Move PasswordResetToken endpoints into their own folder and controller (

#483)
FordLabs · Oct 10, 2022 · 453e614 · 453e614
1 parent bfa626a
commit 453e614
Show file tree

Hide file tree

Showing 23 changed files with 341 additions and 182 deletions.
diff --git a/api/src/main/java/com/ford/labs/retroquest/email/EmailController.java b/api/src/main/java/com/ford/labs/retroquest/email/EmailController.java
@@ -19,10 +19,10 @@
 
 import com.ford.labs.retroquest.exception.EmailNotAssociatedWithAnyTeamsException;
 import com.ford.labs.retroquest.exception.TeamDoesNotExistException;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetToken;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetTokenService;
 import com.ford.labs.retroquest.team.Team;
 import com.ford.labs.retroquest.team.TeamService;
-import com.ford.labs.retroquest.team.password.PasswordResetToken;
-import com.ford.labs.retroquest.team.password.PasswordResetTokenService;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import org.springframework.web.bind.annotation.PostMapping;

diff --git a/api/src/main/java/com/ford/labs/retroquest/email/EmailService.java b/api/src/main/java/com/ford/labs/retroquest/email/EmailService.java
@@ -16,7 +16,7 @@
  */
 package com.ford.labs.retroquest.email;
 
-import com.ford.labs.retroquest.team.password.PasswordResetToken;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetToken;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.mail.SimpleMailMessage;

diff --git a/...est/team/password/PasswordResetToken.java → ...sword_reset_token/PasswordResetToken.java b/...est/team/password/PasswordResetToken.java → ...sword_reset_token/PasswordResetToken.java
@@ -1,16 +1,30 @@
-package com.ford.labs.retroquest.team.password;
+/*
+ * Copyright (c) 2022 Ford Motor Company
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.ford.labs.retroquest.password_reset_token;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.ford.labs.retroquest.team.Team;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
 
 import javax.persistence.*;
 import java.time.Duration;
-import java.time.LocalDate;
 import java.time.LocalDateTime;
 import java.util.UUID;
 

diff --git a/...main/java/com/ford/labs/retroquest/password_reset_token/PasswordResetTokenController.java b/...main/java/com/ford/labs/retroquest/password_reset_token/PasswordResetTokenController.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2022 Ford Motor Company
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.ford.labs.retroquest.password_reset_token;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping(value = "/api/password-reset-token")
+@Tag(name = "Password Reset Token Controller", description = "The controller that manages password reset tokens")
+public class PasswordResetTokenController {
+
+    private final PasswordResetTokenRepository passwordResetRepository;
+
+    public PasswordResetTokenController(PasswordResetTokenRepository passwordResetRepository) {
+        this.passwordResetRepository = passwordResetRepository;
+    }
+
+    @GetMapping("/lifetime-in-seconds")
+    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
+    @Operation(description = "Get the number of seconds before a password reset token expires")
+    public ResponseEntity<Integer> getResetTokenValiditySeconds(@Value("${retroquest.password.reset.token-lifetime-seconds:600}") int tokenSeconds){
+        return ResponseEntity.ok(tokenSeconds);
+    }
+
+    @GetMapping("/{passwordResetToken}/is-valid")
+    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
+    @Operation(description = "Check if the reset token is valid")
+    public boolean checkResetTokenStatus(@PathVariable("passwordResetToken") String passwordResetToken) {
+        PasswordResetToken token = passwordResetRepository.findByResetToken(passwordResetToken);
+        return token != null && !token.isExpired();
+    }
+}
diff --git a/...assword/PasswordResetTokenRepository.java → ...t_token/PasswordResetTokenRepository.java b/...assword/PasswordResetTokenRepository.java → ...t_token/PasswordResetTokenRepository.java
@@ -15,15 +15,13 @@
  * limitations under the License.
  */
 
-package com.ford.labs.retroquest.team.password;
+package com.ford.labs.retroquest.password_reset_token;
 
 import com.ford.labs.retroquest.team.Team;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
 import javax.transaction.Transactional;
-import java.time.LocalDate;
-import java.util.Optional;
 
 @Repository
 public interface PasswordResetTokenRepository extends JpaRepository<PasswordResetToken, String> {

diff --git a/...m/password/PasswordResetTokenService.java → ...eset_token/PasswordResetTokenService.java b/...m/password/PasswordResetTokenService.java → ...eset_token/PasswordResetTokenService.java
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.ford.labs.retroquest.team.password;
+package com.ford.labs.retroquest.password_reset_token;
 
 import com.ford.labs.retroquest.team.Team;
 import org.springframework.stereotype.Service;

diff --git a/api/src/main/java/com/ford/labs/retroquest/team/TeamController.java b/api/src/main/java/com/ford/labs/retroquest/team/TeamController.java
@@ -19,8 +19,8 @@
 
 import com.ford.labs.retroquest.exception.BadResetTokenException;
 import com.ford.labs.retroquest.security.JwtBuilder;
-import com.ford.labs.retroquest.team.password.PasswordResetToken;
-import com.ford.labs.retroquest.team.password.PasswordResetTokenRepository;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetToken;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetTokenRepository;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
@@ -110,18 +110,6 @@ public void resetPassword(@RequestBody ResetPasswordRequest resetPasswordRequest
         passwordResetRepository.delete(passwordResetToken);
     }
 
-    @PostMapping("/password/reset/is-valid")
-    public boolean checkResetTokenStatus(@RequestBody ResetTokenStatusRequest resetTokenStatusRequest) {
-        PasswordResetToken passwordResetToken = passwordResetRepository.findByResetToken(resetTokenStatusRequest.getResetToken());
-        return passwordResetToken != null && !passwordResetToken.isExpired();
-    }
-
-    @GetMapping("/password/reset/token-lifetime-seconds")
-    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "OK")})
-    public ResponseEntity<Integer> getResetTokenValiditySeconds(@Value("${retroquest.password.reset.token-lifetime-seconds:600}") int tokenSeconds){
-        return ResponseEntity.ok(tokenSeconds);
-    }
-
     @GetMapping(value = "/team/{teamId}/csv", produces = "application/board.csv")
     @PreAuthorize("@teamAuthorization.requestIsAuthorized(authentication, #teamId)")
     @Operation(summary = "downloads a team board", description = "downloadTeamBoard")

diff --git a/api/src/test/java/com/ford/labs/retroquest/api/EmailApiTest.java b/api/src/test/java/com/ford/labs/retroquest/api/EmailApiTest.java
@@ -20,10 +20,10 @@
 import com.ford.labs.retroquest.email.EmailService;
 import com.ford.labs.retroquest.email.RecoverTeamNamesRequest;
 import com.ford.labs.retroquest.email.RequestPasswordResetRequest;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetToken;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetTokenRepository;
 import com.ford.labs.retroquest.team.Team;
 import com.ford.labs.retroquest.team.TeamRepository;
-import com.ford.labs.retroquest.team.password.PasswordResetToken;
-import com.ford.labs.retroquest.team.password.PasswordResetTokenRepository;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;

