source.dussan.org Git - sonarqube.git/blob

   1 /*
   2  * SonarQube
   3  * Copyright (C) 2009-2021 SonarSource SA
   4  * mailto:info AT sonarsource DOT com
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 3 of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 package org.sonar.server.authentication;
  21
  22 import com.tngtech.java.junit.dataprovider.DataProvider;
  23 import com.tngtech.java.junit.dataprovider.DataProviderRunner;
  24 import java.util.Optional;
  25 import javax.servlet.http.Cookie;
  26 import javax.servlet.http.HttpServletRequest;
  27 import javax.servlet.http.HttpServletResponse;
  28 import org.junit.Before;
  29 import org.junit.Test;
  30 import org.junit.runner.RunWith;
  31 import org.mockito.ArgumentCaptor;
  32
  33 import static org.assertj.core.api.Assertions.assertThat;
  34 import static org.mockito.ArgumentMatchers.any;
  35 import static org.mockito.Mockito.mock;
  36 import static org.mockito.Mockito.never;
  37 import static org.mockito.Mockito.verify;
  38 import static org.mockito.Mockito.when;
  39
  40 @RunWith(DataProviderRunner.class)
  41 public class OAuth2AuthenticationParametersImplTest {
  42
  43   private static final String AUTHENTICATION_COOKIE_NAME = "AUTH-PARAMS";
  44   private ArgumentCaptor<Cookie> cookieArgumentCaptor = ArgumentCaptor.forClass(Cookie.class);
  45
  46   private HttpServletResponse response = mock(HttpServletResponse.class);
  47   private HttpServletRequest request = mock(HttpServletRequest.class);
  48
  49   private OAuth2AuthenticationParameters underTest = new OAuth2AuthenticationParametersImpl();
  50
  51   @Before
  52   public void setUp() {
  53     when(request.getContextPath()).thenReturn("");
  54   }
  55
  56   @Test
  57   public void init_create_cookie() {
  58     when(request.getParameter("return_to")).thenReturn("/settings");
  59
  60     underTest.init(request, response);
  61
  62     verify(response).addCookie(cookieArgumentCaptor.capture());
  63     Cookie cookie = cookieArgumentCaptor.getValue();
  64     assertThat(cookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME);
  65     assertThat(cookie.getValue()).isNotEmpty();
  66     assertThat(cookie.getPath()).isEqualTo("/");
  67     assertThat(cookie.isHttpOnly()).isTrue();
  68     assertThat(cookie.getMaxAge()).isEqualTo(300);
  69     assertThat(cookie.getSecure()).isFalse();
  70   }
  71
  72   @Test
  73   public void init_does_not_create_cookie_when_no_parameter() {
  74     underTest.init(request, response);
  75
  76     verify(response, never()).addCookie(any(Cookie.class));
  77   }
  78
  79   @Test
  80   public void init_does_not_create_cookie_when_parameters_are_empty() {
  81     when(request.getParameter("return_to")).thenReturn("");
  82     when(request.getParameter("allowEmailShift")).thenReturn("");
  83
  84     underTest.init(request, response);
  85
  86     verify(response, never()).addCookie(any(Cookie.class));
  87   }
  88
  89   @Test
  90   public void init_does_not_create_cookie_when_parameters_are_null() {
  91     when(request.getParameter("return_to")).thenReturn(null);
  92     when(request.getParameter("allowEmailShift")).thenReturn(null);
  93
  94     underTest.init(request, response);
  95
  96     verify(response, never()).addCookie(any(Cookie.class));
  97   }
  98
  99   @Test
 100   @DataProvider({"http://example.com", "/\t/example.com", "//local_file", "/\\local_file", "something_else"})
 101   public void return_to_is_not_set_when_not_local(String url) {
 102     when(request.getParameter("return_to")).thenReturn(url);
 103
 104     underTest.init(request, response);
 105
 106     verify(response, never()).addCookie(any());
 107   }
 108
 109   @Test
 110   public void get_return_to_parameter() {
 111     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")});
 112
 113     Optional<String> redirection = underTest.getReturnTo(request);
 114
 115     assertThat(redirection).isNotEmpty();
 116     assertThat(redirection.get()).isEqualTo("/settings");
 117   }
 118
 119   @Test
 120   public void get_return_to_is_empty_when_no_cookie() {
 121     when(request.getCookies()).thenReturn(new Cookie[] {});
 122
 123     Optional<String> redirection = underTest.getReturnTo(request);
 124
 125     assertThat(redirection).isEmpty();
 126   }
 127
 128   @Test
 129   public void get_return_to_is_empty_when_no_value() {
 130     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
 131
 132     Optional<String> redirection = underTest.getReturnTo(request);
 133
 134     assertThat(redirection).isEmpty();
 135   }
 136
 137   @Test
 138   public void get_allowEmailShift_parameter() {
 139     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"allowEmailShift\":\"true\"}")});
 140
 141     Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request);
 142
 143     assertThat(allowEmailShift).isNotEmpty();
 144     assertThat(allowEmailShift.get()).isTrue();
 145   }
 146
 147   @Test
 148   public void get_allowEmailShift_is_empty_when_no_cookie() {
 149     when(request.getCookies()).thenReturn(new Cookie[] {});
 150
 151     Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request);
 152
 153     assertThat(allowEmailShift).isEmpty();
 154   }
 155
 156   @Test
 157   public void get_allowEmailShift_is_empty_when_no_value() {
 158     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
 159
 160     Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request);
 161
 162     assertThat(allowEmailShift).isEmpty();
 163   }
 164
 165   @Test
 166   public void getAllowUpdateLogin_is_empty_when_no_cookie() {
 167     when(request.getCookies()).thenReturn(new Cookie[] {});
 168
 169     Optional<Boolean> allowLoginUpdate = underTest.getAllowUpdateLogin(request);
 170
 171     assertThat(allowLoginUpdate).isEmpty();
 172   }
 173
 174   @Test
 175   public void getAllowUpdateLogin_is_empty_when_no_value() {
 176     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
 177
 178     Optional<Boolean> allowLoginUpdate = underTest.getAllowUpdateLogin(request);
 179
 180     assertThat(allowLoginUpdate).isEmpty();
 181   }
 182
 183   @Test
 184   public void delete() {
 185     when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")});
 186
 187     underTest.delete(request, response);
 188
 189     verify(response).addCookie(cookieArgumentCaptor.capture());
 190     Cookie updatedCookie = cookieArgumentCaptor.getValue();
 191     assertThat(updatedCookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME);
 192     assertThat(updatedCookie.getValue()).isNull();
 193     assertThat(updatedCookie.getPath()).isEqualTo("/");
 194     assertThat(updatedCookie.getMaxAge()).isZero();
 195   }
 196 }