From f3656f583a158776e84946e8d4ffa5036fc3696c Mon Sep 17 00:00:00 2001
From: vityaman <vityaman.dev@yandex.ru>
Date: Mon, 17 Jun 2024 10:46:46 +0300
Subject: [PATCH] #136 Fix defect on absent auth header

---
 .../http/error/DomainExceptionMarshalling.kt  |  5 ++---
 .../security/SpringJwtContextRepository.kt    | 14 +++++-------
 .../api/http/middleware/AuthMiddlewareTest.kt | 22 +++++++++++++++++++
 3 files changed, 29 insertions(+), 12 deletions(-)
 create mode 100644 botalka/src/test/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/middleware/AuthMiddlewareTest.kt

diff --git a/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/error/DomainExceptionMarshalling.kt b/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/error/DomainExceptionMarshalling.kt
index 995ad6b..e064ceb 100644
--- a/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/error/DomainExceptionMarshalling.kt
+++ b/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/error/DomainExceptionMarshalling.kt
@@ -19,8 +19,7 @@ class DomainExceptionMarshalling(
         val entity = exception.toResponseEntity()
         val message = jackson.writeValueAsBytes(entity.body)
         val buffer = response.bufferFactory().wrap(message)
-        response.statusCode = HttpStatus.UNAUTHORIZED
-        response.writeAndFlushWith(Mono.just(Mono.just(buffer)))
-            .awaitSingle()
+        response.statusCode = exception.httpCode
+        response.writeWith(Mono.just(buffer)).awaitSingle()
     }
 }
diff --git a/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtContextRepository.kt b/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtContextRepository.kt
index 08d1dc1..095bdb7 100644
--- a/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtContextRepository.kt
+++ b/botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtContextRepository.kt
@@ -2,7 +2,6 @@ package ru.vityaman.lms.botalka.app.spring.security
 
 import kotlinx.coroutines.reactor.awaitSingle
 import kotlinx.coroutines.reactor.mono
-import org.slf4j.LoggerFactory
 import org.springframework.http.HttpHeaders
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.context.SecurityContext
@@ -23,14 +22,10 @@ class SpringJwtContextRepository(
     private val headerName = HttpHeaders.AUTHORIZATION
     private val bearerPrefix = "Bearer "
 
-    private val log = LoggerFactory.getLogger(this.javaClass)
-
     override fun save(
         exchange: ServerWebExchange,
         context: SecurityContext,
-    ): Mono<Void> {
-        TODO("Not yet implemented")
-    }
+    ): Mono<Void> = TODO("Not yet implemented")
 
     override fun load(exchange: ServerWebExchange): Mono<SecurityContext> =
         mono {
@@ -40,9 +35,10 @@ class SpringJwtContextRepository(
                     .let { authManager.authenticate(it).awaitSingle() }
                     .let { SecurityContextImpl(it) }
             } catch (exception: DomainException) {
-                log.warn("Failed to load a security context", exception)
-                marshalling.write(exchange.response, exception)
-                null
+                AuthenticationException(exception.message!!, exception).let {
+                    marshalling.write(exchange.response, it)
+                }
+                SecurityContextImpl()
             }
         }
 
diff --git a/botalka/src/test/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/middleware/AuthMiddlewareTest.kt b/botalka/src/test/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/middleware/AuthMiddlewareTest.kt
new file mode 100644
index 0000000..f98148f
--- /dev/null
+++ b/botalka/src/test/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/middleware/AuthMiddlewareTest.kt
@@ -0,0 +1,22 @@
+package ru.vityaman.lms.botalka.app.spring.api.http.middleware
+
+import io.kotest.common.runBlocking
+import kotlinx.coroutines.reactor.awaitSingle
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.assertThrows
+import org.springframework.web.reactive.function.client.WebClientResponseException
+import ru.vityaman.lms.botalka.app.spring.BotalkaTestSuite
+import ru.vityaman.lms.botalka.app.spring.api.http.client.Api
+
+class AuthMiddlewareTest : BotalkaTestSuite() {
+    @Test
+    fun requestWithoutBearer(): Unit = runBlocking {
+        val api = Api.ofNewbie()
+        assertThrows<WebClientResponseException.Unauthorized> {
+            api.callGuardedMethod()
+        }
+    }
+
+    private suspend fun Api.callGuardedMethod() =
+        this.user.getUserById(1).awaitSingle()
+}