mardi 13 octobre 2020

MockMvc throws internal exception instead of returning response with 4xx status code

i am trying to write a JwtTokenVerifier test using MockMvc

when i trying to request some api with invalid Auth header: instead of returning response with 4xx status code, it throws internal exception (AuthException in my case) should i expect this exception in the test or i need to do something to get response?

(test succeeds for values "" and "123", but fails for "Bearer qewqweqweqwe" with an AuthException (io.jsonwebtoken.MalformedJwtException: JWT strings must contain exactly 2 period characters. Found: 0))

Test:

@ParameterizedTest
    @ValueSource(strings = {"", "123", "Bearer qewqweqweqwe"})
    public void throwsClientErrorOnRequestWithInvalidAuthHeader(String headerValue) throws Exception {
        String requestBody = asJsonString(new CustomPageRequest());

        mockMvc.perform(
                MockMvcRequestBuilders.post("/users/paged")
                        .header(jwtConfig.getAuthorizationHeader(), headerValue)
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(requestBody))
                .andExpect(status().is4xxClientError());
    }

JwtTokenVerifier filter:

public class JwtTokenVerifier extends OncePerRequestFilter {

    //DI

    @Override
    protected void doFilterInternal(HttpServletRequest request,
                                    HttpServletResponse response,
                                    FilterChain filterChain) throws ServletException, IOException {
        String authHeader = request.getHeader(jwtConfig.getAuthorizationHeader());
        if (StringUtils.isEmpty(authHeader) || !authHeader.startsWith(jwtConfig.getTokenPrefix())) {
            logger.warn("Invalid Authorization header - '" + authHeader + "'");
            filterChain.doFilter(request, response);
            return;
        }
        try {
            Claims body = getTokenBodyFromAuthHeader(authHeader);

            String username = body.getSubject();

            AuthUser userDetails = userDetailsService.loadUserByUsername(username);
            CustomTokenBasedAuthentication authentication = new CustomTokenBasedAuthentication(userDetails);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            userContext.setCurrentPrincipal(authentication);
        } catch (JwtException e) {
            logger.error("During authentication (token verification) exception occurred", e);
            throw new AuthException("auth error");
        }
        filterChain.doFilter(request, response);
    }

    ...
}

ApiExceptionHandler:

@ControllerAdvice(basePackages = {"bac9h.demoapp"})
public class ApiExceptionsHandler {

    ...

    @ResponseStatus(HttpStatus.UNAUTHORIZED)
    @ExceptionHandler(AuthException.class)
    @ResponseBody
    public String onAuthException(AuthException e) {
        return "401 error: " + e.getMessage();
    }
}
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)