From 0059cabebe78d97dfd0dcf377a2cf36a7544cb33 Mon Sep 17 00:00:00 2001 From: Sankaranarayanan Viswanathan Date: Sat, 11 Oct 2014 13:18:09 -0400 Subject: [PATCH] Cover SecurityCheckProvider.SecurityCheckInjectable.cookieLogin with tests --- .../backend/service/UserService.java | 2 +- .../frontend/auth/SecurityCheckProvider.java | 4 +- .../auth/SecurityCheckInjectableTest.java | 103 ++++++++++++++++++ 3 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java diff --git a/src/main/java/com/commafeed/backend/service/UserService.java b/src/main/java/com/commafeed/backend/service/UserService.java index 4acaae20..40a309d8 100644 --- a/src/main/java/com/commafeed/backend/service/UserService.java +++ b/src/main/java/com/commafeed/backend/service/UserService.java @@ -54,7 +54,7 @@ public class UserService { boolean authenticated = encryptionService.authenticate(password, user.getPassword(), user.getSalt()); if (authenticated) { afterLogin(user); - return Optional.fromNullable(user); + return Optional.of(user); } } return Optional.absent(); diff --git a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java index 3c9c055e..a7d95185 100644 --- a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java +++ b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java @@ -35,7 +35,7 @@ public class SecurityCheckProvider implements InjectableProvider extends AbstractHttpContextInjectable { + static class SecurityCheckInjectable extends AbstractHttpContextInjectable { private static final String PREFIX = "Basic"; private final HttpServletRequest request; @@ -66,7 +66,7 @@ public class SecurityCheckProvider implements InjectableProvider cookieSessionLogin() { + Optional cookieSessionLogin() { return userService.login(request.getSession(false)); } diff --git a/src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java b/src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java new file mode 100644 index 00000000..4113632e --- /dev/null +++ b/src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java @@ -0,0 +1,103 @@ +package com.commafeed.frontend.auth; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.junit.Assert; +import org.junit.Test; + +import com.commafeed.backend.model.User; +import com.commafeed.backend.service.UserService; +import com.commafeed.backend.service.internal.PostLoginActivities; +import com.commafeed.frontend.auth.SecurityCheckProvider.SecurityCheckInjectable; +import com.commafeed.frontend.resource.UserREST; +import com.google.common.base.Optional; + +public class SecurityCheckInjectableTest { + + @Test public void + cookie_login_does_not_create_a_session_if_not_present() { + HttpServletRequest request = mock(HttpServletRequest.class); + UserService service = mock(UserService.class); + + SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false); + injectable.cookieSessionLogin(); + + verify(request).getSession(false); + } + + @Test public void + cookie_login_should_not_return_user_if_there_is_no_preexisting_http_session() { + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getSession(false)).thenReturn(null); + + UserService service = new UserService(null, null, null, null, null, null); + + SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false); + Optional user = injectable.cookieSessionLogin(); + + Assert.assertFalse(user.isPresent()); + } + + @Test public void + cookie_login_should_not_return_user_if_user_not_present_in_http_session() { + HttpSession session = mock(HttpSession.class); + when(session.getAttribute(UserREST.SESSION_KEY_USER)).thenReturn(null); + + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getSession(false)).thenReturn(session); + + UserService service = new UserService(null, null, null, null, null, null); + + SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false); + Optional user = injectable.cookieSessionLogin(); + + Assert.assertFalse(user.isPresent()); + } + + @Test public void + cookie_login_should_perform_post_login_activities_if_user_present_in_http_session() { + User userInSession = new User(); + + HttpSession session = mock(HttpSession.class); + when(session.getAttribute(UserREST.SESSION_KEY_USER)).thenReturn(userInSession); + + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getSession(false)).thenReturn(session); + + PostLoginActivities postLoginActivities = mock(PostLoginActivities.class); + + UserService service = new UserService(null, null, null, null, null, postLoginActivities); + + SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false); + Optional user = injectable.cookieSessionLogin(); + + verify(postLoginActivities).executeFor(userInSession); + } + + @Test public void + calling_login_should_return_user_if_user_present_in_http_session() { + User userInSession = new User(); + + HttpSession session = mock(HttpSession.class); + when(session.getAttribute(UserREST.SESSION_KEY_USER)).thenReturn(userInSession); + + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getSession(false)).thenReturn(session); + + PostLoginActivities postLoginActivities = mock(PostLoginActivities.class); + + UserService service = new UserService(null, null, null, null, null, postLoginActivities); + + SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false); + Optional user = injectable.cookieSessionLogin(); + + Assert.assertTrue(user.isPresent()); + Assert.assertEquals(userInSession, user.get()); + } + +}