PR review changes and IntTest improvements #4056

Author: winzj

sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectService.java

@@ -62,19 +62,15 @@ private List<ProjectData> collectProjectDataForUser(User user) {
         List<ProjectData> projectDataList = new ArrayList<>();
         for (Project project : user.getProjects()) {
 
-            ProjectData projectData = createProjectDataForProject(user, project);
-            List<String> profileIds = projectToProfileIds.get(project.getId());
-            if (profileIds != null) {
-                projectData.setAssignedProfileIds(new HashSet<>(profileIds));
-            }
+            ProjectData projectData = createProjectDataForProject(user, project, projectToProfileIds);
             projectDataList.add(projectData);
 
         }
 
         return projectDataList;
     }
 
-    private static ProjectData createProjectDataForProject(User user, Project project) {
+    private static ProjectData createProjectDataForProject(User user, Project project, Map<String, List<String>> projectToProfileIds) {
 
         ProjectData projectData = new ProjectData();
         projectData.setProjectId(project.getId());
@@ -93,6 +89,11 @@ private static ProjectData createProjectDataForProject(User user, Project projec
         if (user.isSuperAdmin() || isOwner) {
             addAssignedUsersToProjectData(project, projectData);
         }
+
+        List<String> profileIds = projectToProfileIds.get(project.getId());
+        if (profileIds != null) {
+            projectData.setAssignedProfileIds(new HashSet<>(profileIds));
+        }
         return projectData;
     }
 

sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectServiceTest.java

@@ -3,7 +3,6 @@
 
 import static com.mercedesbenz.sechub.domain.administration.user.TestUserCreationFactory.createProjectUser;
 import static com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys.PROJECT_ASSIGNED_PROFILE_IDS;
-import static com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys.PROJECT_IDS;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
@@ -59,7 +58,6 @@ void users_receive_expected_number_of_projects(String userId, int expectedProjec
             String expectedOwnerEmailAddress) {
         /* prepare */
         DomainMessageSynchronousResult mockedResponse = mock();
-        when(mockedResponse.get(PROJECT_IDS)).thenReturn(List.of("mocked-project"));
         when(mockedResponse.get(PROJECT_ASSIGNED_PROFILE_IDS)).thenReturn(Collections.emptyMap());
         when(eventBus.sendSynchron(any())).thenReturn(mockedResponse);
 
@@ -104,19 +102,21 @@ void user2_sees_assigned_and_owned_projects_with_users_and_with_assigned_profile
         assertThat(projects.get(1).getAssignedUsers().size()).isGreaterThan(0);
 
         // verify profile IDs are included correctly
+        boolean assertionDone = false;
         for (ProjectData projectData : projects) {
             if (PROJECT_ID_2.equals(projectData.getProjectId())) {
                 assertThat(projectData.getAssignedProfileIds()).containsAll(profileIdsProject2);
+                assertionDone = true;
             }
         }
+        assertThat(assertionDone).isTrue();
     }
 
     @Test
     void user3_sees_assigned_project_without_users() {
         /* prepare */
         String userId = USER_ID_3;
         DomainMessageSynchronousResult mockedResponse = mock();
-        when(mockedResponse.get(PROJECT_IDS)).thenReturn(List.of("mocked-project"));
         when(mockedResponse.get(PROJECT_ASSIGNED_PROFILE_IDS)).thenReturn(Collections.emptyMap());
         when(eventBus.sendSynchron(any())).thenReturn(mockedResponse);
 
@@ -133,7 +133,6 @@ void user4_is_admin_and_sees_assigned_project_with_users() {
         /* prepare */
         String userId = USER_ID_4;
         DomainMessageSynchronousResult mockedResponse = mock();
-        when(mockedResponse.get(PROJECT_IDS)).thenReturn(List.of("mocked-project"));
         when(mockedResponse.get(PROJECT_ASSIGNED_PROFILE_IDS)).thenReturn(Collections.emptyMap());
         when(eventBus.sendSynchron(any())).thenReturn(mockedResponse);
 
@@ -214,7 +213,6 @@ public Stream<? extends Arguments> provideArguments(ExtensionContext context) {
     private DomainMessageSynchronousResult prepareValidSyncResult(String projectId, List<String> profileIds) {
         DomainMessageSynchronousResult response = new DomainMessageSynchronousResult(MessageID.REQUEST_PROFILE_IDS_FOR_PROJECT);
         response.set(PROJECT_ASSIGNED_PROFILE_IDS, Map.of(projectId, profileIds));
-        response.set(PROJECT_IDS, null);
         return response;
     }
 }

sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AsUser.java

@@ -173,6 +173,11 @@ private TestRestHelper getRestHelper() {
         return getContext().getRestHelper(user);
     }
 