diff --git a/api/src/test/java/com/ford/labs/retroquest/api/PasswordResetTokenApiTest.java b/api/src/test/java/com/ford/labs/retroquest/api/PasswordResetTokenApiTest.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2022 Ford Motor Company
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.ford.labs.retroquest.api;
+
+import com.ford.labs.retroquest.api.setup.ApiTestBase;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetToken;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetTokenRepository;
+import com.ford.labs.retroquest.team.Team;
+import com.ford.labs.retroquest.team.TeamRepository;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.test.web.servlet.MvcResult;
+
+import java.time.LocalDateTime;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@Tag("api")
+class PasswordResetTokenApiTest extends ApiTestBase {
+
+    @Autowired
+    private PasswordResetTokenRepository passwordResetRepository;
+
+    @Autowired
+    private TeamRepository teamRepository;
+
+    @Autowired
+    PasswordEncoder passwordEncoder;
+
+    private final String passwordResetTokenRootPath = "/api/password-reset-token";
+
+    private Team team;
+
+    @BeforeEach
+    void beforeClass() {
+        clean();
+        team = new Team("teamuri", "TeamName", "%$&357", "[email protected]");
+        teamRepository.save(team);
+    }
+
+    @AfterEach
+    void clean() {
+        passwordResetRepository.deleteAllInBatch();
+        teamRepository.deleteAllInBatch();
+        assertThat(passwordResetRepository.count()).isZero();
+        assertThat(teamRepository.count()).isZero();
+    }
+
+    @Test
+    public void get_reset_token_validity_seconds__shouldReportCorrectPasswordTokenExpirationTime() throws Exception {
+        String tokenLifeTimePath = passwordResetTokenRootPath + "/lifetime-in-seconds";
+        MvcResult mvcResult = mockMvc.perform(get(tokenLifeTimePath)).andExpect(status().isOk()).andReturn();
+        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("600");
+    }
+
+    @Test
+    void check_reset_token_status__should_return_true_when_password_reset_token_is_valid() throws Exception {
+        PasswordResetToken passwordResetToken = new PasswordResetToken();
+        passwordResetToken.setTeam(team);
+        passwordResetRepository.save(passwordResetToken);
+
+        var mvcResult = mockMvc.perform(get(getIsResetTokenValidPath(passwordResetToken)))
+                .andExpect(status().is2xxSuccessful())
+                .andReturn();
+
+        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("true");
+    }
+
+    @Test
+    void check_reset_token_status__should_return_false_when_password_reset_token_is_expired() throws Exception {
+        PasswordResetToken passwordResetToken = new PasswordResetToken();
+        passwordResetToken.setDateCreated(LocalDateTime.MIN);
+        passwordResetToken.setTeam(team);
+        passwordResetRepository.save(passwordResetToken);
+
+        var mvcResult = mockMvc.perform(get(getIsResetTokenValidPath(passwordResetToken)))
+                .andExpect(status().is2xxSuccessful())
+                .andReturn();
+
+        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("false");
+    }
+
+    @Test
+    void check_reset_token_status__should_return_false_when_password_reset_token_does_not_exist() throws Exception {
+        PasswordResetToken passwordResetToken = new PasswordResetToken();
+        passwordResetToken.setDateCreated(LocalDateTime.MIN);
+        passwordResetToken.setTeam(team);
+        passwordResetRepository.save(passwordResetToken);
+
+        var mvcResult = mockMvc.perform(get(getIsResetTokenValidPath(passwordResetToken)))
+                .andExpect(status().is2xxSuccessful())
+                .andReturn();
+
+        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("false");
+    }
+
+    private String getIsResetTokenValidPath(PasswordResetToken passwordResetToken) {
+        return passwordResetTokenRootPath + "/" + passwordResetToken.getResetToken() + "/is-valid";
+    }
+}
diff --git a/api/src/test/java/com/ford/labs/retroquest/api/TeamApiTest.java b/api/src/test/java/com/ford/labs/retroquest/api/TeamApiTest.java
@@ -20,8 +20,8 @@
 import com.ford.labs.retroquest.api.setup.ApiTestBase;
 import com.ford.labs.retroquest.column.ColumnRepository;
 import com.ford.labs.retroquest.team.*;
-import com.ford.labs.retroquest.team.password.PasswordResetToken;
-import com.ford.labs.retroquest.team.password.PasswordResetTokenRepository;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetToken;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetTokenRepository;
 import io.micrometer.core.instrument.MeterRegistry;
 import org.junit.jupiter.api.*;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -210,77 +210,6 @@ void should_create_team_with_valid_name_and_password_and_two_emails() throws Exc
         assertThat(mvcResult.getResponse().getContentAsString()).isNotNull();
     }
 
