUser.feature +++ b/src/test/resources/features/createUser.feature @@ -1,4 +1,5 @@ Feature: One can create a user + Scenario: Key too short creation Given the username is "mario" And the key is "luigiIdiotta!" diff --git a/src/test/resources/features/deleteSpace.feature b/src/test/resources/features/deleteSpace.feature index 4c2be85..cb87f06 100644 --- a/src/test/resources/features/deleteSpace.feature +++ b/src/test/resources/features/deleteSpace.feature @@ -1,4 +1,5 @@ Feature: A space can be deleted + Scenario: Successful deletion Given the user is logged in properly And the user created the space diff --git a/src/test/resources/features/deleteUser.feature b/src/test/resources/features/deleteUser.feature index 792208e..999873c 100644 --- a/src/test/resources/features/deleteUser.feature +++ b/src/test/resources/features/deleteUser.feature @@ -1,4 +1,5 @@ Feature: The user can be deleted + Scenario: The user was deleted successfully Given the user created an account with name "ruffy" When the user requests to delete the user diff --git a/src/test/resources/features/downloadFile.feature b/src/test/resources/features/downloadFile.feature index b2c55fb..59870b2 100644 --- a/src/test/resources/features/downloadFile.feature +++ b/src/test/resources/features/downloadFile.feature @@ -1,4 +1,5 @@ Feature: A file can be downloaded + Scenario: The file can be downloaded successfully Given the user has successfully created an account with username "cell" And the file with saveIndex 420 was uploaded diff --git a/src/test/resources/features/manageSpace.feature b/src/test/resources/features/manageSpace.feature index e30d031..6a355df 100644 --- a/src/test/resources/features/manageSpace.feature +++ b/src/test/resources/features/manageSpace.feature @@ -1,4 +1,5 @@ Feature: Space can be managed + Scenario: User can kick other users Given the user has created an account with name "test1" And another user has an account with name "other1" @@ -74,11 +75,10 @@ Feature: Space can be managed Then the return code is 202 And the user still has access And the space is configured as "" - Examples: - | shared_state | username | other_user | - | private | test8 | other8 | - | shared | test9 | other9 | - + Examples: + | shared_state | username | other_user | + | private | test8 | other8 | + | shared | test9 | other9 | Scenario: User can get config @@ -86,25 +86,25 @@ Feature: Space can be managed When the user queries the config Then the return code is 200 And the config is correct. - + Scenario: User can only get config with access Given the user has created an account with name "test11" And another user has an account with name "other11" When the other user queries the config Then the return code is 403 - + Scenario Outline: User can configure space Given the user has created an account with name "" When the user configures the space to write access "" and invite "" Then the return code is 202 And the config has write access "" and invite "" - Examples: - | username | writeAccess | inviteAllowed | - | test12 | false | false | - | test13 | false | true | - | test14 | true | false | - | test15 | true | true | - + Examples: + | username | writeAccess | inviteAllowed | + | test12 | false | false | + | test13 | false | true | + | test14 | true | false | + | test15 | true | true | + Scenario: User without access cannot configure Given the user has created an account with name "test16" And another user has an account with name "other16" diff --git a/src/test/resources/features/uploadFile.feature b/src/test/resources/features/uploadFile.feature index 6ced15a..ac7ae1a 100644 --- a/src/test/resources/features/uploadFile.feature +++ b/src/test/resources/features/uploadFile.feature @@ -1,4 +1,5 @@ Feature: A file can be uploaded + Scenario: The file can be uploaded successfully Given the user has an account with name "goku" When the user requests to upload 10 files From 749c3e5c57f34bf4ebf3ad849f3906df7d07ab20 Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 16 May 2021 22:13:49 +0200 Subject: [PATCH 29/57] Added jacoco. --- pom.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pom.xml b/pom.xml index 85127e9..f7377cf 100644 --- a/pom.xml +++ b/pom.xml @@ -150,6 +150,26 @@ org.springframework.boot spring-boot-maven-plugin + + + org.jacoco + jacoco-maven-plugin + 0.8.7 + + + + prepare-agent + + + + report + test + + report + + + + From 04fe22b7f4075ad1a98a87d7269da131461b925b Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Sun, 16 May 2021 22:36:33 +0200 Subject: [PATCH 30/57] Removed code smell and changed header to xAuth --- .../controllers/FileController.java | 8 ++++---- .../controllers/RefFileController.java | 4 ++-- .../controllers/SessionController.java | 2 +- .../controllers/SpaceController.java | 20 +++++++++---------- .../controllers/UserController.java | 2 +- .../model/dto/UpdateRefFileDto.java | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index 27fac00..a639314 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -57,7 +57,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable("spaceID") Long spaceID) { + uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable("spaceID") Long spaceID) { Long sessionID = sessionService.getSessionID(auth.getUserID(), auth.getSessionKey()); if (sessionID == -1) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); @@ -103,7 +103,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - downloadFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { + downloadFile(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { String websocketToken = sessionService. getSessionWebsocketToken(auth.getUserID(), auth.getSessionKey()); if (websocketToken == null) { @@ -141,7 +141,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - deleteFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { + deleteFile(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -164,7 +164,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - updateFile(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { + updateFile(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index 73ecdfb..1b0d021 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -45,7 +45,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc }) public @ResponseBody ResponseEntity - readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { + readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -81,7 +81,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc }) public @ResponseBody ResponseEntity - updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { + updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java index b095de7..00a5e51 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java @@ -32,7 +32,7 @@ public SessionController(SessionService sessionService) { }) public @ResponseBody ResponseEntity - renewSession(@RequestHeader("auth") GenericAuthDto auth) { + renewSession(@RequestHeader("xAuth") GenericAuthDto auth) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } // if the session exists, the session has just indirectly been renewed. diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index fc2c0ca..3f3b4d7 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -47,7 +47,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - getAllSpaces(@RequestHeader("auth") GenericAuthDto auth) { + getAllSpaces(@RequestHeader("xAuth") GenericAuthDto auth) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -65,7 +65,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - createSpace(@RequestBody CreateSpaceDto req, @RequestHeader("auth") GenericAuthDto auth) { + createSpace(@RequestBody CreateSpaceDto req, @RequestHeader("xAuth") GenericAuthDto auth) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -84,7 +84,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { + joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -107,7 +107,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - quitSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + quitSpace(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } @@ -132,7 +132,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - getAuthKey(@RequestHeader("auth") GenericAuthDto auth, @PathVariable Long spaceID) { + getAuthKey(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { HttpStatus status = accessCheckerUtil.checkAuthKeyAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -153,7 +153,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); if (req.getSharedSpace() != null) @@ -174,7 +174,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - kickUsers(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + kickUsers(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -194,7 +194,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -213,7 +213,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - getSpaceConfig(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + getSpaceConfig(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { HttpStatus status = accessCheckerUtil.checkAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); @@ -232,7 +232,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, }) public @ResponseBody ResponseEntity - deleteSpace(@PathVariable Long spaceID, @RequestHeader("auth") GenericAuthDto auth) { + deleteSpace(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java index a420958..777be9e 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java @@ -111,7 +111,7 @@ public UserController(UserService userService, SessionService sessionService, }) public @ResponseBody ResponseEntity - deleteUser(@RequestHeader("auth") GenericAuthDto auth) { + deleteUser(@RequestHeader("xAuth") GenericAuthDto auth) { if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java index 0a0c1b2..2aa804a 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java @@ -3,7 +3,7 @@ public class UpdateRefFileDto { private String content; - public UpdateRefFileDto(Long spaceID, String content) { + public UpdateRefFileDto(String content) { this.content = content; } From 79a78b2a7d29855669597621b58d440e319321ba Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Mon, 17 May 2021 16:30:18 +0200 Subject: [PATCH 31/57] Fixed request header converter. --- .../controllers/FileController.java | 6 +- .../controllers/RefFileController.java | 69 +++++++++---------- .../controllers/SessionController.java | 8 ++- .../controllers/SpaceController.java | 36 +++++----- .../controllers/UserController.java | 13 ++-- .../helpers/AccessCheckerUtil.java | 9 ++- .../helpers/GenericAuthConverter.java | 28 ++++++++ .../vaultserver/model/dto/GenericAuthDto.java | 7 +- 8 files changed, 105 insertions(+), 71 deletions(-) create mode 100644 src/main/java/com/vaultionizer/vaultserver/helpers/GenericAuthConverter.java diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java index a639314..73b6c74 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/FileController.java @@ -58,6 +58,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity uploadFiles(@RequestBody FileUploadDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable("spaceID") Long spaceID) { + if (auth == null) return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); Long sessionID = sessionService.getSessionID(auth.getUserID(), auth.getSessionKey()); if (sessionID == -1) { return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); @@ -104,6 +105,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity downloadFile(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { + if (auth == null) return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST); String websocketToken = sessionService. getSessionWebsocketToken(auth.getUserID(), auth.getSessionKey()); if (websocketToken == null) { @@ -142,7 +144,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity deleteFile(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { - HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); + var status = accessCheckerUtil.checkWriteAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); boolean success = fileService.deleteFile(spaceID, saveIndex); @@ -165,7 +167,7 @@ public FileController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity updateFile(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID, @PathVariable Long saveIndex) { - HttpStatus status = accessCheckerUtil.checkWriteAccess(auth, spaceID); + var status = accessCheckerUtil.checkWriteAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); boolean granted = pendingUploadService.updateFile(spaceID, diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index 1b0d021..6cef629 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -1,6 +1,7 @@ package com.vaultionizer.vaultserver.controllers; +import com.vaultionizer.vaultserver.helpers.AccessCheckerUtil; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.model.dto.ReadRefFileDto; import com.vaultionizer.vaultserver.model.dto.UpdateRefFileDto; @@ -24,6 +25,7 @@ public class RefFileController { private final UserAccessService userAccessService; private final SpaceService spaceService; private final RefFileService refFileService; + private final AccessCheckerUtil accessCheckerUtil; @Autowired public RefFileController(SessionService sessionService, UserAccessService userAccessService, @@ -32,6 +34,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc this.userAccessService = userAccessService; this.spaceService = spaceService; this.refFileService = refFileService; + accessCheckerUtil = new AccessCheckerUtil(sessionService, userAccessService, spaceService); } @PostMapping(value = "/api/refFile/{spaceID}/read") @@ -44,30 +47,27 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) public @ResponseBody - ResponseEntity + ResponseEntity // TODO readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + var status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); + if (status != null) return new ResponseEntity<>(null, status); - if (userAccessService.userHasAccess(auth.getUserID(), spaceID)) { - Long refFileID = spaceService.getRefFileID(spaceID); - if (refFileID == -1L) { - return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); - } + Long refFileID = spaceService.getRefFileID(spaceID); + if (refFileID == -1L) { + return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); + } - // if the last fetched version is latest, just tell user not modified - if (req.getLastRead() != null && !refFileService.hasNewVersion(refFileID, req.getLastRead())) { - return new ResponseEntity<>(null, HttpStatus.NOT_MODIFIED); - } - String content = refFileService.readRefFile(refFileID); - if (content == null) { - return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); - } - return new ResponseEntity<>(content, HttpStatus.OK); + // if the last fetched version is latest, just tell user not modified + if (req.getLastRead() != null && !refFileService.hasNewVersion(refFileID, req.getLastRead())) { + return new ResponseEntity<>(null, HttpStatus.NOT_MODIFIED); } + String content = refFileService.readRefFile(refFileID); + if (content == null) { + return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); + } + return new ResponseEntity<>(content, HttpStatus.OK); + - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } @PutMapping(value = "/api/refFile/{spaceID}/update") @@ -80,28 +80,21 @@ public RefFileController(SessionService sessionService, UserAccessService userAc @ApiResponse(code = 500, message = "Inconsistencies on the server side. Should never be the case.") }) public @ResponseBody - ResponseEntity + ResponseEntity // TODO updateRefFile(@RequestBody UpdateRefFileDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } - - if (userAccessService.userHasAccess(auth.getUserID(), spaceID)) { - if (!spaceService.userHasWriteAccess(spaceID, auth.getUserID())) { - return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); - } + var status = accessCheckerUtil.checkWriteAccess(auth, spaceID); + if (status != null) return new ResponseEntity<>(null, status); - Long refFileID = spaceService.getRefFileID(spaceID); - if (refFileID == -1L) { - return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); - } - boolean success = refFileService.updateRefFile(refFileID, req.getContent()); - if (!success) { - return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); - } - return new ResponseEntity<>(null, HttpStatus.OK); + Long refFileID = spaceService.getRefFileID(spaceID); + if (refFileID == -1L) { + return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); } + boolean success = refFileService.updateRefFile(refFileID, req.getContent()); + if (!success) { + return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR); + } + return new ResponseEntity<>(null, HttpStatus.OK); + - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java index 00a5e51..2f66c1f 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SessionController.java @@ -1,5 +1,6 @@ package com.vaultionizer.vaultserver.controllers; +import com.vaultionizer.vaultserver.helpers.AccessCheckerUtil; import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; import com.vaultionizer.vaultserver.service.SessionService; import io.swagger.annotations.Api; @@ -18,10 +19,12 @@ @RestController public class SessionController { private final SessionService sessionService; + private final AccessCheckerUtil accessCheckerUtil; @Autowired public SessionController(SessionService sessionService) { this.sessionService = sessionService; + accessCheckerUtil = new AccessCheckerUtil(sessionService, null, null); } @PutMapping(value = "/api/session/renew") @@ -33,9 +36,8 @@ public SessionController(SessionService sessionService) { public @ResponseBody ResponseEntity renewSession(@RequestHeader("xAuth") GenericAuthDto auth) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.FORBIDDEN); - } // if the session exists, the session has just indirectly been renewed. + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); return new ResponseEntity<>(null, HttpStatus.OK); } } diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java index 3f3b4d7..1d4d5ec 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/SpaceController.java @@ -48,9 +48,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity getAllSpaces(@RequestHeader("xAuth") GenericAuthDto auth) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); return new ResponseEntity<>( spaceService.getSpacesAccessible(auth.getUserID()), HttpStatus.OK); } @@ -66,9 +65,9 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity createSpace(@RequestBody CreateSpaceDto req, @RequestHeader("xAuth") GenericAuthDto auth) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); + Long spaceID = spaceService.createSpace(auth.getUserID(), req.getReferenceFile(), req.isPrivate(), req.getUsersWriteAccess(), req.getUsersAuthAccess(), req.getAuthKey()); @@ -85,9 +84,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity joinSpace(@RequestBody JoinSpaceDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); if (spaceService.checkSpaceCredentials(spaceID, req.getAuthKey())) { userAccessService.addUserAccess(spaceID, auth.getUserID()); @@ -108,9 +106,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity quitSpace(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); if (spaceService.checkCreator(spaceID, auth.getUserID())) { return new ResponseEntity<>(null, HttpStatus.NOT_ACCEPTABLE); } @@ -133,7 +130,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity getAuthKey(@RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { - HttpStatus status = accessCheckerUtil.checkAuthKeyAccess(auth, spaceID); + var status = accessCheckerUtil.checkAuthKeyAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); var authKey = spaceService.getSpaceAuthKey(spaceID); @@ -154,7 +151,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity configureSpace(@RequestBody ConfigureSpaceDto req, @PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { - HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); + var status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); if (req.getSharedSpace() != null) spaceService.changeSharedState(spaceID, auth.getUserID(), req.getSharedSpace()); @@ -175,7 +172,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity kickUsers(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { - HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); + var status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); userAccessService.kickAll(spaceID, auth.getUserID()); @@ -195,7 +192,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity changeAuthKey(@RequestBody ChangeAuthKeyDto req, @PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { - HttpStatus status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); + var status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); spaceService.changeAuthKey(spaceID, req.getAuthKey()); @@ -214,7 +211,7 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity getSpaceConfig(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { - HttpStatus status = accessCheckerUtil.checkAccess(auth, spaceID); + var status = accessCheckerUtil.checkAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); return new ResponseEntity<>(spaceService.getSpaceConfig(spaceID), HttpStatus.OK); @@ -233,9 +230,8 @@ public SpaceController(SessionService sessionService, SpaceService spaceService, public @ResponseBody ResponseEntity deleteSpace(@PathVariable Long spaceID, @RequestHeader("xAuth") GenericAuthDto auth) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); if (!userAccessService.userHasAccess(auth.getUserID(), spaceID) || !spaceService.checkCreator(spaceID, auth.getUserID())) { diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java index 777be9e..ee8a790 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/UserController.java @@ -1,5 +1,6 @@ package com.vaultionizer.vaultserver.controllers; +import com.vaultionizer.vaultserver.helpers.AccessCheckerUtil; import com.vaultionizer.vaultserver.helpers.Config; import com.vaultionizer.vaultserver.model.dto.*; import com.vaultionizer.vaultserver.service.*; @@ -24,6 +25,7 @@ public class UserController { private final SpaceController spaceController; private final UserAccessService userAccessService; private final PendingUploadService pendingUploadService; + private final AccessCheckerUtil accessCheckerUtil; @Autowired public UserController(UserService userService, SessionService sessionService, @@ -35,6 +37,7 @@ public UserController(UserService userService, SessionService sessionService, this.spaceController = spaceController; this.userAccessService = userAccessService; this.pendingUploadService = pendingUploadService; + accessCheckerUtil = new AccessCheckerUtil(sessionService, userAccessService, spaceService); } @@ -97,8 +100,9 @@ public UserController(UserService userService, SessionService sessionService, }) public @ResponseBody ResponseEntity - logoutUser(@RequestBody AuthWrapperDto req) { - GenericAuthDto auth = req.getAuth(); + logoutUser(@RequestHeader("xAuth") GenericAuthDto auth) { + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); sessionService.deleteSession(auth.getUserID(), auth.getSessionKey()); return new ResponseEntity<>(null, HttpStatus.OK); } @@ -112,9 +116,8 @@ public UserController(UserService userService, SessionService sessionService, public @ResponseBody ResponseEntity deleteUser(@RequestHeader("xAuth") GenericAuthDto auth) { - if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); - } + var status = accessCheckerUtil.checkAuthenticated(auth); + if (status != null) return new ResponseEntity<>(null, status); userService.setDeleted(auth.getUserID()); pendingUploadService.deletePendingUploadsByUser(auth.getUserID()); sessionService.deleteAllSessionsWithUser(auth.getUserID()); diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java b/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java index ed44930..7f3cebc 100644 --- a/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/AccessCheckerUtil.java @@ -17,10 +17,17 @@ public AccessCheckerUtil(SessionService sessionService, UserAccessService userAc this.spaceService = spaceService; } - public HttpStatus checkAccess(GenericAuthDto auth, Long spaceID) { + public HttpStatus checkAuthenticated(GenericAuthDto auth) { + if (auth == null) return HttpStatus.BAD_REQUEST; if (!sessionService.getSession(auth.getUserID(), auth.getSessionKey())) { return HttpStatus.UNAUTHORIZED; } + return null; + } + + public HttpStatus checkAccess(GenericAuthDto auth, Long spaceID) { + var status = checkAuthenticated(auth); + if (status != null) return status; if (spaceService.checkDeleted(spaceID) || !userAccessService.userHasAccess(auth.getUserID(), spaceID)) { return HttpStatus.FORBIDDEN; diff --git a/src/main/java/com/vaultionizer/vaultserver/helpers/GenericAuthConverter.java b/src/main/java/com/vaultionizer/vaultserver/helpers/GenericAuthConverter.java new file mode 100644 index 0000000..a28ebb0 --- /dev/null +++ b/src/main/java/com/vaultionizer/vaultserver/helpers/GenericAuthConverter.java @@ -0,0 +1,28 @@ +package com.vaultionizer.vaultserver.helpers; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.vaultionizer.vaultserver.model.dto.GenericAuthDto; +import org.springframework.core.convert.converter.Converter; +import org.springframework.stereotype.Component; + +import java.io.IOException; + + +@Component +public class GenericAuthConverter implements Converter { + + private final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public GenericAuthDto convert(String json) { + try { + var auth = objectMapper.readValue(json, GenericAuthDto.class); + if (auth == null || auth.getUserID() == null || auth.getSessionKey() == null || auth.getSessionKey().isBlank()) + return null; + return auth; + } catch (IOException ex) { + ex.printStackTrace(); + return null; + } + } +} diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/GenericAuthDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/GenericAuthDto.java index 039423e..3d9d758 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/GenericAuthDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/GenericAuthDto.java @@ -2,8 +2,11 @@ // A lot of requests need a sessionKey and the user's id public class GenericAuthDto { - private final Long userID; - private final String sessionKey; + private Long userID; + private String sessionKey; + + public GenericAuthDto() { + } public GenericAuthDto(Long userID, String sessionKey) { this.userID = userID; From 1d2136cae39471a5748a9ed9731cb42d13517aff Mon Sep 17 00:00:00 2001 From: keksklauer4 Date: Mon, 17 May 2021 17:35:16 +0200 Subject: [PATCH 32/57] Update SecurityConfig.java --- .../com/vaultionizer/vaultserver/config/SecurityConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java index 7982d23..6eafdb8 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java @@ -18,7 +18,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http.cors().and().authorizeRequests() .antMatchers("/**") - .permitAll(); + .permitAll() + .and().csrf().disable(); } @Bean From 34412428ba9d90fc99bb34ac00672973b6a1144d Mon Sep 17 00:00:00 2001 From: Julien Meier Date: Mon, 17 May 2021 17:56:46 +0200 Subject: [PATCH 33/57] Added default constructors. --- .../vaultserver/config/SecurityConfig.java | 2 +- .../controllers/RefFileController.java | 4 +++- .../model/dto/ChangeAuthKeyDto.java | 5 ++++- .../model/dto/ConfigureSpaceDto.java | 3 +++ .../vaultserver/model/dto/CreateSpaceDto.java | 3 +++ .../vaultserver/model/dto/DeleteFileDto.java | 14 ------------ .../model/dto/FileDownloadDto.java | 22 ------------------- .../vaultserver/model/dto/FileUploadDto.java | 3 +++ .../model/dto/GetVersionResponseDto.java | 3 +++ .../vaultserver/model/dto/JoinSpaceDto.java | 3 +++ .../vaultserver/model/dto/LoginUserDto.java | 3 +++ .../model/dto/LoginUserResponseDto.java | 3 +++ .../vaultserver/model/dto/ReadRefFileDto.java | 9 +++++--- .../model/dto/SpaceAuthKeyDto.java | 3 +++ .../model/dto/SpaceAuthKeyResponseDto.java | 3 +++ .../model/dto/UpdateRefFileDto.java | 3 +++ 16 files changed, 44 insertions(+), 42 deletions(-) delete mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java delete mode 100644 src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java diff --git a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java index 6eafdb8..ecc1da3 100644 --- a/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java +++ b/src/main/java/com/vaultionizer/vaultserver/config/SecurityConfig.java @@ -25,7 +25,7 @@ protected void configure(HttpSecurity http) throws Exception { @Bean public CorsConfigurationSource corsConfigurationSource() { var configuration = new CorsConfiguration(); - configuration.setAllowedOrigins(Arrays.asList("https://www.vault.gottwuerfeltnicht.de")); + configuration.setAllowedOrigins(Arrays.asList("https://www.api.vault.jatsqi.com")); // for testing: // configuration.setAllowedOrigins(Arrays.asList("http://localhost:63342")); configuration.setAllowedMethods(Arrays.asList("POST", "PUT", "GET", "OPTIONS", "DELETE")); diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index 6cef629..74b1a0c 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -18,6 +18,8 @@ import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; +import java.time.Instant; + @Api(value = "/api/refFile/", description = "Controller that handles the ref file CRUD requests.") @RestController public class RefFileController { @@ -58,7 +60,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc } // if the last fetched version is latest, just tell user not modified - if (req.getLastRead() != null && !refFileService.hasNewVersion(refFileID, req.getLastRead())) { + if (req.getLastRead() != null && !refFileService.hasNewVersion(refFileID, Instant.ofEpochMilli(req.getLastRead()))) { return new ResponseEntity<>(null, HttpStatus.NOT_MODIFIED); } String content = refFileService.readRefFile(refFileID); diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java index 852d900..98037d9 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ChangeAuthKeyDto.java @@ -1,7 +1,10 @@ package com.vaultionizer.vaultserver.model.dto; public class ChangeAuthKeyDto { - private final String authKey; + private String authKey; + + public ChangeAuthKeyDto() { + } public ChangeAuthKeyDto(String authKey) { this.authKey = authKey; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java index d4695c8..66f23df 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ConfigureSpaceDto.java @@ -5,6 +5,9 @@ public class ConfigureSpaceDto { private boolean usersAuthAccess; private Boolean sharedSpace; + public ConfigureSpaceDto() { + } + public ConfigureSpaceDto(boolean usersWriteAccess, boolean usersAuthAccess, Boolean sharedSpace) { this.usersWriteAccess = usersWriteAccess; this.usersAuthAccess = usersAuthAccess; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java index e2a3011..0cb26ac 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/CreateSpaceDto.java @@ -9,6 +9,9 @@ public class CreateSpaceDto { private String authKey; private String referenceFile; + public CreateSpaceDto() { + } + public boolean getUsersWriteAccess() { return usersWriteAccess; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java deleted file mode 100644 index 9e013ef..0000000 