RoleUserInterceptor.java

1
package edu.ucsb.cs156.organic.interceptors;
2
3
import javax.servlet.http.HttpServletRequest;
4
import javax.servlet.http.HttpServletResponse;
5
6
import org.springframework.beans.factory.annotation.Autowired;
7
import org.springframework.stereotype.Component;
8
import org.springframework.web.servlet.HandlerInterceptor;
9
import org.springframework.web.servlet.ModelAndView;
10
11
import edu.ucsb.cs156.organic.repositories.UserRepository;
12
import org.springframework.security.core.authority.SimpleGrantedAuthority;
13
import org.springframework.beans.factory.annotation.Autowired;
14
import org.springframework.beans.factory.annotation.Value;
15
import org.springframework.security.core.Authentication;
16
import org.springframework.security.core.GrantedAuthority;
17
import org.springframework.security.core.context.SecurityContext;
18
import org.springframework.security.core.context.SecurityContextHolder;
19
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
20
import org.springframework.security.oauth2.core.user.OAuth2User;
21
22
import java.util.Optional;
23
import java.util.HashSet;
24
import java.util.Set;
25
import java.util.Collection;
26
import edu.ucsb.cs156.organic.entities.User;
27
28
29
30
@Component
31
public class RoleUserInterceptor implements HandlerInterceptor {
32
33
   @Autowired
34
   UserRepository userRepository;
35
36
   @Override
37
   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
38
        // Update user's security context on server each time the user makes HTTP request to the backend
39
        // If user has admin status in database we will keep ROLE_ADMIN in security context
40
        // Otherwise interceptor will remove ROLE_ADMIN before the incoming request is processed by backend API
41
        SecurityContext securityContext = SecurityContextHolder.getContext();
42
        Authentication authentication = securityContext.getAuthentication();
43
44
        
45
46 1 1. preHandle : negated conditional → KILLED
        if (authentication instanceof OAuth2AuthenticationToken ) {
47
            OAuth2User oAuthUser = ((OAuth2AuthenticationToken) authentication).getPrincipal();
48
            Integer githubId = oAuthUser.getAttribute("id");
49
            Optional<User> optionalUser = userRepository.findByGithubId(githubId);
50 1 1. preHandle : negated conditional → KILLED
            if (optionalUser.isPresent()){
51
                User user = optionalUser.get();
52
53
                Set<GrantedAuthority> newAuthorities = new HashSet<>();
54
                Collection<? extends GrantedAuthority> currentAuthorities = authentication.getAuthorities();
55
                currentAuthorities.stream()
56 2 1. lambda$preHandle$0 : negated conditional → KILLED
2. lambda$preHandle$0 : replaced boolean return with true for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::lambda$preHandle$0 → KILLED
                .filter(authority -> !authority.getAuthority().equals("ROLE_ADMIN")
57 1 1. lambda$preHandle$0 : negated conditional → KILLED
                 && !authority.getAuthority().equals("ROLE_INSTRUCTOR"))
58 1 1. preHandle : removed call to java/util/stream/Stream::forEach → KILLED
                .forEach(authority -> {
59
                    newAuthorities.add(authority);
60
                });
61
62 1 1. preHandle : negated conditional → KILLED
                if (user.isAdmin()){
63
                    newAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
64
                }
65
66 1 1. preHandle : negated conditional → KILLED
                if (user.isInstructor()){
67
                    newAuthorities.add(new SimpleGrantedAuthority("ROLE_INSTRUCTOR"));
68
                }
69
                
70
                Authentication newAuth = new OAuth2AuthenticationToken(oAuthUser, newAuthorities,(((OAuth2AuthenticationToken)authentication).getAuthorizedClientRegistrationId()));
71 1 1. preHandle : removed call to org/springframework/security/core/context/SecurityContext::setAuthentication → KILLED
                SecurityContextHolder.getContext().setAuthentication(newAuth);
72
            }
73
        }
74
75 1 1. preHandle : replaced boolean return with false for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::preHandle → KILLED
      return true;
76
   }
77
    
78
}

Mutations

46

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.controllers.SchoolsControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.controllers.SchoolsControllerTests]/[method:logged_out_users_cannot_get_all()]
negated conditional → KILLED

50

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:user_not_present_in_db_and_no_role_update_by_interceptor()]
negated conditional → KILLED

56

1.1
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_instructor_field_in_db_is_false()]
negated conditional → KILLED

2.2
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_instructor_field_in_db_is_false()]
replaced boolean return with true for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::lambda$preHandle$0 → KILLED

57

1.1
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_instructor_field_in_db_is_false()]
negated conditional → KILLED

58

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_instructor_field_in_db_is_false()]
removed call to java/util/stream/Stream::forEach → KILLED

62

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_instructor_field_in_db_is_false()]
negated conditional → KILLED

66

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_instructor_field_in_db_is_false()]
negated conditional → KILLED

71

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_instructor_field_in_db_is_false()]
removed call to org/springframework/security/core/context/SecurityContext::setAuthentication → KILLED

75

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.controllers.SchoolsControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.controllers.SchoolsControllerTests]/[method:logged_out_users_cannot_get_all()]
replaced boolean return with false for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::preHandle → KILLED

Active mutators

Tests examined


Report generated by PIT 1.7.3