diff options
| author | Thomas <> | 2024-05-06 19:03:07 +0200 |
|---|---|---|
| committer | Thomas <> | 2024-05-06 19:03:07 +0200 |
| commit | 3454a41c5ecbff5e700efc16ee41cb11ec110e66 (patch) | |
| tree | a2f7f067618b2b473c25812417a77b3a6d6df1a5 /eaaf_core/src/test | |
| parent | 3654faef1801665ba74e43cdcf1fdd1ae359f52c (diff) | |
| download | EAAF-Components-3454a41c5ecbff5e700efc16ee41cb11ec110e66.tar.gz EAAF-Components-3454a41c5ecbff5e700efc16ee41cb11ec110e66.tar.bz2 EAAF-Components-3454a41c5ecbff5e700efc16ee41cb11ec110e66.zip | |
feat(core): add optional extended HTTP request validator
Diffstat (limited to 'eaaf_core/src/test')
| -rw-r--r-- | eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java new file mode 100644 index 00000000..9e02fc91 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java @@ -0,0 +1,115 @@ +package at.gv.egiz.eaaf.core.test.impl.idp.validation; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; + +import java.util.UUID; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.EaafSecurityException; +import at.gv.egiz.eaaf.core.impl.idp.auth.dummy.DummyPendingRequest; +import at.gv.egiz.eaaf.core.impl.idp.validation.CookieBasedRequestValidator; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import jakarta.servlet.http.Cookie; +import lombok.SneakyThrows; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class CookieBasedRequestValidatorTest { + + DummyAuthConfigMap config = new DummyAuthConfigMap(); + + CookieBasedRequestValidator toCheck = new CookieBasedRequestValidator(); + MockHttpServletRequest httpReq; + IRequest pendingReq; + + /** + * jUnit test initializer. + */ + @Before + @SneakyThrows + public void initialize() { + pendingReq = new DummyPendingRequest(); + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + ((DummyPendingRequest) pendingReq).initialize(httpReq, config); + + } + + @Test + @SneakyThrows + public void setHttpCookie() { + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + toCheck.setValidationInfos(httpResp, pendingReq); + + // validate state + String storedCookie = pendingReq.getRawData(CookieBasedRequestValidator.HTTP_COOKIE_SEC, String.class); + assertNotNull("stored http cookie", storedCookie); + + Cookie cookie = httpResp.getCookie(CookieBasedRequestValidator.HTTP_COOKIE_SEC); + assertNotNull("response http cookie", cookie); + + assertEquals(storedCookie, cookie.getValue(), "cookie value not match"); + + assertTrue("httpOnly", cookie.isHttpOnly()); + assertTrue("secured", cookie.getSecure()); + + assertEquals("", cookie.getPath(), "wrong Context Path"); + + } + + @Test + @SneakyThrows + public void success() { + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + toCheck.setValidationInfos(httpResp, pendingReq); + + // validate state + httpReq.setCookies(httpResp.getCookies()); + toCheck.validate(httpReq, pendingReq); + + } + + @Test + @SneakyThrows + public void notCookieInSession() { + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + toCheck.setValidationInfos(httpResp, pendingReq); + + // validate state + pendingReq.removeRawDataFromTransaction(CookieBasedRequestValidator.HTTP_COOKIE_SEC); + + httpReq.setCookies(httpResp.getCookies()); + toCheck.validate(httpReq, pendingReq); + + } + + @Test + @SneakyThrows + public void wrongCookie() { + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + toCheck.setValidationInfos(httpResp, pendingReq); + + // validate state + + Cookie cookie = httpResp.getCookie(CookieBasedRequestValidator.HTTP_COOKIE_SEC); + cookie.setValue(UUID.randomUUID().toString()); + httpReq.setCookies(cookie); + + EaafSecurityException error = assertThrows(EaafSecurityException.class, + () -> toCheck.validate(httpReq, pendingReq)); + assertEquals("process.80", error.getErrorId(), "wrong ErrorCode"); + + } + +} |