mirror of https://github.com/usbharu/Hideout.git
style: fix lint
This commit is contained in:
parent
2367eb3c88
commit
343583e14b
|
@ -22,6 +22,7 @@ import org.junit.jupiter.api.AfterAll
|
||||||
import org.junit.jupiter.api.BeforeEach
|
import org.junit.jupiter.api.BeforeEach
|
||||||
import org.junit.jupiter.api.Test
|
import org.junit.jupiter.api.Test
|
||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
|
import org.springframework.beans.factory.annotation.Qualifier
|
||||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
|
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
|
||||||
import org.springframework.boot.test.context.SpringBootTest
|
import org.springframework.boot.test.context.SpringBootTest
|
||||||
import org.springframework.http.MediaType
|
import org.springframework.http.MediaType
|
||||||
|
@ -36,6 +37,8 @@ import org.springframework.transaction.annotation.Transactional
|
||||||
import org.springframework.web.context.WebApplicationContext
|
import org.springframework.web.context.WebApplicationContext
|
||||||
import util.WithHttpSignature
|
import util.WithHttpSignature
|
||||||
import util.WithMockHttpSignature
|
import util.WithMockHttpSignature
|
||||||
|
import java.time.ZonedDateTime
|
||||||
|
import java.time.format.DateTimeFormatter
|
||||||
|
|
||||||
@SpringBootTest(classes = [SpringApplication::class])
|
@SpringBootTest(classes = [SpringApplication::class])
|
||||||
@AutoConfigureMockMvc
|
@AutoConfigureMockMvc
|
||||||
|
@ -46,6 +49,10 @@ class NoteTest {
|
||||||
@Autowired
|
@Autowired
|
||||||
private lateinit var context: WebApplicationContext
|
private lateinit var context: WebApplicationContext
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
@Qualifier("http")
|
||||||
|
private lateinit var dateTimeFormatter: DateTimeFormatter
|
||||||
|
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
fun setUp() {
|
fun setUp() {
|
||||||
mockMvc = MockMvcBuilders.webAppContextSetup(context).apply<DefaultMockMvcBuilder>(springSecurity()).build()
|
mockMvc = MockMvcBuilders.webAppContextSetup(context).apply<DefaultMockMvcBuilder>(springSecurity()).build()
|
||||||
|
@ -197,6 +204,29 @@ class NoteTest {
|
||||||
.andExpect { jsonPath("\$.attachment[1].url") { value("https://example.com/media/test-media2.png") } }
|
.andExpect { jsonPath("\$.attachment[1].url") { value("https://example.com/media/test-media2.png") } }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
fun signatureヘッダーがあるのにhostヘッダーがないと401() {
|
||||||
|
mockMvc
|
||||||
|
.get("/users/test-user10/posts/9999") {
|
||||||
|
accept(MediaType("application", "activity+json"))
|
||||||
|
header("Signature", "a")
|
||||||
|
header("Date", ZonedDateTime.now().format(dateTimeFormatter))
|
||||||
|
|
||||||
|
}
|
||||||
|
.andExpect { status { isUnauthorized() } }
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
fun signatureヘッダーがあるのにdateヘッダーがないと401() {
|
||||||
|
mockMvc
|
||||||
|
.get("/users/test-user10/posts/9999") {
|
||||||
|
accept(MediaType("application", "activity+json"))
|
||||||
|
header("Signature", "a")
|
||||||
|
header("Host", "example.com")
|
||||||
|
}
|
||||||
|
.andExpect { status { isUnauthorized() } }
|
||||||
|
}
|
||||||
|
|
||||||
companion object {
|
companion object {
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@AfterAll
|
@AfterAll
|
||||||
|
|
|
@ -92,16 +92,14 @@ import java.security.interfaces.RSAPrivateKey
|
||||||
import java.security.interfaces.RSAPublicKey
|
import java.security.interfaces.RSAPublicKey
|
||||||
import java.util.*
|
import java.util.*
|
||||||
|
|
||||||
|
|
||||||
@EnableWebSecurity(debug = false)
|
@EnableWebSecurity(debug = false)
|
||||||
@Configuration
|
@Configuration
|
||||||
@Suppress("FunctionMaxLength", "TooManyFunctions", "LongMethod")
|
@Suppress("FunctionMaxLength", "TooManyFunctions", "LongMethod")
|
||||||
class SecurityConfig {
