source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2024 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.authentication;
  21
  22 import com.tngtech.java.junit.dataprovider.DataProvider;
  23 import com.tngtech.java.junit.dataprovider.DataProviderRunner;
  24 import java.util.Optional;
  25 import javax.servlet.http.Cookie;
  26 import javax.servlet.http.HttpServletRequest;
  27 import javax.servlet.http.HttpServletResponse;
  28 import org.junit.Before;
  29 import org.junit.Test;
  30 import org.junit.runner.RunWith;
  31 import org.mockito.ArgumentCaptor;
  32
  33 import static org.assertj.core.api.Assertions.assertThat;
  34 import static org.mockito.ArgumentMatchers.any;
  35 import static org.mockito.Mockito.mock;
  36 import static org.mockito.Mockito.never;
  37 import static org.mockito.Mockito.verify;
  38 import static org.mockito.Mockito.when;
  39
  40 @RunWith(DataProviderRunner.class)
  41 public class OAuth2AuthenticationParametersImplTest {
  42
  43   private static final String AUTHENTICATION_COOKIE_NAME = "AUTH-PARAMS";
  44   private final ArgumentCaptor<Cookie> cookieArgumentCaptor = ArgumentCaptor.forClass(Cookie.class);
  45   private final HttpServletResponse response = mock(HttpServletResponse.class);
  46   private final HttpServletRequest request = mock(HttpServletRequest.class);
  47
  48   private final OAuth2AuthenticationParameters underTest = new OAuth2AuthenticationParametersImpl();
  49
  50   @Before
  51   public void setUp() {
  52     when(request.getContextPath()).thenReturn("");
  53   }
  54
  55   @Test
  56   public void init_create_cookie() {
  57     when(request.getParameter("return_to")).thenReturn("/settings");
  58
  59     underTest.init(request, response);
  60
  61     verify(response).addCookie(cookieArgumentCaptor.capture());
  62     Cookie cookie = cookieArgumentCaptor.getValue();
  63     assertThat(cookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME);
  64     assertThat(cookie.getValue()).isNotEmpty();
  65     assertThat(cookie.getPath()).isEqualTo("/");
  66     assertThat(cookie.isHttpOnly()).isTrue();
  67     assertThat(cookie.getMaxAge()).isEqualTo(300);
  68     assertThat(cookie.getSecure()).isFalse();
  69   }
  70
  71   @Test
  72   public void init_does_not_create_cookie_when_no_parameter() {
  73     underTest.init(request, response);
  74
  75     verify(response, never()).addCookie(any(Cookie.class));
  76   }
  77
  78   @Test
  79   public void init_does_not_create_cookie_when_parameters_are_empty() {
  80     when(request.getParameter("return_to")).thenReturn("");
  81     when(request.getParameter("allowEmailShift")).thenReturn("");
  82
  83     underTest.init(request, response);
  84
  85     verify(response, never()).addCookie(any(Cookie.class));
  86   }
  87
  88   @Test
  89   public void init_does_not_create_cookie_when_parameters_are_null() {
  90     when(request.getParameter("return_to")).thenReturn(null);
  91     when(request.getParameter("allowEmailShift")).thenReturn(null);
  92
  93     underTest.init(request, response);
  94
  95     verify(response, never()).addCookie(any(Cookie.class));
  96   }
  97
  98   @Test
  99   @DataProvider({"http://example.com", "/\t/example.com", "//local_file", "/\\local_file", "something_else"})
 100   public void get_return_to_is_not_set_when_not_local(String url) {
 101     when(request.getParameter("return_to")).thenReturn(url);
 102
 103     assertThat(underTest.getReturnTo(request)).isEmpty();
 104   }
 105
 106   @Test
 107   public void get_return_to_parameter() {
 108     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")});
 109
 110     Optional<String> redirection = underTest.getReturnTo(request);
 111
 112     assertThat(redirection).contains("/settings");
 113   }
 114
 115   @Test
 116   public void get_return_to_is_empty_when_no_cookie() {
 117     when(request.getCookies()).thenReturn(new Cookie[] {});
 118
 119     Optional<String> redirection = underTest.getReturnTo(request);
 120
 121     assertThat(redirection).isEmpty();
 122   }
 123
 124   @Test
 125   public void get_return_to_is_empty_when_no_value() {
 126     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
 127
 128     Optional<String> redirection = underTest.getReturnTo(request);
 129
 130     assertThat(redirection).isEmpty();
 131   }
 132
 133   @Test
 134   public void delete() {
 135     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")});
 136
 137     underTest.delete(request, response);
 138
 139     verify(response).addCookie(cookieArgumentCaptor.capture());
 140     Cookie updatedCookie = cookieArgumentCaptor.getValue();
 141     assertThat(updatedCookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME);
 142     assertThat(updatedCookie.getValue()).isNull();
 143     assertThat(updatedCookie.getPath()).isEqualTo("/");
 144     assertThat(updatedCookie.getMaxAge()).isZero();
 145   }
 146 }