ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * ONAP-PDP-REST
   4  * ================================================================================
   5  * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Modifications Copyright (C) 2019 Samsung
   8  * ================================================================================
   9  * Licensed under the Apache License, Version 2.0 (the "License");
  10  * you may not use this file except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *      http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  * ============LICENSE_END=========================================================
  21  */
  22
  23 package org.onap.policy.pdp.rest.auth.test;
  24
  25 import static org.mockito.Mockito.mock;
  26 import static org.mockito.Mockito.verify;
  27 import static org.mockito.Mockito.when;
  28 import com.att.research.xacml.util.XACMLProperties;
  29 import com.mockrunner.mock.web.MockRequestDispatcher;
  30 import java.io.IOException;
  31 import javax.servlet.FilterChain;
  32 import javax.servlet.ServletException;
  33 import javax.servlet.http.HttpServletRequest;
  34 import javax.servlet.http.HttpServletResponse;
  35 import org.junit.Before;
  36 import org.junit.Test;
  37 import org.onap.policy.pdp.rest.restauth.PdpAuthenticationFilter;
  38
  39 public class FilterTest {
  40     private PdpAuthenticationFilter authenticationFilter = new PdpAuthenticationFilter();
  41     private final String VALIDHEADERVALUE = "Basic cHl0aG9uOnRlc3Q=";
  42
  43     @Before
  44     public void setUp() throws Exception {
  45         authenticationFilter.init(null);
  46         XACMLProperties.reloadProperties();
  47         System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "src/test/resources/pass.xacml.pdp.properties");
  48         XACMLProperties.getProperties();
  49     }
  50
  51     @Test
  52     public void testDoFilterError() throws IOException, ServletException {
  53         // create the objects to be mocked
  54         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  55         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  56         FilterChain filterChain = mock(FilterChain.class);
  57         //
  58         when(httpServletRequest.getRequestURI()).thenReturn("error");
  59         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  60         // verify if unauthorized
  61         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  62     }
  63
  64     @Test
  65     public void testDoFilterNotification() throws IOException, ServletException {
  66         // create the objects to be mocked
  67         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  68         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  69         FilterChain filterChain = mock(FilterChain.class);
  70         //
  71         when(httpServletRequest.getRequestURI()).thenReturn("notifications");
  72         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  73         verify(filterChain).doFilter(httpServletRequest, httpServletResponse);
  74     }
  75
  76     @Test
  77     public void testDoFilterSwagger() throws Exception {
  78         // create the objects to be mocked
  79         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  80         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  81         FilterChain filterChain = mock(FilterChain.class);
  82         //
  83         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/swagger");
  84         when(httpServletRequest.getRequestDispatcher("/api/swagger")).thenReturn(new MockRequestDispatcher());
  85         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  86         verify(httpServletRequest).getRequestDispatcher("/api/swagger");
  87         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api-docs/");
  88         when(httpServletRequest.getRequestDispatcher("/api/api-docs/")).thenReturn(new MockRequestDispatcher());
  89         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  90         verify(httpServletRequest).getRequestDispatcher("/api/api-docs/");
  91         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/configuration");
  92         when(httpServletRequest.getRequestDispatcher("/api/configuration")).thenReturn(new MockRequestDispatcher());
  93         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
  94         verify(httpServletRequest).getRequestDispatcher("/api/configuration");
  95     }
  96
  97     @Test
  98     public void newRequestAuthFailTest() throws Exception {
  99         // create the objects to be mocked
 100         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 101         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 102         FilterChain filterChain = mock(FilterChain.class);
 103         //
 104         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 105         when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error");
 106         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 107         // verify if unauthorized
 108         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 109     }
 110
 111     @Test
 112     public void tokenFailureTest() throws Exception {
 113         // create the objects to be mocked
 114         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 115         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 116         FilterChain filterChain = mock(FilterChain.class);
 117         //
 118         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 119         when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123");
 120         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 121         // verify if unauthorized
 122         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 123     }
 124
 125     @Test
 126     public void oldRequestAuthPassTest() throws Exception {
 127         // create the objects to be mocked
 128         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 129         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 130         FilterChain filterChain = mock(FilterChain.class);
 131         // New request no environment header check
 132         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 133         when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
 134         when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 135         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 136         // verify if authorized
 137         verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
 138         //
 139         // Old Requests Checks
 140         //
 141         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 142         when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 143         when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 144         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 145         // verify if authorized
 146         verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
 147     }
 148
 149     @Test
 150     public void newRequestAuthPassTest() throws Exception {
 151         // create the objects to be mocked
 152         HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 153         HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 154         FilterChain filterChain = mock(FilterChain.class);
 155         //
 156         // Requests with Valid Environment Header values.
 157         //
 158         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 159         when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 160         when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL");
 161         when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 162         when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
 163         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 164         // verify if authorized
 165         verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
 166         // New request no environment header check
 167         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 168         when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
 169         when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 170         when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
 171         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 172         // verify if authorized
 173         verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
 174         //
 175         //
 176         // Requests with InValid Environment Header
 177         //
 178         when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 179         when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
 180         when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST");
 181         when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 182         when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
 183         authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
 184         // verify if unauthorized
 185         verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 186     }
 187 }