feat(csrf): Adding support for CSRF in Swagger for test instance

src/main/kotlin/dev/stonegarden/deltahouse/config/FlywayMigrationConfiguration.kt

@@ -0,0 +1,14 @@
+package dev.stonegarden.deltahouse.config
+
+import org.springframework.boot.autoconfigure.flyway.FlywayMigrationStrategy
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+
+
+@Configuration
+class FlywayMigrationConfiguration {
+    @Bean
+    fun flywayMigrationStrategy(): FlywayMigrationStrategy {
+        return FlywayMigrationStrategy { flyway -> flyway.migrate() }
+    }
+}

src/main/kotlin/dev/stonegarden/deltahouse/config/SecurityConfiguration.kt

@@ -5,14 +5,24 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository
+import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
+
 
 @Configuration
 @EnableWebSecurity
 class SecurityConfiguration {
 
     @Bean
-    fun apiFilterChain(http: HttpSecurity): SecurityFilterChain {
-        http.authorizeHttpRequests { request -> request.anyRequest().permitAll() }
-        return http.build()
+    @Throws(Exception::class)
+    fun filterChain(httpSecurity: HttpSecurity): SecurityFilterChain {
+        httpSecurity.csrf { request ->
+            request.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                .csrfTokenRequestHandler(CsrfTokenRequestAttributeHandler())
+        }.authorizeHttpRequests { request ->
+            request.anyRequest().permitAll()
+        }
+        return httpSecurity.build()
     }
+
 }

src/main/kotlin/dev/stonegarden/deltahouse/user/UserService.kt

@@ -1,5 +1,9 @@
 package dev.stonegarden.deltahouse.user
 
+import dev.stonegarden.deltahouse.exceptions.CardIsAlreadyRegisteredException
+import dev.stonegarden.deltahouse.exceptions.EmailIsAlreadyRegisteredException
+import dev.stonegarden.deltahouse.exceptions.UserIsDeletedException
+import dev.stonegarden.deltahouse.exceptions.UserNotFoundException
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Service
 import java.time.ZonedDateTime
@@ -10,9 +14,7 @@ class UserService(
 ) {
 
     fun getAllUsers(): List<User> {
-        return userRepository.findAll()
-            .filter { it.deletedDate == null }
-            .map { User(it) }
+        return userRepository.findAll().filter { it.deletedDate == null }.map { User(it) }
     }
 
     fun getUserByCardId(cardId: Long): User {
@@ -21,10 +23,10 @@ class UserService(
 
     fun createUser(user: User, createdBy: String): User {
         if (userRepository.findByCardId(user.cardId).isPresent) {
-            throw dev.stonegarden.deltahouse.exceptions.CardIsAlreadyRegisteredException()
+            throw CardIsAlreadyRegisteredException()
         }
         if (userRepository.findByEmail(user.email).isPresent) {
-            throw dev.stonegarden.deltahouse.exceptions.EmailIsAlreadyRegisteredException()
+            throw EmailIsAlreadyRegisteredException()
         }
 
         return User(userRepository.save(UserDAO(user, createdBy)))
@@ -86,12 +88,12 @@ class UserService(
 
     fun changeUserCardId(email: String, newCardId: Long, changedBy: String): User {
         if (userRepository.findByCardId(newCardId).isPresent) {
-            throw dev.stonegarden.deltahouse.exceptions.CardIsAlreadyRegisteredException()
+            throw CardIsAlreadyRegisteredException()
         }
 
         val userDAO = userRepository.findByEmail(email)
         if (userDAO.isEmpty) {
-            throw dev.stonegarden.deltahouse.exceptions.UserNotFoundException()
+            throw UserNotFoundException()
         }
         return User(userRepository.save(userDAO.get().copy(cardId = newCardId, changedBy = changedBy)))
     }
@@ -105,10 +107,10 @@ class UserService(
     fun getUserDAOByCardId(cardId: Long): UserDAO {
         val userDAO = userRepository.findByCardId(cardId)
         if (userDAO.isEmpty) {
-            throw dev.stonegarden.deltahouse.exceptions.UserNotFoundException()
+            throw UserNotFoundException()
         }
         if (userDAO.get().deletedDate != null) {
-            throw dev.stonegarden.deltahouse.exceptions.UserIsDeletedException()
+            throw UserIsDeletedException()
         }
         return userDAO.get()
     }

src/main/kotlin/dev/stonegarden/deltahouse/wallet/WalletService.kt

@@ -1,5 +1,6 @@
 package dev.stonegarden.deltahouse.wallet
 
+import dev.stonegarden.deltahouse.exceptions.InvalidTransactionException
 import dev.stonegarden.deltahouse.user.UserService
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
@@ -28,13 +29,13 @@ class WalletService(
         val cashBalance = userWallet.cashBalance()
 
         if (price > maxPurchaseValue) {
-            throw dev.stonegarden.deltahouse.exceptions.InvalidTransactionException("Purchase value too high. Max price is ${maxPurchaseValue}.")
+            throw InvalidTransactionException("Purchase value too high. Max price is ${maxPurchaseValue}.")
         }
         if (price <= 0) {
-            throw dev.stonegarden.deltahouse.exceptions.InvalidTransactionException("Purchase price must be positive.")
+            throw InvalidTransactionException("Purchase price must be positive.")
         }
         if (cashBalance + creditRating * creditMultiplier < price) {
-            throw dev.stonegarden.deltahouse.exceptions.InvalidTransactionException(
+            throw InvalidTransactionException(
                 "Not enough funds to complete purchase. Current balance $cashBalance"
                         + if (creditRating > 0) " with a tab of ${creditRating * creditMultiplier}." else "."
             )
@@ -49,14 +50,14 @@ class WalletService(
         val cashBalance = userWallet.cashBalance()
 
         if (amount > maxDepositValue) {
-            throw dev.stonegarden.deltahouse.exceptions.InvalidTransactionException("Deposit value too high. Max deposit is ${maxDepositValue}.")
+            throw InvalidTransactionException("Deposit value too high. Max deposit is ${maxDepositValue}.")
         }
         if (amount <= 0) {
-            throw dev.stonegarden.deltahouse.exceptions.InvalidTransactionException("Deposit must be positive.")
+            throw InvalidTransactionException("Deposit must be positive.")
         }
         // If this is true it is very like we've run into an integer overflow
         if (cashBalance + amount < Int.MIN_VALUE + amount) {
-            throw dev.stonegarden.deltahouse.exceptions.InvalidTransactionException("Depositing more would result in an integer overflow.")
+            throw InvalidTransactionException("Depositing more would result in an integer overflow.")
         }
         return performTransaction(userWallet, amount)
     }

src/main/resources/application-local-h2.yaml

@@ -2,6 +2,11 @@ datasource-url: jdbc:h2:mem:db/beer;DB_CLOSE_ON_EXIT=FALSE
 datasource-username: sa
 datasource-password: sa
 
+springdoc:
+  swagger-ui:
+    csrf:
+      enabled: true
+
 spring:
   flyway:
     enabled: true

src/main/resources/application-local-stonegarden.yaml → src/main/resources/application-test-stonegarden.yaml

@@ -1,6 +1,7 @@
-datasource-url: jdbc:postgresql://192.168.1.140:5432/bar
-datasource-username: veh
-datasource-password: 1QtlsofDJ1zLL40cRWo690UuAo0Ogf4lCpwyzklng1WTnNebxWbPx3ytrNCTSJbD
+springdoc:
+  swagger-ui:
+    csrf:
+      enabled: true
 
 spring:
   flyway: