Skip to content

Commit

Permalink
fix: add missing PAT documetantion (#3618)
Browse files Browse the repository at this point in the history
* apidoc for generate and validate, return correct status code

Signed-off-by: ac892247 <[email protected]>

* remaining PAT documentation

Signed-off-by: ac892247 <[email protected]>

* expect correct status code

Signed-off-by: ac892247 <[email protected]>

* fix remaining tests

Signed-off-by: ac892247 <[email protected]>

* authorization details

Signed-off-by: ac892247 <[email protected]>

---------

Signed-off-by: ac892247 <[email protected]>
Co-authored-by: Pablo Carle <[email protected]>
  • Loading branch information
achmelo and pablocarle authored Jun 28, 2024
1 parent 4f78c91 commit 224f897
Show file tree
Hide file tree
Showing 5 changed files with 373 additions and 34 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {
{
tile: 'API Gateway',
id: 'gateway',
selectOp: '#operations-Security-RefreshTokenUsingPOST',
selectOp: '#operations-Diagnostic-VersionInfoUsingGET',
auth: true,
}
].forEach((test) => {
Expand All @@ -52,7 +52,9 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {
cy.visit(`${Cypress.env('catalogHomePage')}/#/service/${test.id}`);
cy.get('.authorization__btn').should('exist');

cy.get('.authorization__btn').eq(0).click();
cy.get('#operations-Security-loginUsingPOST .authorization__btn').should('exist');

cy.get('#operations-Security-loginUsingPOST .authorization__btn').eq(0).click();

cy.get('input[name=username]').type('non-valid');
cy.get('input[name=password]').type('non-valid');
Expand All @@ -61,7 +63,7 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {

cy.get('.close-modal').click();

cy.get('.opblock-summary').eq(0).click();
cy.get('#operations-Security-loginUsingPOST .opblock-summary').eq(0).click();

cy.get('.try-out').click();

Expand All @@ -75,7 +77,7 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {
cy.log(`Visiting ${test.tile}, ${test.id}`);
cy.contains(test.tile).click();
cy.visit(`${Cypress.env('catalogHomePage')}/#/service/${test.id}`);
cy.get('.opblock-summary').eq(1).click();
cy.get(`${test.selectOp} .arrow`).eq(0).click();
cy.get('.try-out').should('exist');
cy.get('.try-out').click();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,7 @@
import org.springframework.lang.Nullable;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;
import org.zowe.apiml.gateway.security.service.AuthenticationService;
import org.zowe.apiml.gateway.security.service.JwtSecurity;
import org.zowe.apiml.gateway.security.service.token.OIDCTokenProvider;
Expand All @@ -53,15 +46,9 @@
import java.io.IOException;
import java.io.StringWriter;
import java.security.PublicKey;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.*;

import static org.apache.http.HttpStatus.SC_NO_CONTENT;
import static org.apache.http.HttpStatus.SC_OK;
import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE;
import static org.apache.http.HttpStatus.*;

/**
* Controller offer method to control security. It can contains method for user and also method for calling services
Expand Down Expand Up @@ -127,7 +114,7 @@ public ResponseEntity<String> revokeAccessToken(@RequestBody() Map<String, Strin
return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
}
tokenProvider.invalidateToken(body.get(TOKEN_KEY));
return new ResponseEntity<>(HttpStatus.OK);
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
}

@DeleteMapping(path = ACCESS_TOKEN_REVOKE_MULTIPLE)
Expand Down Expand Up @@ -195,7 +182,7 @@ public ResponseEntity<String> validateAccessToken(@RequestBody ValidateRequestMo
String serviceId = validateRequestModel.getServiceId();
if (tokenProvider.isValidForScopes(token, serviceId) &&
!tokenProvider.isInvalidated(token)) {
return new ResponseEntity<>(HttpStatus.OK);
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
}
return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
}
Expand Down
Loading

0 comments on commit 224f897

Please sign in to comment.