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/DeleteFileDto.java +++ /dev/null @@ -1,14 +0,0 @@ -package com.vaultionizer.vaultserver.model.dto; - -public class DeleteFileDto { - private Long spaceID; - private Long saveIndex; - - public Long getSpaceID() { - return spaceID; - } - - public Long getSaveIndex() { - return saveIndex; - } -} diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java deleted file mode 100644 index 72ded79..0000000 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileDownloadDto.java +++ /dev/null @@ -1,22 +0,0 @@ -package com.vaultionizer.vaultserver.model.dto; - -public class FileDownloadDto { - private Long spaceID; - private Long saveIndex; - - public FileDownloadDto() { - } - - public FileDownloadDto(Long spaceID, Long saveIndex) { - this.spaceID = spaceID; - this.saveIndex = saveIndex; - } - - public Long getSpaceID() { - return spaceID; - } - - public Long getSaveIndex() { - return saveIndex; - } -} diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java index a44d19d..9ce27cc 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/FileUploadDto.java @@ -3,6 +3,9 @@ public class FileUploadDto { private int amountFiles; + public FileUploadDto() { + } + public FileUploadDto(int amountFiles) { this.amountFiles = amountFiles; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/GetVersionResponseDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/GetVersionResponseDto.java index 7d18e44..dd770d5 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/GetVersionResponseDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/GetVersionResponseDto.java @@ -11,6 +11,9 @@ public GetVersionResponseDto(String version, String maintainer, boolean hasAuthK this.hasAuthKey = hasAuthKey; } + public GetVersionResponseDto() { + } + public String getVersion() { return version; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java index 180879f..c0d4259 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/JoinSpaceDto.java @@ -3,6 +3,9 @@ public class JoinSpaceDto { private String authKey; + public JoinSpaceDto() { + } + public JoinSpaceDto(String authKey) { this.authKey = authKey; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserDto.java index 1e93925..072ab60 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserDto.java @@ -4,6 +4,9 @@ public class LoginUserDto { private String username; private String key; + public LoginUserDto() { + } + public LoginUserDto(String username, String key) { this.username = username; this.key = key; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserResponseDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserResponseDto.java index 6eab7e9..ace0777 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserResponseDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/LoginUserResponseDto.java @@ -5,6 +5,9 @@ public class LoginUserResponseDto { private String sessionKey; private String websocketToken; + public LoginUserResponseDto() { + } + public LoginUserResponseDto(Long userID, String sessionKey, String websocketToken) { this.userID = userID; this.sessionKey = sessionKey; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java index f9079a9..478a140 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/ReadRefFileDto.java @@ -4,13 +4,16 @@ import java.time.Instant; public class ReadRefFileDto { - private Instant lastRead; + private Long lastRead; - public ReadRefFileDto(Instant lastRead) { + public ReadRefFileDto() { + } + + public ReadRefFileDto(Long lastRead) { this.lastRead = lastRead; } - public Instant getLastRead() { + public Long getLastRead() { return lastRead; } } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java index d93af14..275f0a7 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyDto.java @@ -3,6 +3,9 @@ public class SpaceAuthKeyDto { private Long spaceID; + public SpaceAuthKeyDto() { + } + public SpaceAuthKeyDto(Long spaceID) { this.spaceID = spaceID; } diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java index 42ccbd9..66dba57 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/SpaceAuthKeyResponseDto.java @@ -4,6 +4,9 @@ public class SpaceAuthKeyResponseDto { private Long spaceID; private String authKey; + public SpaceAuthKeyResponseDto() { + } + public SpaceAuthKeyResponseDto(Long spaceID, String authKey) { this.spaceID = spaceID; this.authKey = authKey; diff --git a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java index 2aa804a..a2a6096 100644 --- a/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java +++ b/src/main/java/com/vaultionizer/vaultserver/model/dto/UpdateRefFileDto.java @@ -3,6 +3,9 @@ public class UpdateRefFileDto { private String content; + public UpdateRefFileDto() { + } + public UpdateRefFileDto(String content) { this.content = content; } From dac61ddaa8a2409c5783a127cdb5ef282e9d56e0 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:54:06 +0000 Subject: [PATCH 34/57] Bump jquery from 3.1.1-1 to 3.6.0 Bumps [jquery](https://github.com/webjars/jquery) from 3.1.1-1 to 3.6.0. - [Release notes](https://github.com/webjars/jquery/releases) - [Commits](https://github.com/webjars/jquery/compare/jquery-3.1.1-1...jquery-3.6.0) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f7377cf..96577dd 100644 --- a/pom.xml +++ b/pom.xml @@ -115,7 +115,7 @@ org.webjars jquery - 3.1.1-1 + 3.6.0 From c96296a9104956db8a57e1a941a3a58280b31b50 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:54:30 +0000 Subject: [PATCH 35/57] Bump cucumber-junit from 6.8.0 to 6.10.4 Bumps [cucumber-junit](https://github.com/cucumber/cucumber-jvm) from 6.8.0 to 6.10.4. - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](https://github.com/cucumber/cucumber-jvm/compare/v6.8.0...v6.10.4) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f7377cf..97b52c8 100644 --- a/pom.xml +++ b/pom.xml @@ -127,7 +127,7 @@ io.cucumber cucumber-junit - 6.8.0 + 6.10.4 test From 9cc78b82fa091a4282ad80ae68428e0a08ef1366 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:54:51 +0000 Subject: [PATCH 36/57] Bump junit-vintage-engine from 5.7.1 to 5.7.2 Bumps [junit-vintage-engine](https://github.com/junit-team/junit5) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.7.1...r5.7.2) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f7377cf..4287c5b 