forked from Archives/Athou_commafeed
SecurityCheckProvider now depends on SessionHelper instead of the request
This commit is contained in:
Athou
@@ -1,6 +1,5 @@
|
|||||||
package com.commafeed.frontend.auth;
|
package com.commafeed.frontend.auth;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.ws.rs.WebApplicationException;
|
import javax.ws.rs.WebApplicationException;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
@@ -39,7 +38,7 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
|
|||||||
static class SecurityCheckInjectable extends AbstractHttpContextInjectable<User> {
|
static class SecurityCheckInjectable extends AbstractHttpContextInjectable<User> {
|
||||||
private static final String PREFIX = "Basic";
|
private static final String PREFIX = "Basic";
|
||||||
|
|
||||||
private final HttpServletRequest request;
|
private final SessionHelper sessionHelper;
|
||||||
private final UserService userService;
|
private final UserService userService;
|
||||||
private final Role role;
|
private final Role role;
|
||||||
private final boolean apiKeyAllowed;
|
private final boolean apiKeyAllowed;
|
||||||
@@ -68,7 +67,6 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
|
|||||||
}
|
}
|
||||||
|
|
||||||
Optional<User> cookieSessionLogin() {
|
Optional<User> cookieSessionLogin() {
|
||||||
SessionHelper sessionHelper = new SessionHelper(request);
|
|
||||||
Optional<User> loggedInUser = sessionHelper.getLoggedInUser();
|
Optional<User> loggedInUser = sessionHelper.getLoggedInUser();
|
||||||
if (loggedInUser.isPresent()) {
|
if (loggedInUser.isPresent()) {
|
||||||
userService.performPostLoginActivities(loggedInUser.get());
|
userService.performPostLoginActivities(loggedInUser.get());
|
||||||
@@ -105,11 +103,11 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private HttpServletRequest request;
|
private SessionHelper sessionHelper;
|
||||||
private UserService userService;
|
private UserService userService;
|
||||||
|
|
||||||
public SecurityCheckProvider(@Context HttpServletRequest request, @Context UserService userService) {
|
public SecurityCheckProvider(@Context SessionHelper sessionHelper, @Context UserService userService) {
|
||||||
this.request = request;
|
this.sessionHelper = sessionHelper;
|
||||||
this.userService = userService;
|
this.userService = userService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -120,6 +118,6 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Injectable<?> getInjectable(ComponentContext ic, SecurityCheck sc, Parameter c) {
|
public Injectable<?> getInjectable(ComponentContext ic, SecurityCheck sc, Parameter c) {
|
||||||
return new SecurityCheckInjectable(request, userService, sc.value(), sc.apiKeyAllowed());
|
return new SecurityCheckInjectable(sessionHelper, userService, sc.value(), sc.apiKeyAllowed());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,101 +4,32 @@ import static org.mockito.Mockito.mock;
|
|||||||
import static org.mockito.Mockito.verify;
|
import static org.mockito.Mockito.verify;
|
||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
|
|
||||||
import org.junit.Assert;
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import com.commafeed.backend.model.User;
|
import com.commafeed.backend.model.User;
|
||||||
import com.commafeed.backend.service.UserService;
|
import com.commafeed.backend.service.UserService;
|
||||||
import com.commafeed.backend.service.internal.PostLoginActivities;
|
import com.commafeed.backend.service.internal.PostLoginActivities;
|
||||||
import com.commafeed.frontend.auth.SecurityCheckProvider.SecurityCheckInjectable;
|
import com.commafeed.frontend.auth.SecurityCheckProvider.SecurityCheckInjectable;
|
||||||
|
import com.commafeed.frontend.session.SessionHelper;
|
||||||
import com.google.common.base.Optional;
|
import com.google.common.base.Optional;
|
||||||
|
|
||||||
public class SecurityCheckInjectableTest {
|
public class SecurityCheckInjectableTest {
|
||||||
|
|
||||||
private static String SESSION_KEY_USER = "user";
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void cookie_login_does_not_create_a_session_if_not_present() {
|
public void cookie_login_should_perform_post_login_activities_if_user_is_logged_in() {
|
||||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
|
||||||
UserService service = mock(UserService.class);
|
|
||||||
|
|
||||||
SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
|
|
||||||
injectable.cookieSessionLogin();
|
|
||||||
|
|
||||||
verify(request).getSession(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void cookie_login_should_not_return_user_if_there_is_no_preexisting_http_session() {
|
|
||||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
|
||||||
when(request.getSession(false)).thenReturn(null);
|
|
||||||
|
|
||||||
UserService service = new UserService(null, null, null, null, null, null);
|
|
||||||
|
|
||||||
SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
|
|
||||||
Optional<User> user = injectable.cookieSessionLogin();
|
|
||||||
|
|
||||||
Assert.assertFalse(user.isPresent());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void cookie_login_should_not_return_user_if_user_not_present_in_http_session() {
|
|
||||||
HttpSession session = mock(HttpSession.class);
|
|
||||||
when(session.getAttribute(SESSION_KEY_USER)).thenReturn(null);
|
|
||||||
|
|
||||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
|
||||||
when(request.getSession(false)).thenReturn(session);
