Fixed unknown authentication scheme, missing VC entity & parameter
checker

Change-Id: I2f0eb38e3dbe8105ccc42f7d386587a9be5504a1
diff --git a/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java b/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
index 5eed64f..2470d4e 100644
--- a/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
+++ b/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
@@ -7,9 +7,10 @@
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.utils.ParameterChecker;
 
-/** Implementation of Basic HTTP authentication scheme (see RFC 7253 
- *  and 7617) for client asking for authorization and sending user 
- *  data.  
+/**
+ * Implementation of Basic HTTP authentication scheme (see RFC 7253
+ * and 7617) for client asking for authorization and sending user
+ * data.
  * 
  * @author margaretha
  * 
@@ -17,13 +18,13 @@
 @Component
 public class HttpAuthorizationHandler {
 
-    public static String createBasicAuthorizationHeaderValue (String username, 
+    public static String createBasicAuthorizationHeaderValue (String username,
             String password) throws KustvaktException {
         ParameterChecker.checkStringValue(username, "username");
         ParameterChecker.checkStringValue(password, "password");
 
         String credentials = TransferEncoding.encodeBase64(username, password);
-        return AuthenticationScheme.BASIC.displayName()+" " + credentials;
+        return AuthenticationScheme.BASIC.displayName() + " " + credentials;
     }
 
     public AuthorizationData parseAuthorizationHeaderValue (
@@ -42,8 +43,15 @@
         }
 
         AuthorizationData data = new AuthorizationData();
-        data.setAuthenticationScheme(
-                AuthenticationScheme.valueOf(values[0].toUpperCase()));
+        String scheme = values[0];
+        try {
+            data.setAuthenticationScheme(
+                    AuthenticationScheme.valueOf(scheme.toUpperCase()));
+        }
+        catch (IllegalArgumentException e) {
+            throw new KustvaktException(StatusCodes.AUTHENTICATION_FAILED,
+                    "Authentication scheme is not supported.", scheme);
+        }
         data.setToken(values[1]);
         return data;
     }
diff --git a/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java b/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java
index 5b6670f..b4cf3cf 100644
--- a/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java
+++ b/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java
@@ -10,40 +10,40 @@
     public static void checkObjectValue (Object obj, String name)
             throws KustvaktException {
         if (obj == null) {
-            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
-                    "null");
+            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+                    name + " is null", name);
         }
     }
-    
+
     public static void checkCollection (Collection<?> collection, String name)
             throws KustvaktException {
         if (collection == null) {
-            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
-                    "null");
+            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+                    name + " is null", name);
         }
-        else if (collection.isEmpty()){
-            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
-                    "empty");
+        else if (collection.isEmpty()) {
+            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, 
+                    name + " is empty", name);
         }
     }
 
     public static void checkStringValue (String string, String name)
             throws KustvaktException {
         if (string == null) {
-            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
-                    "null");
+            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, 
+                    name + " is null", name);
         }
         else if (string.isEmpty()) {
-            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
-                    "empty");
+            throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, 
+                    name + " is empty", name);
         }
     }
 
     public static void checkIntegerValue (int integer, String name)
             throws KustvaktException {
         if (integer == 0) {
-            throw new KustvaktException(StatusCodes.MISSING_PARAMETER, name,
-                    "0");
+            throw new KustvaktException(StatusCodes.MISSING_PARAMETER, 
+                    name + " is missing", name);
         }
     }
 }
diff --git a/full/Changes b/full/Changes
index 7703da9..7620c38 100644
--- a/full/Changes
+++ b/full/Changes
@@ -4,7 +4,9 @@
    - Updated VC access controllers (margaretha)
 19/03/2019
   - Added close index controller (margaretha)
-
+11/04/2019
+   - Fixed unknown authentication scheme, missing VC entity, and parameter 
+     checker (margaretha)
 
