isolate security context changes

Author: snopoke

src/test/java/org/commcare/formplayer/tests/CaseClaimTests.java

@@ -1,30 +1,10 @@
 package org.commcare.formplayer.tests;
 
-import static org.junit.jupiter.api.Assertions.assertArrayEquals;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyBoolean;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
 import com.google.common.collect.Multimap;
-
 import org.commcare.cases.model.Case;
 import org.commcare.formplayer.beans.NewFormResponse;
 import org.commcare.formplayer.beans.SubmitResponseBean;
-import org.commcare.formplayer.beans.menus.CommandListResponseBean;
-import org.commcare.formplayer.beans.menus.EntityDetailListResponse;
-import org.commcare.formplayer.beans.menus.EntityDetailResponse;
-import org.commcare.formplayer.beans.menus.EntityListResponse;
-import org.commcare.formplayer.beans.menus.QueryResponseBean;
+import org.commcare.formplayer.beans.menus.*;
 import org.commcare.formplayer.junit.RestoreFactoryAnswer;
 import org.commcare.formplayer.objects.QueryData;
 import org.commcare.formplayer.sandbox.SqlStorage;
@@ -45,10 +25,13 @@
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.caffeine.CaffeineCache;
 
+import javax.annotation.Nullable;
 import java.util.HashMap;
 import java.util.Hashtable;
 
-import javax.annotation.Nullable;
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
 
 /**
  * Regression tests for fixed behaviors
@@ -751,13 +734,14 @@ public void testSplitScreenResponse() throws Exception {
                 EntityListResponse.class);
         assertNull(responseBean.getQueryResponse(),
                 "Query response attached to entity response when split screen is disabled");
-        WithHqUserSecurityContextFactory.setSecurityContext(
+        try (AutoCloseable __ = WithHqUserSecurityContextFactory.setSecurityContext(
                 HqUserDetails.builder().enabledToggles(new String[]{"SPLIT_SCREEN_CASE_SEARCH"}).build()
-        );
-        responseBean = sessionNavigateWithQuery(new String[]{"1", "action 1"},
-                "caseclaim",
-                null,
-                EntityListResponse.class);
+        )) {
+            responseBean = sessionNavigateWithQuery(new String[]{"1", "action 1"},
+                    "caseclaim",
+                    null,
+                    EntityListResponse.class);
+        }
         assertNotNull(responseBean.getQueryResponse(),
                 "No query response attached to entity response when split screen is enabled");
     }

src/test/java/org/commcare/formplayer/tests/FormplayerDatadogTests.java

@@ -1,11 +1,6 @@
 package org.commcare.formplayer.tests;
 
-import static org.commcare.formplayer.util.Constants.TOGGLE_DETAILED_TAGGING;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-
 import com.timgroup.statsd.StatsDClient;
-
 import org.commcare.formplayer.util.FormplayerDatadog;
 import org.commcare.formplayer.utils.HqUserDetails;
 import org.commcare.formplayer.utils.WithHqUserSecurityContextFactory;
@@ -18,6 +13,10 @@
 import java.util.Collections;
 import java.util.List;
 
+import static org.commcare.formplayer.util.Constants.TOGGLE_DETAILED_TAGGING;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
 public class FormplayerDatadogTests {
     FormplayerDatadog datadog;
     StatsDClient mockDatadogClient;
@@ -103,15 +102,16 @@ public void testTransientTagUsedForRecordExecutionTime() {
     }
 
     @Test
-    public void testAddRequestScopedDetailedTagForEligibleDomain() {
-        enableDetailTagging();
-
-        // detailed_tag was added to FormplayerDatadog in beforeTest
-        datadog.addRequestScopedTag("detailed_tag", "test_value");
-        datadog.recordExecutionTime("requests", 100, Collections.emptyList());
-        String expectedTag = "detailed_tag:test_value";
-        String[] args = {expectedTag};
-        verify(mockDatadogClient).recordExecutionTime("requests", 100, args);
+    public void testAddRequestScopedDetailedTagForEligibleDomain() throws Exception {
+        try (AutoCloseable __ = enableDetailTagging()) {
+
+            // detailed_tag was added to FormplayerDatadog in beforeTest
+            datadog.addRequestScopedTag("detailed_tag", "test_value");
+            datadog.recordExecutionTime("requests", 100, Collections.emptyList());
+            String expectedTag = "detailed_tag:test_value";
+            String[] args = {expectedTag};
+            verify(mockDatadogClient).recordExecutionTime("requests", 100, args);
+        }
     }
 
