JoeKung/print-calculator
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(back-end and front-end): back-office
Some checks failed
Build, Test and Deploy / test-backend (push) Failing after 38s
Details
Build, Test and Deploy / build-and-push (push) Has been skipped
Details
Build, Test and Deploy / deploy (push) Has been skipped
Details

Browse Source
This commit is contained in:
Joe Küng
2026-02-27 12:44:06 +01:00
parent 1598f35c08
commit 3f938db257
32 changed files with 1293 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
backend/src/test/java/com/printcalculator/controller/AdminAuthSecurityTest.java Normal file
View File

@@ -0,0 +1,90 @@
package com.printcalculator.controller;
import com.printcalculator.config.SecurityConfig;
import com.printcalculator.security.AdminSessionAuthenticationFilter;
import com.printcalculator.security.AdminSessionService;
import jakarta.servlet.http.Cookie;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(controllers = AdminAuthController.class)
@Import({SecurityConfig.class, AdminSessionAuthenticationFilter.class, AdminSessionService.class})
@TestPropertySource(properties = {
"admin.password=test-admin-password",
"admin.session.secret=0123456789abcdef0123456789abcdef",
"admin.session.ttl-minutes=60"
})
class AdminAuthSecurityTest {
@Autowired
private MockMvc mockMvc;
@Test
void loginOk_ShouldReturnCookie() throws Exception {
MvcResult result = mockMvc.perform(post("/api/admin/auth/login")
.contentType(MediaType.APPLICATION_JSON)
.content("{\"password\":\"test-admin-password\"}"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.authenticated").value(true))
.andReturn();
String setCookie = result.getResponse().getHeader(HttpHeaders.SET_COOKIE);
assertNotNull(setCookie);
assertTrue(setCookie.contains("admin_session="));
assertTrue(setCookie.contains("HttpOnly"));
assertTrue(setCookie.contains("Secure"));
assertTrue(setCookie.contains("SameSite=Lax"));
}
@Test
void loginKo_ShouldReturnUnauthorized() throws Exception {
mockMvc.perform(post("/api/admin/auth/login")
.contentType(MediaType.APPLICATION_JSON)
.content("{\"password\":\"wrong-password\"}"))
.andExpect(status().isUnauthorized())
.andExpect(jsonPath("$.authenticated").value(false));
}
@Test
void adminAccessWithoutCookie_ShouldReturn401() throws Exception {
mockMvc.perform(get("/api/admin/auth/me"))
.andExpect(status().isUnauthorized());
}
@Test
void adminAccessWithValidCookie_ShouldReturn200() throws Exception {
MvcResult login = mockMvc.perform(post("/api/admin/auth/login")
.contentType(MediaType.APPLICATION_JSON)
.content("{\"password\":\"test-admin-password\"}"))
.andExpect(status().isOk())
.andReturn();
String setCookie = login.getResponse().getHeader(HttpHeaders.SET_COOKIE);
assertNotNull(setCookie);
Cookie adminCookie = toCookie(setCookie);
mockMvc.perform(get("/api/admin/auth/me").cookie(adminCookie))
.andExpect(status().isOk())
.andExpect(jsonPath("$.authenticated").value(true));
}
private Cookie toCookie(String setCookieHeader) {
String[] parts = setCookieHeader.split(";", 2);
String[] keyValue = parts[0].split("=", 2);
return new Cookie(keyValue[0], keyValue.length > 1 ? keyValue[1] : "");
}
}