Add authorization to user friends

Karol-2 · May 15, 2024 · 165317d · 165317d
1 parent 4548737
commit 165317d
Show file tree

Hide file tree

Showing 5 changed files with 87 additions and 11 deletions.
diff --git a/backend/src/routes/userFriendsRoute.ts b/backend/src/routes/userFriendsRoute.ts
@@ -28,6 +28,7 @@ const friendsRouter = Router();
 
 friendsRouter.get(
   "/:userId/friends",
+  authenticateToken,
   async (req: Request, res: FriendsPageErrorResponse) => {
     const userId = req.params.userId;
 

diff --git a/backend/test/userFriends.test.ts b/backend/test/userFriends.test.ts
@@ -6,21 +6,63 @@ let page: number = 1;
 let maxUsers: number = 10;
 let userId: string = "";
 
+const userMail = "[email protected]";
+const userPassword = "heuristic";
+
 const getFirstUser = async () => {
   const response = await fetchData(`http://localhost:5000/users`, "GET", {});
   userId = response.users.find(
     (user: User) => user.mail === "[email protected]",
   ).id;
 };
 
+const getKeycloakToken = async (
+  mail: string,
+  password: string,
+): Promise<string> => {
+  const urlParams = new URLSearchParams({
+    grant_type: "password",
+    client_id: "mercury-testing",
+    client_secret: "5mwGU0Efyh3cT2WVX7ffA8UAWEAmrBag",
+    username: mail,
+    password: password,
+  });
+
+  const response = await fetchData(
+    `http://localhost:3000/realms/mercury/protocol/openid-connect/token`,
+    "POST",
+    {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      body: urlParams,
+    },
+  );
+
+  return response.access_token;
+};
+
 await getFirstUser();
+const token = await getKeycloakToken(userMail, userPassword);
 
 describe("Get friends", () => {
+  test("without token", async () => {
+    const response = await fetchData(
+      `http://localhost:5000/users/0/friends?page=${page}&maxUsers=${maxUsers}`,
+      "GET",
+      {},
+    );
+
+    const { status } = response
+    expect(status).toBe("unauthorized");
+  });
+
   test("incorrect ID", async () => {
     const response = await fetchData(
       `http://localhost:5000/users/0/friends?page=${page}&maxUsers=${maxUsers}`,
       "GET",
       {},
+      token
     );
 
     const { status, errors } = response;
@@ -35,6 +77,7 @@ describe("Get friends", () => {
       `http://localhost:5000/users/${userId}/friends?page=${page}&maxUsers=${maxUsers}`,
       "GET",
       {},
+      token
     );
 
     const { status, pageCount, friends } = response;
@@ -51,6 +94,7 @@ describe("Get friends", () => {
       `http://localhost:5000/users/${userId}/friends?page=${page}&maxUsers=${maxUsers}`,
       "GET",
       {},
+      token
     );
 
     const { status, pageCount, friends } = response;
@@ -71,6 +115,7 @@ describe("Pagination parameters", () => {
       `http://localhost:5000/users/${userId}/friends?maxUsers=${maxUsers}`,
       "GET",
       {},
+      token
     );
 
     const { status, errors } = response;
@@ -84,6 +129,7 @@ describe("Pagination parameters", () => {
       `http://localhost:5000/users/${userId}/friends?page=text?maxUsers=${maxUsers}`,
       "GET",
       {},
+      token
     );
 
     const { status, errors } = response;
@@ -97,6 +143,7 @@ describe("Pagination parameters", () => {
       `http://localhost:5000/users/${userId}/friends?page=${page}`,
       "GET",
       {},
+      token
     );
 
     const { status, errors } = response;
@@ -110,6 +157,7 @@ describe("Pagination parameters", () => {
       `http://localhost:5000/users/${userId}/friends?page=text?page=${page}&maxUsers=text`,
       "GET",
       {},
+      token
     );
 
     const { status, errors } = response;
@@ -123,6 +171,7 @@ describe("Pagination parameters", () => {
       `http://localhost:5000/users/${userId}/friends`,
       "GET",
       {},
+      token
     );
 
     const { status, errors } = response;
@@ -138,6 +187,7 @@ describe("Pagination parameters", () => {
       `http://localhost:5000/users/${userId}/friends?page=${page}&maxUsers=${maxUsers}`,
       "GET",
       {},
+      token
     );
 
