diff options
author | andrzejszukuc <andrzej.szukuc@nokia.com> | 2018-10-04 09:48:10 +0200 |
---|---|---|
committer | andrzejszukuc <andrzej.szukuc@nokia.com> | 2018-10-10 10:14:26 +0200 |
commit | 9a07a2c23e4ad44a65096004b2731b7188a8d09c (patch) | |
tree | 4c5524ca95e39d29f9f165b38b246f6d4113b22c /src/test | |
parent | 84b25b7ab2019a558fad92e21c4cc44c242e4461 (diff) |
ApiAuthInterceptor tests have been added
Change-Id: Ieb42e8fa417ff3afb8acad3bd6c48a8287026a2e
Issue-ID: DCAEGEN2-517
Signed-off-by: ANDRZEJ SZUKUC <andrzej.szukuc@nokia.com>
Diffstat (limited to 'src/test')
-rw-r--r-- | src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java new file mode 100644 index 00000000..cb4d334c --- /dev/null +++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java @@ -0,0 +1,176 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dcaegen2.collectors.ves + * ================================================================================ + * Copyright (C) 2018 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dcae.restapi; + +import io.vavr.collection.HashMap; +import io.vavr.collection.Map; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; +import org.onap.dcae.ApplicationSettings; +import org.slf4j.Logger; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.Silent.class) +public class ApiAuthInterceptionTest { + private static final String USERNAME = "Foo"; + private static final String PASSWORD = "Bar"; + private static final Map<String, String> CREDENTIALS = HashMap.of(USERNAME, PASSWORD); + + @Mock + private Logger log; + + @Mock + private ApplicationSettings settings; + + @Mock + private HttpServletResponse response; + + @Mock + private Object obj; + + @Mock + private PrintWriter writer; + + @InjectMocks + private ApiAuthInterceptor sut; + + + private HttpServletRequest createEmptyRequest() { + return MockMvcRequestBuilders + .post("") + .buildRequest(null); + } + + private HttpServletRequest createRequestWithAuthorizationHeader() { + return SecurityMockMvcRequestPostProcessors + .httpBasic(USERNAME, PASSWORD) + .postProcessRequest( + MockMvcRequestBuilders + .post("") + .buildRequest(null)); + } + + @Test + public void shouldSucceedWhenAuthorizationIsDisabled() throws IOException { + // given + final HttpServletRequest request = createEmptyRequest(); + + when(settings.authorizationEnabled()).thenReturn(false); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertTrue(isAuthorized); + } + + @Test + public void shouldFailDueToEmptyBasicAuthorizationHeader() throws IOException { + // given + final HttpServletRequest request = createEmptyRequest(); + + when(settings.authorizationEnabled()).thenReturn(true); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + + // then + assertFalse(isAuthorized); + + verify(response).setStatus(HttpStatus.BAD_REQUEST.value()); + verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); + } + + @Test + public void shouldFailDueToBasicAuthenticationUserMissingFromSettings() throws IOException { + // given + final HttpServletRequest request = createRequestWithAuthorizationHeader(); + + when(settings.authorizationEnabled()).thenReturn(true); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertFalse(isAuthorized); + + verify(response).setStatus(HttpStatus.BAD_REQUEST.value()); + verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); + } + + @Test + public void shouldSucceed() throws IOException { + // given + final HttpServletRequest request = createRequestWithAuthorizationHeader(); + + when(settings.authorizationEnabled()).thenReturn(true); + when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertTrue(isAuthorized); + } + + @Test + public void shouldFailDueToInvalidBasicAuthorizationHeaderValue() throws IOException { + // given + final HttpServletRequest request = + MockMvcRequestBuilders + .post("") + .header(HttpHeaders.AUTHORIZATION, "FooBar") + .buildRequest(null); + + when(settings.authorizationEnabled()).thenReturn(true); + when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertFalse(isAuthorized); + + verify(response).setStatus(HttpStatus.BAD_REQUEST.value()); + verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); + } +} |