|
|
||||||
|
|
||||||
UserService service = new UserService(null, null, null, null, null, null);
|
|
||||||
|
|
||||||
SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
|
|
||||||
Optional<User> user = injectable.cookieSessionLogin();
|
|
||||||
|
|
||||||
Assert.assertFalse(user.isPresent());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void cookie_login_should_perform_post_login_activities_if_user_present_in_http_session() {
|
|
||||||
User userInSession = new User();
|
User userInSession = new User();
|
||||||
|
|
||||||
HttpSession session = mock(HttpSession.class);
|
SessionHelper sessionHelper = mock(SessionHelper.class);
|
||||||
when(session.getAttribute(SESSION_KEY_USER)).thenReturn(userInSession);
|
when(sessionHelper.getLoggedInUser()).thenReturn(Optional.of(userInSession));
|
||||||
|
|
||||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
|
||||||
when(request.getSession(false)).thenReturn(session);
|
|
||||||
|
|
||||||
PostLoginActivities postLoginActivities = mock(PostLoginActivities.class);
|
PostLoginActivities postLoginActivities = mock(PostLoginActivities.class);
|
||||||
|
|
||||||
UserService service = new UserService(null, null, null, null, null, postLoginActivities);
|
UserService service = new UserService(null, null, null, null, null, postLoginActivities);
|
||||||
|
|
||||||
SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
|
SecurityCheckInjectable injectable = new SecurityCheckInjectable(sessionHelper, service, null, false);
|
||||||
injectable.cookieSessionLogin();
|
injectable.cookieSessionLogin();
|
||||||
|
|
||||||
verify(postLoginActivities).executeFor(userInSession);
|
verify(postLoginActivities).executeFor(userInSession);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void cookie_login_should_return_user_if_user_present_in_http_session() {
|
|
||||||
User userInSession = new User();
|
|
||||||
|
|
||||||
HttpSession session = mock(HttpSession.class);
|
|
||||||
when(session.getAttribute(SESSION_KEY_USER)).thenReturn(userInSession);
|
|
||||||
|
|
||||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
|
||||||
when(request.getSession(false)).thenReturn(session);
|
|
||||||
|
|
||||||
PostLoginActivities postLoginActivities = mock(PostLoginActivities.class);
|
|
||||||
|
|
||||||
UserService service = new UserService(null, null, null, null, null, postLoginActivities);
|
|
||||||
|
|
||||||
SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
|
|
||||||
Optional<User> user = injectable.cookieSessionLogin();
|
|
||||||
|
|
||||||
Assert.assertTrue(user.isPresent());
|
|
||||||
Assert.assertEquals(userInSession, user.get());
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,72 @@
|
|||||||
|
package com.commafeed.frontend.session;
|
||||||
|
|
||||||
|
import static org.mockito.Mockito.mock;
|
||||||
|
import static org.mockito.Mockito.verify;
|
||||||
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpSession;
|
||||||
|
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import com.commafeed.backend.model.User;
|
||||||
|
import com.google.common.base.Optional;
|
||||||
|
|
||||||
|
public class SessionHelperTest {
|
||||||
|
|
||||||
|
private static String SESSION_KEY_USER = "user";
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getting_user_does_not_create_a_session_if_not_present() {
|
||||||
|
HttpServletRequest request = mock(HttpServletRequest.class);
|
||||||
|
|
||||||
|
SessionHelper sessionHelper = new SessionHelper(request);
|
||||||
|
sessionHelper.getLoggedInUser();
|
||||||
|
|
||||||
|
verify(request).getSession(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getting_user_should_not_return_user_if_there_is_no_preexisting_http_session() {
|
||||||
|
HttpServletRequest request = mock(HttpServletRequest.class);
|
||||||
|
when(request.getSession(false)).thenReturn(null);
|
||||||
|
|
||||||
|
SessionHelper sessionHelper = new SessionHelper(request);
|
||||||
|
Optional<User> user = sessionHelper.getLoggedInUser();
|
||||||
|
|
||||||
|
Assert.assertFalse(user.isPresent());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getting_user_should_not_return_user_if_user_not_present_in_http_session() {
|
||||||
|
HttpSession session = mock(HttpSession.class);
|
||||||
|
when(session.getAttribute(SESSION_KEY_USER)).thenReturn(null);
|
||||||
|
|
||||||
|
HttpServletRequest request = mock(HttpServletRequest.class);
|
||||||
|
when(request.getSession(false)).thenReturn(session);
|
||||||
|
|
||||||
|
SessionHelper sessionHelper = new SessionHelper(request);
|
||||||
|
Optional<User> user = sessionHelper.getLoggedInUser();
|
||||||
|
|
||||||
|
Assert.assertFalse(user.isPresent());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getting_user_should_return_user_if_user_present_in_http_session() {
|
||||||
|
User userInSession = new User();
|
||||||
|
|
||||||
|
HttpSession session = mock(HttpSession.class);
|
||||||
|
when(session.getAttribute(SESSION_KEY_USER)).thenReturn(userInSession);
|
||||||
|
|
||||||
|
HttpServletRequest request = mock(HttpServletRequest.class);
|
||||||
|
when(request.getSession(false)).thenReturn(session);
|
||||||
|
|
||||||
|
SessionHelper sessionHelper = new SessionHelper(request);
|
||||||
|
Optional<User> user = sessionHelper.getLoggedInUser();
|
||||||
|
|
||||||
|
Assert.assertTrue(user.isPresent());
|
||||||
|
Assert.assertEquals(userInSession, user.get());
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user