RoleUserInterceptor.java

1
package edu.ucsb.cs156.happiercows.interceptors;
2
3
import javax.servlet.http.HttpServletRequest;
4
import javax.servlet.http.HttpServletResponse;
5
6
import org.springframework.beans.factory.annotation.Autowired;
7
import org.springframework.stereotype.Component;
8
import org.springframework.web.servlet.HandlerInterceptor;
9
10
import edu.ucsb.cs156.happiercows.repositories.UserRepository;
11
import org.springframework.security.core.authority.SimpleGrantedAuthority;
12
import org.springframework.security.core.Authentication;
13
import org.springframework.security.core.GrantedAuthority;
14
import org.springframework.security.core.context.SecurityContext;
15
import org.springframework.security.core.context.SecurityContextHolder;
16
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
17
import org.springframework.security.oauth2.core.user.OAuth2User;
18
19
import java.util.Optional;
20
import java.util.HashSet;
21
import java.util.Set;
22
import java.util.Collection;
23
import edu.ucsb.cs156.happiercows.entities.User;
24
25
26
27
@Component
28
public class RoleUserInterceptor implements HandlerInterceptor {
29
30
   @Autowired
31
   UserRepository userRepository;
32
33
   @Override
34
   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
35
        // Update user's security context on server each time the user makes HTTP request to the backend
36
        // If user has admin status in database we will keep ROLE_ADMIN in security context
37
        // Otherwise interceptor will remove ROLE_ADMIN before the incoming request is processed by backend API
38
        SecurityContext securityContext = SecurityContextHolder.getContext();
39
        Authentication authentication = securityContext.getAuthentication();
40
41 1 1. preHandle : negated conditional → KILLED
        if (authentication instanceof OAuth2AuthenticationToken ) {
42
            OAuth2User oAuthUser = ((OAuth2AuthenticationToken) authentication).getPrincipal();
43
            String email = oAuthUser.getAttribute("email");
44
            Optional<User> optionalUser = userRepository.findByEmail(email);
45 1 1. preHandle : negated conditional → KILLED
            if (optionalUser.isPresent()){
46
                User user = optionalUser.get();
47
48 1 1. preHandle : negated conditional → KILLED
                if(user.isSuspended()) {
49 1 1. preHandle : removed call to javax/servlet/http/HttpServletResponse::sendError → KILLED
                    response.sendError(HttpServletResponse.SC_FORBIDDEN, "Your account has been suspended. Contact an administrator to restore your account");
50 1 1. preHandle : removed call to org/springframework/security/core/context/SecurityContextHolder::clearContext → KILLED
                    SecurityContextHolder.clearContext();
51 1 1. preHandle : replaced boolean return with true for edu/ucsb/cs156/happiercows/interceptors/RoleUserInterceptor::preHandle → KILLED
                    return false;
52
                }
53
54
                Set<GrantedAuthority> newAuthorities = new HashSet<>();
55
                Collection<? extends GrantedAuthority> currentAuthorities = authentication.getAuthorities();
56
                currentAuthorities.stream()
57 2 1. lambda$preHandle$0 : negated conditional → KILLED
2. lambda$preHandle$0 : replaced boolean return with true for edu/ucsb/cs156/happiercows/interceptors/RoleUserInterceptor::lambda$preHandle$0 → KILLED
                .filter(authority -> !authority.getAuthority().equals("ROLE_ADMIN"))
58 1 1. preHandle : removed call to java/util/stream/Stream::forEach → KILLED
                .forEach(authority -> {
59
                    newAuthorities.add(authority);
60
                });
61
62 1 1. preHandle : negated conditional → KILLED
                if (user.isAdmin()){
63
                    newAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
64
                }
65
                
66
                Authentication newAuth = new OAuth2AuthenticationToken(oAuthUser, newAuthorities,(((OAuth2AuthenticationToken)authentication).getAuthorizedClientRegistrationId()));
67 1 1. preHandle : removed call to org/springframework/security/core/context/SecurityContext::setAuthentication → KILLED
                SecurityContextHolder.getContext().setAuthentication(newAuth);
68
            }
69
        }
70
71 1 1. preHandle : replaced boolean return with false for edu/ucsb/cs156/happiercows/interceptors/RoleUserInterceptor::preHandle → KILLED
      return true;
72
   }
73
    
74
}

Mutations

41

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.controllers.UsersControllerTests]/[method:regular_user_cannot_suspend_user()]
negated conditional → KILLED

45

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_logs_out_user_when_suspended_field_in_db_is_true()]
negated conditional → KILLED

48

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_logs_out_user_when_suspended_field_in_db_is_true()]
negated conditional → KILLED

49

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_logs_out_user_when_suspended_field_in_db_is_true()]
removed call to javax/servlet/http/HttpServletResponse::sendError → KILLED

50

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_logs_out_user_when_suspended_field_in_db_is_true()]
removed call to org/springframework/security/core/context/SecurityContextHolder::clearContext → KILLED

51

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_logs_out_user_when_suspended_field_in_db_is_true()]
replaced boolean return with true for edu/ucsb/cs156/happiercows/interceptors/RoleUserInterceptor::preHandle → KILLED

57

1.1
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_admin_role_when_admin_field_in_db_is_false()]
negated conditional → KILLED

2.2
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_admin_role_when_admin_field_in_db_is_false()]
replaced boolean return with true for edu/ucsb/cs156/happiercows/interceptors/RoleUserInterceptor::lambda$preHandle$0 → KILLED

58

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_admin_role_when_admin_field_in_db_is_false()]
removed call to java/util/stream/Stream::forEach → KILLED

62

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_admin_role_when_admin_field_in_db_is_false()]
negated conditional → KILLED

67

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_admin_role_when_admin_field_in_db_is_false()]
removed call to org/springframework/security/core/context/SecurityContext::setAuthentication → KILLED

71

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.happiercows.controllers.UsersControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.happiercows.controllers.UsersControllerTests]/[method:regular_user_cannot_suspend_user()]
replaced boolean return with false for edu/ucsb/cs156/happiercows/interceptors/RoleUserInterceptor::preHandle → KILLED

Active mutators

Tests examined


Report generated by PIT 1.7.3