RoleUserInterceptor.java

1
package edu.ucsb.cs156.organic.interceptors;
2
3
import javax.servlet.http.HttpServletRequest;
4
import javax.servlet.http.HttpServletResponse;
5
6
import org.springframework.beans.factory.annotation.Autowired;
7
import org.springframework.stereotype.Component;
8
import org.springframework.web.servlet.HandlerInterceptor;
9
import org.springframework.web.servlet.ModelAndView;
10
11
import edu.ucsb.cs156.organic.repositories.UserRepository;
12
import org.springframework.security.core.authority.SimpleGrantedAuthority;
13
import org.springframework.beans.factory.annotation.Autowired;
14
import org.springframework.beans.factory.annotation.Value;
15
import org.springframework.security.core.Authentication;
16
import org.springframework.security.core.GrantedAuthority;
17
import org.springframework.security.core.context.SecurityContext;
18
import org.springframework.security.core.context.SecurityContextHolder;
19
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
20
import org.springframework.security.oauth2.core.user.OAuth2User;
21
22
import java.util.Optional;
23
import java.util.HashSet;
24
import java.util.Set;
25
import java.util.Collection;
26
import edu.ucsb.cs156.organic.entities.User;
27
28
29
@Component
30
public class RoleUserInterceptor implements HandlerInterceptor {
31
32
   @Autowired
33
   UserRepository userRepository;
34
35
   @Override
36
   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
37
        // Update user's security context on server each time the user makes HTTP request to the backend
38
        // If user has admin status in database we will keep ROLE_ADMIN in security context
39
        // Otherwise interceptor will remove ROLE_ADMIN before the incoming request is processed by backend API
40
        SecurityContext securityContext = SecurityContextHolder.getContext();
41
        Authentication authentication = securityContext.getAuthentication();
42
43 1 1. preHandle : negated conditional → KILLED
        if (authentication instanceof OAuth2AuthenticationToken ) {
44
            OAuth2User oAuthUser = ((OAuth2AuthenticationToken) authentication).getPrincipal();
45
            Integer githubID = oAuthUser.getAttribute("id");
46
            Optional<User> optionalUser = userRepository.findByGithubId(githubID);
47 1 1. preHandle : negated conditional → KILLED
            if (optionalUser.isPresent()){
48
                User user = optionalUser.get();
49
50
                Set<GrantedAuthority> newAuthorities = new HashSet<>();
51
                Collection<? extends GrantedAuthority> currentAuthorities = authentication.getAuthorities();
52
                currentAuthorities.stream()
53 2 1. lambda$preHandle$0 : negated conditional → KILLED
2. lambda$preHandle$0 : replaced boolean return with true for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::lambda$preHandle$0 → KILLED
                .filter(authority -> !authority.getAuthority().equals("ROLE_ADMIN")
54 1 1. lambda$preHandle$0 : negated conditional → KILLED
                && !authority.getAuthority().equals("ROLE_INSTRUCTOR"))
55 1 1. preHandle : removed call to java/util/stream/Stream::forEach → KILLED
                .forEach(authority -> {
56
                    newAuthorities.add(authority);
57
                });
58
59 1 1. preHandle : negated conditional → KILLED
                if (user.isAdmin() ){
60
                    newAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
61
                }
62
63 1 1. preHandle : negated conditional → KILLED
                if (user.isInstructor()){
64
                    newAuthorities.add(new SimpleGrantedAuthority("ROLE_INSTRUCTOR"));
65
                }
66
                
67
                Authentication newAuth = new OAuth2AuthenticationToken(oAuthUser, newAuthorities,(((OAuth2AuthenticationToken)authentication).getAuthorizedClientRegistrationId()));
68 1 1. preHandle : removed call to org/springframework/security/core/context/SecurityContext::setAuthentication → KILLED
                SecurityContextHolder.getContext().setAuthentication(newAuth);
69
            }
70
        }
71
72 1 1. preHandle : replaced boolean return with false for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::preHandle → KILLED
      return true;
73
   }
74
    
75
}

Mutations

43

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.controllers.SystemInfoControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.controllers.SystemInfoControllerTests]/[method:systemInfo__user_logged_in()]
negated conditional → KILLED

47

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:user_not_present_in_db_and_no_role_update_by_interceptor()]
negated conditional → KILLED

53

1.1
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_driver_field_in_db_is_false()]
negated conditional → KILLED

2.2
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_driver_field_in_db_is_false()]
replaced boolean return with true for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::lambda$preHandle$0 → KILLED

54

1.1
Location : lambda$preHandle$0
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_driver_field_in_db_is_false()]
negated conditional → KILLED

55

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_driver_field_in_db_is_false()]
removed call to java/util/stream/Stream::forEach → KILLED

59

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_driver_field_in_db_is_false()]
negated conditional → KILLED

63

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_driver_field_in_db_is_false()]
negated conditional → KILLED

68

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.interceptors.RoleUserInterceptorTests]/[method:interceptor_removes_instructor_role_when_driver_field_in_db_is_false()]
removed call to org/springframework/security/core/context/SecurityContext::setAuthentication → KILLED

72

1.1
Location : preHandle
Killed by : edu.ucsb.cs156.organic.controllers.SystemInfoControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.organic.controllers.SystemInfoControllerTests]/[method:systemInfo__user_logged_in()]
replaced boolean return with false for edu/ucsb/cs156/organic/interceptors/RoleUserInterceptor::preHandle → KILLED

Active mutators

Tests examined


Report generated by PIT 1.7.3