     @Test
@@ -125,16 +125,16 @@ public void testAddRequestScopedDetailedTagForIneligibleDomain() {
     }
 
     @Test
-    public void testAddTransientDetailedTagForEligibleDomain() {
-        enableDetailTagging();
-
-        List<FormplayerDatadog.Tag> transientTags = new ArrayList<>();
-        // detailed_tag was added to FormplayerDatadog in beforeTest
-        transientTags.add(new FormplayerDatadog.Tag("detailed_tag", "test_value"));
-        datadog.recordExecutionTime("requests", 100, transientTags);
-        String expectedTag = "detailed_tag:test_value";
-        String[] args = {expectedTag};
-        verify(mockDatadogClient).recordExecutionTime("requests", 100, args);
+    public void testAddTransientDetailedTagForEligibleDomain() throws Exception {
+        try (AutoCloseable __ = enableDetailTagging()) {
+            List<FormplayerDatadog.Tag> transientTags = new ArrayList<>();
+            // detailed_tag was added to FormplayerDatadog in beforeTest
+            transientTags.add(new FormplayerDatadog.Tag("detailed_tag", "test_value"));
+            datadog.recordExecutionTime("requests", 100, transientTags);
+            String expectedTag = "detailed_tag:test_value";
+            String[] args = {expectedTag};
+            verify(mockDatadogClient).recordExecutionTime("requests", 100, args);
+        }
     }
 
     @Test
@@ -148,8 +148,8 @@ public void testAddTransientDetailedTagForIneligibleDomain() {
         verify(mockDatadogClient).recordExecutionTime("requests", 100, args);
     }
 
-    private void enableDetailTagging() {
-        WithHqUserSecurityContextFactory.setSecurityContext(
+    private AutoCloseable enableDetailTagging() {
+        return WithHqUserSecurityContextFactory.setSecurityContext(
                 HqUserDetails.builder().enabledToggles(new String[]{TOGGLE_DETAILED_TAGGING}).build()
         );
     }

src/test/java/org/commcare/formplayer/tests/HqUserDetailsTests.java

@@ -9,6 +9,8 @@
 import org.junit.jupiter.api.Test;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import java.io.Closeable;
+
 public class HqUserDetailsTests {
 
     @Test
@@ -38,23 +40,25 @@ public void testCommCareUserIsAuthorized() {
     }
 
     @Test
-    public void testFeatureFlagChecker_isToggleEnabled() {
-        WithHqUserSecurityContextFactory.setSecurityContext(
+    public void testFeatureFlagChecker_isToggleEnabled() throws Exception {
+        try (AutoCloseable __ = WithHqUserSecurityContextFactory.setSecurityContext(
                 HqUserDetails.builder().enabledToggles(new String[]{"toggle_a", "toggle_b"}).build()
-        );
-        Assertions.assertTrue(FeatureFlagChecker.isToggleEnabled("toggle_a"));
-        Assertions.assertTrue(FeatureFlagChecker.isToggleEnabled("toggle_b"));
-        Assertions.assertFalse(FeatureFlagChecker.isToggleEnabled("toggle_c"));
+        )) {
+            Assertions.assertTrue(FeatureFlagChecker.isToggleEnabled("toggle_a"));
+            Assertions.assertTrue(FeatureFlagChecker.isToggleEnabled("toggle_b"));
+            Assertions.assertFalse(FeatureFlagChecker.isToggleEnabled("toggle_c"));
+        }
     }
 
