3 * Copyright (C) 2009-2019 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.authentication;
22 import java.util.Optional;
23 import javax.servlet.http.Cookie;
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpServletResponse;
26 import org.junit.Before;
27 import org.junit.Test;
28 import org.mockito.ArgumentCaptor;
30 import static org.assertj.core.api.Assertions.assertThat;
31 import static org.mockito.ArgumentMatchers.any;
32 import static org.mockito.Mockito.mock;
33 import static org.mockito.Mockito.never;
34 import static org.mockito.Mockito.verify;
35 import static org.mockito.Mockito.when;
37 public class OAuth2AuthenticationParametersImplTest {
39 private static final String AUTHENTICATION_COOKIE_NAME = "AUTH-PARAMS";
40 private ArgumentCaptor<Cookie> cookieArgumentCaptor = ArgumentCaptor.forClass(Cookie.class);
42 private HttpServletResponse response = mock(HttpServletResponse.class);
43 private HttpServletRequest request = mock(HttpServletRequest.class);
45 private OAuth2AuthenticationParameters underTest = new OAuth2AuthenticationParametersImpl();
48 public void setUp() throws Exception {
49 when(request.getContextPath()).thenReturn("");
53 public void init_create_cookie() {
54 when(request.getParameter("return_to")).thenReturn("/settings");
56 underTest.init(request, response);
58 verify(response).addCookie(cookieArgumentCaptor.capture());
59 Cookie cookie = cookieArgumentCaptor.getValue();
60 assertThat(cookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME);
61 assertThat(cookie.getValue()).isNotEmpty();
62 assertThat(cookie.getPath()).isEqualTo("/");
63 assertThat(cookie.isHttpOnly()).isTrue();
64 assertThat(cookie.getMaxAge()).isEqualTo(300);
65 assertThat(cookie.getSecure()).isFalse();
69 public void init_does_not_create_cookie_when_no_parameter() {
70 underTest.init(request, response);
72 verify(response, never()).addCookie(any(Cookie.class));
76 public void init_does_not_create_cookie_when_parameters_are_empty() {
77 when(request.getParameter("return_to")).thenReturn("");
78 when(request.getParameter("allowEmailShift")).thenReturn("");
79 when(request.getParameter("allowUpdateLogin")).thenReturn("");
81 underTest.init(request, response);
83 verify(response, never()).addCookie(any(Cookie.class));
87 public void init_does_not_create_cookie_when_parameters_are_null() {
88 when(request.getParameter("return_to")).thenReturn(null);
89 when(request.getParameter("allowEmailShift")).thenReturn(null);
90 when(request.getParameter("allowUpdateLogin")).thenReturn(null);
92 underTest.init(request, response);
94 verify(response, never()).addCookie(any(Cookie.class));
98 public void return_to_is_not_set_when_not_local() {
99 when(request.getParameter("return_to")).thenReturn("http://external_url");
100 underTest.init(request, response);
101 verify(response, never()).addCookie(any());
103 when(request.getParameter("return_to")).thenReturn("//local_file");
104 underTest.init(request, response);
105 verify(response, never()).addCookie(any());
107 when(request.getParameter("return_to")).thenReturn("/\\local_file");
108 underTest.init(request, response);
109 verify(response, never()).addCookie(any());
111 when(request.getParameter("return_to")).thenReturn("something_else");
112 underTest.init(request, response);
113 verify(response, never()).addCookie(any());
117 public void get_return_to_parameter() {
118 when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")});
120 Optional<String> redirection = underTest.getReturnTo(request);
122 assertThat(redirection).isNotEmpty();
123 assertThat(redirection.get()).isEqualTo("/settings");
127 public void get_return_to_is_empty_when_no_cookie() {
128 when(request.getCookies()).thenReturn(new Cookie[] {});
130 Optional<String> redirection = underTest.getReturnTo(request);
132 assertThat(redirection).isEmpty();
136 public void get_return_to_is_empty_when_no_value() {
137 when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
139 Optional<String> redirection = underTest.getReturnTo(request);
141 assertThat(redirection).isEmpty();
145 public void get_allowEmailShift_parameter() {
146 when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"allowEmailShift\":\"true\"}")});
148 Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request);
150 assertThat(allowEmailShift).isNotEmpty();
151 assertThat(allowEmailShift.get()).isTrue();
155 public void get_allowEmailShift_is_empty_when_no_cookie() {
156 when(request.getCookies()).thenReturn(new Cookie[] {});
158 Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request);
160 assertThat(allowEmailShift).isEmpty();
164 public void get_allowEmailShift_is_empty_when_no_value() {
165 when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
167 Optional<Boolean> allowEmailShift = underTest.getAllowEmailShift(request);
169 assertThat(allowEmailShift).isEmpty();
173 public void getAllowUpdateLogin() {
174 when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"allowUpdateLogin\":\"true\"}")});
176 Optional<Boolean> allowLoginUpdate = underTest.getAllowUpdateLogin(request);
178 assertThat(allowLoginUpdate).isNotEmpty();
179 assertThat(allowLoginUpdate.get()).isTrue();
183 public void getAllowUpdateLogin_is_empty_when_no_cookie() {
184 when(request.getCookies()).thenReturn(new Cookie[] {});
186 Optional<Boolean> allowLoginUpdate = underTest.getAllowUpdateLogin(request);
188 assertThat(allowLoginUpdate).isEmpty();
192 public void getAllowUpdateLogin_is_empty_when_no_value() {
193 when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{}")});
195 Optional<Boolean> allowLoginUpdate = underTest.getAllowUpdateLogin(request);
197 assertThat(allowLoginUpdate).isEmpty();
201 public void delete() {
202 when(request.getCookies()).thenReturn(new Cookie[] {new Cookie(AUTHENTICATION_COOKIE_NAME, "{\"return_to\":\"/settings\"}")});
204 underTest.delete(request, response);
206 verify(response).addCookie(cookieArgumentCaptor.capture());
207 Cookie updatedCookie = cookieArgumentCaptor.getValue();
208 assertThat(updatedCookie.getName()).isEqualTo(AUTHENTICATION_COOKIE_NAME);
209 assertThat(updatedCookie.getValue()).isNull();
210 assertThat(updatedCookie.getPath()).isEqualTo("/");
211 assertThat(updatedCookie.getMaxAge()).isEqualTo(0);
projects / sonarqube.git / blob