ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTests.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * ONAP-PDP-REST
   4  * ================================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.onap.policy.pdp.rest.auth.test;
  22
  23 import static org.mockito.Mockito.mock;
  24 import static org.mockito.Mockito.verify;
  25 import static org.mockito.Mockito.when;
  26
  27 import java.io.IOException;
  28
  29 import javax.servlet.FilterChain;
  30 import javax.servlet.ServletException;
  31 import javax.servlet.http.HttpServletRequest;
  32 import javax.servlet.http.HttpServletResponse;
  33
  34 import org.junit.Before;
  35 import org.junit.Test;
  36 import org.onap.policy.pdp.rest.restAuth.PDPAuthenticationFilter;
  37
  38 import com.att.research.xacml.util.XACMLProperties;
  39 import com.mockrunner.mock.web.MockRequestDispatcher;
  40
  41 public class FilterTests {
  42
  43         private PDPAuthenticationFilter authenticationFilter = new PDPAuthenticationFilter();
  44         private final String VALIDHEADERVALUE = "Basic dGVzdHBkcDphbHBoYTQ1Ng==";
  45
  46         @Before
  47         public void setUp() throws Exception{
  48                 authenticationFilter.init(null);
  49                 XACMLProperties.reloadProperties();
  50                 System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "src/test/resources/pass.xacml.pdp.properties");
  51                 XACMLProperties.getProperties();
  52         }
  53
  54         @Test
  55         public void testDoFilterError() throws IOException, ServletException {
  56             // create the objects to be mocked
  57             HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  58             HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  59             FilterChain filterChain = mock(FilterChain.class);
  60             //
  61             when(httpServletRequest.getRequestURI()).thenReturn("error");
  62             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
  63                     filterChain);
  64             // verify if unauthorized
  65             verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  66         }
  67
  68         @Test
  69         public void testDoFilterNotification() throws IOException, ServletException {
  70             // create the objects to be mocked
  71             HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  72             HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  73             FilterChain filterChain = mock(FilterChain.class);
  74             //
  75             when(httpServletRequest.getRequestURI()).thenReturn("notifications");
  76             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
  77                     filterChain);
  78             verify(filterChain).doFilter(httpServletRequest,httpServletResponse);
  79         }
  80
  81         @Test
  82         public void testDoFilterSwagger() throws Exception{
  83                 // create the objects to be mocked
  84             HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
  85             HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
  86             FilterChain filterChain = mock(FilterChain.class);
  87             //
  88             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/swagger");
  89             when(httpServletRequest.getRequestDispatcher("/api/swagger")).thenReturn(new MockRequestDispatcher());
  90             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
  91                     filterChain);
  92             verify(httpServletRequest).getRequestDispatcher("/api/swagger");
  93             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api-docs/");
  94             when(httpServletRequest.getRequestDispatcher("/api/api-docs/")).thenReturn(new MockRequestDispatcher());
  95             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
  96                     filterChain);
  97             verify(httpServletRequest).getRequestDispatcher("/api/api-docs/");
  98             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/configuration");
  99             when(httpServletRequest.getRequestDispatcher("/api/configuration")).thenReturn(new MockRequestDispatcher());
 100             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 101                     filterChain);
 102             verify(httpServletRequest).getRequestDispatcher("/api/configuration");
 103         }
 104
 105         @Test
 106         public void newRequestAuthFailTest() throws Exception{
 107                 // create the objects to be mocked
 108             HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 109             HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 110             FilterChain filterChain = mock(FilterChain.class);
 111             //
 112             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 113             when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error");
 114             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 115                     filterChain);
 116             // verify if unauthorized
 117             verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 118         }
 119
 120         @Test
 121         public void tokenFailureTest() throws Exception{
 122                 // create the objects to be mocked
 123             HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 124             HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 125             FilterChain filterChain = mock(FilterChain.class);
 126             //
 127             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 128             when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123");
 129             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 130                     filterChain);
 131             // verify if unauthorized
 132             verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 133         }
 134
 135         @Test
 136         public void oldRequestAuthPassTest() throws Exception{
 137                 // create the objects to be mocked
 138             HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 139             HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 140             FilterChain filterChain = mock(FilterChain.class);
 141             // New request no environment header check
 142             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 143             when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
 144             when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 145             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 146                     filterChain);
 147             // verify if authorized
 148             verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
 149             //
 150             // Old Requests Checks
 151             //
 152             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 153             when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 154             when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 155             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 156                     filterChain);
 157             // verify if authorized
 158             verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
 159         }
 160
 161         @Test
 162         public void newRequestAuthPassTest() throws Exception{
 163                 // create the objects to be mocked
 164             HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 165             HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
 166             FilterChain filterChain = mock(FilterChain.class);
 167                 //
 168             // Requests with Valid Environment Header values.
 169             //
 170             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 171             when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 172             when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL");
 173             when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 174             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 175                     filterChain);
 176             // verify if authorized
 177             verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
 178             // New request no environment header check
 179             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
 180             when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
 181             when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 182             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 183                     filterChain);
 184             // verify if authorized
 185             verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
 186             //
 187             //
 188             // Requests with InValid Environment Header
 189             //
 190             when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
 191             when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
 192             when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST");
 193             when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
 194             authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
 195                     filterChain);
 196             // verify if unauthorized
 197             verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 198         }
 199 }