3 * Copyright (C) 2009-2020 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.authentication.ws;
22 import java.io.PrintWriter;
23 import java.io.StringWriter;
24 import java.util.Optional;
25 import javax.servlet.FilterChain;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
28 import org.junit.Before;
29 import org.junit.Test;
30 import org.sonar.api.config.internal.MapSettings;
31 import org.sonar.api.server.ws.WebService;
32 import org.sonar.server.authentication.BasicAuthentication;
33 import org.sonar.server.authentication.JwtHttpHandler;
34 import org.sonar.server.authentication.event.AuthenticationException;
35 import org.sonar.server.ws.ServletFilterHandler;
36 import org.sonar.test.JsonAssert;
37 import org.sonarqube.ws.MediaTypes;
39 import static org.assertj.core.api.Assertions.assertThat;
40 import static org.mockito.Mockito.doThrow;
41 import static org.mockito.Mockito.mock;
42 import static org.mockito.Mockito.verify;
43 import static org.mockito.Mockito.when;
44 import static org.sonar.db.user.UserTesting.newUserDto;
46 public class ValidateActionTest {
48 StringWriter stringWriter = new StringWriter();
50 HttpServletRequest request = mock(HttpServletRequest.class);
51 HttpServletResponse response = mock(HttpServletResponse.class);
52 FilterChain chain = mock(FilterChain.class);
54 BasicAuthentication basicAuthentication = mock(BasicAuthentication.class);
55 JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class);
57 MapSettings settings = new MapSettings();
59 ValidateAction underTest = new ValidateAction(settings.asConfig(), basicAuthentication, jwtHttpHandler);
62 public void setUp() throws Exception {
63 PrintWriter writer = new PrintWriter(stringWriter);
64 when(response.getWriter()).thenReturn(writer);
68 public void verify_definition() {
69 String controllerKey = "foo";
70 WebService.Context context = new WebService.Context();
71 WebService.NewController newController = context.createController(controllerKey);
72 underTest.define(newController);
75 WebService.Action validate = context.controller(controllerKey).action("validate");
76 assertThat(validate).isNotNull();
77 assertThat(validate.handler()).isInstanceOf(ServletFilterHandler.class);
78 assertThat(validate.responseExampleAsString()).isNotEmpty();
79 assertThat(validate.params()).isEmpty();
83 public void return_true_when_jwt_token_is_set() throws Exception {
84 when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.of(newUserDto()));
85 when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty());
87 underTest.doFilter(request, response, chain);
89 verify(response).setContentType(MediaTypes.JSON);
90 JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":true}");
94 public void return_true_when_basic_auth() throws Exception {
95 when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty());
96 when(basicAuthentication.authenticate(request)).thenReturn(Optional.of(newUserDto()));
98 underTest.doFilter(request, response, chain);
100 verify(response).setContentType(MediaTypes.JSON);
101 JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":true}");
105 public void return_true_when_no_jwt_nor_basic_auth_and_no_force_authentication() throws Exception {
106 settings.setProperty("sonar.forceAuthentication", "false");
107 when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty());
108 when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty());
110 underTest.doFilter(request, response, chain);
112 verify(response).setContentType(MediaTypes.JSON);
113 JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":true}");
117 public void return_false_when_no_jwt_nor_basic_auth_and_force_authentication_is_true() throws Exception {
118 settings.setProperty("sonar.forceAuthentication", "true");
119 when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty());
120 when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty());
122 underTest.doFilter(request, response, chain);
124 verify(response).setContentType(MediaTypes.JSON);
125 JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":false}");
129 public void return_false_when_jwt_throws_unauthorized_exception() throws Exception {
130 doThrow(AuthenticationException.class).when(jwtHttpHandler).validateToken(request, response);
131 when(basicAuthentication.authenticate(request)).thenReturn(Optional.empty());
133 underTest.doFilter(request, response, chain);
135 verify(response).setContentType(MediaTypes.JSON);
136 JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":false}");
140 public void return_false_when_basic_authenticator_throws_unauthorized_exception() throws Exception {
141 when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty());
142 doThrow(AuthenticationException.class).when(basicAuthentication).authenticate(request);
144 underTest.doFilter(request, response, chain);
146 verify(response).setContentType(MediaTypes.JSON);
147 JsonAssert.assertJson(stringWriter.toString()).isSimilarTo("{\"valid\":false}");
projects / sonarqube.git / blob