Fixed unknown authentication scheme, missing VC entity & parameter
checker
Change-Id: I2f0eb38e3dbe8105ccc42f7d386587a9be5504a1
diff --git a/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java b/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
index 5eed64f..2470d4e 100644
--- a/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
+++ b/core/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
@@ -7,9 +7,10 @@
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.utils.ParameterChecker;
-/** Implementation of Basic HTTP authentication scheme (see RFC 7253
- * and 7617) for client asking for authorization and sending user
- * data.
+/**
+ * Implementation of Basic HTTP authentication scheme (see RFC 7253
+ * and 7617) for client asking for authorization and sending user
+ * data.
*
* @author margaretha
*
@@ -17,13 +18,13 @@
@Component
public class HttpAuthorizationHandler {
- public static String createBasicAuthorizationHeaderValue (String username,
+ public static String createBasicAuthorizationHeaderValue (String username,
String password) throws KustvaktException {
ParameterChecker.checkStringValue(username, "username");
ParameterChecker.checkStringValue(password, "password");
String credentials = TransferEncoding.encodeBase64(username, password);
- return AuthenticationScheme.BASIC.displayName()+" " + credentials;
+ return AuthenticationScheme.BASIC.displayName() + " " + credentials;
}
public AuthorizationData parseAuthorizationHeaderValue (
@@ -42,8 +43,15 @@
}
AuthorizationData data = new AuthorizationData();
- data.setAuthenticationScheme(
- AuthenticationScheme.valueOf(values[0].toUpperCase()));
+ String scheme = values[0];
+ try {
+ data.setAuthenticationScheme(
+ AuthenticationScheme.valueOf(scheme.toUpperCase()));
+ }
+ catch (IllegalArgumentException e) {
+ throw new KustvaktException(StatusCodes.AUTHENTICATION_FAILED,
+ "Authentication scheme is not supported.", scheme);
+ }
data.setToken(values[1]);
return data;
}
diff --git a/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java b/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java
index 5b6670f..b4cf3cf 100644
--- a/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java
+++ b/core/src/main/java/de/ids_mannheim/korap/utils/ParameterChecker.java
@@ -10,40 +10,40 @@
public static void checkObjectValue (Object obj, String name)
throws KustvaktException {
if (obj == null) {
- throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
- "null");
+ throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+ name + " is null", name);
}
}
-
+
public static void checkCollection (Collection<?> collection, String name)
throws KustvaktException {
if (collection == null) {
- throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
- "null");
+ throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+ name + " is null", name);
}
- else if (collection.isEmpty()){
- throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
- "empty");
+ else if (collection.isEmpty()) {
+ throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+ name + " is empty", name);
}
}
public static void checkStringValue (String string, String name)
throws KustvaktException {
if (string == null) {
- throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
- "null");
+ throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+ name + " is null", name);
}
else if (string.isEmpty()) {
- throw new KustvaktException(StatusCodes.INVALID_ARGUMENT, name,
- "empty");
+ throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
+ name + " is empty", name);
}
}
public static void checkIntegerValue (int integer, String name)
throws KustvaktException {
if (integer == 0) {
- throw new KustvaktException(StatusCodes.MISSING_PARAMETER, name,
- "0");
+ throw new KustvaktException(StatusCodes.MISSING_PARAMETER,
+ name + " is missing", name);
}
}
}
diff --git a/full/Changes b/full/Changes
index 7703da9..7620c38 100644
--- a/full/Changes
+++ b/full/Changes
@@ -4,7 +4,9 @@
- Updated VC access controllers (margaretha)
19/03/2019
- Added close index controller (margaretha)
-
+11/04/2019
+ - Fixed unknown authentication scheme, missing VC entity, and parameter
+ checker (margaretha)
# version 0.61.6
04/02/2019
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
index 556c2e4..c0ba90b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
