Skip to content

Commit

Permalink
Fixes #104
Browse files Browse the repository at this point in the history
  • Loading branch information
mkr committed Feb 25, 2022
1 parent db2a0e5 commit 2024a74
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
2 changes: 1 addition & 1 deletion app/controllers/auth/JWTJsonAuthenticatedAction.scala
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ class JWTJsonAuthenticatedAction(parser: BodyParsers.Default, appConfig: Configu
private val JWT_ROLES_JSON_PATH = getValueFromConfigWithFallback("smui.JWTJsonAuthenticatedAction.authorization.json.path", "$.roles")
private val JWT_AUTHORIZED_ROLES = getValueFromConfigWithFallback("smui.JWTJsonAuthenticatedAction.authorization.roles", "admin")

private lazy val authorizedRoles = JWT_AUTHORIZED_ROLES.replaceAll("\\s", "").split(",").toSeq
private val authorizedRoles = JWT_AUTHORIZED_ROLES.split(",").map(_.trim())

private def getValueFromConfigWithFallback(key: String, default: String): String = {
appConfig.getOptional[String](key) match {
Expand Down
13 changes: 12 additions & 1 deletion test/auth/JWTJsonAuthenticatedActionSpec.scala
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ class JWTJsonAuthenticatedActionSpec extends PlaySpec with MockitoSugar with Gui
"smui.JWTJsonAuthenticatedAction.algorithm" -> "rsa",
"smui.JWTJsonAuthenticatedAction.authorization.active" -> "true",
"smui.JWTJsonAuthenticatedAction.authorization.json.path" -> "$.roles",
"smui.JWTJsonAuthenticatedAction.authorization.roles" -> "admin, search-manager"
"smui.JWTJsonAuthenticatedAction.authorization.roles" -> "admin, search-manager, smui rules analyst"
))
.build()
}
Expand Down Expand Up @@ -92,6 +92,17 @@ class JWTJsonAuthenticatedActionSpec extends PlaySpec with MockitoSugar with Gui
}
}

"let users pass to SMUI if they have role containing a whitespace character" in {
val request = FakeRequest(GET, "/")
.withCookies(buildJWTCookie("test_user", Seq("smui rules analyst")))

val home: Future[Result] = route(app, request).get

whenReady(home) { result =>
result.header.status mustBe 200
}
}

"should secure API routes" in {
var request = FakeRequest(GET, "/api/v1/inputTags")
.withCookies(buildJWTCookie("test_user", Seq("search-manager")))
Expand Down

0 comments on commit 2024a74

Please sign in to comment.