package de.asideas.crowdsource;
import de.asideas.crowdsource.presentation.project.Project;
import de.asideas.crowdsource.testsupport.CrowdSourceTestConfig;
import de.asideas.crowdsource.testsupport.util.CrowdSourceClient;
import de.asideas.crowdsource.testsupport.util.UrlProvider;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.boot.test.WebIntegrationTest;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
import java.io.IOException;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.springframework.http.HttpStatus.BAD_REQUEST;
import static org.springframework.http.HttpStatus.UNAUTHORIZED;
@RunWith(SpringJUnit4ClassRunner.class)
@WebIntegrationTest
@SpringApplicationConfiguration(classes = {CrowdSourceExample.class, CrowdSourceTestConfig.class})
public class AuthenticationIT {
@Autowired
private UrlProvider urlProvider;
@Autowired
private CrowdSourceClient crowdSourceClient;
@Test
public void unauthorizedRequest() {
RestTemplate restTemplate = crowdSourceClient.getUnderlyingClient();
try {
restTemplate.postForObject(urlProvider.applicationUrl() + "/project", getPreparedProject(), Project.class);
Assert.fail("Accessing a protected resource without access token should fail");
} catch (HttpClientErrorException e) {
assertThat(e.getStatusCode(), is(UNAUTHORIZED));
}
}
@Test
public void authorizedRequest() throws IOException {
CrowdSourceClient.AuthToken authToken = crowdSourceClient.authorizeWithDefaultUser();
assertThat(authToken.getAccessToken(), is(notNullValue()));
ResponseEntity<Project> response = crowdSourceClient.createProject(getPreparedProject(), authToken);
assertThat(response.getStatusCode(), is(HttpStatus.CREATED));
}
@Test
public void invalidCredentials() throws IOException {
try {
crowdSourceClient.authorize("wrong", "credentials");
Assert.fail("Requesting an access token with wrong credentials should fail");
} catch (HttpClientErrorException e) {
assertThat(e.getStatusCode(), is(BAD_REQUEST));
}
}
@Test
public void invalidAccessToken() throws IOException {
CrowdSourceClient.AuthToken authToken = new CrowdSourceClient.AuthToken();
authToken.setAccessToken("some-invalid-access-token");
try {
crowdSourceClient.createProject(getPreparedProject(), authToken);
Assert.fail("Accessing a protected resource with an invalid token should fail");
} catch (HttpClientErrorException e) {
assertThat(e.getStatusCode(), is(UNAUTHORIZED));
}
}
private Project getPreparedProject() {
final Project project = new Project();
project.setPledgeGoal(1000);
project.setTitle("myTitle");
project.setShortDescription("shortDescription");
project.setDescription("myDescription");
return project;
}
}