SecurityConfig.java

package edu.ucsb.cs156.gauchoride.config;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;

import edu.ucsb.cs156.gauchoride.entities.User;
import edu.ucsb.cs156.gauchoride.repositories.UserRepository;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
import org.springframework.security.web.csrf.CsrfTokenRequestHandler;
import org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
@Slf4j
public class SecurityConfig {

  @Value("${app.admin.emails}")
  private final List<String> adminEmails = new ArrayList<String>();

  @Autowired
  UserRepository userRepository;
  
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http
        .exceptionHandling(handling -> handling.authenticationEntryPoint(new Http403ForbiddenEntryPoint()))
        .oauth2Login(
            oauth2 -> oauth2.userInfoEndpoint(userInfo -> userInfo.userAuthoritiesMapper(this.userAuthoritiesMapper())))
        .csrf(csrf -> csrf
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            .csrfTokenRequestHandler(new SpaCsrfTokenRequestHandler()))
        .addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class)
        .authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
        .logout(logout -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/"));
    return http.build();
  }

  @Bean
  public WebSecurityCustomizer webSecurityCustomizer() {
    return web -> web.ignoring().requestMatchers("/h2-console/**");
  }

  private GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
      Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

      authorities.forEach(authority -> {
        log.info("********** authority={}", authority);
        mappedAuthorities.add(authority);
        if (authority instanceof OAuth2UserAuthority oauth2UserAuthority) {

          Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes();
          log.info("********** userAttributes={}", userAttributes);

          mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));

          String email = (String) userAttributes.get("email");
          if (getAdmin(email)) {
            mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
          }


          if (getDriver(email)) {
            mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_DRIVER"));
          }

          if (getRider(email)) {
            mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_RIDER"));
          }

          if (email.endsWith("@ucsb.edu")) {
            mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_MEMBER"));
          }
        }

      });
      return mappedAuthorities;
    };
  }

  public boolean getAdmin(String email) {
    if (adminEmails.contains(email)) {
      return true;
    }
    Optional<User> u = userRepository.findByEmail(email);
    return u.isPresent() && u.get().getAdmin();
  }


  public boolean getDriver(String email){
    Optional<User> u = userRepository.findByEmail(email);
    return u.isPresent() && u.get().getDriver();
  }

  public boolean getRider(String email){
    Optional<User> u = userRepository.findByEmail(email);
    return u.isPresent() && u.get().getRider();
  }

  final class SpaCsrfTokenRequestHandler extends CsrfTokenRequestAttributeHandler {
    private final CsrfTokenRequestHandler delegate = new XorCsrfTokenRequestAttributeHandler();
  
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
        Supplier<CsrfToken> deferredCsrfToken) {
      /*
       * Always use XorCsrfTokenRequestAttributeHandler to provide BREACH protection
       * of
       * the CsrfToken when it is rendered in the response body.
       */
      this.delegate.handle(request, response, deferredCsrfToken);
    }
  
    @Override
    public String resolveCsrfTokenValue(HttpServletRequest request, CsrfToken csrfToken) {
      /*
       * If the request contains a request header, use
       * CsrfTokenRequestAttributeHandler
       * to resolve the CsrfToken. This applies when a single-page application
       * includes
       * the header value automatically, which was obtained via a cookie containing
       * the
       * raw CsrfToken.
       */
      if (StringUtils.hasText(request.getHeader(csrfToken.getHeaderName()))) {
        return super.resolveCsrfTokenValue(request, csrfToken);
      }
      /*
       * In all other cases (e.g. if the request contains a request parameter), use
       * XorCsrfTokenRequestAttributeHandler to resolve the CsrfToken. This applies
       * when a server-side rendered form includes the _csrf request parameter as a
       * hidden input.
       */
      return this.delegate.resolveCsrfTokenValue(request, csrfToken);
    }
  }
  
  final class CsrfCookieFilter extends OncePerRequestFilter {
  
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
        throws ServletException, IOException {
      CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
      // Render the token value to a cookie by causing the deferred token to be loaded
      csrfToken.getToken();
      filterChain.doFilter(request, response);
    }
  }
  
