chore(sonar): add unit test coverage

Author: oliemansm

graphql-spring-boot-autoconfigure/build.gradle

@@ -54,7 +54,7 @@ dependencies {
     testImplementation "org.springframework.boot:spring-boot-starter-web"
     testImplementation "org.springframework.boot:spring-boot-starter-actuator"
     testImplementation "org.springframework.boot:spring-boot-starter-webflux"
-//    testImplementation "org.springframework.boot:spring-boot-starter-security"
+    testImplementation "org.springframework.boot:spring-boot-starter-security"
     testImplementation "org.springframework.security:spring-security-test"
     testImplementation "io.projectreactor:reactor-core"
     testImplementation "io.reactivex.rxjava2:rxjava"

graphql-spring-boot-autoconfigure/src/test/java/graphql/kickstart/autoconfigure/PermitAllWebSecurity.java

@@ -0,0 +1,16 @@
+package graphql.kickstart.autoconfigure;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class PermitAllWebSecurity extends WebSecurityConfigurerAdapter {
+
+  @Override
+  protected void configure(final HttpSecurity http) throws Exception {
+    http.authorizeRequests().anyRequest().permitAll();
+  }
+}

graphql-spring-boot-autoconfigure/src/test/java/graphql/kickstart/autoconfigure/editor/voyager/VoyagerWithCsrfTest.java

@@ -0,0 +1,44 @@
+package graphql.kickstart.autoconfigure.editor.voyager;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import graphql.kickstart.autoconfigure.PermitAllWebSecurity;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
+
+@ExtendWith(SpringExtension.class)
+@Import(PermitAllWebSecurity.class)
+@SpringBootTest(classes = {VoyagerAutoConfiguration.class, ReactiveSecurityAutoConfiguration.class})
+@AutoConfigureMockMvc
+@ActiveProfiles("voyager")
+class VoyagerWithCsrfTest {
+
+  @Autowired private MockMvc mockMvc;
+
+  @Test
+  void shouldLoadCSRFData() throws Exception {
+    final MvcResult mvcResult =
+        mockMvc.perform(get("/voyager")).andExpect(status().isOk()).andReturn();
+
+    final Document document = Jsoup.parse(mvcResult.getResponse().getContentAsString());
+    var script = document.body().select("body script").dataNodes().get(0).getWholeData();
+    assertThat(script)
+        .contains("let csrf = {\"")
+        .contains("\"token\":\"")
+        .contains("\"parameterName\":\"_csrf\"")
+        .contains("\"headerName\":\"X-CSRF-TOKEN\"");
+  }
+}

graphql-spring-boot-autoconfigure/src/test/java/graphql/kickstart/autoconfigure/editor/voyager/VoyagerWithoutCsrfTest.java

@@ -0,0 +1,36 @@
+package graphql.kickstart.autoconfigure.editor.voyager;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
+
+@ExtendWith(SpringExtension.class)
+@SpringBootTest(classes = {VoyagerAutoConfiguration.class})
+@AutoConfigureMockMvc
+@ActiveProfiles("voyager")
+class VoyagerWithoutCsrfTest {
+
+  @Autowired private MockMvc mockMvc;
+
+  @Test
+  void shouldLoadCSRFData() throws Exception {
+    final MvcResult mvcResult =
+        mockMvc.perform(get("/voyager")).andExpect(status().isOk()).andReturn();
+
+    final Document document = Jsoup.parse(mvcResult.getResponse().getContentAsString());
+    var script = document.body().select("body script").dataNodes().get(0).getWholeData();
+    assertThat(script).contains("let csrf = null");
+  }
+}

graphql-spring-boot-autoconfigure/src/test/java/graphql/kickstart/autoconfigure/web/reactive/MonoAutoConfigurationTest.java

@@ -9,6 +9,8 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.http.MediaType;
 import org.springframework.test.context.junit.jupiter.SpringExtension;

graphql-spring-boot-autoconfigure/src/test/java/graphql/kickstart/autoconfigure/web/reactive/MonoGenericWrapperAlreadyDefinedTest.java

@@ -4,6 +4,7 @@
 
 import graphql.kickstart.tools.SchemaParserOptions.GenericWrapper;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import lombok.val;
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -18,6 +19,7 @@
 import org.springframework.test.web.reactive.server.WebTestClient;
 import reactor.core.publisher.Mono;
 
+@Slf4j
 @RequiredArgsConstructor
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(
@@ -41,6 +43,7 @@ void monoWrapper() throws JSONException {
             .exchange()
             .returnResult(String.class);
     val response = result.getResponseBody().blockFirst();
+    log.info("Response: {}", response);
     val json = new JSONObject(response);
     assertThat(json.getJSONObject("data").get("hello")).isEqualTo("Hello world");
   }

graphql-spring-boot-autoconfigure/src/test/resources/application.yml

@@ -3,4 +3,8 @@ server:
   forward-headers-strategy: framework
 spring:
   autoconfigure:
-    exclude: org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
+    exclude:
+      - org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+      - org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+      - org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration
+      - org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration