#136 Fix defect on absent auth header

vityaman-edu · Jun 17, 2024 · f3656f5 · f3656f5
1 parent c977fd1
commit f3656f5
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 12 deletions.
diff --git a/...in/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/error/DomainExceptionMarshalling.kt b/...in/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/error/DomainExceptionMarshalling.kt
@@ -19,8 +19,7 @@ class DomainExceptionMarshalling(
         val entity = exception.toResponseEntity()
         val message = jackson.writeValueAsBytes(entity.body)
         val buffer = response.bufferFactory().wrap(message)
-        response.statusCode = HttpStatus.UNAUTHORIZED
-        response.writeAndFlushWith(Mono.just(Mono.just(buffer)))
-            .awaitSingle()
+        response.statusCode = exception.httpCode
+        response.writeWith(Mono.just(buffer)).awaitSingle()
     }
 }
diff --git a/...src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtContextRepository.kt b/...src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtContextRepository.kt
@@ -2,7 +2,6 @@ package ru.vityaman.lms.botalka.app.spring.security
 
 import kotlinx.coroutines.reactor.awaitSingle
 import kotlinx.coroutines.reactor.mono
-import org.slf4j.LoggerFactory
 import org.springframework.http.HttpHeaders
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.context.SecurityContext
@@ -23,14 +22,10 @@ class SpringJwtContextRepository(
     private val headerName = HttpHeaders.AUTHORIZATION
     private val bearerPrefix = "Bearer "
 
-    private val log = LoggerFactory.getLogger(this.javaClass)
-
     override fun save(
         exchange: ServerWebExchange,
         context: SecurityContext,
-    ): Mono<Void> {
-        TODO("Not yet implemented")
-    }
+    ): Mono<Void> = TODO("Not yet implemented")
 
     override fun load(exchange: ServerWebExchange): Mono<SecurityContext> =
         mono {
@@ -40,9 +35,10 @@ class SpringJwtContextRepository(
                     .let { authManager.authenticate(it).awaitSingle() }
                     .let { SecurityContextImpl(it) }
             } catch (exception: DomainException) {
-                log.warn("Failed to load a security context", exception)
-                marshalling.write(exchange.response, exception)
-                null
+                AuthenticationException(exception.message!!, exception).let {
+                    marshalling.write(exchange.response, it)
+                }
+                SecurityContextImpl()
             }
         }
 

diff --git a/.../test/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/middleware/AuthMiddlewareTest.kt b/.../test/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/middleware/AuthMiddlewareTest.kt
@@ -0,0 +1,22 @@
+package ru.vityaman.lms.botalka.app.spring.api.http.middleware
+
+import io.kotest.common.runBlocking
+import kotlinx.coroutines.reactor.awaitSingle
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.assertThrows
+import org.springframework.web.reactive.function.client.WebClientResponseException
+import ru.vityaman.lms.botalka.app.spring.BotalkaTestSuite
+import ru.vityaman.lms.botalka.app.spring.api.http.client.Api
+
+class AuthMiddlewareTest : BotalkaTestSuite() {
+    @Test
+    fun requestWithoutBearer(): Unit = runBlocking {
+        val api = Api.ofNewbie()
+        assertThrows<WebClientResponseException.Unauthorized> {
+            api.callGuardedMethod()
+        }
+    }
+
+    private suspend fun Api.callGuardedMethod() =
+        this.user.getUserById(1).awaitSingle()
+}