BC-6453 - replace UnauthorizedException with `AuthorizationErrorLog…

…gableException`
hpi-schul-cloud · Jun 13, 2024 · eeb78a5 · eeb78a5
1 parent 2574922
commit eeb78a5
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 14 deletions.
diff --git a/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts b/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts
@@ -1,5 +1,4 @@
 import { createMock, DeepMocked } from '@golevelup/ts-jest';
-import { UnauthorizedException } from '@nestjs/common';
 import { REQUEST } from '@nestjs/core';
 import { Test, TestingModule } from '@nestjs/testing';
 import { AxiosResponse } from 'axios';
@@ -285,21 +284,22 @@ describe(AuthorizationClientAdapter.name, () => {
 				});
 				const adapter = new AuthorizationClientAdapter(authorizationApi, request);
 
-				return { params, adapter };
+				const error = new Error('Authentication is required.');
+
+				return { params, adapter, error };
 			};
 
 			it('should throw an UnauthorizedException', async () => {
-				const { params, adapter } = setup();
+				const { params, adapter, error } = setup();
 
-				await expect(adapter.hasPermissionsByReference(params)).rejects.toThrowError(UnauthorizedException);
+				const expectedError = new AuthorizationErrorLoggableException(error, params);
+
+				await expect(adapter.hasPermissionsByReference(params)).rejects.toThrowError(expectedError);
 			});
 		});
 
 		describe('when authorizationReferenceControllerAuthorizeByReference returns error', () => {
 			const setup = () => {
-				const error = new Error('testError');
-				authorizationApi.authorizationReferenceControllerAuthorizeByReference.mockRejectedValueOnce(error);
-
 				const params = {
 					context: {
 						action: Action.READ,
@@ -309,6 +309,9 @@ describe(AuthorizationClientAdapter.name, () => {
 					referenceId: 'someReferenceId',
 				};
 
+				const error = new Error('testError');
+				authorizationApi.authorizationReferenceControllerAuthorizeByReference.mockRejectedValueOnce(error);
+
 				return { params, error };
 			};
 

diff --git a/apps/server/src/infra/authorization-client/authorization-client.adapter.ts b/apps/server/src/infra/authorization-client/authorization-client.adapter.ts
@@ -1,4 +1,4 @@
-import { Inject, Injectable, UnauthorizedException } from '@nestjs/common';
+import { Inject, Injectable } from '@nestjs/common';
 import { REQUEST } from '@nestjs/core';
 import { RawAxiosRequestConfig } from 'axios';
 import cookie from 'cookie';
@@ -19,14 +19,13 @@ export class AuthorizationClientAdapter {
 	}
 
 	public async hasPermissionsByReference(params: AuthorizationBodyParams): Promise<boolean> {
-		const options = this.createOptionParams();
+		const options = this.createOptionParams(params);
 
 		try {
 			const response = await this.authorizationApi.authorizationReferenceControllerAuthorizeByReference(
 				params,
 				options
 			);
-
 			const hasPermission = response.data.isAuthorized;
 
 			return hasPermission;
@@ -35,19 +34,20 @@ export class AuthorizationClientAdapter {
 		}
 	}
 
-	private createOptionParams(): RawAxiosRequestConfig<any> {
-		const jwt = this.getJWT();
+	private createOptionParams(params: AuthorizationBodyParams): RawAxiosRequestConfig<any> {
+		const jwt = this.getJWT(params);
 		const options: RawAxiosRequestConfig<any> = { headers: { authorization: `Bearer ${jwt}` } };
 
 		return options;
 	}
 
-	private getJWT(): string {
+	private getJWT(params: AuthorizationBodyParams): string {
 		const getJWT = ExtractJwt.fromExtractors([ExtractJwt.fromAuthHeaderAsBearerToken(), this.fromCookie('jwt')]);
 		const jwt = getJWT(this.request) || this.request.headers.authorization;
 
 		if (!jwt) {
-			throw new UnauthorizedException('Authentication is required.');
+			const error = new Error('Authentication is required.');
+			throw new AuthorizationErrorLoggableException(error, params);
 		}
 
 		return jwt;