From ac9c9306de76eeef31514c2b1f92427c1b2a409f Mon Sep 17 00:00:00 2001
From: Noah Bjerkli Aanonli <noah.aanonli@nb.no>
Date: Wed, 28 Aug 2024 14:37:51 +0200
Subject: [PATCH] Fix JWT mocking

---
 .../wls/order/controller/OrderController.kt   |  3 ++-
 .../nb/mlt/wls/order/service/OrderService.kt  |  8 +++----
 .../order/controller/OrderControllerTest.kt   | 21 ++++++++++++-------
 3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/src/main/kotlin/no/nb/mlt/wls/order/controller/OrderController.kt b/src/main/kotlin/no/nb/mlt/wls/order/controller/OrderController.kt
index 2ec893ce..ac5d8ba5 100644
--- a/src/main/kotlin/no/nb/mlt/wls/order/controller/OrderController.kt
+++ b/src/main/kotlin/no/nb/mlt/wls/order/controller/OrderController.kt
@@ -118,8 +118,9 @@ class OrderController(val orderService: OrderService) {
         @AuthenticationPrincipal jwt: JwtAuthenticationToken,
         @PathVariable("hostName") hostName: HostName,
         @PathVariable("hostOrderId") hostOrderId: String
-    ): ResponseEntity<Order> = orderService.getOrder(jwt, hostName, hostOrderId)
+    ): ResponseEntity<Order> = orderService.getOrder(jwt.name, hostName, hostOrderId)
 
+    // TODO - Move this into a utility class
     companion object {
         fun throwIfHostInvalid(
             clientName: String,
diff --git a/src/main/kotlin/no/nb/mlt/wls/order/service/OrderService.kt b/src/main/kotlin/no/nb/mlt/wls/order/service/OrderService.kt
index 85ddf237..b59be644 100644
--- a/src/main/kotlin/no/nb/mlt/wls/order/service/OrderService.kt
+++ b/src/main/kotlin/no/nb/mlt/wls/order/service/OrderService.kt
@@ -13,7 +13,6 @@ import no.nb.mlt.wls.order.payloads.toSynqPayload
 import no.nb.mlt.wls.order.repository.OrderRepository
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
 import org.springframework.stereotype.Service
 import org.springframework.web.server.ResponseStatusException
 import org.springframework.web.server.ServerErrorException
@@ -29,10 +28,10 @@ class OrderService(val db: OrderRepository, val synqService: SynqOrderService) {
      * Creates an order within the WLS database, and sends it to the appropriate storage systems
      */
     suspend fun createOrder(
-        hostName: String,
+        clientName: String,
         payload: ApiOrderPayload
     ): ResponseEntity<ApiOrderPayload> {
-        OrderController.throwIfHostInvalid(hostName, payload.hostName)
+        OrderController.throwIfHostInvalid(clientName, payload.hostName)
         throwIfInvalidPayload(payload)
 
         val existingOrder =
@@ -81,10 +80,11 @@ class OrderService(val db: OrderRepository, val synqService: SynqOrderService) {
      * Gets an order from the WLS database
      */
     suspend fun getOrder(
-        jwt: JwtAuthenticationToken,
+        clientName: String,
         hostName: HostName,
         hostOrderId: String
     ): ResponseEntity<Order> {
+        OrderController.throwIfHostInvalid(clientName, hostName)
         val order =
             db.findByHostNameAndHostOrderId(hostName, hostOrderId)
                 .awaitSingleOrNull()
diff --git a/src/test/kotlin/no/nb/mlt/wls/order/controller/OrderControllerTest.kt b/src/test/kotlin/no/nb/mlt/wls/order/controller/OrderControllerTest.kt
index cd94ca54..1f9d8543 100644
--- a/src/test/kotlin/no/nb/mlt/wls/order/controller/OrderControllerTest.kt
+++ b/src/test/kotlin/no/nb/mlt/wls/order/controller/OrderControllerTest.kt
@@ -18,7 +18,6 @@ import no.nb.mlt.wls.order.model.ProductLine
 import no.nb.mlt.wls.order.payloads.ApiOrderPayload
 import no.nb.mlt.wls.order.payloads.toOrder
 import no.nb.mlt.wls.order.repository.OrderRepository
-import no.nb.mlt.wls.order.service.OrderService
 import no.nb.mlt.wls.order.service.SynqOrderService
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.BeforeEach
@@ -30,16 +29,18 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT
+import org.springframework.context.ApplicationContext
 import org.springframework.data.mongodb.repository.config.EnableMongoRepositories
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
 import org.springframework.security.test.context.support.WithMockUser
 import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf
+import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockJwt
+import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity
 import org.springframework.test.web.reactive.server.WebTestClient
 import org.springframework.test.web.reactive.server.expectBody
 import java.net.URI
 
-// FIXME - Correctly handle JWT in tests
 @EnableTestcontainers
 @TestInstance(PER_CLASS)
 @AutoConfigureWebTestClient
@@ -47,18 +48,22 @@ import java.net.URI
 @EnableMongoRepositories("no.nb.mlt.wls")
 @SpringBootTest(webEnvironment = RANDOM_PORT)
 class OrderControllerTest(
-    @Autowired val repository: OrderRepository
+    @Autowired val repository: OrderRepository,
+    @Autowired val applicationContext: ApplicationContext
 ) {
     @MockkBean
     private lateinit var synqOrderService: SynqOrderService
 
     private lateinit var webTestClient: WebTestClient
 
+    val clientName: String = HostName.AXIELL.name
+
     @BeforeEach
     fun setUp() {
         webTestClient =
             WebTestClient
-                .bindToController(OrderController(OrderService(repository, synqOrderService)))
+                .bindToApplicationContext(applicationContext)
+                .apply(springSecurity())
                 .configureClient()
                 .baseUrl("/v1/order")
                 .build()
@@ -67,7 +72,6 @@ class OrderControllerTest(
     }
 
     @Test
-    @WithMockUser
     fun `createOrder with valid payload creates order`() =
         runTest {
             coEvery {
@@ -76,6 +80,7 @@ class OrderControllerTest(
 
             webTestClient
                 .mutateWith(csrf())
+                .mutateWith(mockJwt().jwt { it.subject(clientName) })
                 .post()
                 .uri("/batch/create")
                 .accept(MediaType.APPLICATION_JSON)
@@ -92,10 +97,10 @@ class OrderControllerTest(
         }
 
     @Test
-    @WithMockUser
     fun `createOrder with duplicate payload returns OK`() {
         webTestClient
             .mutateWith(csrf())
+            .mutateWith(mockJwt().jwt { it.subject(clientName) })
             .post()
             .uri("/batch/create")
             .accept(MediaType.APPLICATION_JSON)
@@ -111,10 +116,10 @@ class OrderControllerTest(
     }
 
     @Test
-    @WithMockUser
     fun `createOrder payload with different data but same ID returns DB entry`() {
         webTestClient
             .mutateWith(csrf())
+            .mutateWith(mockJwt().jwt { it.subject(clientName) })
             .post()
             .uri("/batch/create")
             .accept(MediaType.APPLICATION_JSON)
@@ -138,6 +143,7 @@ class OrderControllerTest(
 
         webTestClient
             .mutateWith(csrf())
+            .mutateWith(mockJwt().jwt { it.subject(clientName) })
             .post()
             .uri("/batch/create")
             .accept(MediaType.APPLICATION_JSON)
@@ -156,6 +162,7 @@ class OrderControllerTest(
 
         webTestClient
             .mutateWith(csrf())
+            .mutateWith(mockJwt().jwt { it.subject(clientName) })
             .post()
             .uri("/batch/create")
             .accept(MediaType.APPLICATION_JSON)