From 9a07a2c23e4ad44a65096004b2731b7188a8d09c Mon Sep 17 00:00:00 2001
From: andrzejszukuc <andrzej.szukuc@nokia.com>
Date: Thu, 4 Oct 2018 09:48:10 +0200
Subject: ApiAuthInterceptor tests have been added

Change-Id: Ieb42e8fa417ff3afb8acad3bd6c48a8287026a2e
Issue-ID: DCAEGEN2-517
Signed-off-by: ANDRZEJ SZUKUC <andrzej.szukuc@nokia.com>
---
 .../onap/dcae/restapi/ApiAuthInterceptionTest.java | 176 +++++++++++++++++++++
 1 file changed, 176 insertions(+)
 create mode 100644 src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java

(limited to 'src/test/java/org/onap/dcae/restapi')

diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
new file mode 100644
index 00000000..cb4d334c
--- /dev/null
+++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
@@ -0,0 +1,176 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dcaegen2.collectors.ves
+ * ================================================================================
+ * Copyright (C) 2018 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcae.restapi;
+
+import io.vavr.collection.HashMap;
+import io.vavr.collection.Map;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.onap.dcae.ApplicationSettings;
+import org.slf4j.Logger;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.Silent.class)
+public class ApiAuthInterceptionTest {
+    private static final String USERNAME = "Foo";
+    private static final String PASSWORD = "Bar";
+    private static final Map<String, String> CREDENTIALS = HashMap.of(USERNAME, PASSWORD);
+
+    @Mock
+    private Logger log;
+
+    @Mock
+    private ApplicationSettings settings;
+
+    @Mock
+    private HttpServletResponse response;
+
+    @Mock
+    private Object obj;
+
+    @Mock
+    private PrintWriter writer;
+
+    @InjectMocks
+    private ApiAuthInterceptor sut;
+
+
+    private HttpServletRequest createEmptyRequest() {
+        return MockMvcRequestBuilders
+                .post("")
+                .buildRequest(null);
+    }
+
+    private HttpServletRequest createRequestWithAuthorizationHeader() {
+        return SecurityMockMvcRequestPostProcessors
+                .httpBasic(USERNAME, PASSWORD)
+                .postProcessRequest(
+                        MockMvcRequestBuilders
+                                .post("")
+                                .buildRequest(null));
+    }
+
+    @Test
+    public void shouldSucceedWhenAuthorizationIsDisabled() throws IOException {
+        // given
+        final HttpServletRequest request = createEmptyRequest();
+
+        when(settings.authorizationEnabled()).thenReturn(false);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertTrue(isAuthorized);
+    }
+
+    @Test
+    public void shouldFailDueToEmptyBasicAuthorizationHeader() throws IOException {
+        // given
+        final HttpServletRequest request = createEmptyRequest();
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+
+        // then
+        assertFalse(isAuthorized);
+
+        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+    }
+
+    @Test
+    public void shouldFailDueToBasicAuthenticationUserMissingFromSettings() throws IOException {
+        // given
+        final HttpServletRequest request = createRequestWithAuthorizationHeader();
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertFalse(isAuthorized);
+
+        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+    }
+
+    @Test
+    public void shouldSucceed() throws IOException {
+        // given
+        final HttpServletRequest request = createRequestWithAuthorizationHeader();
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertTrue(isAuthorized);
+    }
+
+    @Test
+    public void shouldFailDueToInvalidBasicAuthorizationHeaderValue() throws IOException {
+        // given
+        final HttpServletRequest request =
+                MockMvcRequestBuilders
+                        .post("")
+                        .header(HttpHeaders.AUTHORIZATION, "FooBar")
+                        .buildRequest(null);
+
+        when(settings.authorizationEnabled()).thenReturn(true);
+        when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+        when(response.getWriter()).thenReturn(writer);
+
+        // when
+        final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+        // then
+        assertFalse(isAuthorized);
+
+        verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+        verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+    }
+}
-- 
cgit 1.2.3-korg