Skip to content

Commit 88a0281

Browse files
authored
Merge pull request #46 from Kilemonn/fix-invalid-token-error-handling
Fix handling and error response when an invalid token is provided
2 parents 34cd77c + 6047d5d commit 88a0281

2 files changed

Lines changed: 43 additions & 2 deletions

File tree

src/main/kotlin/au/kilemon/messagequeue/filter/JwtAuthenticationFilter.kt

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ import org.springframework.stereotype.Component
2121
import org.springframework.web.filter.OncePerRequestFilter
2222
import org.springframework.web.servlet.HandlerExceptionResolver
2323
import java.util.Optional
24+
import kotlin.jvm.optionals.getOrElse
2425

2526

2627
/**
@@ -98,7 +99,7 @@ class JwtAuthenticationFilter: OncePerRequestFilter(), HasLogger
9899
}
99100
else if (authenticator.isInHybridMode())
100101
{
101-
LOG.trace("Allowing request through for lower layer to check as authentication is set to [{}].", RestrictionMode.NONE)
102+
LOG.trace("Allowing request through for lower layer to check as authentication is set to [{}].", RestrictionMode.HYBRID)
102103
filterChain.doFilter(request, response)
103104
}
104105
else if (authenticator.isInRestrictedMode())
@@ -110,13 +111,19 @@ class JwtAuthenticationFilter: OncePerRequestFilter(), HasLogger
110111
}
111112
else
112113
{
113-
val token = if (subQueue.isPresent) subQueue.get() else "null"
114+
val token = subQueue.getOrElse{ "null" }
114115
LOG.error("Failed to manipulate sub-queue [{}] with provided token as the authentication level is set to [{}].", token, authenticator.getRestrictionMode())
115116
handlerExceptionResolver.resolveException(request, response, null, MultiQueueAuthenticationException())
116117
return
117118
}
118119
}
119120
}
121+
catch (ex: MultiQueueAuthenticationException)
122+
{
123+
LOG.error("Provided token is invalid and failed to be verified.", ex)
124+
handlerExceptionResolver.resolveException(request, response, null, ex)
125+
return
126+
}
120127
finally
121128
{
122129
MDC.remove(SUB_QUEUE)

src/test/kotlin/au/kilemon/messagequeue/rest/controller/AuthControllerTest.kt

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import au.kilemon.messagequeue.message.QueueMessage
1010
import au.kilemon.messagequeue.queue.MultiQueue
1111
import au.kilemon.messagequeue.rest.response.AuthResponse
1212
import au.kilemon.messagequeue.settings.MessageQueueSettings
13+
import com.auth0.jwt.interfaces.DecodedJWT
1314
import com.google.gson.Gson
1415
import com.google.gson.reflect.TypeToken
1516
import org.junit.jupiter.api.Assertions
@@ -406,4 +407,37 @@ class AuthControllerTest
406407
Assertions.assertEquals(restrictedIdentifiers.size, identifiers.size)
407408
identifiers.forEach { identifier -> Assertions.assertTrue(restrictedIdentifiers.contains(identifier)) }
408409
}
410+
411+
/**
412+
* Ensure that calls to the remove restriction endpoint with an invalid token fail with an unauthorised error code
413+
* even when the queue is in any restriction mode.
414+
*/
415+
@Test
416+
fun testRemoveRestrictionFromSubQueue_withInvalidToken_inNoneMode()
417+
{
418+
Mockito.doReturn(RestrictionMode.NONE).`when`(multiQueueAuthenticator).getRestrictionMode()
419+
Assertions.assertEquals(RestrictionMode.NONE, multiQueueAuthenticator.getRestrictionMode())
420+
421+
val token = "invalid-token"
422+
Assertions.assertEquals(Optional.empty<DecodedJWT>(),jwtTokenProvider.verifyTokenForSubQueue(token))
423+
424+
val request = MockMvcRequestBuilders.post("${AuthController.AUTH_PATH}/some-sub-queue")
425+
.header(JwtAuthenticationFilter.AUTHORIZATION_HEADER, "${JwtAuthenticationFilter.BEARER_HEADER_VALUE}${token}")
426+
.contentType(MediaType.APPLICATION_JSON_VALUE)
427+
428+
mockMvc.perform(request)
429+
.andExpect(MockMvcResultMatchers.status().isUnauthorized)
430+
431+
Mockito.doReturn(RestrictionMode.HYBRID).`when`(multiQueueAuthenticator).getRestrictionMode()
432+
Assertions.assertEquals(RestrictionMode.HYBRID, multiQueueAuthenticator.getRestrictionMode())
433+
434+
mockMvc.perform(request)
435+
.andExpect(MockMvcResultMatchers.status().isUnauthorized)
436+
437+
Mockito.doReturn(RestrictionMode.RESTRICTED).`when`(multiQueueAuthenticator).getRestrictionMode()
438+
Assertions.assertEquals(RestrictionMode.RESTRICTED, multiQueueAuthenticator.getRestrictionMode())
439+
440+
mockMvc.perform(request)
441+
.andExpect(MockMvcResultMatchers.status().isUnauthorized)
442+
}
409443
}

0 commit comments

Comments
 (0)