From 278b61323063437a9b1586b5ece8c56edba29105 Mon Sep 17 00:00:00 2001
From: Max <walzen665@web.de>
Date: Sun, 7 Apr 2024 23:23:19 +0200
Subject: [PATCH] - Added error response if login info is false - Added simple
 token validation (DOES NOT CHECK IF TOKEN IS EXPIRED YET) - Added
 Softwaretest for AuthenticationService.java

---
 .../mappings/AuthenticationController.java    |  5 ++
 .../service/AuthenticationService.java        | 12 +++-
 .../sharepulse/AuthenticationServiceTest.java | 58 +++++++++++++++++++
 3 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/de/w665/sharepulse/AuthenticationServiceTest.java

diff --git a/src/main/java/de/w665/sharepulse/rest/mappings/AuthenticationController.java b/src/main/java/de/w665/sharepulse/rest/mappings/AuthenticationController.java
index 3b7d31d..c94c3ad 100644
--- a/src/main/java/de/w665/sharepulse/rest/mappings/AuthenticationController.java
+++ b/src/main/java/de/w665/sharepulse/rest/mappings/AuthenticationController.java
@@ -32,6 +32,11 @@ public class AuthenticationController {
         response.put("token", token);
         response.put("success", token != null);
 
+        if(token == null) {
+            log.debug("Authentication failed for username: " + authenticationRequest.getUsername());
+            return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED);
+        }
+
         return new ResponseEntity<>(response, HttpStatus.OK);
     }
 }
diff --git a/src/main/java/de/w665/sharepulse/service/AuthenticationService.java b/src/main/java/de/w665/sharepulse/service/AuthenticationService.java
index 63ebabc..5ef2378 100644
--- a/src/main/java/de/w665/sharepulse/service/AuthenticationService.java
+++ b/src/main/java/de/w665/sharepulse/service/AuthenticationService.java
@@ -2,7 +2,7 @@ package de.w665.sharepulse.service;
 
 import de.w665.sharepulse.db.repo.UserRepository;
 import de.w665.sharepulse.model.User;
-import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.*;
 import io.jsonwebtoken.security.Keys;
 import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
@@ -60,4 +60,14 @@ public class AuthenticationService {
                 .signWith(secretKey)
                 .compact();
     }
+
+    public boolean validateToken(String token) {
+        try {
+            Jwt<?,?> jwt = Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token);
+            // TODO: Check if token is expired
+            return true;
+        } catch (Exception e) {
+            return false;
+        }
+    }
 }
diff --git a/src/test/java/de/w665/sharepulse/AuthenticationServiceTest.java b/src/test/java/de/w665/sharepulse/AuthenticationServiceTest.java
new file mode 100644
index 0000000..36d40c2
--- /dev/null
+++ b/src/test/java/de/w665/sharepulse/AuthenticationServiceTest.java
@@ -0,0 +1,58 @@
+package de.w665.sharepulse;
+
+import de.w665.sharepulse.db.repo.UserRepository;
+import de.w665.sharepulse.model.User;
+import de.w665.sharepulse.service.AuthenticationService;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import java.util.Optional;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.when;
+
+@SpringBootTest
+public class AuthenticationServiceTest {
+
+    @MockBean
+    private UserRepository userRepository;
+
+    @Autowired
+    private AuthenticationService authenticationService;
+
+    private User mockUser;
+    private String username = "testUser";
+    private String password = "testPass";
+
+    @BeforeEach
+    public void setup() {
+        mockUser = new User();
+        mockUser.setUsername(username);
+        mockUser.setPassword(new BCryptPasswordEncoder().encode(password));
+        when(userRepository.retrieveUserByUsername(anyString())).thenReturn(Optional.of(mockUser));
+    }
+
+    @Test
+    public void whenValidUsernameAndPassword_thenAuthenticateShouldReturnToken() {
+        String token = authenticationService.authenticate(username, password);
+        assertNotNull(token, "Token should not be null for valid credentials");
+    }
+
+    @Test
+    public void whenValidToken_thenValidateTokenShouldReturnTrue() {
+        String token = authenticationService.authenticate(username, password);
+        assertTrue(authenticationService.validateToken(token), "Token validation should return true for a valid token");
+    }
+
+    @Test
+    public void whenInvalidToken_thenValidateTokenShouldReturnFalse() {
+        String invalidToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0VXNlciJ9.WrongSignature";
+        assertFalse(authenticationService.validateToken(invalidToken), "Token validation should return false for an invalid token");
+    }
+}