2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.sdc.security;
23 import org.junit.Before;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.InjectMocks;
27 import org.mockito.Mock;
28 import org.mockito.Mockito;
29 import org.mockito.Spy;
30 import org.mockito.junit.MockitoJUnitRunner;
31 import org.onap.sdc.security.filters.ResponceWrapper;
32 import org.onap.sdc.security.filters.SampleFilter;
34 import javax.servlet.FilterChain;
35 import javax.servlet.FilterConfig;
36 import javax.servlet.ServletException;
37 import javax.servlet.http.Cookie;
38 import javax.servlet.http.HttpServletRequest;
39 import javax.servlet.http.HttpServletResponse;
40 import java.io.IOException;
42 import static org.mockito.Mockito.times;
43 import static org.mockito.Mockito.when;
45 @RunWith(MockitoJUnitRunner.class)
46 //@RunWith(PowerMockRunner.class)
47 //@PrepareForTest(fullyQualifiedNames = "org.onap.sdc.security.*")
48 public class SessionValidationFilterTest {
51 private HttpServletRequest request;
53 private HttpServletResponse response;
55 private FilterChain filterChain;
57 private FilterConfig filterConfig;
59 private ResponceWrapper responceWrapper;
61 // implementation of SessionValidationFilter
64 private SampleFilter sessionValidationFilter = new SampleFilter();
67 public void setUpClass() throws ServletException {
68 sessionValidationFilter.init(filterConfig);
72 public void excludedUrlHealthcheck() throws IOException, ServletException {
73 when(request.getPathInfo()).thenReturn("/healthCheck");
74 sessionValidationFilter.doFilter(request, response, filterChain);
75 Mockito.verify(filterChain, times(1)).doFilter(request, response);
79 public void excludedUrlUpload() throws IOException, ServletException {
80 when(request.getPathInfo()).thenReturn("/upload/123");
81 sessionValidationFilter.doFilter(request, response, filterChain);
82 Mockito.verify(filterChain, times(1)).doFilter(request, response);
85 // case when url pattern in web.xml is forward slash (/)
87 public void pathInfoIsNull() throws IOException, ServletException {
88 when(request.getServletPath()).thenReturn("/upload/2");
89 when(request.getPathInfo()).thenReturn(null);
90 sessionValidationFilter.doFilter(request, response, filterChain);
91 Mockito.verify(filterChain, times(1)).doFilter(request, response);
95 public void noCookiesInRequest() throws IOException, ServletException {
96 when(request.getPathInfo()).thenReturn("/resource");
97 when(request.getCookies()).thenReturn(new Cookie[0]);
98 sessionValidationFilter.doFilter(request, response, filterChain);
99 Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
103 public void nullCookiesInRequest() throws IOException, ServletException {
104 when(request.getPathInfo()).thenReturn("/resource");
105 when(request.getCookies()).thenReturn(null);
106 sessionValidationFilter.doFilter(request, response, filterChain);
107 Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
111 public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException {
112 when(request.getPathInfo()).thenReturn("/resource");
113 String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1);
114 Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku")));
115 when(request.getCookies()).thenReturn(new Cookie[]{cookie});
116 sessionValidationFilter.doFilter(request, response, filterChain);
117 Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
121 public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException {
122 when(request.getPathInfo()).thenReturn("/resource");
123 AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
124 // set max session time to timout value
125 long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut();
126 long startTime = authenticationCookie.getMaxSessionTime();
127 long timeout = startTime - maxSessionTimeOut - 1000l;
128 authenticationCookie.setMaxSessionTime(timeout);
129 Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
131 when(request.getCookies()).thenReturn(new Cookie[]{cookie});
132 sessionValidationFilter.doFilter(request, response, filterChain);
133 Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
137 public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException {
138 when(request.getPathInfo()).thenReturn("/resource");
139 AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
140 // set session time to timout to idle
141 long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut();
142 long sessionStartTime = authenticationCookie.getCurrentSessionTime();
143 long timeout = sessionStartTime - idleSessionTimeOut - 2000;
144 authenticationCookie.setCurrentSessionTime(timeout);
145 Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
147 when(request.getCookies()).thenReturn(new Cookie[]{cookie});
148 sessionValidationFilter.doFilter(request, response, filterChain);
149 Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
153 public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException {
154 when(request.getPathInfo()).thenReturn("/resource");
156 AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
157 Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
159 when(request.getCookies()).thenReturn(new Cookie[]{cookie});
160 sessionValidationFilter.doFilter(request, response, filterChain);
161 Mockito.verify(filterChain, times(1)).doFilter(request, response);
164 // test validate contains
166 public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException {
167 when(request.getPathInfo()).thenReturn("/resource");
169 AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
170 Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
172 when(request.getCookies()).thenReturn(new Cookie[]{cookie});
173 sessionValidationFilter.doFilter(request, response, filterChain);
174 Mockito.verify(filterChain, times(1)).doFilter(request, response);