diff --git a/src/main/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolver.java b/src/main/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolver.java index 7c2503451..44e29f336 100644 --- a/src/main/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolver.java +++ b/src/main/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolver.java @@ -11,7 +11,6 @@ import lombok.NonNull; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; @@ -21,6 +20,10 @@ @RequiredArgsConstructor @Slf4j public class MultitenancyWithSingleDomainTenantResolver implements TenantResolver { + + private static final String USERS_CONSULTANTS = "/users/consultants/"; + private static final String USERS_CONSULTANTS_BY_ID_URL_REGEX = USERS_CONSULTANTS + "[a-z0-9-]+"; + @Value("${feature.multitenancy.with.single.domain.enabled}") private boolean multitenancyWithSingleDomain; @@ -52,13 +55,17 @@ private Optional resolveTenantFromConsultantRequestParameter() { } private boolean requestParameterContainsConsultantId() { - return StringUtils.isNotBlank(getConsultantId()); + HttpServletRequest request = getRequest(); + return request.getRequestURI().matches(USERS_CONSULTANTS_BY_ID_URL_REGEX); } private String getConsultantId() { - HttpServletRequest request = - ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest(); - return request.getParameter("cid"); + return getRequest().getRequestURI().replace(USERS_CONSULTANTS, ""); + } + + private HttpServletRequest getRequest() { + return ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()) + .getRequest(); } private Optional resolveTenantFromAgency() { diff --git a/src/test/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolverTest.java b/src/test/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolverTest.java index 99b10cb46..7a55efeda 100644 --- a/src/test/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolverTest.java +++ b/src/test/java/de/caritas/cob/userservice/api/tenant/MultitenancyWithSingleDomainTenantResolverTest.java @@ -26,8 +26,8 @@ @ExtendWith(MockitoExtension.class) class MultitenancyWithSingleDomainTenantResolverTest { - public static final String CONSULTANT_ID = "cid-1234"; - public static final long ANOTHER_TENANT = 2L; + private static final String CONSULTANT_ID = "cid-1234"; + private static final long ANOTHER_TENANT = 2L; @InjectMocks MultitenancyWithSingleDomainTenantResolver multitenancyWithSingleDomainTenantResolver; @@ -70,14 +70,14 @@ void resolve_Should_ResolveToEmpty_When_FeatureMultitenancyWithSingleDomainIsDis @Test void - resolve_Should_GetTenantIdFromConsultant_When_FeatureMultitenancyWithSingleDomainIsEnabledAndNoAgencyIdIsProvided() { + resolve_Should_GetTenantIdFromConsultant_When_FeatureMultitenancyWithSingleDomainIsEnabledAndNoAgencyIdIsProvidedAndUrlMatchesConsultantGetById() { // given givenRequestContextIsSet(); ReflectionTestUtils.setField( multitenancyWithSingleDomainTenantResolver, "multitenancyWithSingleDomain", true); when(headersResolver.findHeaderValue("agencyId")).thenReturn(Optional.empty()); - when(request.getParameter("cid")).thenReturn(CONSULTANT_ID); + when(request.getRequestURI()).thenReturn("/users/consultants/" + CONSULTANT_ID); EasyRandom random = new EasyRandom(); Consultant consultant = random.nextObject(Consultant.class); @@ -89,6 +89,25 @@ void resolve_Should_ResolveToEmpty_When_FeatureMultitenancyWithSingleDomainIsDis .isEqualTo(Optional.of(ANOTHER_TENANT)); } + @Test + void + resolve_Should_ResolveToEmptyTenant_When_FeatureMultitenancyWithSingleDomainIsEnabledAndNoAgencyIdIsProvidedAndUrlDoesNotMatchConsultantGetById() { + // given + givenRequestContextIsSet(); + ReflectionTestUtils.setField( + multitenancyWithSingleDomainTenantResolver, "multitenancyWithSingleDomain", true); + + when(headersResolver.findHeaderValue("agencyId")).thenReturn(Optional.empty()); + when(request.getRequestURI()).thenReturn("/users/sessions/1"); + + EasyRandom random = new EasyRandom(); + Consultant consultant = random.nextObject(Consultant.class); + consultant.setTenantId(ANOTHER_TENANT); + // when + assertThat(multitenancyWithSingleDomainTenantResolver.canResolve(request)).isFalse(); + assertThat(multitenancyWithSingleDomainTenantResolver.resolve(request)).isEmpty(); + } + @Test void resolve_Should_ThrowBadRequestException_When_AgencyIdProvidedInHeader_ButAgencyDoesNotContainValidTenantId() {