openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * SDC
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.onap.sdc.security;
  22
  23 import org.junit.Before;
  24 import org.junit.Test;
  25 import org.junit.runner.RunWith;
  26 import org.mockito.InjectMocks;
  27 import org.mockito.Mock;
  28 import org.mockito.Mockito;
  29 import org.mockito.Spy;
  30 import org.mockito.junit.MockitoJUnitRunner;
  31 import org.onap.sdc.security.filters.ResponceWrapper;
  32 import org.onap.sdc.security.filters.SampleFilter;
  33
  34 import javax.servlet.FilterChain;
  35 import javax.servlet.FilterConfig;
  36 import javax.servlet.ServletException;
  37 import javax.servlet.http.Cookie;
  38 import javax.servlet.http.HttpServletRequest;
  39 import javax.servlet.http.HttpServletResponse;
  40 import java.io.IOException;
  41
  42 import static org.mockito.Mockito.times;
  43 import static org.mockito.Mockito.when;
  44
  45 @RunWith(MockitoJUnitRunner.class)
  46 //@RunWith(PowerMockRunner.class)
  47 //@PrepareForTest(fullyQualifiedNames = "org.onap.sdc.security.*")
  48 public class SessionValidationFilterTest {
  49
  50     @Mock
  51     private HttpServletRequest request;
  52     @Spy
  53     private HttpServletResponse response;
  54     @Mock
  55     private FilterChain filterChain;
  56     @Mock
  57     private FilterConfig filterConfig;
  58     @Mock
  59     private ResponceWrapper responceWrapper;
  60
  61     // implementation of SessionValidationFilter
  62     @InjectMocks
  63     @Spy
  64     private SampleFilter sessionValidationFilter = new SampleFilter();
  65
  66     @Before
  67     public void setUpClass() throws ServletException {
  68         sessionValidationFilter.init(filterConfig);
  69     }
  70
  71     @Test
  72     public void excludedUrlHealthcheck() throws IOException, ServletException {
  73         when(request.getPathInfo()).thenReturn("/healthCheck");
  74         sessionValidationFilter.doFilter(request, response, filterChain);
  75         Mockito.verify(filterChain, times(1)).doFilter(request, response);
  76     }
  77
  78     @Test
  79     public void excludedUrlUpload() throws IOException, ServletException {
  80         when(request.getPathInfo()).thenReturn("/upload/123");
  81         sessionValidationFilter.doFilter(request, response, filterChain);
  82         Mockito.verify(filterChain, times(1)).doFilter(request, response);
  83     }
  84
  85     // case when url pattern in web.xml is forward slash (/)
  86     @Test
  87     public void pathInfoIsNull() throws IOException, ServletException {
  88         when(request.getServletPath()).thenReturn("/upload/2");
  89         when(request.getPathInfo()).thenReturn(null);
  90         sessionValidationFilter.doFilter(request, response, filterChain);
  91         Mockito.verify(filterChain, times(1)).doFilter(request, response);
  92     }
  93
  94     @Test
  95     public void noCookiesInRequest() throws IOException, ServletException {
  96         when(request.getPathInfo()).thenReturn("/resource");
  97         when(request.getCookies()).thenReturn(new Cookie[0]);
  98         sessionValidationFilter.doFilter(request, response, filterChain);
  99         Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
 100     }
 101
 102     @Test
 103     public void nullCookiesInRequest() throws IOException, ServletException {
 104         when(request.getPathInfo()).thenReturn("/resource");
 105         when(request.getCookies()).thenReturn(null);
 106         sessionValidationFilter.doFilter(request, response, filterChain);
 107         Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
 108     }
 109
 110     @Test
 111     public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException {
 112         when(request.getPathInfo()).thenReturn("/resource");
 113         String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1);
 114         Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku")));
 115         when(request.getCookies()).thenReturn(new Cookie[]{cookie});
 116         sessionValidationFilter.doFilter(request, response, filterChain);
 117         Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
 118     }
 119
 120     @Test
 121     public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException {
 122         when(request.getPathInfo()).thenReturn("/resource");
 123         AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
 124         // set max session time to timout value
 125         long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut();
 126         long startTime = authenticationCookie.getMaxSessionTime();
 127         long timeout = startTime - maxSessionTimeOut - 1000l;
 128         authenticationCookie.setMaxSessionTime(timeout);
 129         Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
 130
 131         when(request.getCookies()).thenReturn(new Cookie[]{cookie});
 132         sessionValidationFilter.doFilter(request, response, filterChain);
 133         Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
 134     }
 135
 136     @Test
 137     public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException {
 138         when(request.getPathInfo()).thenReturn("/resource");
 139         AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
 140         // set session time to timout to idle
 141         long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut();
 142         long sessionStartTime = authenticationCookie.getCurrentSessionTime();
 143         long timeout = sessionStartTime - idleSessionTimeOut - 2000;
 144         authenticationCookie.setCurrentSessionTime(timeout);
 145         Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
 146
 147         when(request.getCookies()).thenReturn(new Cookie[]{cookie});
 148         sessionValidationFilter.doFilter(request, response, filterChain);
 149         Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
 150     }
 151
 152     @Test
 153     public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException {
 154         when(request.getPathInfo()).thenReturn("/resource");
 155
 156         AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
 157         Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
 158
 159         when(request.getCookies()).thenReturn(new Cookie[]{cookie});
 160         sessionValidationFilter.doFilter(request, response, filterChain);
 161         Mockito.verify(filterChain, times(1)).doFilter(request, response);
 162     }
 163
 164 //    test validate contains
 165     @Test
 166     public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException {
 167         when(request.getPathInfo()).thenReturn("/resource");
 168
 169         AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
 170         Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
 171
 172         when(request.getCookies()).thenReturn(new Cookie[]{cookie});
 173         sessionValidationFilter.doFilter(request, response, filterChain);
 174         Mockito.verify(filterChain, times(1)).doFilter(request, response);
 175     }
 176
 177 }