+    public AsUser deleteUser(TestUser user) {
+        getRestHelper().delete(getUrlBuilder().buildAdminDeletesUserUrl(user.getUserId()));
+        return this;
+    }
+
     /**
      * Signup given (new) user
      *

sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario3/ProjectAdministrationScenario3IntTest.java

@@ -1,10 +1,21 @@
 // SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.integrationtest.scenario3;
 
-import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.*;
-import static com.mercedesbenz.sechub.integrationtest.internal.IntegrationTestDefaultProfiles.*;
-import static com.mercedesbenz.sechub.integrationtest.scenario3.Scenario3.*;
+import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.ANONYMOUS;
+import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.SUPER_ADMIN;
+import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.as;
+import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.assertUser;
+import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.expectHttpFailure;
+import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.getLinkToFetchNewAPITokenAfterSignupAccepted;
+import static com.mercedesbenz.sechub.integrationtest.api.TestAPI.udpdateAPITokenByOneTimeTokenLink;
+import static com.mercedesbenz.sechub.integrationtest.internal.IntegrationTestDefaultProfiles.PROFILE_1;
+import static com.mercedesbenz.sechub.integrationtest.scenario3.Scenario3.PROJECT_1;
+import static com.mercedesbenz.sechub.integrationtest.scenario3.Scenario3.PROJECT_2;
+import static com.mercedesbenz.sechub.integrationtest.scenario3.Scenario3.USER_1;
+import static com.mercedesbenz.sechub.integrationtest.scenario3.Scenario3.USER_2;
+import static com.mercedesbenz.sechub.integrationtest.scenario3.Scenario3.USER_3;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.assertFalse;
 
 import java.util.List;
 import java.util.Set;
@@ -14,7 +25,11 @@
 import org.springframework.http.HttpStatus;
 
 import com.mercedesbenz.sechub.domain.administration.project.ProjectData;
+import com.mercedesbenz.sechub.domain.administration.project.ProjectUserData;
+import com.mercedesbenz.sechub.integrationtest.api.FixedTestUser;
 import com.mercedesbenz.sechub.integrationtest.api.IntegrationTestExtension;
+import com.mercedesbenz.sechub.integrationtest.api.TestProject;
+import com.mercedesbenz.sechub.integrationtest.api.TestUser;
 import com.mercedesbenz.sechub.integrationtest.api.TextSearchMode;
 import com.mercedesbenz.sechub.integrationtest.api.WithTestScenario;
 
@@ -93,28 +108,86 @@ void change_project_ownership_by_admin_and_owners() {
             unassignUserFromProject(USER_1, PROJECT_2);
 
         assertUser(USER_1).
-            isOwnerOf(PROJECT_2). // lost ownership
+            isOwnerOf(PROJECT_2).
             isNotAssignedToProject(PROJECT_2). // still assigned after ownership loss
             hasOwnerRole(); // has still owner role
 
-        /* test 4 - project details contain profile IDs */
+        /* test 4 - users can get information about assigned projects */
+        assertProjectDataAsExpectedAfterAssignments();
+    }
+    /* @formatter:on */
+
+    private void assertProjectDataAsExpectedAfterAssignments() {
+        TestProject project = PROJECT_1;
+        String expectedProfileId = PROFILE_1.id;
+
+        TestUser user = USER_2;
+        TestUser owner = USER_3;
+        TestUser tmpAdmin = createTemporaryAdminForAndAssignToProject(project);
+
+        ProjectUserData userData = new ProjectUserData();
+        userData.setUserId(user.getUserId());
+        userData.setEmailAddress(user.getEmail());
+
+        ProjectUserData ownerData = new ProjectUserData();
+        ownerData.setUserId(owner.getUserId());
+        ownerData.setEmailAddress(owner.getEmail());
+
+        ProjectUserData adminData = new ProjectUserData();
+        adminData.setUserId(tmpAdmin.getUserId());
+        adminData.setEmailAddress(tmpAdmin.getEmail());
+
+        ProjectUserData user1Data = new ProjectUserData();
+        user1Data.setUserId(USER_1.getUserId());
+        user1Data.setEmailAddress(USER_1.getEmail());
 
-        // normal user can view profiles of assigned projects
-        List<ProjectData> projectDetailsOfnormalUser = as(USER_2).getAssignedProjectDataList();
-        assertThat(projectDetailsOfnormalUser).hasSize(1);
-        Set<String> userAssignedProfileIds = projectDetailsOfnormalUser.get(0).getAssignedProfileIds();
-        assertThat(userAssignedProfileIds).containsExactly(PROFILE_1.id);
+        // normal user, does not see users of the project
+        assertProjectData(user, project, expectedProfileId, ownerData);
 
