1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
package org.onap.sdc.security;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.Spy;
import org.mockito.junit.MockitoJUnitRunner;
import org.onap.sdc.security.filters.ResponceWrapper;
import org.onap.sdc.security.filters.SampleFilter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
//@RunWith(PowerMockRunner.class)
//@PrepareForTest(fullyQualifiedNames = "org.onap.sdc.security.*")
public class SessionValidationFilterTest {
@Mock
private HttpServletRequest request;
@Spy
private HttpServletResponse response;
@Mock
private FilterChain filterChain;
@Mock
private FilterConfig filterConfig;
@Mock
private ResponceWrapper responceWrapper;
// implementation of SessionValidationFilter
@InjectMocks
@Spy
private SampleFilter sessionValidationFilter = new SampleFilter();
@Before
public void setUpClass() throws ServletException {
sessionValidationFilter.init(filterConfig);
}
@Test
public void excludedUrlHealthcheck() throws IOException, ServletException {
when(request.getPathInfo()).thenReturn("/healthCheck");
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(filterChain, times(1)).doFilter(request, response);
}
@Test
public void excludedUrlUpload() throws IOException, ServletException {
when(request.getPathInfo()).thenReturn("/upload/123");
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(filterChain, times(1)).doFilter(request, response);
}
// case when url pattern in web.xml is forward slash (/)
@Test
public void pathInfoIsNull() throws IOException, ServletException {
when(request.getServletPath()).thenReturn("/upload/2");
when(request.getPathInfo()).thenReturn(null);
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(filterChain, times(1)).doFilter(request, response);
}
@Test
public void noCookiesInRequest() throws IOException, ServletException {
when(request.getPathInfo()).thenReturn("/resource");
when(request.getCookies()).thenReturn(new Cookie[0]);
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
}
@Test
public void nullCookiesInRequest() throws IOException, ServletException {
when(request.getPathInfo()).thenReturn("/resource");
when(request.getCookies()).thenReturn(null);
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
}
@Test
public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException {
when(request.getPathInfo()).thenReturn("/resource");
String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1);
Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku")));
when(request.getCookies()).thenReturn(new Cookie[]{cookie});
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
}
@Test
public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException {
when(request.getPathInfo()).thenReturn("/resource");
AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
// set max session time to timout value
long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut();
long startTime = authenticationCookie.getMaxSessionTime();
long timeout = startTime - maxSessionTimeOut - 1000l;
authenticationCookie.setMaxSessionTime(timeout);
Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
when(request.getCookies()).thenReturn(new Cookie[]{cookie});
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
}
@Test
public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException {
when(request.getPathInfo()).thenReturn("/resource");
AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
// set session time to timout to idle
long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut();
long sessionStartTime = authenticationCookie.getCurrentSessionTime();
long timeout = sessionStartTime - idleSessionTimeOut - 2000;
authenticationCookie.setCurrentSessionTime(timeout);
Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
when(request.getCookies()).thenReturn(new Cookie[]{cookie});
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
}
@Test
public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException {
when(request.getPathInfo()).thenReturn("/resource");
AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
when(request.getCookies()).thenReturn(new Cookie[]{cookie});
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(filterChain, times(1)).doFilter(request, response);
}
// test validate contains
@Test
public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException {
when(request.getPathInfo()).thenReturn("/resource");
AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
when(request.getCookies()).thenReturn(new Cookie[]{cookie});
sessionValidationFilter.doFilter(request, response, filterChain);
Mockito.verify(filterChain, times(1)).doFilter(request, response);
}
}
|
