From cf3100081ebde86bd5c5c0f6a860e44617bef998 Mon Sep 17 00:00:00 2001 From: Athou Date: Wed, 3 Jan 2024 21:08:25 +0100 Subject: [PATCH] add test for unauthorized websocket usage --- .../frontend/ws/WebSocketEndpoint.java | 8 +++--- .../commafeed/integration/WebSocketIT.java | 25 +++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/commafeed-server/src/main/java/com/commafeed/frontend/ws/WebSocketEndpoint.java b/commafeed-server/src/main/java/com/commafeed/frontend/ws/WebSocketEndpoint.java index 1721ab71..4d145a75 100644 --- a/commafeed-server/src/main/java/com/commafeed/frontend/ws/WebSocketEndpoint.java +++ b/commafeed-server/src/main/java/com/commafeed/frontend/ws/WebSocketEndpoint.java @@ -24,11 +24,12 @@ public class WebSocketEndpoint extends Endpoint { Long userId = (Long) config.getUserProperties().get(WebSocketConfigurator.SESSIONKEY_USERID); if (userId == null) { reject(session); - } else { - log.debug("created websocket session for user {}", userId); - sessions.add(userId, session); + return; } + log.debug("created websocket session for user {}", userId); + sessions.add(userId, session); + session.addMessageHandler(String.class, message -> { if ("ping".equals(message)) { session.getAsyncRemote().sendText("pong"); @@ -47,7 +48,6 @@ public class WebSocketEndpoint extends Endpoint { @Override public void onClose(Session session, CloseReason reason) { sessions.remove(session); - } } diff --git a/commafeed-server/src/test/java/com/commafeed/integration/WebSocketIT.java b/commafeed-server/src/test/java/com/commafeed/integration/WebSocketIT.java index a52f5038..f2657934 100644 --- a/commafeed-server/src/test/java/com/commafeed/integration/WebSocketIT.java +++ b/commafeed-server/src/test/java/com/commafeed/integration/WebSocketIT.java @@ -14,6 +14,7 @@ import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import jakarta.websocket.ClientEndpointConfig; +import jakarta.websocket.CloseReason; import jakarta.websocket.ContainerProvider; import jakarta.websocket.DeploymentException; import jakarta.websocket.Endpoint; @@ -22,6 +23,30 @@ import jakarta.websocket.Session; class WebSocketIT extends BaseIT { + @Test + void sessionClosedIfNotLoggedIn() throws DeploymentException, IOException { + ClientEndpointConfig config = buildConfig("fake-session-id"); + + AtomicBoolean connected = new AtomicBoolean(); + AtomicReference closeReasonRef = new AtomicReference<>(); + try (Session ignored = ContainerProvider.getWebSocketContainer().connectToServer(new Endpoint() { + @Override + public void onOpen(Session session, EndpointConfig config) { + connected.set(true); + } + + @Override + public void onClose(Session session, CloseReason closeReason) { + closeReasonRef.set(closeReason); + } + }, config, URI.create(getWebSocketUrl()))) { + Awaitility.await().atMost(15, TimeUnit.SECONDS).untilTrue(connected); + + Awaitility.await().atMost(15, TimeUnit.SECONDS).until(() -> closeReasonRef.get() != null); + Assertions.assertEquals(CloseReason.CloseCodes.VIOLATED_POLICY, closeReasonRef.get().getCloseCode()); + } + } + @Test void subscribeAndGetsNotified() throws DeploymentException, IOException { String sessionId = login();