From da4d9d698b20d0fdef28c751c7a18e01b02ba28f Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Mon, 11 Dec 2023 15:43:28 +0900 Subject: [PATCH 1/4] =?UTF-8?q?fix:=20#206=20=E3=82=BF=E3=82=A4=E3=83=A0?= =?UTF-8?q?=E3=83=A9=E3=82=A4=E3=83=B3=E3=81=8C=E6=9C=AA=E3=83=AD=E3=82=B0?= =?UTF-8?q?=E3=82=A4=E3=83=B3=E7=8A=B6=E6=85=8B=E3=81=A7=E8=A6=8B=E3=82=8C?= =?UTF-8?q?=E3=81=AA=E3=81=8F=E3=81=AA=E3=81=A3=E3=81=A6=E3=81=84=E3=82=8B?= =?UTF-8?q?=E5=95=8F=E9=A1=8C=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../dev/usbharu/hideout/application/config/SecurityConfig.kt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt index dadee6f4..08059d2d 100644 --- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt +++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt @@ -204,6 +204,9 @@ class SecurityConfig { authorize(POST, "/api/v1/media", hasAnyScope("write", "write:media")) authorize(POST, "/api/v1/statuses", hasAnyScope("write", "write:statuses")) + authorize(GET, "/api/v1/timelines/public", permitAll) + authorize(GET, "/api/v1/timelines/home", hasAnyScope("read", "read:statuses")) + authorize(anyRequest, authenticated) } From f5a406d222b47380e21752c400c0f6dc72fafbd3 Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Mon, 11 Dec 2023 15:43:42 +0900 Subject: [PATCH 2/4] =?UTF-8?q?test:=20=E3=82=BF=E3=82=A4=E3=83=A0?= =?UTF-8?q?=E3=83=A9=E3=82=A4=E3=83=B3=E3=81=AE=E3=83=86=E3=82=B9=E3=83=88?= =?UTF-8?q?=E3=82=92=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mastodon/timelines/TimelineApiTest.kt | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt diff --git a/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt new file mode 100644 index 00000000..0a888cb9 --- /dev/null +++ b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt @@ -0,0 +1,104 @@ +package mastodon.timelines + +import dev.usbharu.hideout.SpringApplication +import org.junit.jupiter.api.BeforeEach +import org.junit.jupiter.api.Test +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.test.context.SpringBootTest +import org.springframework.security.core.authority.SimpleGrantedAuthority +import org.springframework.security.test.context.support.WithAnonymousUser +import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors +import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers +import org.springframework.test.context.jdbc.Sql +import org.springframework.test.web.servlet.MockMvc +import org.springframework.test.web.servlet.get +import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder +import org.springframework.test.web.servlet.setup.MockMvcBuilders +import org.springframework.transaction.annotation.Transactional +import org.springframework.web.context.WebApplicationContext + +@SpringBootTest(classes = [SpringApplication::class]) +@Transactional +@Sql("/sql/test-user.sql") +class TimelineApiTest { + @Autowired + private lateinit var context: WebApplicationContext + + private lateinit var mockMvc: MockMvc + + @BeforeEach + fun beforeEach() { + mockMvc = MockMvcBuilders.webAppContextSetup(context) + .apply(SecurityMockMvcConfigurers.springSecurity()) + .build() + } + + @Test + fun `apiV1TimelinesHomeGetにreadでアクセスできる`() { + mockMvc + .get("/api/v1/timelines/home") { + with( + SecurityMockMvcRequestPostProcessors.jwt() + .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read")) + ) + } + .asyncDispatch() + .andExpect { status { isOk() } } + } + + @Test + fun `apiV1TimelinesHomeGetにread statusesでアクセスできる`() { + mockMvc + .get("/api/v1/timelines/home") { + with( + SecurityMockMvcRequestPostProcessors.jwt() + .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read:statuses")) + ) + } + .asyncDispatch() + .andExpect { status { isOk() } } + } + + @Test + @WithAnonymousUser + fun apiV1TimelineHomeGetに匿名でアクセスすると401() { + mockMvc + .get("/api/v1/timelines/home") + .andExpect { status { isUnauthorized() } } + } + + @Test + fun apiV1TimelinesPublicGetにreadでアクセスできる() { + mockMvc + .get("/api/v1/timelines/public") { + with( + SecurityMockMvcRequestPostProcessors.jwt() + .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read")) + ) + } + .asyncDispatch() + .andExpect { status { isOk() } } + } + + @Test + fun `apiV1TimelinesPublicGetにread statusesでアクセスできる`() { + mockMvc + .get("/api/v1/timelines/public") { + with( + SecurityMockMvcRequestPostProcessors.jwt() + .jwt { it.claim("uid", "1") }.authorities(SimpleGrantedAuthority("SCOPE_read:statuses")) + ) + } + .asyncDispatch() + .andExpect { status { isOk() } } + } + + @Test + @WithAnonymousUser + fun apiV1TimeinesPublicGetに匿名でアクセスできる() { + mockMvc + .get("/api/v1/timelines/public") + .asyncDispatch() + .andExpect { status { isOk() } } + } +} From f7a9dd00e3cc679def5c3ab94bc7a1882714637b Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Mon, 11 Dec 2023 16:19:44 +0900 Subject: [PATCH 3/4] =?UTF-8?q?test:=20=E3=83=86=E3=82=B9=E3=83=88?= =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kotlin/mastodon/timelines/TimelineApiTest.kt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt index 0a888cb9..acd16991 100644 --- a/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt +++ b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt @@ -1,6 +1,8 @@ package mastodon.timelines import dev.usbharu.hideout.SpringApplication +import org.flywaydb.core.Flyway +import org.junit.jupiter.api.AfterAll import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.Test import org.springframework.beans.factory.annotation.Autowired @@ -101,4 +103,13 @@ class TimelineApiTest { .asyncDispatch() .andExpect { status { isOk() } } } + + companion object { + @JvmStatic + @AfterAll + fun dropDatabase(@Autowired flyway: Flyway) { + flyway.clean() + flyway.migrate() + } + } } From 35a6fbdb96f701070e0effdafd2647ae7a3c6ded Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Mon, 11 Dec 2023 16:26:03 +0900 Subject: [PATCH 4/4] =?UTF-8?q?test:=20=E3=83=86=E3=82=B9=E3=83=88?= =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt index acd16991..37fe48d8 100644 --- a/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt +++ b/src/intTest/kotlin/mastodon/timelines/TimelineApiTest.kt @@ -21,7 +21,7 @@ import org.springframework.web.context.WebApplicationContext @SpringBootTest(classes = [SpringApplication::class]) @Transactional -@Sql("/sql/test-user.sql") +@Sql("/sql/test-user.sql", executionPhase = Sql.ExecutionPhase.BEFORE_TEST_CLASS) class TimelineApiTest { @Autowired private lateinit var context: WebApplicationContext