-        // owner can view profiles of assigned projects
-        List<ProjectData> projectDetailsOfOwner = as(USER_1).getAssignedProjectDataList();
-        assertThat(projectDetailsOfOwner).hasSize(1);
-        Set<String> ownerAssignedProfileIds = projectDetailsOfOwner.get(0).getAssignedProfileIds();
-        assertThat(ownerAssignedProfileIds).containsExactly(PROFILE_1.id);
+        // owner, does see users of the project
+        assertProjectData(owner, project, expectedProfileId, ownerData, userData, ownerData, adminData, user1Data);
 
-        // admin can view profiles of assigned projects
-        assertThat(as(SUPER_ADMIN).getAssignedProjectDataList()).isEmpty();
+        // admin, does see users of the project
+        assertProjectData(tmpAdmin, project, expectedProfileId, ownerData, userData, ownerData, adminData, user1Data);
 
+        // clean up
+        as(SUPER_ADMIN).deleteUser(tmpAdmin);
+    }
+
+    private void assertProjectData(TestUser asUser, TestProject project, String expectedProfileId, ProjectUserData expectedOwner,
+            ProjectUserData... expectedAssignedUsers) {
+        List<ProjectData> projectDetails = as(asUser).getAssignedProjectDataList();
+        assertThat(projectDetails).hasSize(1);
+
+        ProjectData projectData = projectDetails.get(0);
+        assertThat(projectData.getProjectId()).isEqualTo(project.getProjectId());
+        assertThat(projectData.getOwner()).isEqualTo(expectedOwner);
+
+        List<ProjectUserData> assignedUsers = projectData.getAssignedUsers();
+        if (expectedAssignedUsers == null || expectedAssignedUsers.length == 0) {
+            assertThat(assignedUsers).isNull();
+        } else {
+            assertThat(assignedUsers).containsOnly(expectedAssignedUsers);
+        }
+
+        Set<String> assignedProfileIds = projectData.getAssignedProfileIds();
+        assertThat(assignedProfileIds).containsExactly(expectedProfileId);
+    }
+
+    private TestUser createTemporaryAdminForAndAssignToProject(TestProject project) {
+        String adminId = "admin_" + System.currentTimeMillis();
+        TestUser tmpAdmin = new FixedTestUser(adminId, adminId + "-pwd");
+        as(ANONYMOUS).signUpAs(tmpAdmin);
+        as(SUPER_ADMIN).acceptSignup(tmpAdmin);
+        assertUser(tmpAdmin).doesExist();
+
+        /* execute receive of new api token */
+        String link = getLinkToFetchNewAPITokenAfterSignupAccepted(tmpAdmin);
+        assertFalse(link.isEmpty());
+        udpdateAPITokenByOneTimeTokenLink(tmpAdmin, link);
+        as(SUPER_ADMIN).grantSuperAdminRightsTo(tmpAdmin);
+        as(SUPER_ADMIN).assignUserToProject(tmpAdmin, project);
+        return tmpAdmin;
     }
-    /* @formatter:on */
 
 }

sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProfileMessageHandler.java

@@ -14,6 +14,7 @@
 import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage;
 import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageSynchronousResult;
 import com.mercedesbenz.sechub.sharedkernel.messaging.IsRecevingSyncMessage;
+import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingSyncMessageAnswer;
 import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID;
 import com.mercedesbenz.sechub.sharedkernel.messaging.SynchronMessageHandler;
 
@@ -27,11 +28,12 @@ public ProfileMessageHandler(ProductExecutionProfileRepository productExecutionP
     }
 
     @IsRecevingSyncMessage(MessageID.REQUEST_PROFILE_IDS_FOR_PROJECT)
+    @IsSendingSyncMessageAnswer(value = MessageID.RESULT_PROFILE_IDS_FOR_PROJECT, answeringTo = MessageID.REQUEST_PROFILE_IDS_FOR_PROJECT, branchName = "success")
     @Override
     public DomainMessageSynchronousResult receiveSynchronMessage(DomainMessage request) {
         List<String> projectIds = request.get(PROJECT_IDS);
 
