Fix Tests

Author: Sascha-droid

backend/src/main/java/org/example/app/general/common/security/PermissionService.java

@@ -1,10 +1,12 @@
 package org.example.app.general.common.security;
 
+import io.quarkus.runtime.configuration.ConfigUtils;
 import io.smallrye.jwt.auth.principal.ParseException;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.container.ContainerRequestContext;
 import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.SecurityContext;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -27,8 +29,14 @@ public class PermissionService {
 
     private List<String> getPermissions() throws ParseException {
         List<String> permissions = new ArrayList<>();
-        String sessionId = requestContext.getCookies().get("SESSION_ID").getValue();
-        List<String> roles = jwtService.getRoles(sessionService.getSession(sessionId).get().getJwt());
+        String jwt;
+        if (ConfigUtils.getProfiles().contains("test")) {
+            jwt = requestContext.getHeaders().get("Authorization").getFirst();
+        }else {
+            String sessionId = requestContext.getCookies().get("SESSION_ID").getValue();
+            jwt = sessionService.getSession(sessionId).get().getJwt();
+        }
+        List<String> roles = jwtService.getRoles(jwt);
         roles.forEach(role->{
                 Roles userRole = Roles.valueOf(role.toUpperCase());
                 switch (userRole) {

backend/src/test/java/org/example/app/task/resource/KeycloakTokenProvider.java

@@ -0,0 +1,48 @@
+package org.example.app.task.resource;
+
+import io.restassured.RestAssured;
+import io.restassured.http.ContentType;
+import io.restassured.response.Response;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class KeycloakTokenProvider {
+
+    private static final String KEYCLOAK_URL = "http://localhost:8180/realms/quarkus/protocol/openid-connect/token";
+    private static final String CLIENT_ID = "backend-service";
+    private static final String USERNAME_ADMIN = "alice";
+    private static final String PASSWORD_ADMIN = "alice";
+    private static final String USERNAME_USER = "bob";
+    private static final String PASSWORD_USER = "bob";
+    private static final String SECRET = "secret";
+
+    public static String getAccessTokenWithAdmin() {
+        return getAccessToken(USERNAME_ADMIN, PASSWORD_ADMIN);
+    }
+
+    public static String getAccessTokenWithUser() {
+        return getAccessToken(USERNAME_USER, PASSWORD_USER);
+    }
+
+    public static String getAccessToken(String username, String password) {
+        Map<String, String> params = new HashMap<>();
+        params.put("grant_type", "password");
+        params.put("client_id", CLIENT_ID);
+        params.put("username", username);
+        params.put("password", password);
+        params.put("client_secret", SECRET);
+
+
+        Response response = RestAssured.given()
+                .contentType(ContentType.URLENC)
+                .formParams(params)
+                .post(KEYCLOAK_URL);
+
+        if (response.getStatusCode() != 200) {
+            throw new RuntimeException("Failed to get token: " + response.getBody().asString());
+        }
+
+        return response.jsonPath().getString("access_token");
+    }
+}

backend/src/test/java/org/example/app/task/service/IntegrationTestProfile.java

@@ -0,0 +1,11 @@
+package org.example.app.task.service;
+
+import io.quarkus.test.junit.QuarkusTestProfile;
+
+public class IntegrationTestProfile implements QuarkusTestProfile {
+
+    @Override
+    public String getConfigProfile() {
+        return "test";
+    }
+}

backend/src/test/java/org/example/app/task/service/TaskServiceIT.java

@@ -0,0 +1,80 @@
+
+package org.example.app.task.service;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.emptyString;
+import static org.hamcrest.Matchers.not;
+
+import io.quarkus.test.junit.TestProfile;
+import org.example.app.task.resource.KeycloakTokenProvider;
+import org.hamcrest.Matchers;
+import org.junit.jupiter.api.*;
+import org.junit.jupiter.api.MethodOrderer.OrderAnnotation;
+import org.junit.jupiter.api.TestInstance.Lifecycle;
+
+import io.quarkus.test.junit.QuarkusIntegrationTest;
+import io.restassured.http.ContentType;
+import io.restassured.response.Response;
+
+/**
+ * E2E black-box test of the To-Do service only via its public REST resource.
+ */
+@QuarkusIntegrationTest
+@TestMethodOrder(OrderAnnotation.class)
+@TestProfile(IntegrationTestProfile.class)
+@TestInstance(Lifecycle.PER_CLASS)
+class TaskServiceIT {
+
+  private Integer taskListId;
+
+  private Integer taskItemId;
+
+  private String token;
+
+  @BeforeAll
+  void getJwt(){
+    token = KeycloakTokenProvider.getAccessTokenWithAdmin();
+  }
+
+  @Test
+  @Order(1)
+  void shouldAllowCreatingANewTaskList() {
+
+    Response response = given().when().header("Authorization", token).body("{ \"title\": \"Shopping List\" }").contentType(ContentType.JSON)
+        .post("/task/list");
+    response.then().statusCode(201).header("Location", not(emptyString()));
+
+    this.taskListId = Integer.parseInt(response.header("Location").replaceAll(".*?/task/list/", ""));
+  }
+
+  @Test
+  @Order(2)
+  void shouldAllowAddingATaskToATaskList() {
+
+    Response response = given().when().header("Authorization", token).body("{ \"title\": \"Buy Milk\", \"taskListId\": " + this.taskListId + " }")
+        .contentType(ContentType.JSON).post("/task/item");
+
+    response.then().statusCode(201).header("Location", not(emptyString()));
+
+    this.taskItemId = Integer.parseInt(response.header("Location").replaceAll(".*?/task/item/", ""));
+  }
+
+  @Test
+  @Order(3)
+  void shouldAllowRetrievingATaskListWithTaskItems() {
+
+    given().when().header("Authorization", token).get("/task/list-with-items/{taskListId}", this.taskListId).then().statusCode(200)
+        .body("list.title", Matchers.equalTo("Shopping List")).and().body("list.id", Matchers.equalTo(this.taskListId))
+        .and().body("items[0].title", Matchers.equalTo("Buy Milk"));
+  }
+
+  @Test
+  @Order(4)
+  void shouldAllowDeletingATaskListCompletely() {
+
+    given().when().header("Authorization", token).delete("/task/list/{taskListId}", this.taskListId).then().statusCode(204);
+    given().when().header("Authorization", token).get("/task/list/{taskListId}", this.taskListId).then().statusCode(404);
+    given().when().header("Authorization", token).get("/task/item/{itemId}", this.taskItemId).then().statusCode(404);
+
+  }
+}