100644 --- a/pom.xml +++ b/pom.xml @@ -139,7 +139,7 @@ org.junit.vintage junit-vintage-engine - 5.7.1 + 5.7.2 test From 2caaacb143e6ae493fcb0a6063ad09c80bec15a3 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:55:14 +0000 Subject: [PATCH 37/57] Bump bootstrap from 3.3.7 to 5.0.1 Bumps [bootstrap](https://github.com/webjars/bootstrap) from 3.3.7 to 5.0.1. - [Release notes](https://github.com/webjars/bootstrap/releases) - [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-3.3.7...bootstrap-5.0.1) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f7377cf..4ede45f 100644 --- a/pom.xml +++ b/pom.xml @@ -110,7 +110,7 @@ org.webjars bootstrap - 3.3.7 + 5.0.1 org.webjars From 24de37af7e7a26b555b5cf6d99e7a56f4e02a7cb Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:55:36 +0000 Subject: [PATCH 38/57] Bump stomp-websocket from 2.3.3 to 2.3.4 Bumps [stomp-websocket](https://github.com/webjars/stomp-websocket) from 2.3.3 to 2.3.4. - [Release notes](https://github.com/webjars/stomp-websocket/releases) - [Commits](https://github.com/webjars/stomp-websocket/compare/stomp-websocket-2.3.3...stomp-websocket-2.3.4) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f7377cf..d5ad666 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ org.webjars stomp-websocket - 2.3.3 + 2.3.4 org.webjars From b002526813dac9ff17fb7b94e4160d3edcbb65ab Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:59:11 +0000 Subject: [PATCH 39/57] Bump springfox-core from 2.9.2 to 3.0.0 Bumps [springfox-core](https://github.com/springfox/springfox) from 2.9.2 to 3.0.0. - [Release notes](https://github.com/springfox/springfox/releases) - [Changelog](https://github.com/springfox/springfox/blob/master/docs/release-notes.md) - [Commits](https://github.com/springfox/springfox/compare/2.9.2...3.0.0) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 22ac3cb..2b5f5ab 100644 --- a/pom.xml +++ b/pom.xml @@ -59,7 +59,7 @@ io.springfox springfox-core - 2.9.2 + 3.0.0 io.springfox From cc2f50b503c4c4cf743a3f7d4e7bb2d51d1a879c Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:59:33 +0000 Subject: [PATCH 40/57] Bump json from 20171018 to 20210307 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20171018 to 20210307. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Commits](https://github.com/douglascrockford/JSON-java/commits) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 22ac3cb..9456f7b 100644 --- a/pom.xml +++ b/pom.xml @@ -89,7 +89,7 @@ org.json json - 20171018 + 20210307 From 1fff3039105c81de37ac4eb6623c94b71c57b08c Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 12:59:54 +0000 Subject: [PATCH 41/57] Bump sockjs-client from 1.0.2 to 1.5.1 Bumps [sockjs-client](https://github.com/webjars/sockjs-client) from 1.0.2 to 1.5.1. - [Release notes](https://github.com/webjars/sockjs-client/releases) - [Commits](https://github.com/webjars/sockjs-client/compare/sockjs-client-1.0.2...sockjs-client-1.5.1) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 22ac3cb..4a752ed 100644 --- a/pom.xml +++ b/pom.xml @@ -100,7 +100,7 @@ org.webjars sockjs-client - 1.0.2 + 1.5.1 org.webjars From 161dc25dc18eb0cc4bf05b235bb12a498fa50480 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 13:00:17 +0000 Subject: [PATCH 42/57] Bump springfox-swagger-ui from 2.9.2 to 3.0.0 Bumps [springfox-swagger-ui](https://github.com/springfox/springfox) from 2.9.2 to 3.0.0. - [Release notes](https://github.com/springfox/springfox/releases) - [Changelog](https://github.com/springfox/springfox/blob/master/docs/release-notes.md) - [Commits](https://github.com/springfox/springfox/compare/2.9.2...3.0.0) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 22ac3cb..174f89d 100644 --- a/pom.xml +++ b/pom.xml @@ -64,7 +64,7 @@ io.springfox springfox-swagger-ui - 2.9.2 + 3.0.0 org.postgresql From ba35a96333e8994b359ee1842a683a9e2b02477e Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 13:00:40 +0000 Subject: [PATCH 43/57] Bump cucumber-spring from 6.8.0 to 6.10.4 Bumps [cucumber-spring](https://github.com/cucumber/cucumber-jvm) from 6.8.0 to 6.10.4. - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](https://github.com/cucumber/cucumber-jvm/compare/v6.8.0...v6.10.4) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 22ac3cb..25fa393 100644 --- a/pom.xml +++ b/pom.xml @@ -133,7 +133,7 @@ io.cucumber cucumber-spring - 6.8.0 + 6.10.4 test From bf4e4d8b4e8bde50acabf2ce6e4fddff68724970 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 13:03:03 +0000 Subject: [PATCH 44/57] Bump cucumber-java from 6.8.0 to 6.10.4 Bumps [cucumber-java](https://github.com/cucumber/cucumber-jvm) from 6.8.0 to 6.10.4. - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](https://github.com/cucumber/cucumber-jvm/compare/v6.8.0...v6.10.4) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a7da2b4..b3a8a39 100644 --- a/pom.xml +++ b/pom.xml @@ -121,7 +121,7 @@ io.cucumber cucumber-java - 6.8.0 + 6.10.4 test From 3cb11fc96d67632eefa23438f01377c1981c69b5 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 13:03:35 +0000 Subject: [PATCH 45/57] Bump spring-boot-starter-parent from 2.4.0-M3 to 2.5.0 Bumps [spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 2.4.0-M3 to 2.5.0. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v2.4.0-M3...v2.5.0) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a7da2b4..4f16294 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.4.0-M3 + 2.5.0 com.vaultionizer From 781631d6b36c395c35ceb365bdd9aa0bb871aad8 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 13:03:57 +0000 Subject: [PATCH 46/57] Bump springfox-swagger2 from 2.9.2 to 3.0.0 Bumps [springfox-swagger2](https://github.com/springfox/springfox) from 2.9.2 to 3.0.0. - [Release notes](https://github.com/springfox/springfox/releases) - [Changelog](https://github.com/springfox/springfox/blob/master/docs/release-notes.md) - [Commits](https://github.com/springfox/springfox/compare/2.9.2...3.0.0) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a7da2b4..b00c2ea 100644 --- a/pom.xml +++ b/pom.xml @@ -53,7 +53,7 @@ io.springfox springfox-swagger2 - 2.9.2 + 3.0.0 From fbf35b8e1f6ed4b6b640d2930d605582d8201fe3 Mon Sep 17 00:00:00 2001 From: Johannes Quast <54998646+jatsqi@users.noreply.github.com> Date: Thu, 10 Jun 2021 15:26:53 +0200 Subject: [PATCH 47/57] Add missing dependency. --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index f416dd4..6d11367 100644 --- a/pom.xml +++ b/pom.xml @@ -91,6 +91,11 @@ json 20210307 + + org.springframework + spring-tx + 5.3.8 + From 9a8b5b354b556db23b9c991b8850b0a31d0ce80e Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 11 Jun 2021 06:19:39 +0000 Subject: [PATCH 48/57] Bump spring-boot-starter-parent from 2.5.0 to 2.5.1 Bumps [spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v2.5.0...v2.5.1) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6d11367..bee66fe 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.5.0 + 2.5.1 com.vaultionizer From 66489ee2c4b5dd6b1b107dc4415bfbbbc41ba229 Mon Sep 17 00:00:00 2001 From: keksklauer4 Date: Sun, 13 Jun 2021 18:29:06 +0200 Subject: [PATCH 49/57] Fixed reffile bug --- .../vaultionizer/vaultserver/controllers/RefFileController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java index 74b1a0c..676bd94 100644 --- a/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java +++ b/src/main/java/com/vaultionizer/vaultserver/controllers/RefFileController.java @@ -51,7 +51,7 @@ public RefFileController(SessionService sessionService, UserAccessService userAc public @ResponseBody ResponseEntity // TODO readRefFile(@RequestBody ReadRefFileDto req, @RequestHeader("xAuth") GenericAuthDto auth, @PathVariable Long spaceID) { - var status = accessCheckerUtil.checkPrivilegeLevel(auth, spaceID); + var status = accessCheckerUtil.checkAccess(auth, spaceID); if (status != null) return new ResponseEntity<>(null, status); Long refFileID = spaceService.getRefFileID(spaceID); From 9bd80739ebac133228ba6d17c1298590e7105ce0 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 25 Jun 2021 06:24:02 +0000 Subject: [PATCH 50/57] Bump spring-boot-starter-parent from 2.5.1 to 2.5.2 Bumps [spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 2.5.1 to 2.5.2. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v2.5.1...v2.5.2) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bee66fe..4db10e1 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.5.1 + 2.5.2 com.vaultionizer From bb1c17eb4099a6ffa7b9da7b23448a19fd3cd37b Mon Sep 17 00:00:00 2001 From: Johannes Quast Date: Sat, 26 Jun 2021 10:16:42 +0200 Subject: [PATCH 51/57] Fix SwaggerUI. --- pom.xml | 5 +++++ src/main/resources/application.properties | 1 + 2 files changed, 6 insertions(+) diff --git a/pom.xml b/pom.xml index bee66fe..681e902 100644 --- a/pom.xml +++ b/pom.xml @@ -55,6 +55,11 @@ springfox-swagger2 3.0.0 + + org.springdoc + springdoc-openapi-ui + 1.5.2 + io.springfox diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 148ccff..0b10a7f 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -14,3 +14,4 @@ spring.datasource.username=${VAULT_DB_USER} spring.datasource.password=${VAULT_DB_PASSWORD} spring.jpa.hibernate.ddl-auto=create +springdoc.api-docs.path=/api-docs From f63e61ab4372cf074361357cd3d7fbd7fdfba82c Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 15 Jul 2021 06:23:40 +0000 Subject: [PATCH 52/57] Bump spring-tx from 5.3.8 to 5.3.9 Bumps [spring-tx](https://github.com/spring-projects/spring-framework) from 5.3.8 to 5.3.9. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.8...v5.3.9) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0b1b89b..7116d62 100644 --- a/pom.xml +++ b/pom.xml @@ -99,7 +99,7 @@ org.springframework spring-tx - 5.3.8 + 5.3.9 From b2cfee201e98f094415347ae1e51e79d54c8fab4 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 20 Jul 2021 06:22:47 +0000 Subject: [PATCH 53/57] Bump bootstrap from 5.0.1 to 5.0.2 Bumps [bootstrap](https://github.com/webjars/bootstrap) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/webjars/bootstrap/releases) - [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-5.0.1...bootstrap-5.0.2) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0b1b89b..5d5f91d 100644 --- a/pom.xml +++ b/pom.xml @@ -120,7 +120,7 @@ org.webjars bootstrap - 5.0.1 + 5.0.2 org.webjars From 0ee34f0954bf078b349e73b125e429c7af1edb01 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 23 Jul 2021 06:22:57 +0000 Subject: [PATCH 54/57] Bump spring-boot-starter-parent from 2.5.2 to 2.5.3 Bumps [spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 2.5.2 to 2.5.3. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v2.5.2...v2.5.3) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0b1b89b..13159ed 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.5.2 + 2.5.3 com.vaultionizer From fe38a661e314e951c83c315788f4a11746ee7e09 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 28 Jul 2021 06:22:28 +0000 Subject: [PATCH 55/57] Bump springdoc-openapi-ui from 1.5.2 to 1.5.10 Bumps [springdoc-openapi-ui](https://github.com/springdoc/springdoc-openapi) from 1.5.2 to 1.5.10. - [Release notes](https://github.com/springdoc/springdoc-openapi/releases) - [Changelog](https://github.com/springdoc/springdoc-openapi/blob/master/CHANGELOG.md) - [Commits](https://github.com/springdoc/springdoc-openapi/compare/v1.5.2...v1.5.10) Signed-off-by: dependabot-preview[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0b1b89b..de5bfa3 100644 --- a/pom.xml +++ b/pom.xml @@ -58,7 +58,7 @@ org.springdoc springdoc-openapi-ui - 1.5.2 + 1.5.10 From 73d0c99ab79e520aba53a0cee072a7d356e98190 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Apr 2023 18:05:14 +0000 Subject: [PATCH 56/57] Bump json from 20210307 to 20230227 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20210307 to 20230227. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0b1b89b..7a848e9 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ org.json json - 20210307 + 20230227 org.springframework From 2993d93056ed5e7650963c18a4c785a703e542f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Oct 2023 08:18:44 +0000 Subject: [PATCH 57/57] Bump org.json:json from 20230227 to 20231013 Bumps [org.json:json](https://github.com/douglascrockford/JSON-java) from 20230227 to 20231013. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b156a05..1d656c9 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ org.json json - 20230227 + 20231013 org.springframework