-        DomainMessageSynchronousResult response = new DomainMessageSynchronousResult(MessageID.REQUEST_PROFILE_IDS_FOR_PROJECT);
+        DomainMessageSynchronousResult response = new DomainMessageSynchronousResult(MessageID.RESULT_PROFILE_IDS_FOR_PROJECT);
         Map<String, List<String>> projectToProfileIds = new HashMap<>();
         for (String id : projectIds) {
             List<ProductExecutionProfile> executionProfilesForProject = productExecutionProfileRepository.findExecutionProfilesForProject(id);
@@ -43,7 +45,6 @@ public DomainMessageSynchronousResult receiveSynchronMessage(DomainMessage reque
             projectToProfileIds.put(id, profileIds);
         }
         response.set(PROJECT_ASSIGNED_PROFILE_IDS, projectToProfileIds);
-        response.set(PROJECT_IDS, null);
         return response;
     }
 

sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/product/config/ProfileMessageHandlerTest.java

@@ -68,7 +68,6 @@ void profiles_assigned_results_in_profiles_list_in_response() {
 
     private DomainMessage prepareValidDomainMessage() {
         DomainMessage message = new DomainMessage(MessageID.REQUEST_PROFILE_IDS_FOR_PROJECT);
-        message.set(PROJECT_ASSIGNED_PROFILE_IDS, null);
         message.set(PROJECT_IDS, List.of(TEST_PROJECT_ID));
         return message;
     }

sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/MessageID.java

@@ -262,7 +262,13 @@ public enum MessageID {
      * Request all execution profile IDs for each project. This is sent when a user
      * requests information about all projects the user is part of.
      */
-    REQUEST_PROFILE_IDS_FOR_PROJECT(MessageDataKeys.PROJECT_ASSIGNED_PROFILE_IDS, MessageDataKeys.PROJECT_IDS),
+    REQUEST_PROFILE_IDS_FOR_PROJECT(MessageDataKeys.PROJECT_IDS),
+
+    /**
+     * This is sent as a result to a message with the request:
+     * {@link #REQUEST_PROFILE_IDS_FOR_PROJECT}.
+     */
+    RESULT_PROFILE_IDS_FOR_PROJECT(MessageDataKeys.PROJECT_ASSIGNED_PROFILE_IDS),
 
     ;
 

sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/messaging/ListOfStringsMessageDataProviderTest.java

@@ -7,45 +7,77 @@
 import java.util.List;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.NullSource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class ListOfStringsMessageDataProviderTest {
 
     private ListOfStringsMessageDataProvider providerToTest = new ListOfStringsMessageDataProvider();
 
     @Test
-    void null_handled_correctly() {
+    void null_handled_correctly_on_getString() {
         /* execute */
-        List<String> profileIds = providerToTest.get(null);
         String profileIdsAsString = providerToTest.getString(null);
 
         /* test */
-        assertThat(profileIds).isNull();
         assertThat(profileIdsAsString).isNull();
     }
 
+    @ParameterizedTest
+    @NullSource
+    @ValueSource(strings = { "", "   ", "\n", "\r", "\r\n" })
+    void null_and_blank_strings_handled_correctly_on_get(String json) {
+        /* execute */
+        List<String> profileIds = providerToTest.get(json);
+
+        /* test */
+        assertThat(profileIds).isNull();
+    }
+
     @Test
-    void empty_values_handled_correctly() {
+    void empty_values_handled_correctly_on_getString() {
         /* execute */
-        List<String> profileIds = providerToTest.get("[]");
         String profileIdsAsString = providerToTest.getString(Collections.emptyList());
 
         /* test */
-        assertThat(profileIds).isEmpty();
         assertThat(profileIdsAsString).isEqualTo("[]");
     }
 
     @Test
-    void non_empty_data_handled_correctly() {
+    void empty_values_handled_correctly_on_get() {
+        /* execute */
+        List<String> profileIds = providerToTest.get("[]");
+
+        /* test */
+        assertThat(profileIds).isEmpty();
+    }
+
+    @Test
+    void non_empty_data_handled_correctly_on_getString() {
         /* prepare */
         String profile1 = "profile1";
         String profile2 = "profile2";
 
         /* execute */
         String profileIdsAsString = providerToTest.getString(List.of(profile1, profile2));
+
+        /* test */
+        assertThat(profileIdsAsString).contains(profile1, profile2);
+    }
+
+    @Test
+    void non_empty_data_handled_correctly_on_get() {
+        /* prepare */
+        String profileIdsAsString = """
+                ["profile1", "profile2"]
+                """;
+
+        /* execute */
         List<String> profileIds = providerToTest.get(profileIdsAsString);
 
         /* test */
-        assertThat(profileIds).contains(profile1, profile2);
+        assertThat(profileIds).contains("profile1", "profile2");
     }
 
 }