     @Test
-    public void testFeatureFlagChecker_isPreviewEnabled() {
-        WithHqUserSecurityContextFactory.setSecurityContext(
+    public void testFeatureFlagChecker_isPreviewEnabled() throws Exception {
+        try (AutoCloseable __ = WithHqUserSecurityContextFactory.setSecurityContext(
                 HqUserDetails.builder().enabledPreviews(new String[]{"preview_a", "preview_b"}).build()
-        );
-        Assertions.assertTrue(FeatureFlagChecker.isPreviewEnabled("preview_a"));
-        Assertions.assertTrue(FeatureFlagChecker.isPreviewEnabled("preview_b"));
-        Assertions.assertFalse(FeatureFlagChecker.isPreviewEnabled("preview_c"));
+        )) {
+            Assertions.assertTrue(FeatureFlagChecker.isPreviewEnabled("preview_a"));
+            Assertions.assertTrue(FeatureFlagChecker.isPreviewEnabled("preview_b"));
+            Assertions.assertFalse(FeatureFlagChecker.isPreviewEnabled("preview_c"));
+        }
     }
 
     @AfterEach

src/test/java/org/commcare/formplayer/utils/WithHqUserSecurityContextFactory.java

@@ -7,6 +7,8 @@
 import org.springframework.security.test.context.support.WithSecurityContextFactory;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
+import java.io.Closeable;
+
 /**
  * A WithSecurityContextFactory that works with {@link WithHqUser}.
  *
@@ -28,8 +30,9 @@ public static SecurityContext createSecurityContext(HqUserDetails details) {
         return context;
     }
 
-    public static void setSecurityContext(HqUserDetails details) {
+    public static AutoCloseable setSecurityContext(HqUserDetails details) {
         SecurityContext context = createSecurityContext(details);
         SecurityContextHolder.setContext(context);
+        return SecurityContextHolder::clearContext;
     }
 }

src/test/java/org/commcare/formplayer/web/client/RestTemplateAuthTest.java

@@ -5,6 +5,7 @@
 import org.commcare.formplayer.utils.HqUserDetails;
 import org.commcare.formplayer.utils.MockRestTemplateBuilder;
 import org.commcare.formplayer.utils.WithHqUserSecurityContextFactory;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -43,11 +44,10 @@ class RestTemplateAuthTest {
     @Mock
     private HttpServletRequest request;
 
-    @Mock
-    ValueOperations<String, String> originTokens;
-
     private final String commcareHost = "https://www.commcarehq.org";
     private final String formplayerAuthKey = "authKey";
+    private AutoCloseable securityContext;
+
 
     @BeforeEach
     public void init() throws URISyntaxException {
@@ -57,11 +57,16 @@ public void init() throws URISyntaxException {
                 .getRestTemplate();
         mockServer = MockRestServiceServer.createServer(restTemplate);
         RequestContextHolder.setRequestAttributes(requestAttributes);
-        WithHqUserSecurityContextFactory.setSecurityContext(
+        securityContext = WithHqUserSecurityContextFactory.setSecurityContext(
                 HqUserDetails.builder().username("testUser").authToken(AUTH_TOKEN).build()
         );
     }
 
+    @AfterEach
+    public void tearDown() throws Exception {
+        securityContext.close();
+    }
+
     private void mockGetRequest() {
         lenient().when(requestAttributes.getRequest()).thenReturn(request);
     }

src/test/java/org/commcare/formplayer/web/client/RestTemplateReplaceHostTest.java

@@ -28,9 +28,6 @@ class RestTemplateConfigTest_noCustomization {
 
     private MockRestServiceServer mockServer;
 
-    @Mock
-    ValueOperations<String, String> originTokens;
-
     @BeforeEach
     public void init() throws URISyntaxException {
         restTemplate = getRestTemplate("https://web");
@@ -39,7 +36,7 @@ public void init() throws URISyntaxException {
 
     protected RestTemplate getRestTemplate(String commcareHost)
             throws URISyntaxException {
-        return new MockRestTemplateBuilder().withCommcareHost("https://web").getRestTemplate();
+        return new MockRestTemplateBuilder().withCommcareHost(commcareHost).getRestTemplate();
     }
 
     protected String getExpectedUrl() {
@@ -67,7 +64,7 @@ class RestTemplateConfigTest_replaceHost extends RestTemplateConfigTest_noCustom
     public RestTemplate getRestTemplate(String commcareHost)
             throws URISyntaxException {
         return new MockRestTemplateBuilder()
-                .withCommcareHost("https://web")
+                .withCommcareHost(commcareHost)
                 .withExternalRequestMode(RestTemplateConfig.MODE_REPLACE_HOST)
                 .getRestTemplate();
     }