@@ -234,6 +234,7 @@
verifyUsername(username, vcCreator);
VirtualCorpus vc = vcDao.retrieveVCByName(vcName, vcCreator);
+ ParameterChecker.checkObjectValue(vcJson, "request entity");
if (vc == null) {
storeVC(vcJson, vcName, username);
}
@@ -305,7 +306,6 @@
public int storeVC (VirtualCorpusJson vc, String name, String createdBy)
throws KustvaktException {
-
ParameterChecker.checkStringValue(vc.getCorpusQuery(), "corpusQuery");
String koralQuery = serializeCorpusQuery(vc.getCorpusQuery());
diff --git a/full/src/test/java/de/ids_mannheim/korap/authentication/AuthenticationFilterTest.java b/full/src/test/java/de/ids_mannheim/korap/authentication/AuthenticationFilterTest.java
new file mode 100644
index 0000000..37db9b4
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/authentication/AuthenticationFilterTest.java
@@ -0,0 +1,33 @@
+package de.ids_mannheim.korap.authentication;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.sun.jersey.api.client.ClientResponse;
+
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.JsonUtils;
+
+public class AuthenticationFilterTest extends SpringJerseyTest {
+
+ @Test
+ public void testAuthenticationWithUnknownScheme ()
+ throws KustvaktException {
+ ClientResponse response = resource().path(API_VERSION).path("search")
+ .queryParam("q", "[orth=die]").queryParam("ql", "poliqarp")
+ .header(Attributes.AUTHORIZATION, "Blah blah")
+ .get(ClientResponse.class);
+
+ String entity = response.getEntity(String.class);
+ JsonNode n = JsonUtils.readTree(entity);
+
+ assertEquals("2001", n.at("/errors/0/0").asText());
+ assertEquals("Authentication scheme is not supported.",
+ n.at("/errors/0/1").asText());
+ assertEquals("Blah", n.at("/errors/0/2").asText());
+ }
+}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
index 60ffcf8..a0876ee 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
@@ -687,8 +687,8 @@
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
assertEquals(StatusCodes.MISSING_PARAMETER,
node.at("/errors/0/0").asInt());
- assertEquals("groupId", node.at("/errors/0/1").asText());
- assertEquals("0", node.at("/errors/0/2").asText());
+ assertEquals("groupId is missing", node.at("/errors/0/1").asText());
+ assertEquals("groupId", node.at("/errors/0/2").asText());
}
@Test
@@ -871,8 +871,8 @@
assertEquals(StatusCodes.MISSING_PARAMETER,
node.at("/errors/0/0").asInt());
- assertEquals("groupId", node.at("/errors/0/1").asText());
- assertEquals("0", node.at("/errors/0/2").asText());
+ assertEquals("groupId is missing", node.at("/errors/0/1").asText());
+ assertEquals("groupId", node.at("/errors/0/2").asText());
}
@Test
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
index 0cce338..ce5535a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
@@ -528,8 +528,28 @@
JsonNode node = JsonUtils.readTree(entity);
assertEquals(StatusCodes.INVALID_ARGUMENT,
node.at("/errors/0/0").asInt());
- assertEquals("corpusQuery", node.at("/errors/0/1").asText());
- assertEquals("null", node.at("/errors/0/2").asText());
+ assertEquals("corpusQuery is null", node.at("/errors/0/1").asText());
+ assertEquals("corpusQuery", node.at("/errors/0/2").asText());
+ }
+
+ @Test
+ public void testCreateVCWithoutEntity() throws KustvaktException {
+ ClientResponse response = resource().path(API_VERSION).path("vc")
+ .path("VirtualCorpusControllerTest").path("new vc")
+ .header(Attributes.AUTHORIZATION,
+ HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue(
+ "VirtualCorpusControllerTest", "pass"))
+ .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
+ .put(ClientResponse.class);
+ String entity = response.getEntity(String.class);
+ assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+
+ JsonNode node = JsonUtils.readTree(entity);
+ assertEquals(StatusCodes.INVALID_ARGUMENT,
+ node.at("/errors/0/0").asInt());
+ assertEquals("request entity is null", node.at("/errors/0/1").asText());
+ assertEquals("request entity", node.at("/errors/0/2").asText());
}
@Test
@@ -552,8 +572,8 @@
JsonNode node = JsonUtils.readTree(entity);
assertEquals(StatusCodes.INVALID_ARGUMENT,
node.at("/errors/0/0").asInt());
- assertEquals("type", node.at("/errors/0/1").asText());
- assertEquals("null", node.at("/errors/0/2").asText());
+ assertEquals("type is null", node.at("/errors/0/1").asText());
+ assertEquals("type", node.at("/errors/0/2").asText());
}
@Test