|
class SecurityConfig {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
fun authenticationManager(authenticationConfiguration: AuthenticationConfiguration): AuthenticationManager? {
|
fun authenticationManager(authenticationConfiguration: AuthenticationConfiguration): AuthenticationManager? =
|
||||||
return authenticationConfiguration.authenticationManager
|
authenticationConfiguration.authenticationManager
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(1)
|
@Order(1)
|
||||||
|
@ -416,6 +414,9 @@ class SecurityConfig {
|
||||||
return roleHierarchyImpl
|
return roleHierarchyImpl
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Spring Security 3.2.1 に存在する EnableWebSecurity(debug = true)にすると発生するエラーに対処するためのコード
|
||||||
|
// trueにしないときはコメントアウト
|
||||||
|
|
||||||
// @Bean
|
// @Bean
|
||||||
fun beanDefinitionRegistryPostProcessor(): BeanDefinitionRegistryPostProcessor {
|
fun beanDefinitionRegistryPostProcessor(): BeanDefinitionRegistryPostProcessor {
|
||||||
return BeanDefinitionRegistryPostProcessor { registry: BeanDefinitionRegistry ->
|
return BeanDefinitionRegistryPostProcessor { registry: BeanDefinitionRegistry ->
|
||||||
|
@ -424,6 +425,7 @@ class SecurityConfig {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Suppress("ExpressionBodySyntax")
|
||||||
internal class CompositeFilterChainProxy(filters: List<Filter?>) : FilterChainProxy() {
|
internal class CompositeFilterChainProxy(filters: List<Filter?>) : FilterChainProxy() {
|
||||||
private val doFilterDelegate: Filter
|
private val doFilterDelegate: Filter
|
||||||
|
|
||||||
|
|
|
@ -45,7 +45,7 @@ class HttpSignatureFilter(
|
||||||
return signature.keyId
|
return signature.keyId
|
||||||
}
|
}
|
||||||
|
|
||||||
override fun getPreAuthenticatedCredentials(request: HttpServletRequest?): Any {
|
override fun getPreAuthenticatedCredentials(request: HttpServletRequest?): Any? {
|
||||||
requireNotNull(request)
|
requireNotNull(request)
|
||||||
val url = request.requestURL.toString()
|
val url = request.requestURL.toString()
|
||||||
|
|
||||||
|
@ -58,17 +58,24 @@ class HttpSignatureFilter(
|
||||||
"get" -> HttpMethod.GET
|
"get" -> HttpMethod.GET
|
||||||
"post" -> HttpMethod.POST
|
"post" -> HttpMethod.POST
|
||||||
else -> {
|
else -> {
|
||||||
throw IllegalArgumentException("Unsupported method: $method")
|
// throw IllegalArgumentException("Unsupported method: $method")
|
||||||
|
return null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
httpSignatureHeaderChecker.checkDate(request.getHeader("date"))
|
try {
|
||||||
httpSignatureHeaderChecker.checkHost(request.getHeader("host"))
|
httpSignatureHeaderChecker.checkDate(request.getHeader("date")!!)
|
||||||
|
httpSignatureHeaderChecker.checkHost(request.getHeader("host")!!)
|
||||||
|
if (request.method.equals("post", true)) {
|
||||||
|
httpSignatureHeaderChecker.checkDigest(
|
||||||
if (request.method.equals("post", true)) {
|
request.inputStream.readAllBytes()!!,
|
||||||
httpSignatureHeaderChecker.checkDigest(request.inputStream.readAllBytes(), request.getHeader("digest"))
|
request.getHeader("digest")!!
|
||||||
|
)
|
||||||
|
}
|
||||||
|
} catch (_: NullPointerException) {
|
||||||
|
return null
|
||||||
|
} catch (_: IllegalArgumentException) {
|
||||||
|
return null
|
||||||
}
|
}
|
||||||
|
|
||||||
return HttpRequest(
|
return HttpRequest(
|
||||||
|
|
|
@ -55,4 +55,4 @@ class HttpSignatureHeaderChecker(private val applicationConfig: ApplicationConfi
|
||||||
private val dateFormat = DateTimeFormatter.ofPattern("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US)
|
private val dateFormat = DateTimeFormatter.ofPattern("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US)
|
||||||
private val regex = Regex("^([a-zA-Z0-9\\-]+)=(.+)$")
|
private val regex = Regex("^([a-zA-Z0-9\\-]+)=(.+)$")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue