Added some tests and improved the test coverage.

Author: majusko

pom.xml

@@ -131,6 +131,8 @@
                 <configuration>
                     <excludes>
                         <exclude>**/*Configuration.*</exclude>
+                        <exclude>**/*GrpcRole.*</exclude>
+                        <exclude>**/proto/**/*</exclude>
                     </excludes>
                 </configuration>
                 <executions>

src/main/java/io/github/majusko/grpc/jwt/exception/AuthException.java

@@ -1,14 +1,8 @@
 package io.github.majusko.grpc.jwt.exception;
 
 public class AuthException extends RuntimeException {
-    public AuthException() {
-    }
 
     public AuthException(String message) {
         super(message);
     }
-
-    public AuthException(String message, Throwable cause) {
-        super(message, cause);
-    }
 }

src/main/java/io/github/majusko/grpc/jwt/exception/UnauthenticatedException.java

@@ -1,15 +1,7 @@
 package io.github.majusko.grpc.jwt.exception;
 
 public class UnauthenticatedException extends RuntimeException {
-
-    public UnauthenticatedException() {
-    }
-
     public UnauthenticatedException(String message) {
         super(message);
     }
-
-    public UnauthenticatedException(String message, Throwable cause) {
-        super(message, cause);
-    }
 }

src/main/java/io/github/majusko/grpc/jwt/interceptor/AuthClientInterceptor.java

@@ -4,6 +4,7 @@
 import io.grpc.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import sun.jvm.hotspot.debugger.ThreadContext;
 
 public class AuthClientInterceptor implements ClientInterceptor {
 

src/main/java/io/github/majusko/grpc/jwt/interceptor/AuthContextData.java

@@ -2,15 +2,29 @@
 
 import io.jsonwebtoken.Claims;
 import lombok.AllArgsConstructor;
-import lombok.Data;
 
 import java.util.Set;
 
-@Data
 @AllArgsConstructor
 public class AuthContextData {
     private final String jwt;
     private final String userId;
     private final Set<String> roles;
     private final Claims jwtClaims;
+
+    public String getJwt() {
+        return jwt;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public Set<String> getRoles() {
+        return roles;
+    }
+
+    public Claims getJwtClaims() {
+        return jwtClaims;
+    }
 }

src/main/java/io/github/majusko/grpc/jwt/interceptor/AuthServerInterceptor.java

@@ -141,7 +141,7 @@ private <ReqT> void authorizeOwnerOrRoles(ReqT request, AuthContextData contextD
 
                 authorizeOwner(userId, new HashSet<>(allowed.getRoles()), contextData);
             } catch (NoSuchFieldException | IllegalAccessException e) {
-                throw new AuthException("Missing field.", e);
+                throw new AuthException("Missing field.");
             }
         } else {
             validateRoles(new HashSet<>(allowed.getRoles()), contextData.getRoles());

src/main/java/io/github/majusko/grpc/jwt/interceptor/GrpcContext.java

@@ -1,12 +1,14 @@
 package io.github.majusko.grpc.jwt.interceptor;
 
+import java.util.Optional;
+
 public class GrpcContext {
 
     private static final String CONTEXT_DATA = "context_data";
 
     public static io.grpc.Context.Key<AuthContextData> CONTEXT_DATA_KEY = io.grpc.Context.key(CONTEXT_DATA);
 
-    public static AuthContextData get() {
-        return CONTEXT_DATA_KEY.get();
+    public static Optional<AuthContextData> get() {
+        return Optional.ofNullable(CONTEXT_DATA_KEY.get());
     }
 }

src/main/java/io/github/majusko/grpc/jwt/service/dto/JwtMetadata.java

@@ -2,18 +2,26 @@
 
 import lombok.AllArgsConstructor;
 import lombok.Builder;
-import lombok.Data;
-import lombok.NoArgsConstructor;
 
 import javax.crypto.SecretKey;
 import java.util.List;
 
-@Data
 @Builder
-@NoArgsConstructor
 @AllArgsConstructor
 public class JwtMetadata {
     private Long expirationSec;
     private SecretKey key;
     private List<String> env;
+
+    public Long getExpirationSec() {
+        return expirationSec;
+    }
+
+    public SecretKey getKey() {
+        return key;
+    }
+
+    public List<String> getEnv() {
+        return env;
+    }
 }

src/main/java/io/github/majusko/grpc/jwt/service/dto/JwtToken.java

@@ -1,13 +1,19 @@
 package io.github.majusko.grpc.jwt.service.dto;
 
 import lombok.AllArgsConstructor;
-import lombok.Data;
 
 import java.time.LocalDateTime;
 
-@Data
 @AllArgsConstructor
 public class JwtToken {
     private String token;
     private LocalDateTime expiration;
+
+    public String getToken() {
+        return token;
+    }
+
+    public LocalDateTime getExpiration() {
+        return expiration;
+    }
 }

src/test/java/io/github/majusko/grpc/jwt/GrpcJwtSpringBootStarterApplicationTest.java

@@ -3,10 +3,7 @@
 import com.google.protobuf.Empty;
 import io.github.majusko.grpc.jwt.annotation.Allow;
 import io.github.majusko.grpc.jwt.annotation.Exposed;
-import io.github.majusko.grpc.jwt.interceptor.AllowedCollector;
-import io.github.majusko.grpc.jwt.interceptor.AuthClientInterceptor;
-import io.github.majusko.grpc.jwt.interceptor.AuthServerInterceptor;
-import io.github.majusko.grpc.jwt.interceptor.GrpcHeader;
+import io.github.majusko.grpc.jwt.interceptor.*;
 import io.github.majusko.grpc.jwt.interceptor.proto.Example;
 import io.github.majusko.grpc.jwt.interceptor.proto.ExampleServiceGrpc;
 import io.github.majusko.grpc.jwt.service.GrpcRole;
@@ -29,6 +26,7 @@
 import org.springframework.test.context.junit4.SpringRunner;
 
 import java.io.IOException;
+import java.util.Optional;
 
 @RunWith(SpringRunner.class)
 @SpringBootTest
@@ -102,6 +100,66 @@ public void testCustomTokenWithWrongRole() throws IOException {
 		Assert.assertEquals(Status.PERMISSION_DENIED.getCode(), status.getCode());
 	}
 
+	@Test
+	public void testWrongToken() throws IOException {
+
+		String token = jwtService.generate(new JwtData("some-user-id", "non-existing-role"));
+
+		token += "crwvvef";
+		final ManagedChannel channel = initTestServer(new ExampleService());
+		final ExampleServiceGrpc.ExampleServiceBlockingStub stub = ExampleServiceGrpc.newBlockingStub(channel);
+
+		final Metadata header = new Metadata();
+		header.put(GrpcHeader.AUTHORIZATION, token);
+
+		final ExampleServiceGrpc.ExampleServiceBlockingStub injectedStub = MetadataUtils.attachHeaders(stub, header);
+
+		Status status = Status.OK;
+
+		try {
+			final Empty ignored = injectedStub.getExample(Example.GetExampleRequest.newBuilder().build());
+		} catch (StatusRuntimeException e) {
+			status = e.getStatus();
+		}
+
+		Assert.assertEquals(Status.UNAUTHENTICATED.getCode(), status.getCode());
+	}
+
+
+
+	@Test
+	public void testMissingAuth() throws IOException {
+		final ManagedChannel channel = initTestServer(new ExampleService());
+		final ExampleServiceGrpc.ExampleServiceBlockingStub stub = ExampleServiceGrpc.newBlockingStub(channel);
+
+		Status status = Status.OK;
+
+		try {
+			final Empty ignored = stub.getExample(Example.GetExampleRequest.newBuilder().build());
+		} catch (StatusRuntimeException e) {
+			status = e.getStatus();
+		}
+
+		Assert.assertEquals(Status.PERMISSION_DENIED.getCode(), status.getCode());
+	}
+
+	@Test
+	public void testMissingCredentials() throws IOException {
+
+		final ManagedChannel channel = initTestServer(new ExampleService());
+		final ExampleServiceGrpc.ExampleServiceBlockingStub stub = ExampleServiceGrpc.newBlockingStub(channel);
+
+		Status status = Status.OK;
+
+		try {
+			final Empty ignored = stub.getExample(Example.GetExampleRequest.newBuilder().build());
+		} catch (StatusRuntimeException e) {
+			status = e.getStatus();
+		}
+
+		Assert.assertEquals(Status.PERMISSION_DENIED.getCode(), status.getCode());
+	}
+
 	@Test
 	public void testCustomTokenWithWrongRoleButMatchingOwner() throws IOException {
 		final String ownerUserId = "matching-user-id";
@@ -173,10 +231,22 @@ private ManagedChannel initTestServer(BindableService service) throws IOExceptio
 @GRpcService
 class ExampleService extends ExampleServiceGrpc.ExampleServiceImplBase {
 
+	private static final String ADMIN = "admin";
+
 	@Override
-	@Allow(ownerField = "userId", roles = {GrpcRole.INTERNAL, "admin"})
+	@Allow(ownerField = "userId", roles = {GrpcRole.INTERNAL, ADMIN})
 	public void getExample(Example.GetExampleRequest request, StreamObserver<Empty> response) {
 
+		AuthContextData authContext = GrpcContext.get().orElseThrow(RuntimeException::new);;
+
+		Assert.assertNotNull(authContext.getJwt());
+		Assert.assertTrue(authContext.getJwtClaims().size() > 0);
+
+		if(!request.getUserId().equals(authContext.getUserId())) {
+			Assert.assertTrue(authContext.getRoles().stream()
+				.anyMatch($ -> $.equals(GrpcRole.INTERNAL) || $.equals(ADMIN)));
+		}
+
 		response.onNext(Empty.getDefaultInstance());
 		response.onCompleted();
 	}