1 package com.atlassian.plugins.rest.module.sal.websudo;
2
3 import static org.junit.Assert.assertFalse;
4 import static org.junit.Assert.assertTrue;
5 import static org.mockito.Mockito.never;
6 import static org.mockito.Mockito.verify;
7 import static org.mockito.Mockito.when;
8 import static org.mockito.MockitoAnnotations.initMocks;
9
10 import com.atlassian.plugins.rest.common.sal.websudo.WebSudoResourceContext;
11 import com.atlassian.plugins.rest.module.servlet.ServletUtils;
12 import com.atlassian.sal.api.websudo.WebSudoManager;
13 import org.junit.After;
14 import org.junit.Before;
15 import org.junit.Test;
16 import org.mockito.Matchers;
17 import org.mockito.Mock;
18
19 import javax.servlet.http.HttpServletRequest;
20
21 public final class TestSalWebSudoResourceContext {
22 @Mock
23 private WebSudoManager webSudoManager;
24 @Mock
25 private HttpServletRequest request;
26
27 private WebSudoResourceContext webSudoResourceContext;
28
29 @Before
30 public void setUp() {
31 initMocks(this);
32 webSudoResourceContext = new SalWebSudoResourceContext(webSudoManager);
33 ServletUtils.setHttpServletRequest(request);
34 }
35
36 @After
37 public void teardown() {
38 webSudoManager = null;
39 request = null;
40 webSudoResourceContext = null;
41 }
42
43 @Test
44 public void enforceWebSudoProtection() {
45 when(webSudoManager.canExecuteRequest(request)).thenReturn(false);
46 assertTrue(webSudoResourceContext.shouldEnforceWebSudoProtection());
47 }
48
49 @Test
50 public void dontEnforceWebSudoProtection() {
51 when(webSudoManager.canExecuteRequest(request)).thenReturn(true);
52 assertFalse(webSudoResourceContext.shouldEnforceWebSudoProtection());
53 }
54
55 @Test
56 public void basicAuthDoesNotRequireWebSudo() {
57
58 when(request.getHeader("Authorization")).thenReturn("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
59
60 assertFalse(webSudoResourceContext.shouldEnforceWebSudoProtection());
61 verify(webSudoManager, never()).canExecuteRequest(Matchers.<HttpServletRequest>anyObject());
62 }
63 }