View Javadoc

1   package com.atlassian.plugins.rest.module.filter;
2   
3   import com.atlassian.plugins.rest.common.security.CorsHeaders;
4   import com.atlassian.plugins.rest.common.security.jersey.CorsResourceFilter;
5   import com.sun.jersey.spi.container.ContainerRequest;
6   import org.junit.Before;
7   import org.junit.Test;
8   import org.junit.runner.RunWith;
9   import org.mockito.Mock;
10  import org.mockito.runners.MockitoJUnitRunner;
11  
12  import javax.ws.rs.HttpMethod;
13  import java.util.HashMap;
14  
15  import static org.mockito.Mockito.times;
16  import static org.mockito.Mockito.when;
17  import static org.mockito.Mockito.verify;
18  
19  
20  @RunWith(MockitoJUnitRunner.class)
21  public class CorsAcceptOptionsPreflightFilterTest {
22      private static final String ORIGIN = "https://example.onion";
23  
24      private CorsAcceptOptionsPreflightFilter corsAcceptOptionsPreflightFilter;
25  
26      @Mock
27      private ContainerRequest request;
28  
29      @Mock
30      private HashMap<String, Object> requestProperties;
31  
32      @Before
33      public void setUp() {
34          corsAcceptOptionsPreflightFilter = new CorsAcceptOptionsPreflightFilter();
35      }
36  
37      @Test
38      public void setsRequestCorsPreflightRequestedPropertyForCorsPreflightRequest() {
39          final String requestedMethod = HttpMethod.POST;
40          when(request.getMethod()).thenReturn(HttpMethod.OPTIONS);
41          when(request.getProperties()).thenReturn(requestProperties);
42          setOriginHeaderInRequest(request, ORIGIN);
43          setAccessControlRequestMethodInRequest(request, requestedMethod);
44  
45          corsAcceptOptionsPreflightFilter.filter(request);
46  
47          verify(request, times(1)).setMethod(requestedMethod);
48          verify(requestProperties, times(1)).put(
49                  CorsResourceFilter.CORS_PREFLIGHT_REQUESTED, Boolean.TRUE.toString());
50      }
51  
52      private void setOriginHeaderInRequest(ContainerRequest request, String origin) {
53          when(request.getHeaderValue(CorsHeaders.ORIGIN.value())).thenReturn(origin);
54      }
55  
56      private void setAccessControlRequestMethodInRequest(
57              ContainerRequest request, String method) {
58          when(request.getHeaderValue(
59                  CorsHeaders.ACCESS_CONTROL_REQUEST_METHOD.value())).thenReturn(method);
60      }
61  }