Files
SCM-Manager/scm-webapp/src/test/java/sonia/scm/security/DefaultAccessTokenCookieIssuerTest.java
2020-08-21 11:38:59 +02:00

136 lines
3.7 KiB
Java

/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import sonia.scm.config.ScmConfiguration;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
import static org.junit.Assert.*;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class DefaultAccessTokenCookieIssuerTest {
private ScmConfiguration configuration;
private DefaultAccessTokenCookieIssuer issuer;
@Mock
private HttpServletRequest request;
@Mock
private HttpServletResponse response;
@Mock
private AccessToken accessToken;
@Captor
private ArgumentCaptor<Cookie> cookieArgumentCaptor;
@Before
public void setUp() {
configuration = new ScmConfiguration();
issuer = new DefaultAccessTokenCookieIssuer(configuration);
}
@Test
public void testContextPath() {
assertContextPath("/scm", "/scm");
assertContextPath("/", "/");
assertContextPath("", "/");
assertContextPath(null, "/");
}
@Test
public void httpOnlyShouldBeEnabledIfXsrfProtectionIsDisabled() {
configuration.setEnabledXsrfProtection(false);
Cookie cookie = authenticate();
assertTrue(cookie.isHttpOnly());
}
@Test
public void httpOnlyShouldBeDisabled() {
Cookie cookie = authenticate();
assertFalse(cookie.isHttpOnly());
}
@Test
public void secureShouldBeSetIfTheRequestIsSecure() {
when(request.isSecure()).thenReturn(true);
Cookie cookie = authenticate();
assertTrue(cookie.getSecure());
}
@Test
public void secureShouldBeDisabledIfTheRequestIsNotSecure() {
when(request.isSecure()).thenReturn(false);
Cookie cookie = authenticate();
assertFalse(cookie.getSecure());
}
@Test
public void testInvalidate() {
issuer.invalidate(request, response);
verify(response).addCookie(cookieArgumentCaptor.capture());
Cookie cookie = cookieArgumentCaptor.getValue();
assertEquals(0, cookie.getMaxAge());
}
private Cookie authenticate() {
issuer.authenticate(request, response, accessToken);
verify(response).addCookie(cookieArgumentCaptor.capture());
return cookieArgumentCaptor.getValue();
}
private void assertContextPath(String contextPath, String expected) {
when(request.getContextPath()).thenReturn(contextPath);
assertEquals(expected, issuer.contextPath(request));
}
}