 # version 0.61.6
 04/02/2019
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
index 556c2e4..c0ba90b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
@@ -234,6 +234,7 @@
         
         verifyUsername(username, vcCreator);
         VirtualCorpus vc = vcDao.retrieveVCByName(vcName, vcCreator);
+        ParameterChecker.checkObjectValue(vcJson, "request entity");
         if (vc == null) {
             storeVC(vcJson, vcName, username);
         }
@@ -305,7 +306,6 @@
 
     public int storeVC (VirtualCorpusJson vc, String name, String createdBy)
             throws KustvaktException {
-
         ParameterChecker.checkStringValue(vc.getCorpusQuery(), "corpusQuery");
         String koralQuery = serializeCorpusQuery(vc.getCorpusQuery());
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/authentication/AuthenticationFilterTest.java b/full/src/test/java/de/ids_mannheim/korap/authentication/AuthenticationFilterTest.java
new file mode 100644
index 0000000..37db9b4
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/authentication/AuthenticationFilterTest.java
@@ -0,0 +1,33 @@
+package de.ids_mannheim.korap.authentication;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.sun.jersey.api.client.ClientResponse;
+
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.JsonUtils;
+
+public class AuthenticationFilterTest extends SpringJerseyTest {
+
+    @Test
+    public void testAuthenticationWithUnknownScheme ()
+            throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("search")
+                .queryParam("q", "[orth=die]").queryParam("ql", "poliqarp")
+                .header(Attributes.AUTHORIZATION, "Blah blah")
+                .get(ClientResponse.class);
+
+        String entity = response.getEntity(String.class);
+        JsonNode n = JsonUtils.readTree(entity);
+
+        assertEquals("2001", n.at("/errors/0/0").asText());
+        assertEquals("Authentication scheme is not supported.",
+                n.at("/errors/0/1").asText());
+        assertEquals("Blah", n.at("/errors/0/2").asText());
+    }
+}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
index 60ffcf8..a0876ee 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
@@ -687,8 +687,8 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         assertEquals(StatusCodes.MISSING_PARAMETER,
                 node.at("/errors/0/0").asInt());
-        assertEquals("groupId", node.at("/errors/0/1").asText());
-        assertEquals("0", node.at("/errors/0/2").asText());
+        assertEquals("groupId is missing", node.at("/errors/0/1").asText());
+        assertEquals("groupId", node.at("/errors/0/2").asText());
     }
 
     @Test
@@ -871,8 +871,8 @@
 
         assertEquals(StatusCodes.MISSING_PARAMETER,
                 node.at("/errors/0/0").asInt());
-        assertEquals("groupId", node.at("/errors/0/1").asText());
-        assertEquals("0", node.at("/errors/0/2").asText());
+        assertEquals("groupId is missing", node.at("/errors/0/1").asText());
+        assertEquals("groupId", node.at("/errors/0/2").asText());
     }
 
     @Test
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
index 0cce338..ce5535a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
@@ -528,8 +528,28 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.INVALID_ARGUMENT,
                 node.at("/errors/0/0").asInt());
-        assertEquals("corpusQuery", node.at("/errors/0/1").asText());
-        assertEquals("null", node.at("/errors/0/2").asText());
+        assertEquals("corpusQuery is null", node.at("/errors/0/1").asText());
+        assertEquals("corpusQuery", node.at("/errors/0/2").asText());
+    }
+    
+    @Test
+    public void testCreateVCWithoutEntity() throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("vc")
+                .path("VirtualCorpusControllerTest").path("new vc")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        "VirtualCorpusControllerTest", "pass"))
+                .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
+                .put(ClientResponse.class);
+        String entity = response.getEntity(String.class);
+        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+
+        JsonNode node = JsonUtils.readTree(entity);
+        assertEquals(StatusCodes.INVALID_ARGUMENT,
+                node.at("/errors/0/0").asInt());
+        assertEquals("request entity is null", node.at("/errors/0/1").asText());
+        assertEquals("request entity", node.at("/errors/0/2").asText());
     }
 
     @Test
@@ -552,8 +572,8 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.INVALID_ARGUMENT,
                 node.at("/errors/0/0").asInt());
-        assertEquals("type", node.at("/errors/0/1").asText());
-        assertEquals("null", node.at("/errors/0/2").asText());
+        assertEquals("type is null", node.at("/errors/0/1").asText());
+        assertEquals("type", node.at("/errors/0/2").asText());
     }
 
     @Test