opensrp
diff --git a/‎app/src/main/java/org/dhis2/fhir/adapter/AppConfig.java
Lines changed: 12 additions & 2 deletions b/‎app/src/main/java/org/dhis2/fhir/adapter/AppConfig.java
Lines changed: 12 additions & 2 deletions
diff --git a/‎app/src/main/java/org/dhis2/fhir/adapter/WebSecurityConfig.java
Lines changed: 6 additions & 15 deletions b/‎app/src/main/java/org/dhis2/fhir/adapter/WebSecurityConfig.java
Lines changed: 6 additions & 15 deletions
diff --git a/‎app/src/test/java/org/dhis2/fhir/adapter/AbstractAppTest.java
Lines changed: 19 additions & 6 deletions b/‎app/src/test/java/org/dhis2/fhir/adapter/AbstractAppTest.java
Lines changed: 19 additions & 6 deletions
diff --git a/‎app/src/test/java/org/dhis2/fhir/adapter/TestConfiguration.java
Lines changed: 12 additions & 2 deletions b/‎app/src/test/java/org/dhis2/fhir/adapter/TestConfiguration.java
Lines changed: 12 additions & 2 deletions
diff --git a/‎app/src/test/java/org/dhis2/fhir/adapter/TestDhisWebApiAuthenticationProvider.java
Lines changed: 96 additions & 0 deletions b/‎app/src/test/java/org/dhis2/fhir/adapter/TestDhisWebApiAuthenticationProvider.java
Lines changed: 96 additions & 0 deletions
@@ -29,11 +29,15 @@
  */
 
 import org.dhis2.fhir.adapter.converter.ZonedDateTimeToDateConverter;
+import org.dhis2.fhir.adapter.dhis.config.DhisEndpointConfig;
+import org.dhis2.fhir.adapter.dhis.security.DhisWebApiAuthenticationProvider;
+import org.dhis2.fhir.adapter.dhis.security.SecurityConfig;
+import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.format.FormatterRegistry;
 import org.springframework.http.HttpMethod;
-import org.springframework.validation.annotation.Validated;
+import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -47,9 +51,15 @@
  * @author volsch
  */
 @Configuration
-@Validated
 public class AppConfig
 {
+    @Bean
+    @Nonnull
+    public AbstractUserDetailsAuthenticationProvider dhisWebApiAuthenticationProvider( @Nonnull RestTemplateBuilder restTemplateBuilder, @Nonnull DhisEndpointConfig dhisEndpointConfig, @Nonnull SecurityConfig securityConfig )
+    {
+        return new DhisWebApiAuthenticationProvider( restTemplateBuilder, dhisEndpointConfig, securityConfig );
+    }
+
     @Bean
     @Nonnull
     public WebMvcConfigurer mvcConfigurer()
 
@@ -28,13 +28,10 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import org.dhis2.fhir.adapter.dhis.config.DhisEndpointConfig;
-import org.dhis2.fhir.adapter.dhis.security.DhisWebApiAuthenticationProvider;
-import org.dhis2.fhir.adapter.dhis.security.SecurityConfig;
 import org.dhis2.fhir.adapter.fhir.security.AdapterAuthorities;
-import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -56,17 +53,11 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter
 {
     protected static final String DHIS_BASIC_REALM = "DHIS2";
 
-    private final RestTemplateBuilder restTemplateBuilder;
+    private final AbstractUserDetailsAuthenticationProvider userDetailsAuthenticationProvider;
 
-    private final DhisEndpointConfig dhisEndpointConfig;
-
-    private final SecurityConfig securityConfig;
-
-    public WebSecurityConfig( @Nonnull RestTemplateBuilder restTemplateBuilder, @Nonnull DhisEndpointConfig dhisEndpointConfig, @Nonnull SecurityConfig securityConfig )
+    public WebSecurityConfig( @Nonnull AbstractUserDetailsAuthenticationProvider userDetailsAuthenticationProvider )
     {
-        this.restTemplateBuilder = restTemplateBuilder;
-        this.dhisEndpointConfig = dhisEndpointConfig;
-        this.securityConfig = securityConfig;
+        this.userDetailsAuthenticationProvider = userDetailsAuthenticationProvider;
     }
 
     @Override
@@ -92,9 +83,9 @@ protected void configure( @Nonnull HttpSecurity http ) throws Exception
     }
 
     @Override
-    protected void configure( AuthenticationManagerBuilder auth )
+    protected void configure( AuthenticationManagerBuilder auth ) throws Exception
     {
-        auth.authenticationProvider( new DhisWebApiAuthenticationProvider( restTemplateBuilder, dhisEndpointConfig, securityConfig ) );
+        auth.authenticationProvider( userDetailsAuthenticationProvider );
     }
 
     @Override
 
@@ -56,6 +56,7 @@
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.web.client.MockRestServiceServer;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.web.client.RestTemplate;
 
 import javax.annotation.Nonnull;
@@ -64,7 +65,6 @@
 import java.util.Objects;
 
 import static com.github.tomakehurst.wiremock.client.WireMock.*;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
@@ -153,7 +153,7 @@ public abstract class AbstractAppTest
     private long resourceDlQueueCount;
 
     protected void notifyResource( @Nonnull FhirResourceType resourceType, @Nullable String resourceSearchResponse,
-        @Nullable String resourceId, @Nullable String resourceResponse ) throws Exception
+        @Nullable String resourceId, @Nullable String resourceResponse, boolean payload ) throws Exception
     {
         if ( previousResourceSearchStubMapping != null )
         {
@@ -178,10 +178,23 @@ protected void notifyResource( @Nonnull FhirResourceType resourceType, @Nullable
                 .withBody( resourceResponse ) ) );
         }
 
