#136 Fix defect on absent auth header

botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/error/DomainExceptionMarshalling.kt

@@ -2,7 +2,6 @@ package ru.vityaman.lms.botalka.app.spring.api.http.error
 
 import com.fasterxml.jackson.databind.ObjectMapper
 import kotlinx.coroutines.reactor.awaitSingle
-import org.springframework.http.HttpStatus
 import org.springframework.http.server.reactive.ServerHttpResponse
 import org.springframework.stereotype.Component
 import reactor.core.publisher.Mono
@@ -19,8 +18,7 @@ class DomainExceptionMarshalling(
         val entity = exception.toResponseEntity()
         val message = jackson.writeValueAsBytes(entity.body)
         val buffer = response.bufferFactory().wrap(message)
-        response.statusCode = HttpStatus.UNAUTHORIZED
-        response.writeAndFlushWith(Mono.just(Mono.just(buffer)))
-            .awaitSingle()
+        response.statusCode = exception.httpCode
+        response.writeWith(Mono.just(buffer)).awaitSingle()
     }
 }

botalka/src/main/kotlin/ru/vityaman/lms/botalka/app/spring/security/SpringJwtContextRepository.kt

@@ -2,7 +2,6 @@ package ru.vityaman.lms.botalka.app.spring.security
 
 import kotlinx.coroutines.reactor.awaitSingle
 import kotlinx.coroutines.reactor.mono
-import org.slf4j.LoggerFactory
 import org.springframework.http.HttpHeaders
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.context.SecurityContext
@@ -23,14 +22,10 @@ class SpringJwtContextRepository(
     private val headerName = HttpHeaders.AUTHORIZATION
     private val bearerPrefix = "Bearer "
 
-    private val log = LoggerFactory.getLogger(this.javaClass)
-
     override fun save(
         exchange: ServerWebExchange,
         context: SecurityContext,
-    ): Mono<Void> {
-        TODO("Not yet implemented")
-    }
+    ): Mono<Void> = TODO("Not yet implemented")
 
     override fun load(exchange: ServerWebExchange): Mono<SecurityContext> =
         mono {
@@ -40,9 +35,10 @@ class SpringJwtContextRepository(
                     .let { authManager.authenticate(it).awaitSingle() }
                     .let { SecurityContextImpl(it) }
             } catch (exception: DomainException) {
-                log.warn("Failed to load a security context", exception)
-                marshalling.write(exchange.response, exception)
-                null
+                AuthenticationException(exception.message!!, exception).let {
+                    marshalling.write(exchange.response, it)
+                }
+                SecurityContextImpl()
             }
         }
 

botalka/src/test/kotlin/ru/vityaman/lms/botalka/app/spring/api/http/middleware/AuthMiddlewareTest.kt

@@ -0,0 +1,22 @@
+package ru.vityaman.lms.botalka.app.spring.api.http.middleware
+
+import io.kotest.common.runBlocking
+import kotlinx.coroutines.reactor.awaitSingle
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.assertThrows
+import org.springframework.web.reactive.function.client.WebClientResponseException
+import ru.vityaman.lms.botalka.app.spring.BotalkaTestSuite
+import ru.vityaman.lms.botalka.app.spring.api.http.client.Api
+
+class AuthMiddlewareTest : BotalkaTestSuite() {
+    @Test
+    fun requestWithoutBearer(): Unit = runBlocking {
+        val api = Api.ofNewbie()
+        assertThrows<WebClientResponseException.Unauthorized> {
+            api.callGuardedMethod()
+        }
+    }
+
+    private suspend fun Api.callGuardedMethod() =
+        this.user.getUserById(1).awaitSingle()
+}