Package com.porterhead.rest.filter

Source Code of com.porterhead.rest.filter.SecurityContextFilterTest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package com.porterhead.rest.filter;

import com.porterhead.rest.config.ApplicationConfig;
import com.porterhead.rest.user.UserRepository;
import com.porterhead.rest.user.UserService;
import com.porterhead.rest.user.api.ExternalUser;
import com.porterhead.rest.user.domain.AuthorizationToken;
import com.porterhead.rest.user.domain.User;
import com.porterhead.rest.user.exception.AuthorizationException;
import com.sun.jersey.spi.container.ContainerRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.joda.time.DateTime;
import org.joda.time.format.ISODateTimeFormat;
import org.junit.Before;
import org.junit.Test;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

import javax.ws.rs.core.SecurityContext;

import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;


public class SecurityContextFilterTest {

    private SecurityContextFilter filter;
    private UserRepository userRepository;
    private UserService userService;
    private ContainerRequest containerRequest;
    private ApplicationConfig applicationConfig;

    @Before
    public void setUp() {
        userRepository = mock(UserRepository.class);
        userService = mock(UserService.class);
        containerRequest = mock(ContainerRequest.class);
        applicationConfig = mock(ApplicationConfig.class);
        when(applicationConfig.getSessionDateOffsetInMinutes()).thenReturn(30);
        when(applicationConfig.requireSignedRequests()).thenReturn(true);
        filter = new SecurityContextFilter(userRepository, userService, applicationConfig);

    }

    @Test
    public void noHeadersInRequest() {
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(null);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(null);
        containerRequest = filter.filter(containerRequest);
        assertThat(containerRequest.getUserPrincipal(), is(nullValue()));
    }

    @Test
    public void validAuthHeaders() {
        setUpValidRequest();
        containerRequest = filter.filter(containerRequest);
    }

    private void setUpValidRequest() {
        User user = new User();
        user.setAuthorizationToken(new AuthorizationToken(user));
        final ExternalUser externalUser = new ExternalUser(user);
        String dateString = new DateTime().toString(ISODateTimeFormat.dateTimeNoMillis());
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256(user.getAuthorizationToken().getToken() + ":user/555,POST," + dateString + ",123")));
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(externalUser.getId() + ":" + hashedToken);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_DATE)).thenReturn(dateString);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_NONCE)).thenReturn("123");
        when(containerRequest.getPath()).thenReturn("user/555");
        when(containerRequest.getMethod()).thenReturn("POST");
        when(userRepository.findByUuid(user.getUuid().toString())).thenReturn(user);
        doAnswer(new Answer() {

            public Object answer(InvocationOnMock invocation) throws Throwable {
                SecurityContext context = (SecurityContext) invocation.getArguments()[0];
                ExternalUser user = (ExternalUser) context.getUserPrincipal();
                assertThat(user.getId(), is(externalUser.getId()));
                return null;
            }
        }).when(containerRequest).setSecurityContext(any(SecurityContext.class));
    }

    @Test (expected = AuthorizationException.class)
    public void dateHeaderIsOutOfRange() {
        User user = new User();
        final ExternalUser externalUser = new ExternalUser(user);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(externalUser.getId() + ":123");
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_DATE)).thenReturn(new DateTime().minusMinutes(10).toString(ISODateTimeFormat.dateTimeNoMillis()));
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_NONCE)).thenReturn("123");
        when(applicationConfig.getSessionDateOffsetInMinutes()).thenReturn(5);
        containerRequest = filter.filter(containerRequest);
    }

    @Test (expected = AuthorizationException.class)
    public void duplicateNonce() throws Exception {
        setUpValidRequest();
        filter.filter(containerRequest);
        Thread.sleep(20); //tolerance limit
        //submit same request again with same nonce value
        filter.filter(containerRequest);
    }



}
TOP

Related Classes of com.porterhead.rest.filter.SecurityContextFilterTest

  • com.porterhead.rest.user.api.ExternalUser
  • com.porterhead.rest.user.domain.AuthorizationToken
  • com.porterhead.rest.user.domain.User
  • org.joda.time.DateTime
  • org.mockito.stubbing.Answer
  • javax.ws.rs.core.SecurityContext
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.