}








Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_out_users_cannot_delete()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_admin_can_get_all()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_drivers_cannot_get_by_id_Admin()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_admin_cannot_get_driver_shifts()] (16 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:test_that_logged_in_admin_can_get_by_id_when_the_id_exists()] (42 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:admin_cant_assigndriver_for_non_existent_ride_id()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_member_can_get_all_their_own_rides()] (18 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_can_edit_their_own_application_whose_status_is_accepted()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_out_users_cannot_get_by_id()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_members_cannot_get_pending_applications()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_admin_can_get_all_shifts()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:admin_can_edit_an_existing_ride()] (47 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_can_get_no_pending_applications_when_they_do_not_exist()] (20 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_can_toggle_admin_status_of_a_user_from_false_to_true()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_admin_can_get_all_applications()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:driver_cannot_get_another_drivers_availability_by_id()] (68 ms)
edu.ucsb.cs156.gauchoride.controllers.UserInfoControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UserInfoControllerTests]/[method:currentUser__logged_in()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_out_users_cannot_get_by_id()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:driver_can_edit_their_own_availability()] (19 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_drivers_cannot_get_all_Admin()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_can_toggle_driver_status_of_a_user_from_true_to_false()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests]/[method:admin_can_get_messages()] (33 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:test_that_logged_in_admin_can_get_by_id_when_the_id_does_not_exist()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:user_can_delete_their_own_ride()] (27 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:a_driver_can_post_a_new_driverAvailability()] (18 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_canot_edit_application_whose_status_is_not_pending_or_accepted()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_admin_can_update_notes_only_when_the_application_exists()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_edit()] (6 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_get_all()] (6 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_rider_cannot_post()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_user_can_get_all_shifts()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_can_toggle_rider_status_of_a_user_from_false_to_true()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_admin_can_get_rides_by_shift_id()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_cannot_cancel_application_that_does_not_exist()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:returns_no_info_for_non_drivers()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_can_toggle_rider_status_of_a_user_from_true_to_false()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_driver_can_get_by_id()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:test_that_logged_in_user_can_get_by_id_when_the_id_exists_and_user_id_does_not_match()] (22 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_admin_cannot_post()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_out_users_cannot_get_by_id_Admin()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_riders_cannot_get_all_Admin()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_driver_can_get_rides_by_shift_id()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_can_get_by_id_when_id_exists()] (32 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_update()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:users__user_logged_in()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_out_users_cannot_get()] (19 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_admin_can_get_by_id()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:returns_info_for_drivers()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_tries_to_toggle_rider_for_non_existant_user_and_gets_right_error_message()] (6 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_admin_cannot_get_by_id()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_member_can_get_by_id_when_the_id_exists_and_user_id_matches()] (30 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:test_that_logged_in_admin_can_get_by_id_when_the_id_does_not_exist()] (19 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_driver_can_get_all()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_users_cannot_get_driver_shifts()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_can_toggle_driver_status_of_a_user_from_false_to_true()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:driver_cannot_delete_another_drivers_availability()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_driver_can_get_by_id()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:test_that_logged_in_user_can_get_by_id_when_the_id_exists_and_user_id_matches()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:driver_tries_to_delete_non_existant_availability_and_gets_right_error_message()] (68 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:test_that_logged_in_user_can_get_by_id_when_the_id_exists_and_user_id_matches()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:admin_can_delete_a_shift()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:admin_cannot_edit_shift_that_does_not_exist()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_can_delete_a_user()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_members_can_get_all_of_theirs()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_members_can_get_by_id_that_is_theirs()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:admin_can_assign_shiftId_to_a_ride()] (29 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_admin_can_get_by_id()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_tries_to_toggleAdmin_non_existant_user_and_gets_right_error_message()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:users__logged_out()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:api_users__admin_logged_in__search_for_user_that_does_not_exist()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_rider_cannot_edit()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:test_that_logged_in_user_can_get_by_id_when_the_id_does_not_exist()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:driver_cannot_edit_availability_that_does_not_exist()] (49 ms)
edu.ucsb.cs156.gauchoride.controllers.SystemInfoControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.SystemInfoControllerTests]/[method:systemInfo__admin_logged_in()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_driver_can_get_driver_shifts()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_out_users_cannot_get_all()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:users__admin_logged_in()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_out_users_cannot_get_all()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:test_that_logged_in_admin_can_get_all_applications()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_admin_cannot_get()] (39 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:an_admin_can_post_a_new_shift()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_admin_cannot_get_by_id()] (40 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_out_users_cannot_get_all_Admin()] (21 ms)
edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:test1()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests]/[method:an_admin_can_post_a_new_message()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_driver_can_get_all_shifts()] (21 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_admin_can_get_all_rides()] (22 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_can_cancel_their_own_application_whose_status_is_pending()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:a_user_can_post_a_new_ride()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_members_cannot_get_specific_application()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:search_for_user_that_does_not_exist()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.CSRFControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.CSRFControllerTests]/[method:csrf_returns_ok()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_users_can_get_all_of_theirs()] (6 ms)
edu.ucsb.cs156.gauchoride.controllers.UserProfileControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UserProfileControllerTests]/[method:user_not_logged_in()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:test_that_logged_in_driver_can_get_by_id_when_the_id_exists()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_member_cannot_update()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_admin_cannot_edit()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_users_can_get_by_id_that_is_theirs()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_can_get_all_pending_applications_when_they_exist()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_cannot_cancel_other_members_application()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_admin_can_update_nothing_when_the_application_exists()] (25 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:driver_cannot_edit_another_drivers_availability()] (42 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_users_can_get_all_of_theirs()] (21 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_admin_cannot_get_by_id_when_id_does_not_exists()] (21 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_member_cannot_get_by_id_when_the_id_does_not_exist()] (31 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:test_that_logged_in_driver_can_get_by_id_when_the_id_does_not_exist()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_admin_cannot_delete()] (23 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:admin_tries_to_delete_non_existant_ride_and_gets_right_error_message()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_out_users_cannot_delete()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_tries_to_toggle_driver_for_non_existant_user_and_gets_right_error_message()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:driver_cannot_edit_ride_that_does_not_exist()] (16 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_rider_cannot_get()] (64 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_admin_can_update_status_and_notes_when_the_application_exists()] (26 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_out_users_cannot_edit()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:test_that_logged_in_admin_can_get_by_id_when_the_id_does_not_exist()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_admins_can_get_all_Admin()] (32 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:user_canot_edit_other_users_ride()] (17 ms)
edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:users__logged_out_all()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_admin_can_get_all()] (11 ms)
edu.ucsb.cs156.gauchoride.config.SecurityConfigTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.config.SecurityConfigTests]/[method:test_SpaCsrfTokenRequestHandler()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:user_cannot_post_shift()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:test_that_logged_in_admin_can_get_by_id_when_the_id_exists()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_out_users_cannot_post()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_out_users_cannot_post()] (6 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_get_pending_applications()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_admin_cannot_update_when_the_application_does_not_exist()] (29 ms)
edu.ucsb.cs156.gauchoride.controllers.UserInfoControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UserInfoControllerTests]/[method:currentUser__logged_out()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:admin_can_edit_an_existing_shift()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_driver_can_get_all()] (16 ms)
edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests]/[method:driver_can_get_messages()] (18 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_rider_cannot_get_by_id()] (33 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_driver_can_get_all_rides()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:driver_can_delete_an_availability()] (17 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:test_that_logged_in_admin_can_get_by_id_when_the_id_exists_and_user_id_matches()] (17 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_user_can_get_all_their_own_rides()] (21 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:test_that_logged_in_driver_can_get_by_id_when_the_id_does_not_exist()] (33 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:user_can_edit_their_own_ride()] (23 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:admin_tries_to_delete_non_existant_shift_and_gets_right_error_message()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:driver_can_delete_any_ride()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_get_specific_application()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_rider_cannot_delete()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_admin_can_update_status_only_when_the_application_exists()] (25 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_members_cannot_get_all_Admin()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:logged_in_driver_cannot_post()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_out_users_cannot_post()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.SystemInfoControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.SystemInfoControllerTests]/[method:systemInfo__user_logged_in()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:user_tries_to_delete_other_users_ride_and_fails()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:user_tries_to_delete_non_existant_ride_and_gets_right_error_message()] (33 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_get_all_Admin()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:test_that_logged_in_user_can_get_by_id_when_the_id_does_not_exist()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_admin_cannot_edit()] (30 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_can_edit_their_own_application_whose_status_is_pending()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:a_member_can_post_a_new_riderApplication()] (27 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_admins_can_get_specific_application()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ChatMessageControllerTests]/[method:a_driver_can_post_a_new_message()] (45 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:test_that_logged_in_driver_can_get_by_id_when_the_id_exists_and_user_id_matches()] (23 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_admins_can_get_pending_applications()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:test_that_logged_in_driver_can_get_by_id_when_the_id_does_not_exist()] (16 ms)
edu.ucsb.cs156.gauchoride.controllers.UserProfileControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UserProfileControllerTests]/[method:User_can_change_their_phone_Number1()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.SystemInfoControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.SystemInfoControllerTests]/[method:systemInfo__logged_out()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:api_users__admin_logged_in__returns_a_user_that_exists()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_get_by_id()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_admins_can_get_all_Admin()] (9 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_can_toggle_admin_status_of_a_user_from_true_to_false()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:test_that_logged_in_member_cannot_get_by_id_when_the_id_exists_but_user_id_does_not_match()] (14 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_canot_cancel_application_whose_status_is_not_pending()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_riders_cannot_get_by_id_Admin()] (12 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:admin_cannot_edit_ride_that_does_not_exist()] (19 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:driver_tries_to_delete_non_existant_ride_and_gets_right_error_message()] (15 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:driver_can_edit_an_existing_ride()] (17 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_out_users_cannot_post()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_cannot_edit_application_that_does_not_exist()] (13 ms)
edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_tries_to_delete_non_existant_user_and_gets_right_error_message()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:admin_can_delete_any_ride()] (49 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_out_users_cannot_edit()] (23 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:logged_in_admin_cannot_get_all()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:test_that_logged_in_driver_can_get_by_id_when_the_id_exists()] (11 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_out_users_cannot_get_by_id()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_driver_can_get_all_their_shifts()] (28 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_in_driver_cannot_post()] (8 ms)
edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:users__logged_out_get()] (7 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_admin_cannot_post()] (47 ms)
edu.ucsb.cs156.gauchoride.controllers.RideControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RideControllerTests]/[method:user_cannot_edit_ride_that_does_not_exist()] (44 ms)
edu.ucsb.cs156.gauchoride.controllers.UserProfileControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UserProfileControllerTests]/[method:User_can_change_their_phone_Number()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriverAvailabilityControllerTests]/[method:logged_in_driver_can_get_all_their_own_availabilities()] (43 ms)
edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.ShiftControllerTests]/[method:logged_out_users_cannot_get_driver_shifts()] (10 ms)
edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.RiderApplicationControllerTests]/[method:member_cannot_edit_other_members_application()] (14 ms)

Report generated by PIT 1.7.3

1		package edu.ucsb.cs156.gauchoride.config;
2
3		import java.io.IOException;
4		import java.util.ArrayList;
5		import java.util.HashSet;
6		import java.util.List;
7		import java.util.Map;
8		import java.util.Optional;
9		import java.util.Set;
10		import java.util.function.Supplier;
11
12		import edu.ucsb.cs156.gauchoride.entities.User;
13		import edu.ucsb.cs156.gauchoride.repositories.UserRepository;
14
15		import jakarta.servlet.FilterChain;
16		import jakarta.servlet.ServletException;
17		import jakarta.servlet.http.HttpServletRequest;
18		import jakarta.servlet.http.HttpServletResponse;
19		import lombok.extern.slf4j.Slf4j;
20		import org.springframework.beans.factory.annotation.Autowired;
21		import org.springframework.beans.factory.annotation.Value;
22		import org.springframework.context.annotation.Bean;
23		import org.springframework.context.annotation.Configuration;
24		import org.springframework.security.config.Customizer;
25		import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
26		import org.springframework.security.config.annotation.web.builders.HttpSecurity;
27		import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
28		import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
29		import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
30		import org.springframework.security.config.http.SessionCreationPolicy;
31		import org.springframework.security.core.Authentication;
32		import org.springframework.security.core.GrantedAuthority;
33		import org.springframework.security.core.authority.SimpleGrantedAuthority;
34		import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
35		import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
36		import org.springframework.security.web.SecurityFilterChain;
37		import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
38		import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
39		import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
40		import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
41		import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
42		import org.springframework.security.web.csrf.CsrfTokenRequestHandler;
43		import org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler;
44		import org.springframework.security.web.csrf.CsrfToken;
45		import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
46		import org.springframework.util.StringUtils;
47		import org.springframework.web.filter.OncePerRequestFilter;
48
49		@Configuration
50		@EnableWebSecurity
51		@EnableMethodSecurity
52		@Slf4j
53		public class SecurityConfig {
54
55		@Value("${app.admin.emails}")
56		private final List<String> adminEmails = new ArrayList<String>();
57
58		@Autowired
59		UserRepository userRepository;
60
61		@Bean
62		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
63		http
64		.exceptionHandling(handling -> handling.authenticationEntryPoint(new Http403ForbiddenEntryPoint()))
65		.oauth2Login(
66		oauth2 -> oauth2.userInfoEndpoint(userInfo -> userInfo.userAuthoritiesMapper(this.userAuthoritiesMapper())))
67		.csrf(csrf -> csrf
68		.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
69		.csrfTokenRequestHandler(new SpaCsrfTokenRequestHandler()))
70		.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class)
71		.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
72		.logout(logout -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/"));
73		return http.build();
74		}
75
76		@Bean
77		public WebSecurityCustomizer webSecurityCustomizer() {
78		return web -> web.ignoring().requestMatchers("/h2-console/**");
79		}
80
81		private GrantedAuthoritiesMapper userAuthoritiesMapper() {
82		return (authorities) -> {
83		Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
84
85		authorities.forEach(authority -> {
86		log.info("********** authority={}", authority);
87		mappedAuthorities.add(authority);
88		if (authority instanceof OAuth2UserAuthority oauth2UserAuthority) {
89
90		Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes();
91		log.info("********** userAttributes={}", userAttributes);
92
93		mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
94
95		String email = (String) userAttributes.get("email");
96		if (getAdmin(email)) {
97		mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
98		}
99
100
101		if (getDriver(email)) {
102		mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_DRIVER"));
103		}
104
105		if (getRider(email)) {
106		mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_RIDER"));
107		}
108
109		if (email.endsWith("@ucsb.edu")) {
110		mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_MEMBER"));
111		}
112		}
113
114		});
115		return mappedAuthorities;
116		};
117		}
118
119		public boolean getAdmin(String email) {
120		if (adminEmails.contains(email)) {
121		return true;
122		}
123		Optional<User> u = userRepository.findByEmail(email);
124		return u.isPresent() && u.get().getAdmin();
125		}
126
127
128		public boolean getDriver(String email){
129		Optional<User> u = userRepository.findByEmail(email);
130		return u.isPresent() && u.get().getDriver();
131		}
132
133		public boolean getRider(String email){
134		Optional<User> u = userRepository.findByEmail(email);
135		return u.isPresent() && u.get().getRider();
136		}
137
138		final class SpaCsrfTokenRequestHandler extends CsrfTokenRequestAttributeHandler {
139		private final CsrfTokenRequestHandler delegate = new XorCsrfTokenRequestAttributeHandler();
140
141		@Override
142		public void handle(HttpServletRequest request, HttpServletResponse response,
143		Supplier<CsrfToken> deferredCsrfToken) {
144		/*
145		* Always use XorCsrfTokenRequestAttributeHandler to provide BREACH protection
146		* of
147		* the CsrfToken when it is rendered in the response body.
148		*/
149	1 1. handle : removed call to org/springframework/security/web/csrf/CsrfTokenRequestHandler::handle → KILLED	this.delegate.handle(request, response, deferredCsrfToken);
150		}
151
152		@Override
153		public String resolveCsrfTokenValue(HttpServletRequest request, CsrfToken csrfToken) {
154		/*
155		* If the request contains a request header, use
156		* CsrfTokenRequestAttributeHandler
157		* to resolve the CsrfToken. This applies when a single-page application
158		* includes
159		* the header value automatically, which was obtained via a cookie containing
160		* the
161		* raw CsrfToken.
162		*/
163	1 1. resolveCsrfTokenValue : negated conditional → KILLED	if (StringUtils.hasText(request.getHeader(csrfToken.getHeaderName()))) {
164	1 1. resolveCsrfTokenValue : replaced return value with "" for edu/ucsb/cs156/gauchoride/config/SecurityConfig$SpaCsrfTokenRequestHandler::resolveCsrfTokenValue → KILLED	return super.resolveCsrfTokenValue(request, csrfToken);
165		}
166		/*
167		* In all other cases (e.g. if the request contains a request parameter), use
168		* XorCsrfTokenRequestAttributeHandler to resolve the CsrfToken. This applies
169		* when a server-side rendered form includes the _csrf request parameter as a
170		* hidden input.
171		*/
172	1 1. resolveCsrfTokenValue : replaced return value with "" for edu/ucsb/cs156/gauchoride/config/SecurityConfig$SpaCsrfTokenRequestHandler::resolveCsrfTokenValue → KILLED	return this.delegate.resolveCsrfTokenValue(request, csrfToken);
173		}
174		}
175
176		final class CsrfCookieFilter extends OncePerRequestFilter {
177
178		@Override
179		protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
180		throws ServletException, IOException {
181		CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
182		// Render the token value to a cookie by causing the deferred token to be loaded
183		csrfToken.getToken();
184	1 1. doFilterInternal : removed call to jakarta/servlet/FilterChain::doFilter → KILLED	filterChain.doFilter(request, response);
185		}
186		}
187
188		}
189
		Mutations
149		1.1 Location : handle Killed by : edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:users__logged_out_all()] removed call to org/springframework/security/web/csrf/CsrfTokenRequestHandler::handle → KILLED
163		1.1 Location : resolveCsrfTokenValue Killed by : edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_tries_to_toggle_rider_for_non_existant_user_and_gets_right_error_message()] negated conditional → KILLED
164		1.1 Location : resolveCsrfTokenValue Killed by : edu.ucsb.cs156.gauchoride.config.SecurityConfigTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.config.SecurityConfigTests]/[method:test_SpaCsrfTokenRequestHandler()] replaced return value with "" for edu/ucsb/cs156/gauchoride/config/SecurityConfig$SpaCsrfTokenRequestHandler::resolveCsrfTokenValue → KILLED
172		1.1 Location : resolveCsrfTokenValue Killed by : edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.UsersControllerTests]/[method:admin_tries_to_toggle_rider_for_non_existant_user_and_gets_right_error_message()] replaced return value with "" for edu/ucsb/cs156/gauchoride/config/SecurityConfig$SpaCsrfTokenRequestHandler::resolveCsrfTokenValue → KILLED
184		1.1 Location : doFilterInternal Killed by : edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.gauchoride.controllers.DriversControllerTests]/[method:users__logged_out_all()] removed call to jakarta/servlet/FilterChain::doFilter → KILLED

SecurityConfig.java

Mutations

Active mutators

Tests examined