ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * ONAP-PDP-REST
   4  * ================================================================================
   5  * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Modifications Copyright (C) 2019 Samsung
   8  * ================================================================================
   9  * Licensed under the Apache License, Version 2.0 (the "License");
  10  * you may not use this file except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *      http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  * ============LICENSE_END=========================================================
  21  */
  22
  23 package org.onap.policy.pdp.rest.auth.test;
  24
  25 import static org.mockito.Mockito.mock;
  26 import static org.mockito.Mockito.verify;
  27 import static org.mockito.Mockito.when;
  28 import java.io.IOException;
  29 import javax.servlet.FilterChain;
  30 import javax.servlet.ServletException;
  31 import javax.servlet.http.HttpServletRequest;
  32 import javax.servlet.http.HttpServletResponse;
  33 import org.junit.Before;
  34 import org.junit.Test;
  35 import org.onap.policy.pdp.rest.restAuth.PDPAuthenticationFilter;
  36 import com.att.research.xacml.util.XACMLProperties;
  37 import com.mockrunner.mock.web.MockRequestDispatcher;
  38
  39 public class FilterTest {
  40
  41     private PDPAuthenticationFilter authenticationFilter = new PDPAuthenticationFilter();
  42     private final String VALIDHEADERVALUE = "Basic dGVzdHBkcDphbHBoYTQ1Ng==";
  43
  44     @Before
  45     public void setUp() throws Exception {
  46         authenticationFilter.init(null);
  47         XACMLProperties.reloadProperties();
  48         System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "src/test/resources/pass.xacml.pdp.properties");
  49         XACMLProperties.getProperties();
  50     }
  51
  52     @Test
  53     public void testDoFilterError() throws IOException, ServletException {
  54         // create the objects to be mocked
  55         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  56         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  57         FilterChain filterChain = mock(FilterChain.class);
  58         //
  59         when(httpServletRequest.getRequestURI()).thenReturn("error");
  60         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  61         // verify if unauthorized
  62         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  63     }
  64
  65     @Test
  66     public void testDoFilterNotification() throws IOException, ServletException {
  67         // create the objects to be mocked
  68         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  69         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  70         FilterChain filterChain = mock(FilterChain.class);
  71         //
  72         when(httpServletRequest.getRequestURI()).thenReturn("notifications");
  73         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  74         verify(filterChain).doFilter(httpServletRequest, httpServletResponse);
  75     }
  76
  77     @Test
  78     public void testDoFilterSwagger() throws Exception {
  79         // create the objects to be mocked
  80         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  81         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  82         FilterChain filterChain = mock(FilterChain.class);
  83         //
  84         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/swagger");
  85         when(httpServletRequest.getRequestDispatcher("/api/swagger")).thenReturn(new MockRequestDispatcher());
  86         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  87         verify(httpServletRequest).getRequestDispatcher("/api/swagger");
  88         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api-docs/");
  89         when(httpServletRequest.getRequestDispatcher("/api/api-docs/")).thenReturn(new MockRequestDispatcher());
  90         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  91         verify(httpServletRequest).getRequestDispatcher("/api/api-docs/");
  92         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/configuration");
  93         when(httpServletRequest.getRequestDispatcher("/api/configuration")).thenReturn(new MockRequestDispatcher());
  94         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  95         verify(httpServletRequest).getRequestDispatcher("/api/configuration");
  96     }
  97
  98     @Test
  99     public void newRequestAuthFailTest() throws Exception {
 100         // create the objects to be mocked
 101         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 102         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 103         FilterChain filterChain = mock(FilterChain.class);
 104         //
 105         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 106         when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error");
 107         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 108         // verify if unauthorized
 109         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 110     }
 111
 112     @Test
 113     public void tokenFailureTest() throws Exception {
 114         // create the objects to be mocked
 115         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 116         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 117         FilterChain filterChain = mock(FilterChain.class);
 118         //
 119         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 120         when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123");
 121         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 122         // verify if unauthorized
 123         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 124     }
 125
 126     @Test
 127     public void oldRequestAuthPassTest() throws Exception {
 128         // create the objects to be mocked
 129         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 130         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 131         FilterChain filterChain = mock(FilterChain.class);
 132         // New request no environment header check
 133         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 134         when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
 135         when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 136         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 137         // verify if authorized
 138         verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
 139         //
 140         // Old Requests Checks
 141         //
 142         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 143         when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 144         when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 145         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 146         // verify if authorized
 147         verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
 148     }
 149
 150     @Test
 151     public void newRequestAuthPassTest() throws Exception {
 152         // create the objects to be mocked
 153         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 154         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 155         FilterChain filterChain = mock(FilterChain.class);
 156         //
 157         // Requests with Valid Environment Header values.
 158         //
 159         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 160         when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 161         when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL");
 162         when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 163         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 164         // verify if authorized
 165         verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
 166         // New request no environment header check
 167         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 168         when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
 169         when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 170         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 171         // verify if authorized
 172         verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
 173         //
 174         //
 175         // Requests with InValid Environment Header
 176         //
 177         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 178         when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 179         when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST");
 180         when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 181         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 182         // verify if unauthorized
 183         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 184     }
 185 }