     const { status, errors } = response;

diff --git a/frontend/src/helpers/KeycloakUserProvider.tsx b/frontend/src/helpers/KeycloakUserProvider.tsx
@@ -32,6 +32,8 @@ function KeycloakUserProvider({ children }: { children: React.ReactNode }) {
     const friendsResponse = await dataService.fetchData(
       `/users/${userId}/friends?${searchParams}`,
       "GET",
+      {},
+      token,
     );
     if (friendsResponse.status != "ok") {
       console.error("Couldn't fetch friends: ", friendsResponse);
@@ -199,10 +201,15 @@ function KeycloakUserProvider({ children }: { children: React.ReactNode }) {
     if (userState.status != "logged_in") return false;
 
     const user = { ...userState.user, ...updateUser };
-    const response = await dataService.fetchData(`/users/${user.id}`, "PUT", {
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(user),
-    }, token);
+    const response = await dataService.fetchData(
+      `/users/${user.id}`,
+      "PUT",
+      {
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(user),
+      },
+      token,
+    );
 
     if (response.status === "ok") {
       setUserLoggedIn(user);
@@ -217,7 +224,12 @@ function KeycloakUserProvider({ children }: { children: React.ReactNode }) {
     if (userState.status != "logged_in") return true;
 
     const user = userState.user!;
-    const response = await dataService.fetchData(`/users/${user.id}`, "DELETE", {}, token);
+    const response = await dataService.fetchData(
+      `/users/${user.id}`,
+      "DELETE",
+      {},
+      token,
+    );
 
     if (response.status === "ok") {
       setUserAnonymous();

diff --git a/frontend/src/helpers/RestUserProvider.tsx b/frontend/src/helpers/RestUserProvider.tsx
@@ -50,7 +50,7 @@ function RestUserProvider({ children }: { children: React.ReactNode }) {
       const decodedToken = decodeToken(tokenStr);
 
       if (decodedToken && !isExpired(tokenStr)) {
-        setToken(token)
+        setToken(token);
         setDecodedToken(decodedToken);
         return true;
       }
@@ -154,10 +154,15 @@ function RestUserProvider({ children }: { children: React.ReactNode }) {
     if (userState.status != "logged_in") return false;
 
     const user = { ...userState.user, ...updateUser };
-    const response = await dataService.fetchData(`/users/${user.id}`, "PUT", {
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(user),
-    }, token);
+    const response = await dataService.fetchData(
+      `/users/${user.id}`,
+      "PUT",
+      {
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(user),
+      },
+      token,
+    );
 
     if (response.status === "ok") {
       return true;
@@ -171,7 +176,12 @@ function RestUserProvider({ children }: { children: React.ReactNode }) {
     if (userState.status != "logged_in") return true;
 
     const user = userState.user!;
-    const response = await dataService.fetchData(`/users/${user.id}`, "DELETE", {}, token);
+    const response = await dataService.fetchData(
+      `/users/${user.id}`,
+      "DELETE",
+      {},
+      token,
+    );
 
     if (response.status === "ok") {
       setUserAnonymous();
@@ -193,6 +203,8 @@ function RestUserProvider({ children }: { children: React.ReactNode }) {
     const friendsResponse = await dataService.fetchData(
       `/users/${userId}/friends?${searchParams}`,
       "GET",
+      {},
+      token,
     );
     if (friendsResponse.status != "ok") {
       console.error("Couldn't fetch friends: ", friendsResponse);

diff --git a/frontend/src/pages/FriendsPage.tsx b/frontend/src/pages/FriendsPage.tsx
@@ -44,6 +44,7 @@ function FriendsPage() {
           `/users/${user.id}/friend-requests?page=1&maxUsers=32`,
           "GET",
           {},
+          token
         );
         setFriendsRequests(friendsRequestsResponse.friendRequests);
       }
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,6 +44,7 @@ function FriendsPage() { @@
               `/users/${user.id}/friend-requests?page=1&maxUsers=32`,
               "GET",
               {},
+              token
             );
             setFriendsRequests(friendsRequestsResponse.friendRequests);
           }
@@ Expand Down @@