Skip to content

Commit

Permalink
[Tech] Protection des sous-chemins /management (UPDATE ENV VAR) (#2773
Browse files Browse the repository at this point in the history
)

## Linked issues

- Resolve #666

----

- [ ] Tests E2E (Cypress)
  • Loading branch information
louptheron authored Dec 20, 2023
2 parents 5f527a5 + 2429065 commit 050b8d0
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
import org.springframework.boot.test.mock.mockito.MockBean
import org.springframework.context.annotation.Import
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status

Expand Down Expand Up @@ -80,4 +81,18 @@ class BffFilterConfigITests {
.andExpect(status().isUnauthorized)
}
}

@Test
fun `Should return 401 for When deleting an user`() {
// When
listOf(
"/api/v1/authorization/management/dummy@user.com",
).forEach {
mockMvc.perform(
delete(it),
)
// Then
.andExpect(status().isUnauthorized)
}
}
}
2 changes: 1 addition & 1 deletion backend/src/test/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@ monitorfish.oidc.enabled=false
monitorfish.api.protected.paths=/bff/*
# Super-user paths of type /** are not supported
monitorfish.api.protected.super-user-paths=/bff/v1/beacon_malfunctions,/bff/v1/missions,/bff/v1/operational_alerts,/bff/v1/reportings,/bff/v1/vessels/risk_factors
monitorfish.api.protected.public-paths=/api/v1/authorization/management,/api/v1/beacon_malfunctions/*
monitorfish.api.protected.public-paths=/api/v1/authorization/management/*,/api/v1/beacon_malfunctions/*
monitorfish.api.protected.api-key=DUMMY-API-KEY
2 changes: 1 addition & 1 deletion infra/configurations/application-dev.properties
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ monitorfish.oidc.userinfo-endpoint=/api/user
monitorfish.api.protected.paths=/bff/*,/light/v1/vessels/*
# Super-user paths of type /** are not supported
monitorfish.api.protected.super-user-paths=/bff/v1/beacon_malfunctions,/bff/v1/missions,/bff/v1/operational_alerts,/bff/v1/reportings,/bff/v1/vessels/risk_factors
monitorfish.api.protected.public-paths=/api/v1/authorization/management,/api/v1/beacon_malfunctions/*,/api/v1/mission_actions/*
monitorfish.api.protected.public-paths=/api/v1/authorization/management/*,/api/v1/beacon_malfunctions/*,/api/v1/mission_actions/*

###################
# Database settings (URL) is injected at runtime with an environment variable
Expand Down
2 changes: 1 addition & 1 deletion infra/configurations/application-local.properties
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ monitorfish.oidc.userinfo-endpoint=/api/user
monitorfish.api.protected.paths=/bff/*,/light/v1/vessels/*
# Super-user paths of type /** are not supported
monitorfish.api.protected.super-user-paths=/bff/v1/beacon_malfunctions,/bff/v1/missions,/bff/v1/operational_alerts,/bff/v1/reportings,/bff/v1/vessels/risk_factors
monitorfish.api.protected.public-paths=/api/v1/authorization/management,/api/v1/beacon_malfunctions/*,/api/v1/mission_actions/*
monitorfish.api.protected.public-paths=/api/v1/authorization/management/*,/api/v1/beacon_malfunctions/*,/api/v1/mission_actions/*
monitorfish.api.protected.api-key=DUMMY-API-KEY

###################
Expand Down
2 changes: 1 addition & 1 deletion infra/configurations/application-prod.properties
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ monitorfish.oidc.userinfo-endpoint=/api/user
monitorfish.api.protected.paths=/bff/*,/light/v1/vessels/*
# Super-user paths of type /** are not supported
monitorfish.api.protected.super-user-paths=/bff/v1/beacon_malfunctions,/bff/v1/missions,/bff/v1/operational_alerts,/bff/v1/reportings,/bff/v1/vessels/risk_factors
monitorfish.api.protected.public-paths=/api/v1/authorization/management,/api/v1/beacon_malfunctions/*,/api/v1/mission_actions/*
monitorfish.api.protected.public-paths=/api/v1/authorization/management/*,/api/v1/beacon_malfunctions/*,/api/v1/mission_actions/*

###################
# Database settings (URL) is injected at runtime with an environment variable
Expand Down

0 comments on commit 050b8d0

Please sign in to comment.