-    @Test
-    public void shouldReportCorrectPasswordTokenExpirationTime() throws Exception {
-        MvcResult mvcResult = mockMvc.perform(get("/api/password/reset/token-lifetime-seconds")).andExpect(status().isOk()).andReturn();
-        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("600");
-    }
-
-    @Test
-    void should_return_true_when_password_reset_token_is_valid() throws Exception {
-        Team team = new Team("teamuri", "TeamName", "%$&357", "[email protected]");
-        teamRepository.save(team);
-        PasswordResetToken passwordResetToken = new PasswordResetToken();
-        passwordResetToken.setTeam(team);
-        passwordResetRepository.save(passwordResetToken);
-
-        var mvcResult = mockMvc.perform(
-                post("/api/password/reset/is-valid")
-                        .contentType(APPLICATION_JSON)
-                        .content(objectMapper.writeValueAsBytes(
-                                new ResetTokenStatusRequest(passwordResetToken.getResetToken()))
-                        )
-                )
-                .andExpect(status().is2xxSuccessful())
-                .andReturn();
-
-        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("true");
-    }
-
-    @Test
-    void should_return_false_when_password_reset_token_is_expired() throws Exception {
-        Team team = new Team("teamuri", "TeamName", "%$&357", "[email protected]");
-        teamRepository.save(team);
-        PasswordResetToken passwordResetToken = new PasswordResetToken();
-        passwordResetToken.setDateCreated(LocalDateTime.MIN);
-        passwordResetToken.setTeam(team);
-        passwordResetRepository.save(passwordResetToken);
-
-        var mvcResult = mockMvc.perform(
-                        post("/api/password/reset/is-valid")
-                                .contentType(APPLICATION_JSON)
-                                .content(objectMapper.writeValueAsBytes(
-                                        new ResetTokenStatusRequest(passwordResetToken.getResetToken()))
-                                )
-                )
-                .andExpect(status().is2xxSuccessful())
-                .andReturn();
-
-        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("false");
-    }
-
-    @Test
-    void should_return_false_when_password_reset_token_does_not_exist() throws Exception {
-        Team team = new Team("teamuri", "TeamName", "%$&357", "[email protected]");
-        teamRepository.save(team);
-        PasswordResetToken passwordResetToken = new PasswordResetToken();
-        passwordResetToken.setDateCreated(LocalDateTime.MIN);
-        passwordResetToken.setTeam(team);
-        passwordResetRepository.save(passwordResetToken);
-
-        var mvcResult = mockMvc.perform(
-                        post("/api/password/reset/is-valid")
-                                .contentType(APPLICATION_JSON)
-                                .content(objectMapper.writeValueAsBytes(
-                                        new ResetTokenStatusRequest(UUID.randomUUID().toString()))
-                                )
-                )
-                .andExpect(status().is2xxSuccessful())
-                .andReturn();
-
-        assertThat(mvcResult.getResponse().getContentAsString()).isEqualTo("false");
-    }
-
     @Test
     void should_change_password_and_consume_token_when_reset_token_is_valid() throws Exception {
         Team expectedResetTeam = new Team("teamuri", "TeamName", "%$&357", "[email protected]");

diff --git a/api/src/test/java/com/ford/labs/retroquest/email/EmailServiceTest.java b/api/src/test/java/com/ford/labs/retroquest/email/EmailServiceTest.java
@@ -18,7 +18,7 @@
 package com.ford.labs.retroquest.email;
 
 import com.ford.labs.retroquest.team.Team;
-import com.ford.labs.retroquest.team.password.PasswordResetToken;
+import com.ford.labs.retroquest.password_reset_token.PasswordResetToken;
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mockito;