mystuff-32 When we request category we see information about creator with login and password

Max-Levitskiy · Max-Levitskiy · commit a62455cea4a9 · 2019-06-12T19:40:00.000+02:00
Closes #32
diff --git a/back/src/main/java/org/webtree/mystuff/model/domain/User.java b/back/src/main/java/org/webtree/mystuff/model/domain/User.java
@@ -1,5 +1,6 @@
 package org.webtree.mystuff.model.domain;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.neo4j.ogm.annotation.GraphId;
 import org.neo4j.ogm.annotation.NodeEntity;
 import org.springframework.security.core.GrantedAuthority;
@@ -14,6 +15,7 @@ public class User implements UserDetails {
     @GraphId
     private Long id = null;
     private String username;
+    @JsonIgnore
     private String password;
     private Date lastPasswordResetDate;
 
diff --git a/back/src/test/java/org/webtree/mystuff/controller/SecurityControllerTest.java b/back/src/test/java/org/webtree/mystuff/controller/SecurityControllerTest.java
@@ -14,6 +14,7 @@
 import org.springframework.security.test.context.support.WithAnonymousUser;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultActions;
+import org.webtree.mystuff.model.domain.AuthDetails;
 import org.webtree.mystuff.model.domain.User;
 import org.webtree.mystuff.security.JwtTokenUtil;
 import org.webtree.mystuff.service.UserService;
@@ -39,10 +40,14 @@ public void whenLoginWithCorrectUser_shouldReturnValidToken() throws Exception {
         User user = User.Builder.create().withUsername(TEST_USERNAME).withPassword(TEST_PASS).build();
         userService.add(user);
 
+        AuthDetails authDetails = new AuthDetails();
+        authDetails.setUsername(TEST_USERNAME);
+        authDetails.setPassword(TEST_PASS);
+
         MvcResult mvcResult = mockMvc.perform(
             post("/rest/token/new")
                 .contentType(MediaType.APPLICATION_JSON)
-                .content(objectMapper.writeValueAsString(user))
+                .content(objectMapper.writeValueAsString(authDetails))
         )
             .andExpect(status().isOk())
             .andExpect(jsonPath("$.errors").doesNotExist())
diff --git a/back/src/test/java/org/webtree/mystuff/controller/StuffControllerTest.java b/back/src/test/java/org/webtree/mystuff/controller/StuffControllerTest.java
@@ -25,6 +25,7 @@
 import org.springframework.boot.test.mock.mockito.SpyBean;
 import org.springframework.security.test.context.support.WithAnonymousUser;
 import org.springframework.test.web.servlet.MvcResult;
+import org.webtree.mystuff.model.domain.AuthDetails;
 import org.webtree.mystuff.model.domain.Category;
 import org.webtree.mystuff.model.domain.Stuff;
 import org.webtree.mystuff.model.domain.User;
@@ -141,11 +142,14 @@ public void whenDeleteStuff_shouldNotReturnItForUser() throws Exception {
     @WithAnonymousUser
     public void whenAddExistingStuff_shouldReturnForBothUsers() throws Exception {
         Stuff stuff = stuffService.save(buildNewStuff(NAME, USER_1));
+        AuthDetails authDetails = new AuthDetails();
+        authDetails.setUsername(USER_2);
+        authDetails.setPassword("pass");
         User user2 = userService.add(User.Builder.create().withUsername(USER_2).withPassword("pass").build());
         MvcResult mvcResult = mockMvc.perform(
             post("/rest/token/new")
                 .contentType(APPLICATION_JSON)
-                .content(objectMapper.writeValueAsString(user2))
+                .content(objectMapper.writeValueAsString(authDetails))
         )
             .andExpect(status().isOk())
             .andExpect(jsonPath("$.errors").doesNotExist())
@@ -243,6 +247,16 @@ public void whenAddExistingCategory_shouldReturnIt_andDonNotTryToCreate() throws
         verify(categoryService, never()).save(any());
     }
 
+    @Test // bug #32
+    public void whenGetStuff_shouldNotReturnUserPassword() throws Exception {
+        Stuff stuff = stuffService.save(buildNewStuffWithStaffCategory(NAME, USER_1, buildNewStaffCategories(CATEGORY1)));
+        mockMvc.perform(get("/rest/stuff/" + stuff.getId()).contentType(APPLICATION_JSON))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$.creator").isNotEmpty())
+            .andExpect(jsonPath("$.creator.username").value(USER_1))
+            .andExpect(jsonPath("$.creator.password").doesNotExist());
+    }
+
     private Stuff buildNewStuff(String name, String username) {
         return Stuff.Builder.create().withUsers(buildNewUsers(username)).withName(name).build();
     }
@@ -263,12 +277,13 @@ private User addUser() {
     }
 
     private Set<User> buildNewUsers(String username) {
-        return Sets.newHashSet(userService.add(User.Builder.create().withUsername(username).build()));
+        return Sets.newHashSet(userService.add(User.Builder.create().withUsername(username).withPassword("qweasd").build()));
     }
 
 
     private Stuff buildNewStuffWithStaffCategory(String name, String username, Set<Category> categories) {
-        return Stuff.Builder.create().withUsers(buildNewUsers(username)).withName(name)
+        Set<User> users = buildNewUsers(username);
+        return Stuff.Builder.create().withCreator(users.iterator().next()).withUsers(users).withName(name)
             .withCategories(categories).build();
     }
 
