mirror of https://github.com/usbharu/Hideout.git
commit
e56604ec26
|
@ -0,0 +1,115 @@
|
|||
package mastodon.timelines
|
||||
|
||||
import dev.usbharu.hideout.SpringApplication
|
||||
import org.flywaydb.core.Flyway
|
||||
import org.junit.jupiter.api.AfterAll
|
||||
import org.junit.jupiter.api.BeforeEach
|
||||
import org.junit.jupiter.api.Test
|
||||
import org.springframework.beans.factory.annotation.Autowired
|
||||
import org.springframework.boot.test.context.SpringBootTest
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority
|
||||
import org.springframework.security.test.context.support.WithAnonymousUser
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
|
||||
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
|
||||
import org.springframework.test.context.jdbc.Sql
|
||||
import org.springframework.test.web.servlet.MockMvc
|
||||
import org.springframework.test.web.servlet.get
|
||||
import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders
|
||||
import org.springframework.transaction.annotation.Transactional
|
||||
import org.springframework.web.context.WebApplicationContext
|
||||
|
||||
@SpringBootTest(classes = [SpringApplication::class])
|
||||
@Transactional
|
||||
@Sql("/sql/test-user.sql", executionPhase = Sql.ExecutionPhase.BEFORE_TEST_CLASS)
|
||||
class TimelineApiTest {
|
||||
@Autowired
|
||||
private lateinit var context: WebApplicationContext
|
||||
|
||||
private lateinit var mockMvc: MockMvc
|
||||
|
||||
@BeforeEach
|
||||
fun beforeEach() {
|
||||
mockMvc = MockMvcBuilders.webAppContextSetup(context)
|
||||
.apply<DefaultMockMvcBuilder>(SecurityMockMvcConfigurers.springSecurity())
|
||||
.build()
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `apiV1TimelinesHomeGetにreadでアクセスできる`() {
|
||||
mockMvc
|
||||
.get("/api/v1/timelines/home") {
|
||||
with(
|
||||
SecurityMockMvcRequestPostProcessors.jwt()
|
||||
.jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read"))
|
||||
)
|
||||
}
|
||||
.asyncDispatch()
|
||||
.andExpect { status { isOk() } }
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `apiV1TimelinesHomeGetにread statusesでアクセスできる`() {
|
||||
mockMvc
|
||||
.get("/api/v1/timelines/home") {
|
||||
with(
|
||||
SecurityMockMvcRequestPostProcessors.jwt()
|
||||
.jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read:statuses"))
|
||||
)
|
||||
}
|
||||
.asyncDispatch()
|
||||
.andExpect { status { isOk() } }
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithAnonymousUser
|
||||
fun apiV1TimelineHomeGetに匿名でアクセスすると401() {
|
||||
mockMvc
|
||||
.get("/api/v1/timelines/home")
|
||||
.andExpect { status { isUnauthorized() } }
|
||||
}
|
||||
|
||||
@Test
|
||||
fun apiV1TimelinesPublicGetにreadでアクセスできる() {
|
||||
mockMvc
|
||||
.get("/api/v1/timelines/public") {
|
||||
with(
|
||||
SecurityMockMvcRequestPostProcessors.jwt()
|
||||
.jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read"))
|
||||
)
|
||||
}
|
||||
.asyncDispatch()
|
||||
.andExpect { status { isOk() } }
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `apiV1TimelinesPublicGetにread statusesでアクセスできる`() {
|
||||
mockMvc
|
||||
.get("/api/v1/timelines/public") {
|
||||
with(
|
||||
SecurityMockMvcRequestPostProcessors.jwt()
|
||||
.jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read:statuses"))
|
||||
)
|
||||
}
|
||||
.asyncDispatch()
|
||||
.andExpect { status { isOk() } }
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithAnonymousUser
|
||||
fun apiV1TimeinesPublicGetに匿名でアクセスできる() {
|
||||
mockMvc
|
||||
.get("/api/v1/timelines/public")
|
||||
.asyncDispatch()
|
||||
.andExpect { status { isOk() } }
|
||||
}
|
||||
|
||||
companion object {
|
||||
@JvmStatic
|
||||
@AfterAll
|
||||
fun dropDatabase(@Autowired flyway: Flyway) {
|
||||
flyway.clean()
|
||||
flyway.migrate()
|
||||
}
|
||||
}
|
||||
}
|
|
@ -204,6 +204,9 @@ class SecurityConfig {
|
|||
authorize(POST, "/api/v1/media", hasAnyScope("write", "write:media"))
|
||||
authorize(POST, "/api/v1/statuses", hasAnyScope("write", "write:statuses"))
|
||||
|
||||
authorize(GET, "/api/v1/timelines/public", permitAll)
|
||||
authorize(GET, "/api/v1/timelines/home", hasAnyScope("read", "read:statuses"))
|
||||
|
||||
authorize(anyRequest, authenticated)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue