From 3454a41c5ecbff5e700efc16ee41cb11ec110e66 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 6 May 2024 19:03:07 +0200
Subject: feat(core): add optional extended HTTP request validator

---
 .../CookieBasedRequestValidatorTest.java           | 115 +++++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java

(limited to 'eaaf_core/src/test')

diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java
new file mode 100644
index 00000000..9e02fc91
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/test/impl/idp/validation/CookieBasedRequestValidatorTest.java
@@ -0,0 +1,115 @@
+package at.gv.egiz.eaaf.core.test.impl.idp.validation;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.util.UUID;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.EaafSecurityException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.dummy.DummyPendingRequest;
+import at.gv.egiz.eaaf.core.impl.idp.validation.CookieBasedRequestValidator;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import jakarta.servlet.http.Cookie;
+import lombok.SneakyThrows;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class CookieBasedRequestValidatorTest {
+
+  DummyAuthConfigMap config = new DummyAuthConfigMap();
+
+  CookieBasedRequestValidator toCheck = new CookieBasedRequestValidator();
+  MockHttpServletRequest httpReq;
+  IRequest pendingReq;
+
+  /**
+   * jUnit test initializer.
+   */
+  @Before
+  @SneakyThrows
+  public void initialize() {
+    pendingReq = new DummyPendingRequest();
+
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    ((DummyPendingRequest) pendingReq).initialize(httpReq, config);
+
+  }
+
+  @Test
+  @SneakyThrows
+  public void setHttpCookie() {
+    MockHttpServletResponse httpResp = new MockHttpServletResponse();
+    toCheck.setValidationInfos(httpResp, pendingReq);
+
+    // validate state
+    String storedCookie = pendingReq.getRawData(CookieBasedRequestValidator.HTTP_COOKIE_SEC, String.class);
+    assertNotNull("stored http cookie", storedCookie);
+
+    Cookie cookie = httpResp.getCookie(CookieBasedRequestValidator.HTTP_COOKIE_SEC);
+    assertNotNull("response http cookie", cookie);
+
+    assertEquals(storedCookie, cookie.getValue(), "cookie value not match");
+
+    assertTrue("httpOnly", cookie.isHttpOnly());
+    assertTrue("secured", cookie.getSecure());
+
+    assertEquals("", cookie.getPath(), "wrong Context Path");
+
+  }
+
+  @Test
+  @SneakyThrows
+  public void success() {
+    MockHttpServletResponse httpResp = new MockHttpServletResponse();
+    toCheck.setValidationInfos(httpResp, pendingReq);
+
+    // validate state
+    httpReq.setCookies(httpResp.getCookies());
+    toCheck.validate(httpReq, pendingReq);
+
+  }
+
+  @Test
+  @SneakyThrows
+  public void notCookieInSession() {
+    MockHttpServletResponse httpResp = new MockHttpServletResponse();
+    toCheck.setValidationInfos(httpResp, pendingReq);
+
+    // validate state
+    pendingReq.removeRawDataFromTransaction(CookieBasedRequestValidator.HTTP_COOKIE_SEC);
+
+    httpReq.setCookies(httpResp.getCookies());
+    toCheck.validate(httpReq, pendingReq);
+
+  }
+
+  @Test
+  @SneakyThrows
+  public void wrongCookie() {
+    MockHttpServletResponse httpResp = new MockHttpServletResponse();
+    toCheck.setValidationInfos(httpResp, pendingReq);
+
+    // validate state
+
+    Cookie cookie = httpResp.getCookie(CookieBasedRequestValidator.HTTP_COOKIE_SEC);
+    cookie.setValue(UUID.randomUUID().toString());
+    httpReq.setCookies(cookie);
+    
+    EaafSecurityException error = assertThrows(EaafSecurityException.class, 
+        () -> toCheck.validate(httpReq, pendingReq));
+    assertEquals("process.80", error.getErrorId(), "wrong ErrorCode");
+
+  }
+
+}
-- 
cgit v1.2.3