/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.servlet.support.csrf;
import static org.fest.assertions.Assertions.assertThat;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.util.ReflectionUtils;
import org.springframework.web.servlet.support.RequestDataValueProcessor;
/**
* @author Rob Winch
*
*/
public class CsrfRequestDataValueProcessorTests {
private MockHttpServletRequest request;
private CsrfRequestDataValueProcessor processor;
private CsrfToken token;
private Map<String,String> expected = new HashMap<String,String>();
@Before
public void setup() {
request = new MockHttpServletRequest();
processor = new CsrfRequestDataValueProcessor();
token = new DefaultCsrfToken("1", "a", "b");
request.setAttribute(CsrfToken.class.getName(), token);
expected.put(token.getParameterName(),token.getToken());
}
@Test
public void assertAllMethodsDeclared() {
Method[] expectedMethods = ReflectionUtils.getAllDeclaredMethods(RequestDataValueProcessor.class);
for(Method expected : expectedMethods) {
assertThat(ReflectionUtils.findMethod(CsrfRequestDataValueProcessor.class, expected.getName(), expected.getParameterTypes())).as("Expected to find "+ expected+ " defined on "+CsrfRequestDataValueProcessor.class).isNotNull();
}
}
@Test
public void getExtraHiddenFieldsNoCsrfToken() {
request = new MockHttpServletRequest();
assertThat(processor.getExtraHiddenFields(request)).isEmpty();
}
@Test
public void getExtraHiddenFieldsHasCsrfTokenNoMethodSet() {
assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
}
@Test
public void getExtraHiddenFieldsHasCsrfToken_GET() {
processor.processAction(request, "action", "GET");
assertThat(processor.getExtraHiddenFields(request)).isEmpty();
}
@Test
public void getExtraHiddenFieldsHasCsrfToken_get() {
processor.processAction(request, "action", "get");
assertThat(processor.getExtraHiddenFields(request)).isEmpty();
}
@Test
public void getExtraHiddenFieldsHasCsrfToken_POST() {
processor.processAction(request, "action", "POST");
assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
}
@Test
public void getExtraHiddenFieldsHasCsrfToken_post() {
processor.processAction(request, "action", "post");
assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
}
@Test
public void processAction() {
String action = "action";
assertThat(processor.processAction(request, action)).isEqualTo(action);
}
@Test
public void processActionWithMethodArg() {
String action = "action";
assertThat(processor.processAction(request, action, null)).isEqualTo(action);
}
@Test
public void processFormFieldValue() {
String value = "action";
assertThat(processor.processFormFieldValue(request, "name", value, "hidden")).isEqualTo(value);
}
@Test
public void processUrl() {
String url = "url";
assertThat(processor.processUrl(request, url)).isEqualTo(url);
}
@Test
public void createGetExtraHiddenFieldsHasCsrfToken() {
CsrfToken token = new DefaultCsrfToken("1", "a", "b");
request.setAttribute(CsrfToken.class.getName(), token);
Map<String,String> expected = new HashMap<String,String>();
expected.put(token.getParameterName(),token.getToken());
RequestDataValueProcessor processor = new CsrfRequestDataValueProcessor();
assertThat(processor.getExtraHiddenFields(request)).isEqualTo(expected);
}
}