-        mockMvc.perform( post( "/remote-fhir-rest-hook/{subscriptionId}/{subscriptionResourceId}",
-            testConfiguration.getRemoteSubscriptionId(), testConfiguration.getRemoteSubscriptionResourceId( resourceType ) )
-            .header( "Authorization", TestConfiguration.ADAPTER_AUTHORIZATION ) )
-            .andExpect( status().isOk() );
+        if ( payload )
+        {
+            Assert.assertNotNull( resourceId );
+            Assert.assertNotNull( resourceResponse );
+            mockMvc.perform( MockMvcRequestBuilders.put( "/remote-fhir-rest-hook/{subscriptionId}/{subscriptionResourceId}/{resourceType}/{resourceId}",
+                testConfiguration.getRemoteSubscriptionId(), testConfiguration.getRemoteSubscriptionResourceId( resourceType ),
+                resourceType.getResourceTypeName(), resourceId ).content( resourceResponse ).contentType( FHIR_JSON_MEDIA_TYPE )
+                .header( "Authorization", TestConfiguration.ADAPTER_AUTHORIZATION ) )
+                .andExpect( status().isOk() );
+        }
+        else
+        {
+            mockMvc.perform( MockMvcRequestBuilders.post( "/remote-fhir-rest-hook/{subscriptionId}/{subscriptionResourceId}",
+                testConfiguration.getRemoteSubscriptionId(), testConfiguration.getRemoteSubscriptionResourceId( resourceType ) )
+                .header( "Authorization", TestConfiguration.ADAPTER_AUTHORIZATION ) )
+                .andExpect( status().isOk() );
+        }
     }
 
     protected void waitForEmptyResourceQueue() throws Exception
 
@@ -29,6 +29,7 @@
  */
 
 import com.github.tomakehurst.wiremock.WireMockServer;
+import org.dhis2.fhir.adapter.dhis.security.SecurityConfig;
 import org.dhis2.fhir.adapter.fhir.metadata.model.FhirResourceType;
 import org.dhis2.fhir.adapter.fhir.metadata.model.SubscriptionType;
 import org.dhis2.fhir.adapter.fhir.security.SystemAuthenticationToken;
@@ -47,6 +48,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
+import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import javax.annotation.Nonnull;
@@ -128,9 +130,10 @@ public String getDhis2UserAuthorization()
 
     @Nonnull
     @Bean
-    protected WireMockServer fhirMockServer()
+    @Primary
+    protected AbstractUserDetailsAuthenticationProvider testDhisWebApiAuthenticationProvider( @Nonnull SecurityConfig securityConfig )
     {
-        return fhirMockServer;
+        return new TestDhisWebApiAuthenticationProvider( securityConfig );
     }
 
     @Nonnull
@@ -141,6 +144,13 @@ protected LockManager embeddedLockManager()
         return new EmbeddedLockManagerImpl();
     }
 
+    @Nonnull
+    @Bean
+    protected WireMockServer fhirMockServer()
+    {
+        return fhirMockServer;
+    }
+
     @PostConstruct
     protected void postConstruct()
     {
 
@@ -0,0 +1,96 @@
+package org.dhis2.fhir.adapter;
+
+/*
+ * Copyright (c) 2004-2018, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.dhis2.fhir.adapter.dhis.security.AdapterUser;
+import org.dhis2.fhir.adapter.dhis.security.SecurityConfig;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import javax.annotation.Nonnull;
+import java.util.Collections;
+
+import static org.dhis2.fhir.adapter.fhir.security.AdapterAuthorities.*;
+
+/**
+ * Authentication provider that authenticates the user by
+ * simulating user management of DHIS2.
+ *
+ * @author volsch
+ */
+public class TestDhisWebApiAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider
+{
+    public static final String CODE_MAPPING_USER = "code_mapping";
+
+    public static final String DATA_MAPPING_USER = "data_mapping";
+
+    public static final String ADMINISTRATION_USER = "administration";
+
+    public static final String ALL_USER = "all";
+
+    private final SecurityConfig securityConfig;
+
+    public TestDhisWebApiAuthenticationProvider( @Nonnull SecurityConfig securityConfig )
+    {
+        this.securityConfig = securityConfig;
+    }
+
+    @Override
+    protected void additionalAuthenticationChecks( UserDetails userDetails, UsernamePasswordAuthenticationToken authentication ) throws AuthenticationException
+    {
+        // all authentication checks have been performed by DHIS2
+    }
+
+    @Override
+    protected UserDetails retrieveUser( String username, UsernamePasswordAuthenticationToken authentication ) throws AuthenticationException
+    {
+        if ( !String.valueOf( authentication.getCredentials() ).equals( username + "_1" ) )
+        {
+            throw new BadCredentialsException( "Invalid username or password." );
+        }
+
+        switch ( username )
+        {
+            case CODE_MAPPING_USER:
+                return new AdapterUser( "kea2xl4zZfa", username, Collections.singleton( new SimpleGrantedAuthority( CODE_MAPPING_AUTHORITY_ROLE ) ) );
+            case DATA_MAPPING_USER:
+                return new AdapterUser( "kea2xl4zZfb", username, Collections.singleton( new SimpleGrantedAuthority( DATA_MAPPING_AUTHORITY_ROLE ) ) );
+            case ADMINISTRATION_USER:
+                return new AdapterUser( "kea2xl4zZfc", username, Collections.singleton( new SimpleGrantedAuthority( ADMINISTRATION_AUTHORITY_ROLE ) ) );
+            case ALL_USER:
+                return new AdapterUser( "kea2xl4zZfd", username, ALL_AUTHORITIES );
+            default:
+                throw new BadCredentialsException( "Invalid username or password." );
+        }
+    }
+}